Thoughts on a new VPN box...

« previous entry | next entry »
Apr. 23rd, 2008 | 02:20 pm

I was sitting back and thinking about the fact that it is tie to decommission my current box I use for a VPN connection.

About once a year its fan dies... and it is producing too much heat (which means it is burning too much electricity).

So what I am thinking are the criteria for a new box?

  • Use less electicity. In a perfect world no fan.
  • Be 1U or less in size.
  • Have enough disk that I can pop a Fedora distribution on. Keep security patches coming in via yum upgrade.
  • Something other then a disk would be nice... less electricity.
  • I only need a single ethernet port.

    In truth the device is just running ssh. I do not want to spend a lot on it... but I want it to be totally reliable (well... not reliable enough to bother with dual power supply... no fan goes a long way toward this).

    I could just pull one of the spare 1U I have that chew little if any electricity... get a cheap flash/ide device.

    Why not just spin up another virtual machine? Because experience is that Xen is still not completely reliable at this point. Updates have knocked all of my Xen servers offline before, so I have not drunk the kool-aid 100% at this point. I like my ssh server to be completely reliable.

    • Link | Leave a comment | Add to Memories | Tell a Friend

    Comments {13}

    virtualization approach

    from: [info]mingenthron
    date: Apr. 23rd, 2008 09:34 pm (UTC)
    Link

    Admittedly it may not work into the networking requirements like Xen, but have you tried VirtualBox? I've been using it for quite some time (after finding Xen to be unstable) and have been quite happy with it. It's taken everything I've thrown at it so far and if the hardware is capable, it uses the virtualization stuff in the chip to be nice and efficient.

    Reply | Thread

    Нехачуха

    Re: virtualization approach

    from: [info]smitik
    date: Apr. 23rd, 2008 09:53 pm (UTC)
    Link

    Transcend flash/ide drive dies after 3 months. Tested on a 5 ipsec gateways with no disk io, syslog only. Had to replace all of them with regular IDE disks.

    Reply | Parent | Thread

    Brian "Krow" Aker

    Re: virtualization approach

    from: [info]krow
    date: Apr. 23rd, 2008 10:05 pm (UTC)
    Link

    That sucks... just decide to skip flash after that?

    Reply | Parent | Thread

    Re: virtualization approach

    from: [info]mingenthron
    date: Apr. 23rd, 2008 10:29 pm (UTC)
    Link

    Well, I'm to understand from my hardware friends that there is a WIDE variety of quality of flash. They all have high individual transistor failure rates, but some do a much better job than others of masking it away from the system.

    Also, I am told they're all manufactured with very different read/write characteristics. I do know reliable flash stuff is available and will be mainstream in the not too distant future, but you may not want to just grab the cheapest thing off the shelf at the local parts store. :)

    Reply | Parent | Thread

    Нехачуха

    Re: virtualization approach

    from: [info]smitik
    date: Apr. 23rd, 2008 11:09 pm (UTC)
    Link

    Completely lost faith in it.

    btw, we are usign OpenBSD/i386 on VIA Nehemiah ("CentaurHauls" 686-class) 1 GHz for IPSEC gateways. Servers are 1u, very low power, cheap, no cpu fans, just one big radiator. OpenBSD can use hardware VIA AES encryption instruction set, so it's very fast doing IPSEC.

    Reply | Parent | Thread

    Brian "Krow" Aker

    Re: virtualization approach

    from: [info]krow
    date: Apr. 23rd, 2008 11:47 pm (UTC)
    Link

    Who did you pick the machine up from?

    Reply | Parent | Thread

    ViA

    from: [info]dmarti
    date: Apr. 24th, 2008 04:10 am (UTC)
    Link

    I got a decent VIA board at Fry's -- reliable with Debian until the hard drive croaked.

    This one looks like a possibility for network stuff -- 2 Ethernet interfaces.
    http://www.newegg.com/Product/Product.aspx?Item=N82E16813153062

    Reply | Parent | Thread

    Нехачуха

    Re: virtualization approach

    from: [info]smitik
    date: Apr. 24th, 2008 08:15 am (UTC)
    Link

    There is a small company in Kiev, Ukraine. I think it's much easier to find one near you.

    Reply | Parent | Thread

    jimw

    cobalt

    from: [info]jimw
    date: Apr. 23rd, 2008 10:46 pm (UTC)
    Link

    maybe sun has some warehouses full of old cobalt raq machines floating around somewhere.

    Reply | Thread

    Brian "Krow" Aker

    Re: cobalt

    from: [info]krow
    date: Apr. 23rd, 2008 11:51 pm (UTC)
    Link

    I've got serial number 6 of those sitting in my basement :)

    Reply | Parent | Thread

    kelp

    (no subject)

    from: [info]calmkelp
    date: Apr. 23rd, 2008 11:25 pm (UTC)
    Link

    One of these would probably work pretty well: http://www.pcengines.ch/alix.htm

    I've been using the previous incarnation (WRAP) as a router for the past year. I run pfSense on it, booting off a spare 512MB CF card I had sitting around. Plenty of other OS options too.

    Looks like the ALIX has a built in crypto accelerator too. Just can't really vouch for the ipsec performance.

    Total system should use around 5W, no fans.

    Reply | Thread

    japerry

    (no subject)

    from: [info]japerry
    date: Apr. 24th, 2008 04:26 am (UTC)
    Link

    there is a good chance someone will have a 1U at Linuxfest Northwest. I also know someone whos trying to get rid of a few servers.

    Reply | Thread

    dormando

    (no subject)

    from: [info]dormando
    date: Apr. 25th, 2008 07:20 am (UTC)
    Link

    http://www.logicsupply.com/

    Lots of options. Have bought from them before.

    I've had decent luck with flash drives so far. There's a wide difference in quality, and you have to be strict about disabling atime, putting a few things in a tmpfs partition, etc. I've had CF cards die though.

    Ran a few firewalls at gaia off of IDE plug flash drives (512mb at the time)... Never went down on me. I've had a mini-itx running my house connection since 2005. One fan, runs cool, etc.

    Reply | Thread