From owner-freebsd-questions@FreeBSD.ORG  Thu Apr 28 11:13:43 2011
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id C4E0510656D1
	for <freebsd-questions@freebsd.org>;
	Thu, 28 Apr 2011 11:13:43 +0000 (UTC)
	(envelope-from nvidican@m2.vidican.com)
Received: from mail-yw0-f54.google.com (mail-yw0-f54.google.com
	[209.85.213.54])
	by mx1.freebsd.org (Postfix) with ESMTP id 88E428FC12
	for <freebsd-questions@freebsd.org>;
	Thu, 28 Apr 2011 11:13:43 +0000 (UTC)
Received: by ywf7 with SMTP id 7so1280487ywf.13
	for <freebsd-questions@freebsd.org>;
	Thu, 28 Apr 2011 04:13:42 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.147.141.8 with SMTP id t8mr2934382yan.24.1303989221745; Thu,
	28 Apr 2011 04:13:41 -0700 (PDT)
Sender: nvidican@m2.vidican.com
Received: by 10.147.182.3 with HTTP; Thu, 28 Apr 2011 04:13:41 -0700 (PDT)
X-Originating-IP: [136.1.1.105]
In-Reply-To: <BANLkTimaCFsrRD+QY_ynY-P=MNHW2FCMLg@mail.gmail.com>
References: <BANLkTimo6R615BVC51Rk7aM9RbvnjKtVRg@mail.gmail.com>
	<BANLkTikdHwcJxAijfJ8KAjDsbV4x8nkEUw@mail.gmail.com>
	<BANLkTimaCFsrRD+QY_ynY-P=MNHW2FCMLg@mail.gmail.com>
Date: Thu, 28 Apr 2011 07:13:41 -0400
X-Google-Sender-Auth: hUROgI-Mn4e0SexwIHcX3ugv5Wo
Message-ID: <BANLkTin8Uc+A5YAwgnEE3zpukAuoWM5Euw@mail.gmail.com>
From: Nathan Vidican <nathan@vidican.com>
To: Jaime Kikpole <jkikpole@cairodurham.org>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Cc: freebsd-questions@freebsd.org
Subject: Re: Hardware suggestions
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Apr 2011 11:13:43 -0000

On Wed, Apr 27, 2011 at 10:42 AM, Jaime Kikpole
<jkikpole@cairodurham.org> wrote:
> My thanks to everyone for their replies. =A0I guess that I wasn't
> specific enough about my needs, though. =A0I don't need a tiny chassis.
> In fact, I need a proxy for around 750-900 computers, so an Atom
> system or the like wouldn't work for me. =A0I just have no rack space
> left. =A0Fortunately, I might have found a way around this.
>
> So if you have any pre-built servers to recommend, I'd greatly
> appreciate it. =A0For example, I'm currently reviewing the Dell
> PowerEdge T310's specs.
>
>
> Nate:
>
> Thanks. =A0I read the handbook's entry on CARP last night. =A0It looks
> easier than I had previously thought. =A0I've started setting up a
> VMware environment of 2 FreeBSD systems and a unix desktop to try it
> out as a way to build a fail-over proxy.
>
> Looks like I'd have to stop using my current "in-line" design, though.
> =A0Currently, I have a FreeBSD box between my network as a whole and the
> Internet connection. =A0It acts as a router, a firewall, and a
> transparent proxy. =A0CARP would require the system to not be "in-line,"
> because a failed system would mean no router. =A0Did I understand that
> correctly?
>
>
> Thanks to all,
> Jaime
>
> --
> Network Administrator
> Cairo-Durham Central School District
> http://cns.cairodurham.org
>


Actually - quite the opposite. I have a very similar setup, wherein I
have two machines running CARP on multiple interfaces such that if any
interface on system A goes down, system B takes over. Both of these
machines act in the same capacity as yours, (they are
router+firewall+proxy+NAT), they are physically cabled directly to my
network switches using VLAN trunking which presents as-if multiple
separate network cards on the host (they each have gigabit fibre to
the switch, carrying 8 independent networks). Each subnet (separate
VLAN segment) routes their primary gateway through these machines
using a single IP - both are always on, always running, and each is
connected to a different core switch (which offers switching
redundancy too in the event one goes out). I'm using mostly Cisco
networking gear, but all routing and proxying is done by FreeBSD/sparc
on Sun Netra series servers.

As far as your hadrware is concerned - I'm a bit biased towards Sun or
Dell, though I've also had great experience with Compaq (now HP)
Proliant series in the passed too. Again - same deal as white-boxes,
just check the hardware list to see what's supported. When you've got
an actual make/model you're thinking of, re-post a new thread to
questions@freebsd.org with a subject as such seeking opinions and
experiences with that model - chances are someone else might already
have it. (I did take note of the Dell model you specified - just
saying might be a good idea to put that as the subject in a new
thread; sorry no experience with that model personally, though I have
several 2800-series Dell 2U servers that I'm most pleased with
offering redundant power and decent hardware raid).

--=20
Nathan Vidican
nathan@vidican.com