X-Original-To: alpine-devel@lists.alpinelinux.org Delivered-To: alpine-devel@mail.alpinelinux.org Received: from mail-wg0-f46.google.com (mail-wg0-f46.google.com [74.125.82.46]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mail.alpinelinux.org (Postfix) with ESMTPS id 38DA0DC0111 for ; Fri, 21 Jun 2013 15:24:25 +0000 (UTC) Received: by mail-wg0-f46.google.com with SMTP id c11so6568207wgh.25 for ; Fri, 21 Jun 2013 08:24:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=o5FuaToM0mkEYAoo9PdtPB0BLK/uxydrg43m4VZOWa0=; b=oQckmQEEme7i9E9E0UGTfuIg7DRKLQviRNDwAegv9sM+/gOvvDSzBwuYo2xcWWbQee OOqaMrui0pePKlBtxOeA8rfADdU0aiDHj7D8g4fyH0AniW3xsxqWui9F2Z5Fv5Os3w2G d5tmJXszQUdmJgqbaJg6TR3g/8of6wJjGh/zDipcAt7F/JpYE814Qz1mb/nIrGrKlxnF qlEmxPr/QG6jSuYaDGh8oESJCd6WtfNIY+EA6ig7u5Wg3eP09/SbYQxdD7BE3mWOsKBg 1cdhVxCXd2yj4OTP8Leq9WUzf1B3YCgmMtGB1CUFMrRbyBM5Zwqx/DAb2DNZMnuYSvh0 zlww== X-Mailinglist: alpine-devel Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: MIME-Version: 1.0 X-Received: by 10.194.234.100 with SMTP id ud4mr9398957wjc.44.1371828264462; Fri, 21 Jun 2013 08:24:24 -0700 (PDT) Received: by 10.180.185.193 with HTTP; Fri, 21 Jun 2013 08:24:24 -0700 (PDT) In-Reply-To: References: Date: Fri, 21 Jun 2013 11:24:24 -0400 Message-ID: Subject: [alpine-devel] Re: [acf] 300 Mbps router, VServer, Squid caching From: Jeff Bilyk To: Eric Duncan Cc: Alpine Development Content-Type: multipart/alternative; boundary=089e01493b6865753004dfaba8fa --089e01493b6865753004dfaba8fa Content-Type: text/plain; charset=ISO-8859-1 On Wed, Jun 19, 2013 at 5:46 PM, Eric Duncan < eduncan911+alpinelinux@gmail.com> wrote: > Hello: > > I recently found out about the Alpine project and am quite impressed > with the project goals. I apologize ahead of time for the long post, > but i tend to spill all my details at once. Recently I have updated > my FiOS network to 300Mbps/65Mbps speeds, and my ye'old DD-WRT router > that can't handle those speeds. So, I am looking to build my own *nux > box as a firewall/router (it's been 15+ years since the last time I > did that). > > I have the hardware laying around I do believe that will serve as an > excellent router, so I am interested in some specifics on how you > would setup an Alpine instance. Pardon my jargon, as I am just now > catching up on Alpine's project. The hardware is a bit overkill for a > router/firewall, so I was thinking of serving more than one purpose > with this box. > > Requirements: > > * High-performance router and firewall, for 300 Mbps connection (I > play games behind this) > > > Additional/Dual purposing ideas: > > * Squid caching server for my 5+ MediaWiki sites, and maybe a few of > my C# sites if I change their code to update it. > * Possibly an Apache hosting box/virtual machine > > > Hardware: > > * Intel S3210SH LGA775 Server board > * Intel ICH9R Raid controller > * Intel Q9450 Quad core, 12MB cache, 1333 Mhz FSB > * 8 GB 800mhz ram > * Intel Pro/1000 MT Server network card (onboard) > * Intel 82566DM-2 Server network card (onboard) > > (optionally, I have an Core i7 930 w/12 GB of ram just laying around > if that's not enough) > > > What I understand of Alpine is there is a VServer option. I know 0% > about this kind of setup on Linux. > > 1) How are the network interfaces shared/setup with VServer? > > What can I do/what setup should I concentrate on to minimize network > latency for the high-speed 300 Mbps networks? > Under a VServer setup, the NIC is shared with the host, however firewalling is handled on the host, as per http://wiki.alpinelinux.org/wiki/Setting_up_a_basic_vserver. However, VServer is being deprecated in favour of LXC ( http://wiki.alpinelinux.org/wiki/LXC), which is now available in Alpine Linux 2.6. > > > 2) Under Alpine VServer distro, does the router/firewall run under the > host, or an additional virtual machine? > With VServer, the firewalling and routing are handled on the host, however LXC provides bridged access to the NIC. > > I am just worried about the latency introduced if within a VM at > running at 300 Mbps speeds. I already have seen this first hand with > a Hyper-V machine I've setup temporarily. > > > 3) If I wanted to setup Squid, would I do it under the host or a new > VM of a Linux distro of my choice? > For service isolation, you could use an LXC guest. I've used several Squid proxies for campus networks running on Alpine Linux, from Alpine Linux 1.9 onwards, and Squid is very stable under Alpine, both as a caching and filtering proxy. > Again, just concerned about the network latency of 65 Mbps upstream of > the Squid caching box. > > > 4) How would I monitor a simple RAID 1 setup on the host for any drive > failures? I admit I haven't run *nix systems in > 15 years so some > nudging in the right direction is all I need. I plan on throwing this > into the basement and forgetting about it for years to come, until I > get an email alert that a drive has failed. > My experience with RAID monitoring under Alpine is either with software (madm) or HP hardware based RAID under ML350 or DL380 servers (cciss_vol_status). With mdadm, setting up email alerts is done via the MAILADDR parameter in mdadm.conf, or a plugin for the monitoring tool of choice is simple enough to setup via snmpd, nrpe or other monitoring daemon. cciss_vol_status simply provides a CLI to monitor the status, and would require a wrapper script to notify on failure. > > Note above I stated that this Intel mobo has an ICH9R so it should > have pretty common drivers. > > Optionally, the Core i7 board, while not having as nice as NICs as the > Intel board, does have an ICH10R if those drivers are more mature for > RAID monitoring. > I haven't ever tried Intel RAID monitoring under Alpine, so I'm not sure how simple or complex the procedure would be. > > Thanks for your replies, and sorry for the long post. > Eric > > > --- > Unsubscribe: acf+unsubscribe@lists.alpinelinux.org > Help: acf+help@lists.alpinelinux.org > --- > > -- Jeff --089e01493b6865753004dfaba8fa Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
On Wed, Jun 19, 2013 at 5:46 PM, Eric Duncan <eduncan911+alpinelinux@gmail.com> wrote:
Hello:

I recently found out about the Alpine project and am quite impressed
with the project goals. =A0I apologize ahead of time for the long post,
but i tend to spill all my details at once. =A0Recently I have updated
my FiOS network to 300Mbps/65Mbps speeds, and my ye'old DD-WRT router that can't handle those speeds. =A0So, I am looking to build my own *nu= x
box as a firewall/router (it's been 15+ years since the last time I
did that).

I have the hardware laying around I do believe that will serve as an
excellent router, so I am interested in some specifics on how you
would setup an Alpine instance. =A0Pardon my jargon, as I am just now
catching up on Alpine's project. =A0The hardware is a bit overkill for = a
router/firewall, so I was thinking of serving more than one purpose
with this box.

Requirements:

* High-performance router and firewall, for 300 Mbps connection (I
play games behind this)


Additional/Dual purposing ideas:

* Squid caching server for my 5+ MediaWiki sites, and maybe a few of
my C# sites if I change their code to update it.
* Possibly an Apache hosting box/virtual machine


Hardware:

* Intel S3210SH LGA775 Server board
* Intel ICH9R Raid controller
* Intel Q9450 Quad core, 12MB cache, 1333 Mhz FSB
* 8 GB 800mhz ram
* Intel Pro/1000 MT Server network card (onboard)
* Intel 82566DM-2 Server network card (onboard)

(optionally, I have an Core i7 930 w/12 GB of ram just laying around
if that's not enough)


What I understand of Alpine is there is a VServer option. =A0I know 0%
about this kind of setup on Linux.

1) How are the network interfaces shared/setup with VServer?

What can I do/what setup should I concentrate on to minimize network
latency for the high-speed 300 Mbps networks?
Un= der a VServer setup, the NIC is shared with the host, however firewalling i= s handled on the host, as per=A0http://wiki.alpinelinux.org/wiki/Setting_up_a_= basic_vserver.

However, VServer is being deprecated in fav= our of LXC (http://wiki.al= pinelinux.org/wiki/LXC), which is now available in Alpine Linux 2.6.


2) Under Alpine VServer distro, does the router/firewall run under the
host, or an additional virtual machine?
With VSe= rver, the firewalling and routing are handled on the host, however LXC prov= ides bridged access to the NIC.=A0

I am just worried about the latency introduced if within a VM at
running at 300 Mbps speeds. =A0I already have seen this first hand with
a Hyper-V machine I've setup temporarily.


3) If I wanted to setup Squid, would I do it under the host or a new
VM of a Linux distro of my choice?

For service isolation, you could use an LXC guest. =A0I've used= several Squid proxies for campus networks running on Alpine Linux, from Al= pine Linux 1.9 onwards, and Squid is very stable under Alpine, both as a ca= ching and filtering proxy.


Again, just concerned about the network latency of 65 Mbps upstream of
the Squid caching box.


4) How would I monitor a simple RAID 1 setup on the host for any drive
failures? =A0I admit I haven't run *nix systems in > 15 years so som= e
nudging in the right direction is all I need. =A0I plan on throwing this into the basement and forgetting about it for years to come, until I
get an email alert that a drive has failed.

=
My experience with RAID monitoring under Alpine is either with s= oftware (madm) or HP hardware based RAID under ML350 or DL380 servers (ccis= s_vol_status). =A0With mdadm, setting up email alerts is done via the MAILA= DDR parameter in mdadm.conf, or a plugin for the monitoring tool of choice = is simple enough to setup via snmpd, nrpe or other monitoring daemon. =A0cc= iss_vol_status simply provides a CLI to monitor the status, and would requi= re a wrapper script to notify on failure.
=A0

Note above I stated that this Intel mobo has an ICH9R so it should
have pretty common drivers.

Optionally, the Core i7 board, while not having as nice as NICs as the
Intel board, does have an ICH10R if those drivers are more mature for
RAID monitoring.

I haven= 9;t ever tried Intel RAID monitoring under Alpine, so I'm not sure how = simple or complex the procedure would be.



Thanks for your replies, and sorry for the long post.
Eric


---
Unsubscribe: =A0= acf+unsubscribe@lists.alpinelinux.org
Help: =A0 =A0 =A0 =A0 a= cf+help@lists.alpinelinux.org
---




--
Jeff
--089e01493b6865753004dfaba8fa-- --- Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org Help: alpine-devel+help@lists.alpinelinux.org ---