From owner-freebsd-questions@FreeBSD.ORG Wed Apr 27 15:10:35 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1DA90106564A for ; Wed, 27 Apr 2011 15:10:35 +0000 (UTC) (envelope-from amvandemore@gmail.com) Received: from mail-fx0-f54.google.com (mail-fx0-f54.google.com [209.85.161.54]) by mx1.freebsd.org (Postfix) with ESMTP id A2F6D8FC15 for ; Wed, 27 Apr 2011 15:10:34 +0000 (UTC) Received: by fxm11 with SMTP id 11so1693872fxm.13 for ; Wed, 27 Apr 2011 08:10:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=7t7gGZXqWkE2eW3VZ2I7vXG2PH7QHRO8d3pwsIBGPZo=; b=eTvwD7jZbGEUdawHQch6yvea8mmK4jPmyTtc+FETsUj5EJBuntBK+yAv0pRMDeObR/ fPEpzyunClp3FLPzMaS+K4B2aWSIaFxXH//AS36rwclKGObyc1+iDnBXGRvq0yaZKwSL 5sgHqGzBtp0HnhSKfd3I4XkRYGbfoQx5zeq3g= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=jcL7M2TKlcqG7POWtLLJxfK85fkLqrDPNAdG4v4KRvSp3jyKBmRF3GxXBOHykUlcLm V8wr8b9ZKx8tUcp/26lF///c5UVNleV9t6qSrzEuNn2oIV21hYKBJ9bztomeTbnhTK71 rwigoZ7rnBPYUi2tgHmqu6WVZykg4tPetJokg= MIME-Version: 1.0 Received: by 10.223.52.7 with SMTP id f7mr2499381fag.16.1303917033381; Wed, 27 Apr 2011 08:10:33 -0700 (PDT) Received: by 10.223.20.145 with HTTP; Wed, 27 Apr 2011 08:10:33 -0700 (PDT) In-Reply-To: References: Date: Wed, 27 Apr 2011 10:10:33 -0500 Message-ID: From: Adam Vande More To: Jaime Kikpole Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Nathan Vidican , freebsd-questions@freebsd.org Subject: Re: Hardware suggestions X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Apr 2011 15:10:35 -0000 On Wed, Apr 27, 2011 at 9:42 AM, Jaime Kikpole wrote: > My thanks to everyone for their replies. I guess that I wasn't > specific enough about my needs, though. I don't need a tiny chassis. > In fact, I need a proxy for around 750-900 computers, so an Atom > system or the like wouldn't work for me. I just have no rack space > left. Fortunately, I might have found a way around this. > > So if you have any pre-built servers to recommend, I'd greatly > appreciate it. For example, I'm currently reviewing the Dell > PowerEdge T310's specs. > I have a couple of T310 in production. They are nice machines but get the intel NIC's. Nate: > > Thanks. I read the handbook's entry on CARP last night. It looks > easier than I had previously thought. I've started setting up a > VMware environment of 2 FreeBSD systems and a unix desktop to try it > out as a way to build a fail-over proxy. > > Looks like I'd have to stop using my current "in-line" design, though. > Currently, I have a FreeBSD box between my network as a whole and the > Internet connection. It acts as a router, a firewall, and a > transparent proxy. CARP would require the system to not be "in-line," > because a failed system would mean no router. Did I understand that > correctly? > If you use CARP + HAST you can achieve true HA for your proxy. And no, the device would still be inline as you describe it except there would be two of them. If you get the intel NIC's, I'd dedicate them to your real traffic and reserve the broadcom's for HAST replication. If cache consistency is not uber important for your proxy, I'd probably skip the HAST though. It's relatively slow, and may not provide enough benefit in your setup. -- Adam Vande More