Home NAS solution - How to contain costs

[artlessknave]

I need to seriously evaluate deduplication...

deduplication needs GOBLOADS of RAM. as in, don't bother considering it until you have, iirc, 128GB, or maybe 256GB. since you are balking at 32GB and 64GB....this is not an option.

poorly setup dedup can make your pool unusable, and require a destroy/rebuild of the pool, since one does not simply disable dedup - once enabled, and data is written, the deduped data will exist until all of it is deleted and any snapshots are deleted AND any referenced data is deleted.

home 10gbe networks are very doable. you don't need a 10gbe router to get 10gbe on the LAN.

 

[Davvo]

deduplication needs GOBLOADS of RAM. as in, don't bother considering it until you have, iirc, 128GB, or maybe 256GB. since you are balking at 32GB and 64GB....this is not an option.

To be fair he could store the dedup table in the L2ARC if he goes 64GB, but...

poorly setup dedup can make your pool unusable, and require a destroy/rebuild of the pool, since one does not simply disable dedup

...this is very true.

 

[Whattteva]

Why are people so hung up on dedups? HDD space is cheep... way cheaper than RAM. I'd rather use that much RAM on VM's and other more useful things. I really don't understand the massive tradeoffs people are making for basically the cheapest stat to buy relative to CPU and RAM.

And here I thought people are complaining about Intel's ECC Xeon tax.... but apparently, to some people, HDD space is more expensive!

 

[artlessknave]

Why are people so hung up on dedups?

because it seems like a magic way to just never waste space on duplicate files so you can download all the pron files you want and never have to manage the space.
I know a bit about dedup cuz I was looking into it since it seemed cool...and then determined it was useless for me. tends to work best for backups, but the hardware cost makes it of meh financial efficiency. probably still WAY cheaper then a DataDomain though.

 

[TDi39]

Who said anything about 10 Gb/sec (not 10 GB/s; that would be 80 Gb/s, which doesn't really exist) firewalls? If you're needing to pass traffic at 10 Gb/sec between networks, even then a proper switch could do it, and those can still be had at quite reasonable prices.

I made a typo. Yes, I meant 10 Gb/s.
My firewall doesn't have such ports, and the switch doesn't do anything, all my network is firewalled properly, a switch doesn't do anything as such.
10 Gb/s firewalls are super expensive, I can't justify that in an home setup...

 

[Davvo]

I made a typo. Yes, I meant 10 Gb/s.
My firewall doesn't have such ports, and the switch doesn't do anything, all my network is firewalled properly, a switch doesn't do anything as such.
10 Gb/s firewalls are super expensive, I can't justify that in an home setup...

Any system with a 10 Gig card or two running pfSense or similar can do the job.
Besides, you generally only want a firewall between the outside and your network.

 

[danb35]

My firewall doesn't have such ports

So what?

the switch doesn't do anything

A switch switches traffic among network devices. What else do you think you need it to do?

 

[artlessknave]

10 Gb/s firewalls are super expensive, I can't justify that in an home setup...

you don't need a 10gb/s firewall to run 10gbe at home. hell, very few, if any, home connections get 10gbe connections.
your firewall is likely routing 1gbe at the most, you would just build a LAN only 10gbe setup, either with direct attach networking (NIC to NIC), or just a few connections and 10gbe switches that are reasonably priced.
it's not required, but you seem to be putting requirements on it that are not necessary.

 

[TDi39]

Any system with a 10 Gig card or two running pfSense or similar can do the job.
Besides, you generally only want a firewall between the outside and your network.

Hi, I'm not sure what you recommended, but I don't want to run my firewall in a VM, my firewall is on a dedicated appliance.

In general, these are the reasons of cost for 10 Gb/s:
1. I should buy a new network card, no way
2. My switch will cost double, no way
3. I'm fine with that speed anyway
4. I didn't request to setup a 10 Gb/s network, unless I'm drunk :D , I just posed the ground on the fact that I don't need super hardware for 1 Gb/s throughput.

So what?

A switch switches traffic among network devices. What else do you think you need it to do?

A 10 Gb/s switch usually cost double compared to 1 Gb/s , if you have many ports.

If you need to firewall even that traffic properly, your firewall should be also very well equipped, again cost increase! (maybe not double cost)

 

[danb35]

A 10 Gb/s switch usually cost double compared to 1 Gb/s , if you have many ports.

How many 10G ports do you need? You know you can link switches together, right?

Here's a great managed switch, 16x 10GbE ports, 2x 40GbE ports, 48x GbE ports, all of the latter with PoE. Full layer 2 switching + layer 3 routing capabilities, US$200:

Brocade ICX6610-48P-E 48 Port Gigabit Switch WITH DUAL POWER -Same Day Shipping | eBay

How do we refurbish items at our facility?.

www.ebay.com

Don't put it in the house, though; it's a screamer. This one's much quieter, doesn't include the 40GbE ports, only has 4x 10GbE ports, still 48x GbE, all with PoE, layer 2, layer 3, well under US$200:

Brocade ICX 6450-48P 48-Port Gigabit Ethernet Switch for sale online | eBay

Find many great new & used options and get the best deals for Brocade ICX 6450-48P 48-Port Gigabit Ethernet Switch at the best online prices at eBay! Free shipping for many products!

www.ebay.com

I have one of each of these; they're very capable, and the price is quite reasonable. Very thorough documentation on setting them up and licensing all the features at:

Brocade Overview - Fohdeesha Docs

fohdeesha.com

 

[artlessknave]

but I don't want to run my firewall in a VM

I'm pretty sure no-one has mentioned this.

If you need to firewall even that traffic properly, your firewall should be also very well equipped, again cost increase! (maybe not double cost)

why would you firewall that traffic at all?

I didn't request to setup a 10 Gb/s network

we aren't trying to recommend that you get 10gbe, we were just correcting your inaccurate statements about it, like needing a 10gbe firewall to run a 10gbe LAN, or that 10gbe is as dramatically more expensive as you seem to think.

if 1gbe is enough for you, there is nothing wrong with that.

a few times now it has seemed like you skim over what was said and then write a response based on your assumptions of what was said, rather than the actual content. this makes communicating.....difficult.

 

[Davvo]

@artlessknave you almost managed to write a kind post! Almost! :P

@TDi39 while you can virtualize pfSense, OPNsense and the likes, I was suggesting using a dedicated system. Anyway, it's beyond the scope of this topic; my initial point was that TrueNAS CORE can be easily run with 16GB of RAM in certain conditions (1Gbps being one of them).

 

[TDi39]

How many 10G ports do you need? You know you can link switches together, right?

Here's a great managed switch, 16x 10GbE ports, 2x 40GbE ports, 48x GbE ports, all of the latter with PoE. Full layer 2 switching + layer 3 routing capabilities, US$200:

Brocade ICX6610-48P-E 48 Port Gigabit Switch WITH DUAL POWER -Same Day Shipping | eBay

How do we refurbish items at our facility?.

www.ebay.com

Don't put it in the house, though; it's a screamer. This one's much quieter, doesn't include the 40GbE ports, only has 4x 10GbE ports, still 48x GbE, all with PoE, layer 2, layer 3, well under US$200:

Brocade ICX 6450-48P 48-Port Gigabit Ethernet Switch for sale online | eBay

Find many great new & used options and get the best deals for Brocade ICX 6450-48P 48-Port Gigabit Ethernet Switch at the best online prices at eBay! Free shipping for many products!

www.ebay.com

I have one of each of these; they're very capable, and the price is quite reasonable. Very thorough documentation on setting them up and licensing all the features at:

Brocade Overview - Fohdeesha Docs

fohdeesha.com

Thanks, but the switch that will cost me double is the one fanless, with low consumption and no PoE which is not common with switches with many ports.

My situation is kind of mine only, so general recommendations don't work.
Plus, I'm not planning to retire my network infra, otherwise it would be too much money loss.
You suggestions would apply in case I had a garage where to put these items and if this was my purchase as of now in the first place, basically I already have an infra and I'll most probably wait its EOL.

I'm pretty sure no-one has mentioned this.

why would you firewall that traffic at all?

we aren't trying to recommend that you get 10gbe, we were just correcting your inaccurate statements about it, like needing a 10gbe firewall to run a 10gbe LAN, or that 10gbe is as dramatically more expensive as you seem to think.

if 1gbe is enough for you, there is nothing wrong with that.

a few times now it has seemed like you skim over what was said and then write a response based on your assumptions of what was said, rather than the actual content. this makes communicating.....difficult.

I can't think on a precise use case for Firewall-NAS right now, but how bad it can be if I do it? At the very least, it's not bad.

Plus, with VLANs, all passes through the firewall anyway, I think that performance may decrease anyway, but I don't know how much right now.

 

[artlessknave]

@artlessknave you almost managed to write a kind post! Almost! :P

ooo...kay?

 

[danb35]

Plus, with VLANs, all passes through the firewall anyway

Once again, this is unnecessary if you have a reasonably-capable switch, and it's also irrelevant unless you'd plan on running 10G on more than one VLAN and routing between (or among) them.

As others have said, I'm not trying to say you should set up a 10G network--it's completely up to you if you want to (or do) do that. But I'm going to correct FUD about what's needed for one.

 

[artlessknave]

I can't think on a precise use case for Firewall-NAS right now, but how bad it can be if I do it? At the very least, it's not bad.

that's unsurprising, since what the heck is a "Firewall-NAS"? I know of no such thing, and am pretty sure I have not recommended something I have never heard of.
I'm so confused, where did this come from?

 

[TDi39]

that's unsurprising, since what the heck is a "Firewall-NAS"? I know of no such thing, and am pretty sure I have not recommended something I have never heard of.
I'm so confused, where did this come from?

I just meant to firewall my NAS traffic :D , but as of now, I'm not sure how much effective it can be, time to read a bit.

 

[Whattteva]

I just meant to firewall my NAS traffic :D , but as of now, I'm not sure how much effective it can be, time to read a bit.

Why exactly do you need to firewall your NAS traffic, which is most likely going to be mostly LAN traffic? Is your LAN a public open WiFi or something?

 

[artlessknave]

Why exactly do you need to firewall your NAS traffic, which is most likely going to be mostly LAN traffic? Is your LAN a public open WiFi or something?

Show : pretty sure they don't.

they appear to take things that were said, reinterpret the meaning, and then use the wrong terminology to redefine it in a way that doesn't make sense. no one was even mentioning running NAS traffic through a firewall, so how they got to that is a mystery to me.
when anyone tries to correct an incorrect statement, they come up with new inaccuracies...

 

[ChrisRJ]

Why exactly do you need to firewall your NAS traffic, which is most likely going to be mostly LAN traffic? Is your LAN a public open WiFi or something?

In my case I have multiple VLANs (incl. one for guest WiFi) to segregate my network. In particular for IoT devices that might otherwise phone home. In other words: There is a number of reasons why an internal firewall makes sense. Some companies found out about this the hard way in recent years, BTW.