| Gordon Dexter on 29 Apr 2013 09:48:14 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] Embedded 3-Port Firwall? |
>Mind sharing what kind of hardware you're running that on?Remember, I purchased this for my business of consulting and as a learning
experience and lab, so it might not make sense for just personal use.
- Refurb Dell 2940 , 32GB ram and 6 internal 2TB SATA disks.
- pair of Cisco 2970G-24 port 1GB Ethernet switches ( with 4 SFP+ ports )
( these link a small server rack to the house with 2 Ether-channel links )
With Vmware's if you have many similar VM's, the common RAM blocks get
de-duped per host , so with lots Ubuntu ( or whatever) guests you use less RAM on
the host than you expect. This feature ( transparent page sharing - TPS is unique to
Vmware hypervisors at the moment ) Of course my RAM is full, so RAM compression , and
Ballooning have activated to help out. I think I had up to 38GB allocated RAM on running VM's with
only 32GB physical RAM in the host and no swapping. ( also remember overhead RAM is used on
each VM as well ) You can over commit RAM much higher than this if you allow VMware to start
swapping - but I have setup resource pools to prevent this. Especially the ZFS SAN needs
a full 8GB of real RAM minimum - and that can't be allowed to swap.
I pass all VLANS between the Cisco switches, so any DMZ or zone inside VMware's
many vSwitches is also available on the house switch. The Verizon ONT bridge gets
a port on Cisco and it's own VLAN going into VMware to the firewall's WAN port.
Again all this 1GB equipment in very cheep on Ebay, including LC fibre ( 3 meter
LC multi-mode duplex fibre patch cord for $10 )
Since VMware is already VLAN aware, you might only need one managed switch in
a smaller environment. I'm using two switches for my own training as I hadn't used
Cisco before.
I'll try and do a presentation next month.
LeeFrom: "Rich Freeman" <r-plug@thefreemanclan.net>Sent: Friday, 12 April, 2013 10:51:15 PM
Subject: Re: [PLUG] Embedded 3-Port Firwall?On Apr 12, 2013 6:21 PM, "Lee H. Marzke" <lee@marzke.net> wrote:
>
> I now run pfSense firewall as a VM in my ESXi server, so my power
> for that box went down to zero! I'm also routing IPv6 traffic
> to my website through pfSense. (4aero.com)
>
> The same ESXi server also runs a ZFS SAN for the VM's and a bunch of Linux VM's,
> including a plone server, Mailman mailservers, Zimbra test server, VMware VIEW demo, etc.
> I hope to do a presentation on this setup sometime.Mind sharing what kind of hardware you're running that on? Such a setup has a certain appeal, but I'm a bit concerned about the cost (VMs go through a lot of RAM).
Rich
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
--"Between subtle shading and the absence of light lies the nuance of iqlusion..." - KryptosIT Consultant, VMware, VCenter, SAN storage, infrastructure, SW CM
Lee Marzke, lee@marzke.net http://marzke.net/lee/
+1 800-393-5217 office +1 484-348-2230 fax
+1 610-564-4932 cell sip://8003935217@4aero.com VOIP
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug