Date: Fri, 27 May 2011 09:34:16 -0400 (EDT) From: Chris Hill <chris@monochrome.org> To: Jaime Kikpole <jkikpole@cairodurham.org> Cc: FreeBSD Questions List <questions@freebsd.org> Subject: Re: RAM needed for DHCP + router? Message-ID: <alpine.BSF.2.00.1105270927090.12134@tripel.monochrome.org> In-Reply-To: <BANLkTin7upxLBWyb%2BeH_KqNN-1d7fD2JKA@mail.gmail.com> References: <alpine.BSF.2.00.1105261943531.9461@tripel.monochrome.org> <BANLkTin7upxLBWyb%2BeH_KqNN-1d7fD2JKA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 27 May 2011, Jaime Kikpole wrote: > On Thu, May 26, 2011 at 7:46 PM, Chris Hill <chris@monochrome.org> wrote: >> I'm looking to build a NAT / DHCP box for a lab network for my company. My >> question is, how do I estimate the amount of RAM the machine will need? > > FWIW, I can tell you some experiences that I've had. Thanks, Jaime, this is very useful. >From what I'm hearing, it seems as though a 32-bit machine with maxed-out RAM would be more than adequate to the task. I'll be NAT'ing a "class A" worth of addresses, /16 of which will be DHCP range. But as I said, throughput will be near-zero; the NAT is for allowing occasional internet access for embedded controllers here and there, not for a thundering herd of desktop users. The machine will be mainly for serving DHCP, and is not the point of internet access for the organization. Many thanks to all who responded. > Example #1: > At one time, I had as many as 600-800 desktops and laptops receiving > DHCP leases and DNS resolution from a single FreeBSD (5.x?) server. > It was an old Dell desktop that a college had discarded/donated. I > think it was something like 800MHz and 1GB of RAM. From what I > remember seeing in "top", "uptime", et. al. it was like the server was > bored. It was barely doing anything. > > Example #2: > I'm currently running a school district with about 800 computers, some > iPads and Nooks, a few dozen network printers, streaming video off of > at least 3 DVRs, and whatever people bring in (unauthorized... we'll > be fixing that shortly). So let's call it around 1000 - 1300 nodes. > The entire thing is running through a FreeBSD system with two 100Mbps > cards. I use IPFW to "hijack" certain TCP ports and redirect them > into DansGuardian. This makes a transparent proxy. DG and Squid and > BIND and ClamAV and snmpd, the Xymon client all run on this box. It > acts as a secondary DNS resolver, secondary DNS server for internal > addresses, web proxy, web content analysis and filtering, and more. > Its 8GB of RAM and a 2.0GHz dual core CPU. Its doing the job just > fine. No complaints. > > Every employee uses web-based services every day. We even use a fair > amount of streaming video. Again, this works well. I've even heard > of people managing to use NetFlix on occasion. It will saturate our > Internet bandwidth before this server goes down. I have the graphs to > prove it. > > Since you are talking about the box doing NAT, you may find yourself > wanting a web proxy service and/or internal DNS resolver at some > point. The NAT and DHCP services are, in my experience, not going to > be a big deal. Configuring BIND to offer internal DNS resolution > would add very little to your load. I would be really surprised if > any desktop PC that you found for $500-$1000 wasn't up to the task. > > That said, here is the important part: > > This is going to be a single-point-of-failure for your institution. > If it goes down for any reason, your entire business is off-line. > That includes everything from bad hardware to a routine software > upgrade (FreeBSD or a port). Do yourself a HUGE favor and build a > redundancy system of some kind. For example, I'm currently trying to > replace the DansGuardian/Squid/DNS server I listed above with a pair > of servers using CARP <http://www.freebsd.org/doc/handbook/carp.html>. > That way, I can upgrade the OS whenever I want and the district's 800 > authorized computers (and 50-200 unauthorized computers, phones, > tablets, etc.) keep working. > > Seriously. Make it redundant. Its the most important lesson a > systems administrator must learn. Well, that and scripting. OK, and > documentation. :) > > Hope that helps, > Jaime > > -- > Network Administrator > Cairo-Durham Central School District > http://cns.cairodurham.org > -- Chris Hill chris@monochrome.org ** [ Busy Expunging </> ]
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.00.1105270927090.12134>