Re: RFC on hardware to be bought (FSC Primergy?)

[Henning Brauer <lists-openbsd_(_at_)_bsws_(_dot_)_de>]

* Sascha Schnitzler <sascha_(_at_)_apsu_(_dot_)_de> [2005-04-15 12:00]:
> Nick Holland wrote:
> 
> >
> >In addition to Henning's statements...
> >
> >"Onboard RAID" seems to be another way to say "Software RAID", which is
> >another way of saying, "Not supported by OpenBSD in the way you expect".
> > So that aspect is going to be a serious dissapointment for you.  (If
> >that's your goal, give thought to two smaller, cheaper boxes and CARPing
> >them).
> 
> Well, I will check that. But RAID-1 is mandatory, so it should be real 
> hardware-RAID. Does CARPing work for transparent bridged firewalls? 

how about thinking about that for a minute.
CARP allows two hosts to share an IP address.
the point of your "transparent" bridges (if there is any) is that they 
don't have IPs (subtract the mgmt IP, that is not the point here).
fits well eh.

spanning tree is what you're after.

> >All in all, looks like a really big, over-powered, probably overly
> >expensive box to use as a firewall.  Nothing about that box causes me to
> >think, "Wow, I'd love to make a firewall out of that!".
> So what kind of system would that be? As stated, RAID 1 is a must, has 
> to handle > 1000 connections simultaneously, transparent bridge, maybe a 
> webserver for providing statistics and in a next step basic rule 
> editing. but this is for obvious reasons just a thought.

two boxes and stp is a much cleverer setup.

if you insist, add a ami for the hardware raid.

-- 
BS Web Services, http://www.bsws.de/
OpenBSD-based Webhosting, Mail Services, Managed Servers, ...
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)