Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 27 May 2011 09:34:16 -0400 (EDT)
From:      Chris Hill <chris@monochrome.org>
To:        Jaime Kikpole <jkikpole@cairodurham.org>
Cc:        FreeBSD Questions List <questions@freebsd.org>
Subject:   Re: RAM needed for DHCP + router?
Message-ID:  <alpine.BSF.2.00.1105270927090.12134@tripel.monochrome.org>
In-Reply-To: <BANLkTin7upxLBWyb%2BeH_KqNN-1d7fD2JKA@mail.gmail.com>
References:  <alpine.BSF.2.00.1105261943531.9461@tripel.monochrome.org> <BANLkTin7upxLBWyb%2BeH_KqNN-1d7fD2JKA@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 27 May 2011, Jaime Kikpole wrote:

> On Thu, May 26, 2011 at 7:46 PM, Chris Hill <chris@monochrome.org> wrote:
>> I'm looking to build a NAT / DHCP box for a lab network for my company. My
>> question is, how do I estimate the amount of RAM the machine will need?
>
> FWIW, I can tell you some experiences that I've had.

Thanks, Jaime, this is very useful.

>From what I'm hearing, it seems as though a 32-bit machine with maxed-out 
RAM would be more than adequate to the task. I'll be NAT'ing a "class A" 
worth of addresses, /16 of which will be DHCP range. But as I said, 
throughput will be near-zero; the NAT is for allowing occasional internet 
access for embedded controllers here and there, not for a thundering herd 
of desktop users. The machine will be mainly for serving DHCP, and is not 
the point of internet access for the organization.

Many thanks to all who responded.

> Example #1:
> At one time, I had as many as 600-800 desktops and laptops receiving
> DHCP leases and DNS resolution from a single FreeBSD (5.x?) server.
> It was an old Dell desktop that a college had discarded/donated.  I
> think it was something like 800MHz and 1GB of RAM.  From what I
> remember seeing in "top", "uptime", et. al. it was like the server was
> bored.  It was barely doing anything.
>
> Example #2:
> I'm currently running a school district with about 800 computers, some
> iPads and Nooks, a few dozen network printers, streaming video off of
> at least 3 DVRs, and whatever people bring in (unauthorized... we'll
> be fixing that shortly).  So let's call it around 1000 - 1300 nodes.
> The entire thing is running through a FreeBSD system with two 100Mbps
> cards.  I use IPFW to "hijack" certain TCP ports and redirect them
> into DansGuardian.  This makes a transparent proxy.  DG and Squid and
> BIND and ClamAV and snmpd, the Xymon client all run on this box.  It
> acts as a secondary DNS resolver, secondary DNS server for internal
> addresses, web proxy, web content analysis and filtering, and more.
> Its 8GB of RAM and a 2.0GHz dual core CPU.  Its doing the job just
> fine.  No complaints.
>
> Every employee uses web-based services every day.  We even use a fair
> amount of streaming video.  Again, this works well.  I've even heard
> of people managing to use NetFlix on occasion.  It will saturate our
> Internet bandwidth before this server goes down.  I have the graphs to
> prove it.
>
> Since you are talking about the box doing NAT, you may find yourself
> wanting a web proxy service and/or internal DNS resolver at some
> point.  The NAT and DHCP services are, in my experience, not going to
> be a big deal.  Configuring BIND to offer internal DNS resolution
> would add very little to your load.  I would be really surprised if
> any desktop PC that you found for $500-$1000 wasn't up to the task.
>
> That said, here is the important part:
>
> This is going to be a single-point-of-failure for your institution.
> If it goes down for any reason, your entire business is off-line.
> That includes everything from bad hardware to a routine software
> upgrade (FreeBSD or a port).  Do yourself a HUGE favor and build a
> redundancy system of some kind.  For example, I'm currently trying to
> replace the DansGuardian/Squid/DNS server I listed above with a pair
> of servers using CARP <http://www.freebsd.org/doc/handbook/carp.html>.
> That way, I can upgrade the OS whenever I want and the district's 800
> authorized computers (and 50-200 unauthorized computers, phones,
> tablets, etc.) keep working.
>
> Seriously.  Make it redundant.  Its the most important lesson a
> systems administrator must learn.  Well, that and scripting.  OK, and
> documentation.  :)
>
> Hope that helps,
> Jaime
>
> -- 
> Network Administrator
> Cairo-Durham Central School District
> http://cns.cairodurham.org
>

-- 
Chris Hill               chris@monochrome.org
**                     [ Busy Expunging </> ]



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.00.1105270927090.12134>