Date: Fri, 27 May 2011 08:28:42 -0400 From: Jaime Kikpole <jkikpole@cairodurham.org> To: Chris Hill <chris@monochrome.org> Cc: FreeBSD Questions List <questions@freebsd.org> Subject: Re: RAM needed for DHCP + router? Message-ID: <BANLkTin7upxLBWyb%2BeH_KqNN-1d7fD2JKA@mail.gmail.com> In-Reply-To: <alpine.BSF.2.00.1105261943531.9461@tripel.monochrome.org> References: <alpine.BSF.2.00.1105261943531.9461@tripel.monochrome.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, May 26, 2011 at 7:46 PM, Chris Hill <chris@monochrome.org> wrote: > I'm looking to build a NAT / DHCP box for a lab network for my company. My > question is, how do I estimate the amount of RAM the machine will need? FWIW, I can tell you some experiences that I've had. Example #1: At one time, I had as many as 600-800 desktops and laptops receiving DHCP leases and DNS resolution from a single FreeBSD (5.x?) server. It was an old Dell desktop that a college had discarded/donated. I think it was something like 800MHz and 1GB of RAM. From what I remember seeing in "top", "uptime", et. al. it was like the server was bored. It was barely doing anything. Example #2: I'm currently running a school district with about 800 computers, some iPads and Nooks, a few dozen network printers, streaming video off of at least 3 DVRs, and whatever people bring in (unauthorized... we'll be fixing that shortly). So let's call it around 1000 - 1300 nodes. The entire thing is running through a FreeBSD system with two 100Mbps cards. I use IPFW to "hijack" certain TCP ports and redirect them into DansGuardian. This makes a transparent proxy. DG and Squid and BIND and ClamAV and snmpd, the Xymon client all run on this box. It acts as a secondary DNS resolver, secondary DNS server for internal addresses, web proxy, web content analysis and filtering, and more. Its 8GB of RAM and a 2.0GHz dual core CPU. Its doing the job just fine. No complaints. Every employee uses web-based services every day. We even use a fair amount of streaming video. Again, this works well. I've even heard of people managing to use NetFlix on occasion. It will saturate our Internet bandwidth before this server goes down. I have the graphs to prove it. Since you are talking about the box doing NAT, you may find yourself wanting a web proxy service and/or internal DNS resolver at some point. The NAT and DHCP services are, in my experience, not going to be a big deal. Configuring BIND to offer internal DNS resolution would add very little to your load. I would be really surprised if any desktop PC that you found for $500-$1000 wasn't up to the task. That said, here is the important part: This is going to be a single-point-of-failure for your institution. If it goes down for any reason, your entire business is off-line. That includes everything from bad hardware to a routine software upgrade (FreeBSD or a port). Do yourself a HUGE favor and build a redundancy system of some kind. For example, I'm currently trying to replace the DansGuardian/Squid/DNS server I listed above with a pair of servers using CARP <http://www.freebsd.org/doc/handbook/carp.html>. That way, I can upgrade the OS whenever I want and the district's 800 authorized computers (and 50-200 unauthorized computers, phones, tablets, etc.) keep working. Seriously. Make it redundant. Its the most important lesson a systems administrator must learn. Well, that and scripting. OK, and documentation. :) Hope that helps, Jaime -- Network Administrator Cairo-Durham Central School District http://cns.cairodurham.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BANLkTin7upxLBWyb%2BeH_KqNN-1d7fD2JKA>