CougTek
Hairy Aussie
In case anyone looks for it, I've realized that I did a mistake in the name of the Supermicro switch. It's the SSE-X3348TR, not the SSE-3348SR like I wrote many times above.
Server farm aberrations : is it normal?
- Thread starter CougTek
- Start date
CougTek
Hairy Aussie
AAARRRGGGHH!! It's SSE-X3348SR, damnit.
Howell
Storage? I am Storage!
I hope you one day get the chance to experience the IBM V7000. It is magical in its ability to do for storage resources what hypervisors have done for server resources. It is dreamy.
That would be fun to play with but I've never used IBM storage solutions. I haven't yet had much first-hand experience but we have what seems like a very similar product called EMC VPLEX. Essentially a virtualized storage setup making the back-end agnostic to the end user and also offers metro-campus distance active/active IO.
blakerwry
Storage? I am Storage!
Regarding firewalls, I don't know enough about your setup to make any firm recommendations, but two products I would suggest looking at are pfsense (a monowall fork) and Vyatta. pfsense or a Cisco ASA is typically what I would recommend for an office NAT deployment. Both support multiple WAN connections and can support hundreds of users (or servers), depending on the hardware specs of the box you use. Most of the time I'd recommend pfsense due to cost and ease of use, but the Cisco ASA does have application layer filtering for SIP and a few other protocols that I haven't seen anything else match. Both also support failover/clustering, but in general I would recommend a single firewall and a cold spare. The backup of either pfsense or an ASA is just a simple text file a couple pages long that can be transferred to new hardware in moments.
Vyatta is Linux with a Cisco/Juniper like CLI front end. Vyatta supports ISP scale routing (thousands to tens of thousands of devices). However, Vyatta's current push is in virtualization. They market installing vyatta in a VM on each VM server, having the virtual machines connect to Vyatta internally and then Vyatta connect to the rest of your network physically - basically moving network intelligence into the VM server similar to the software based Nexus products from Cisco.
Regardless of your firewall choice, if you have multiple WAN connections I strongly encourage using BGP with your own ARIN IP allocation; Anything else is just hocus pocus and will likely not reliably failover for servers or other services you are providing to internet users. Caution: This could be a real learning curve. As always, test your failover strategy on a weekend or after hours to see what might break - expect more to break when you actually do failover.
CougTek
Hairy Aussie
pfsense would be better and easier to manage than our current OpenBSD 4.6-based firewall with its customized pf.conf file. Thanks for bringing it here.
Howell
Storage? I am Storage!
The minimum ip block size required to get your own ARIN numbers (/20) may be a strong barrier to keep you from hosting your own data.
CougTek
Hairy Aussie
We only have a /26.
Howell
Storage? I am Storage!
Are all your customer facing services hosted off-site?
CougTek
Hairy Aussie
Nope, locally for now (about 12ft behind me). But I'm looking to ship everything off-site. I want to simplify our setup first.
blakerwry
Storage? I am Storage!
The /20 minimum allocation size is for ISPs. Orgs that are multihomed to two different ASs can get a /24 from arin.
blakerwry
Storage? I am Storage!
Depending on your ISP, they may also provide you with an LOA to announce ip ranges they've swip'd to you via BGP. This would require a minimum of a /24 assignment.
Pro: no arin red tape or annual reg fee
Cons: ISP may decide to renumber you later on, you are also stuck with that ISP or forced to renumber if you switch ISPs.
Pro: no arin red tape or annual reg fee
Cons: ISP may decide to renumber you later on, you are also stuck with that ISP or forced to renumber if you switch ISPs.