Hardware suggestions

[Adam Vande More]

On Wed, Apr 27, 2011 at 9:42 AM, Jaime Kikpole <jkikpole at cairodurham.org>wrote:

> My thanks to everyone for their replies.  I guess that I wasn't
> specific enough about my needs, though.  I don't need a tiny chassis.
> In fact, I need a proxy for around 750-900 computers, so an Atom
> system or the like wouldn't work for me.  I just have no rack space
> left.  Fortunately, I might have found a way around this.
>
> So if you have any pre-built servers to recommend, I'd greatly
> appreciate it.  For example, I'm currently reviewing the Dell
> PowerEdge T310's specs.
>

I have a couple of T310 in production.  They are nice machines but get the
intel NIC's.

Nate:
>
> Thanks.  I read the handbook's entry on CARP last night.  It looks
> easier than I had previously thought.  I've started setting up a
> VMware environment of 2 FreeBSD systems and a unix desktop to try it
> out as a way to build a fail-over proxy.
>
> Looks like I'd have to stop using my current "in-line" design, though.
>  Currently, I have a FreeBSD box between my network as a whole and the
> Internet connection.  It acts as a router, a firewall, and a
> transparent proxy.  CARP would require the system to not be "in-line,"
> because a failed system would mean no router.  Did I understand that
> correctly?
>

If you use CARP + HAST you can achieve true HA for your proxy.  And no, the
device would still be inline as you describe it except there would be two of
them.  If you get the intel NIC's, I'd dedicate them to your real traffic
and reserve the broadcom's for HAST replication.  If cache consistency is
not uber important for your proxy, I'd probably skip the HAST though.  It's
relatively slow, and may not provide enough benefit in your setup.

-- 
Adam Vande More