~alpine/devel

1

[alpine-devel] Re: [acf] 300 Mbps router, VServer, Squid caching

Jeff Bilyk <jbilyk@gmail.com>
Details
Message ID
<CAHwjr34k+E8m-3BfkV71yw4cG5imvcMJ7eW=Keqi-g6jFfMgqg@mail.gmail.com>
Sender timestamp
1371828264
DKIM signature
missing
Download raw message
On Wed, Jun 19, 2013 at 5:46 PM, Eric Duncan <
eduncan911+alpinelinux@gmail.com> wrote:

> Hello:
>
> I recently found out about the Alpine project and am quite impressed
> with the project goals.  I apologize ahead of time for the long post,
> but i tend to spill all my details at once.  Recently I have updated
> my FiOS network to 300Mbps/65Mbps speeds, and my ye'old DD-WRT router
> that can't handle those speeds.  So, I am looking to build my own *nux
> box as a firewall/router (it's been 15+ years since the last time I
> did that).
>
> I have the hardware laying around I do believe that will serve as an
> excellent router, so I am interested in some specifics on how you
> would setup an Alpine instance.  Pardon my jargon, as I am just now
> catching up on Alpine's project.  The hardware is a bit overkill for a
> router/firewall, so I was thinking of serving more than one purpose
> with this box.
>
> Requirements:
>
> * High-performance router and firewall, for 300 Mbps connection (I
> play games behind this)
>
>
> Additional/Dual purposing ideas:
>
> * Squid caching server for my 5+ MediaWiki sites, and maybe a few of
> my C# sites if I change their code to update it.
> * Possibly an Apache hosting box/virtual machine
>
>
> Hardware:
>
> * Intel S3210SH LGA775 Server board
> * Intel ICH9R Raid controller
> * Intel Q9450 Quad core, 12MB cache, 1333 Mhz FSB
> * 8 GB 800mhz ram
> * Intel Pro/1000 MT Server network card (onboard)
> * Intel 82566DM-2 Server network card (onboard)
>
> (optionally, I have an Core i7 930 w/12 GB of ram just laying around
> if that's not enough)
>
>
> What I understand of Alpine is there is a VServer option.  I know 0%
> about this kind of setup on Linux.
>
> 1) How are the network interfaces shared/setup with VServer?
>
> What can I do/what setup should I concentrate on to minimize network
> latency for the high-speed 300 Mbps networks?
>
Under a VServer setup, the NIC is shared with the host, however firewalling
is handled on the host, as per
http://wiki.alpinelinux.org/wiki/Setting_up_a_basic_vserver.

However, VServer is being deprecated in favour of LXC (
http://wiki.alpinelinux.org/wiki/LXC), which is now available in Alpine
Linux 2.6.

>
>
> 2) Under Alpine VServer distro, does the router/firewall run under the
> host, or an additional virtual machine?
>
With VServer, the firewalling and routing are handled on the host, however
LXC provides bridged access to the NIC.

>
> I am just worried about the latency introduced if within a VM at
> running at 300 Mbps speeds.  I already have seen this first hand with
> a Hyper-V machine I've setup temporarily.
>
>
> 3) If I wanted to setup Squid, would I do it under the host or a new
> VM of a Linux distro of my choice?
>

For service isolation, you could use an LXC guest.  I've used several Squid
proxies for campus networks running on Alpine Linux, from Alpine Linux 1.9
onwards, and Squid is very stable under Alpine, both as a caching and
filtering proxy.


> Again, just concerned about the network latency of 65 Mbps upstream of
> the Squid caching box.
>
>
> 4) How would I monitor a simple RAID 1 setup on the host for any drive
> failures?  I admit I haven't run *nix systems in > 15 years so some
> nudging in the right direction is all I need.  I plan on throwing this
> into the basement and forgetting about it for years to come, until I
> get an email alert that a drive has failed.
>

My experience with RAID monitoring under Alpine is either with software
(madm) or HP hardware based RAID under ML350 or DL380 servers
(cciss_vol_status).  With mdadm, setting up email alerts is done via the
MAILADDR parameter in mdadm.conf, or a plugin for the monitoring tool of
choice is simple enough to setup via snmpd, nrpe or other monitoring
daemon.  cciss_vol_status simply provides a CLI to monitor the status, and
would require a wrapper script to notify on failure.


>
> Note above I stated that this Intel mobo has an ICH9R so it should
> have pretty common drivers.
>
> Optionally, the Core i7 board, while not having as nice as NICs as the
> Intel board, does have an ICH10R if those drivers are more mature for
> RAID monitoring.
>

I haven't ever tried Intel RAID monitoring under Alpine, so I'm not sure
how simple or complex the procedure would be.


>
> Thanks for your replies, and sorry for the long post.
> Eric
>
>
> ---
> Unsubscribe:  acf+unsubscribe@lists.alpinelinux.org
> Help:         acf+help@lists.alpinelinux.org
> ---
>
>


-- 
Jeff
Natanael Copa <ncopa@alpinelinux.org>
Details
Message ID
<20130626081226.6de85eba@ncopa-desktop.alpinelinux.org>
In-Reply-To
<CAHwjr34k+E8m-3BfkV71yw4cG5imvcMJ7eW=Keqi-g6jFfMgqg@mail.gmail.com> (view parent)
Sender timestamp
1372227146
DKIM signature
missing
Download raw message
Sorry for late answer

On Fri, 21 Jun 2013 11:24:24 -0400
Jeff Bilyk <jbilyk@gmail.com> wrote:

> On Wed, Jun 19, 2013 at 5:46 PM, Eric Duncan <
> eduncan911+alpinelinux@gmail.com> wrote:
> > What I understand of Alpine is there is a VServer option.  I know 0%
> > about this kind of setup on Linux.
> >
> > 1) How are the network interfaces shared/setup with VServer?
> >
> > What can I do/what setup should I concentrate on to minimize network
> > latency for the high-speed 300 Mbps networks?

vserver share network stack with the host so there should be no added
latency. Same with LXC.

> Under a VServer setup, the NIC is shared with the host, however firewalling
> is handled on the host, as per
> http://wiki.alpinelinux.org/wiki/Setting_up_a_basic_vserver.
> 
> However, VServer is being deprecated in favour of LXC (
> http://wiki.alpinelinux.org/wiki/LXC), which is now available in Alpine
> Linux 2.6.

We still use vserver for our build server infrastructure. I think we
will maintain vserver for some more time.

Also, LXC is not as mature as vserver.

> > 2) Under Alpine VServer distro, does the router/firewall run under the
> > host, or an additional virtual machine?
> >
> With VServer, the firewalling and routing are handled on the host, however
> LXC provides bridged access to the NIC.

Yes, with vserver the "guests" share the network stack with the host.
The drawback is that it can get slightly complicated if you think
"virtual". I tend to think that the guests are safe/protected chroots.

LXC does a better job in hiding whats going on and is better in giving
an illusion of virtualization.

> > I am just worried about the latency introduced if within a VM at
> > running at 300 Mbps speeds.  I already have seen this first hand with
> > a Hyper-V machine I've setup temporarily.
> >
> >
> > 3) If I wanted to setup Squid, would I do it under the host or a new
> > VM of a Linux distro of my choice?
> >
> 
> For service isolation, you could use an LXC guest.  I've used several Squid
> proxies for campus networks running on Alpine Linux, from Alpine Linux 1.9
> onwards, and Squid is very stable under Alpine, both as a caching and
> filtering proxy.

I would guess you gain a few % speedup using vserver over LXC. But with
LXC you use the grsecurity patched kernel which provides some
additional security features.

I haven't really tested but I think none of vserver or lxc adds any
network latency since they both share the network stack with the host.
The performance should be the same as if squid ran directly on host.

> > Again, just concerned about the network latency of 65 Mbps upstream of
> > the Squid caching box.
> >
> >
> > 4) How would I monitor a simple RAID 1 setup on the host for any drive
> > failures?  I admit I haven't run *nix systems in > 15 years so some
> > nudging in the right direction is all I need.  I plan on throwing this
> > into the basement and forgetting about it for years to come, until I
> > get an email alert that a drive has failed.
> >
> 
> My experience with RAID monitoring under Alpine is either with software
> (madm) or HP hardware based RAID under ML350 or DL380 servers
> (cciss_vol_status).  With mdadm, setting up email alerts is done via the
> MAILADDR parameter in mdadm.conf, or a plugin for the monitoring tool of
> choice is simple enough to setup via snmpd, nrpe or other monitoring
> daemon.  cciss_vol_status simply provides a CLI to monitor the status, and
> would require a wrapper script to notify on failure.
> 
> 
> >
> > Note above I stated that this Intel mobo has an ICH9R so it should
> > have pretty common drivers.
> >
> > Optionally, the Core i7 board, while not having as nice as NICs as the
> > Intel board, does have an ICH10R if those drivers are more mature for
> > RAID monitoring.
> >
> 
> I haven't ever tried Intel RAID monitoring under Alpine, so I'm not sure
> how simple or complex the procedure would be.

@Eric: It would be nice if you could write a wiki article about it if
you get it running.

Thanks!


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---
Reply to thread Export thread (mbox)