RAM needed for DHCP + router?
chris at monochrome.org
Fri May 27 13:34:21 UTC 2011
On Fri, 27 May 2011, Jaime Kikpole wrote:
> On Thu, May 26, 2011 at 7:46 PM, Chris Hill <chris at monochrome.org> wrote:
>> I'm looking to build a NAT / DHCP box for a lab network for my company. My
>> question is, how do I estimate the amount of RAM the machine will need?
> FWIW, I can tell you some experiences that I've had.
Thanks, Jaime, this is very useful.
>From what I'm hearing, it seems as though a 32-bit machine with maxed-out
RAM would be more than adequate to the task. I'll be NAT'ing a "class A"
worth of addresses, /16 of which will be DHCP range. But as I said,
throughput will be near-zero; the NAT is for allowing occasional internet
access for embedded controllers here and there, not for a thundering herd
of desktop users. The machine will be mainly for serving DHCP, and is not
the point of internet access for the organization.
Many thanks to all who responded.
> Example #1:
> At one time, I had as many as 600-800 desktops and laptops receiving
> DHCP leases and DNS resolution from a single FreeBSD (5.x?) server.
> It was an old Dell desktop that a college had discarded/donated. I
> think it was something like 800MHz and 1GB of RAM. From what I
> remember seeing in "top", "uptime", et. al. it was like the server was
> bored. It was barely doing anything.
> Example #2:
> I'm currently running a school district with about 800 computers, some
> iPads and Nooks, a few dozen network printers, streaming video off of
> at least 3 DVRs, and whatever people bring in (unauthorized... we'll
> be fixing that shortly). So let's call it around 1000 - 1300 nodes.
> The entire thing is running through a FreeBSD system with two 100Mbps
> cards. I use IPFW to "hijack" certain TCP ports and redirect them
> into DansGuardian. This makes a transparent proxy. DG and Squid and
> BIND and ClamAV and snmpd, the Xymon client all run on this box. It
> acts as a secondary DNS resolver, secondary DNS server for internal
> addresses, web proxy, web content analysis and filtering, and more.
> Its 8GB of RAM and a 2.0GHz dual core CPU. Its doing the job just
> fine. No complaints.
> Every employee uses web-based services every day. We even use a fair
> amount of streaming video. Again, this works well. I've even heard
> of people managing to use NetFlix on occasion. It will saturate our
> Internet bandwidth before this server goes down. I have the graphs to
> prove it.
> Since you are talking about the box doing NAT, you may find yourself
> wanting a web proxy service and/or internal DNS resolver at some
> point. The NAT and DHCP services are, in my experience, not going to
> be a big deal. Configuring BIND to offer internal DNS resolution
> would add very little to your load. I would be really surprised if
> any desktop PC that you found for $500-$1000 wasn't up to the task.
> That said, here is the important part:
> This is going to be a single-point-of-failure for your institution.
> If it goes down for any reason, your entire business is off-line.
> That includes everything from bad hardware to a routine software
> upgrade (FreeBSD or a port). Do yourself a HUGE favor and build a
> redundancy system of some kind. For example, I'm currently trying to
> replace the DansGuardian/Squid/DNS server I listed above with a pair
> of servers using CARP <http://www.freebsd.org/doc/handbook/carp.html>.
> That way, I can upgrade the OS whenever I want and the district's 800
> authorized computers (and 50-200 unauthorized computers, phones,
> tablets, etc.) keep working.
> Seriously. Make it redundant. Its the most important lesson a
> systems administrator must learn. Well, that and scripting. OK, and
> documentation. :)
> Hope that helps,
> Network Administrator
> Cairo-Durham Central School District
Chris Hill chris at monochrome.org
** [ Busy Expunging </> ]
More information about the freebsd-questions