From owner-freebsd-questions@FreeBSD.ORG Fri May 27 13:34:21 2011 Return-Path: Delivered-To: questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AA278106566C for ; Fri, 27 May 2011 13:34:21 +0000 (UTC) (envelope-from chris@monochrome.org) Received: from mail.monochrome.org (b4.ebbed1.client.atlantech.net [209.190.235.180]) by mx1.freebsd.org (Postfix) with ESMTP id 70B248FC08 for ; Fri, 27 May 2011 13:34:21 +0000 (UTC) Received: from [192.168.1.11] ([192.168.1.11]) by mail.monochrome.org (8.14.3/8.14.3) with ESMTP id p4RDYGxB046856; Fri, 27 May 2011 09:34:16 -0400 (EDT) (envelope-from chris@monochrome.org) Date: Fri, 27 May 2011 09:34:16 -0400 (EDT) From: Chris Hill To: Jaime Kikpole In-Reply-To: Message-ID: References: User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: FreeBSD Questions List Subject: Re: RAM needed for DHCP + router? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 May 2011 13:34:21 -0000 On Fri, 27 May 2011, Jaime Kikpole wrote: > On Thu, May 26, 2011 at 7:46 PM, Chris Hill wrote: >> I'm looking to build a NAT / DHCP box for a lab network for my company. My >> question is, how do I estimate the amount of RAM the machine will need? > > FWIW, I can tell you some experiences that I've had. Thanks, Jaime, this is very useful. >From what I'm hearing, it seems as though a 32-bit machine with maxed-out RAM would be more than adequate to the task. I'll be NAT'ing a "class A" worth of addresses, /16 of which will be DHCP range. But as I said, throughput will be near-zero; the NAT is for allowing occasional internet access for embedded controllers here and there, not for a thundering herd of desktop users. The machine will be mainly for serving DHCP, and is not the point of internet access for the organization. Many thanks to all who responded. > Example #1: > At one time, I had as many as 600-800 desktops and laptops receiving > DHCP leases and DNS resolution from a single FreeBSD (5.x?) server. > It was an old Dell desktop that a college had discarded/donated. I > think it was something like 800MHz and 1GB of RAM. From what I > remember seeing in "top", "uptime", et. al. it was like the server was > bored. It was barely doing anything. > > Example #2: > I'm currently running a school district with about 800 computers, some > iPads and Nooks, a few dozen network printers, streaming video off of > at least 3 DVRs, and whatever people bring in (unauthorized... we'll > be fixing that shortly). So let's call it around 1000 - 1300 nodes. > The entire thing is running through a FreeBSD system with two 100Mbps > cards. I use IPFW to "hijack" certain TCP ports and redirect them > into DansGuardian. This makes a transparent proxy. DG and Squid and > BIND and ClamAV and snmpd, the Xymon client all run on this box. It > acts as a secondary DNS resolver, secondary DNS server for internal > addresses, web proxy, web content analysis and filtering, and more. > Its 8GB of RAM and a 2.0GHz dual core CPU. Its doing the job just > fine. No complaints. > > Every employee uses web-based services every day. We even use a fair > amount of streaming video. Again, this works well. I've even heard > of people managing to use NetFlix on occasion. It will saturate our > Internet bandwidth before this server goes down. I have the graphs to > prove it. > > Since you are talking about the box doing NAT, you may find yourself > wanting a web proxy service and/or internal DNS resolver at some > point. The NAT and DHCP services are, in my experience, not going to > be a big deal. Configuring BIND to offer internal DNS resolution > would add very little to your load. I would be really surprised if > any desktop PC that you found for $500-$1000 wasn't up to the task. > > That said, here is the important part: > > This is going to be a single-point-of-failure for your institution. > If it goes down for any reason, your entire business is off-line. > That includes everything from bad hardware to a routine software > upgrade (FreeBSD or a port). Do yourself a HUGE favor and build a > redundancy system of some kind. For example, I'm currently trying to > replace the DansGuardian/Squid/DNS server I listed above with a pair > of servers using CARP . > That way, I can upgrade the OS whenever I want and the district's 800 > authorized computers (and 50-200 unauthorized computers, phones, > tablets, etc.) keep working. > > Seriously. Make it redundant. Its the most important lesson a > systems administrator must learn. Well, that and scripting. OK, and > documentation. :) > > Hope that helps, > Jaime > > -- > Network Administrator > Cairo-Durham Central School District > http://cns.cairodurham.org > -- Chris Hill chris@monochrome.org ** [ Busy Expunging ]