DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 24th July 2014
EverydayDiesel EverydayDiesel is offline
Shell Scout
 
Join Date: Jan 2009
Posts: 108
Thanked 0 Times in 0 Posts
Default hardware recommendations

I have finally convinced my work to switch to openbsd and I need to recommend some hardware for the server. These are the processors I have picked out so far.

E5-2609 v2 80w 2.5 ghz 4 core 10mb cache
Atom c2758 20w 2.4 ghz 8 cores 4mb cache


This server, if I can prove it will work, will be the main firewall for the company of about 500 employees. Web/api server farm.( load balancing and carp will be needed)


Please give me feedback on the hardware and some ideas of if this setup is within openbsd pf capabilities.

Thanks in advance
Reply With Quote
  #2   (View Single Post)  
Old 24th July 2014
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,798
Thanked 214 Times in 189 Posts
Default

OpenBSD firewalls do not need powerful processors and do not exploit multiple cores. NIC capability and throughout is far more important.

Spend some time with a misc@ archive. It's your best pre-purchase investment.
Reply With Quote
  #3   (View Single Post)  
Old 25th July 2014
angryfirelord angryfirelord is offline
Port Guard
 
Join Date: Jul 2008
Posts: 21
Thanked 0 Times in 0 Posts
Default

If you don't need ECC memory support or specialty server hardware, I'd recommend a fast i3 chip. Spend the extra money on some good NICs.
Reply With Quote
  #4   (View Single Post)  
Old 25th July 2014
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,798
Thanked 214 Times in 189 Posts
Default

I'll reiterate my recommendation to use the misc@ archives for hardware selection. Here's a recent valuable example. The OP has a BCM5709, and wants to use Jumbo frames. The bge(4) driver supports Jumbo frames, but at the moment for four other Broadcom chipsets, not the 5709.
Reply With Quote
  #5   (View Single Post)  
Old 20th August 2014
spitfire_ak spitfire_ak is offline
Port Guard
 
Join Date: Aug 2014
Posts: 18
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by angryfirelord View Post
If you don't need ECC memory support or specialty server hardware, I'd recommend a fast i3 chip. Spend the extra money on some good NICs.
I prefer AMD, as the new vPro-enabled chips pose a possible security hole (note: Link to Youtube video by Intel).

Given the NSA's current press to exploit ALL possible security holes, and unlimited funding to do so, one ought to consider what can/should be done about these issues.

@OP

I have a Gigabyte Brix with an AMD quad-core chipset running OpenBSD 5.5 just peachy! 256GB SSD hard drive and 2 TB external drive on USB 3.0 works well .
Reply With Quote
  #6   (View Single Post)  
Old 21st August 2014
angryfirelord angryfirelord is offline
Port Guard
 
Join Date: Jul 2008
Posts: 21
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by spitfire_ak View Post
I prefer AMD, as the new vPro-enabled chips pose a possible security hole (note: Link to Youtube video by Intel).

Given the NSA's current press to exploit ALL possible security holes, and unlimited funding to do so, one ought to consider what can/should be done about these issues.

@OP

I have a Gigabyte Brix with an AMD quad-core chipset running OpenBSD 5.5 just peachy! 256GB SSD hard drive and 2 TB external drive on USB 3.0 works well .
Correct me if I'm wrong, but vPro isn't activated unless you turn it on in the BIOS (which only certain motherboards have) and are using software on the server end to use it. Until I see evidence otherwise, I highly doubt vPro is anything to worry about unless you're actually using it.

Plus, the open-source graphics stack, power management, and single-threaded performance pretty much blows AMD away. It'll be interesting to see where AMD goes with their ARM offering in the future.
Reply With Quote
  #7   (View Single Post)  
Old 23rd August 2014
e1-531g e1-531g is offline
Port Guard
 
Join Date: Mar 2014
Location: Poland
Posts: 16
Thanked 0 Times in 0 Posts
Default

@angryfirelord
I recomend to spend some time on reading this blog:
http://theinvisiblethings.blogspot.com/
For example http://theinvisiblethings.blogspot.c...09-slides.html
So, the "Ring -3 Rootkit" presentation is about vPro/AMT chipset compromises.

Unfortunately currently BIOS/UEFI and other forms of firmware example AMT:
1. Are vulnerable to attacks
2. Do a lot of things
3. Have high privileges

This is issue in PC world. Now this could be also in ARMv8 microservers world, because new (not yet published) specification is going to include mandatory ACPI and UEFI, instead of todays simple firmware with device trees. (Yes, these simple firmwares are buggy too and properietary, but there can be written simple, secure open code instead).

Last edited by e1-531g; 23rd August 2014 at 09:55 PM. Reason: Added valuable text
Reply With Quote
  #8   (View Single Post)  
Old 31st August 2014
e1-531g e1-531g is offline
Port Guard
 
Join Date: Mar 2014
Location: Poland
Posts: 16
Thanked 0 Times in 0 Posts
Default

If you are interested in topic, you can also read:
http://www.mitre.org/sites/default/f...escalation.pdf
Reply With Quote
  #9   (View Single Post)  
Old 1st September 2014
Oko's Avatar
Oko Oko is offline
Fsck Surgeon
 
Join Date: May 2008
Location: Kosovo, Serbia
Posts: 800
Thanked 36 Times in 32 Posts
Default

Quote:
Originally Posted by spitfire_ak View Post

Given the NSA's current press to exploit ALL possible security holes, and unlimited funding to do so, one ought to consider what can/should be done about these issues.
Design your hardware and OS from ground up with security in mind. I doubt that anybody except few nation states can effort to do this but for people who are interested in the topic should try to get their hand on anything by RAND corporation written about the topic.

@OP

I just noticed your post. You are just throwing your money because as someone observer OpenBSD PF can't take advantage of multi core. I would also like to add that multi core benefits are debatable as OpenBSD PF is circa 4 times faster than FreeBSD PF version optimized for multi core as Henning Brouer explained in this thread

http://marc.info/?l=openbsd-misc&m=140481161526390&w=2

It is also interesting to note that PF probably has no future at least on FreeBSD (finally an interesting thread on questions@freebsd)

http://lists.freebsd.org/pipermail/f...ly/007391.html

which was clear to many of us who flee FreeBSD long time ago.

As of hardware recommendation I have great experience with the one I listed in this thread

http://marc.info/?l=openbsd-misc&m=139139524604521&w=2

If your network is 10 gigabyte capable I would invest in the really high end network card.

Last edited by Oko; 1st September 2014 at 01:57 AM.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
MySQL book recommendations Carpetsmoker Book reviews 1 22nd March 2012 02:37 PM
recommendations on a picture viewer divadgnol67 OpenBSD General 11 3rd April 2011 09:52 PM
Book recommendations, Web Development thirdm Programming 6 30th October 2010 05:48 PM
Needing recommendations nfries88 General Hardware 33 31st March 2009 01:13 AM
Hardware recommendation: what hardware to buy for my new FreeBSD desktop? Broodjegehaktmetmayo General Hardware 92 11th February 2009 10:43 PM


All times are GMT. The time now is 10:13 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick