Scale or die

Tech posts

IPSec throughput tests between 2 Soekris 5501 running pfsense

Late last year I was playing with pfsense in order to replace ssh+vtund connections between sites with a cleaner ipsec rig. To that effect I set up 2 soekris 5501 with HiFn crypto accelerators, directly connected via a Cat-6 ethernet cable, both running pfsense-1.2 (I forget which release candidate) and was able to pipe 20Mb/s using 256 bit-AES ESP (note the little b as bit, not byte). I controlled for ethernet limitation by sending 8x-10x as much data over the same link without ipsec.

Fun with R and wifi art

On Friday I was having a frustrating experience with our wifi system, a nifty setup from Extricom. Ping round-trips were varying widly but always going back from a 1 s to a sub-10 ms elapsed time. I ran ping for a bit, pushed the data through R and was extremely surprised by the results. Since this particular setup uses a controller that allows seamless hand-over from one access point to another, I suppose that my bits are being transmitted by different access points at least every second. A pleasant graph nonetheless. [caption id="attachment_82" align="alignnone" width="509" caption="Latency (ms) of sequential 1-second pings"]
Media_httpscaleordief_dwcrp
[/caption]

On Joyent's recent storage mishaps

I have read with interests comments on Joyent's blog of disgruntled users among which professional system administrators seemed to be found. Beyond the technical merits of the recovery it is quite clear that selling storage services with no backup scheme that would allow data to be available within a matter of hours or a day at best is a dangerous proposition for an internet startup boasting technical prowess. At best it casts a negative light on their understanding of what a backup is and that ultimately I store data remotely not because ZFS or Thumper are cool (they are) but because I hope to be able to retrieve it more elegantly and more simply than going to the bank to retrieve the tape from the vault.

Interestingly enough the brand leader in distributed storage, amazon has an interesting Service Level Agreement that worries solely about the service being available, not that data returned are immune to corruption. I am wondering whether the next step is going to be data insurance, against data loss and format obsolescence. Something to ponder.

In my context neither of these options are appealing since data are the bread and butter of my company, hence the painstaking off-site backup process to mitigate risks and the oh-so-enjoyable-but-needed task of spelling out a comprehensive disaster recovery plan.

Options to build cheap unified storage

We have been running happily with a 3Par S400 in production and it has delivered so far according to our expectations. The ease of management has made the anarchy of our development environments more conspicuous, to the point that we are currently contemplating a few options to get out of the labour-intensive situation.First a bit of context. We are an Oracle shop and the demand to spawn new instances with roughly 1TB of storage has picked up dramatically over the past 6 months. When the company was younger we could simply keep buying Apple XserveRaid and, without LUN masking, manage the mapping between LUNs and hosts manually. We went with Apple because of their prices per GB mostly and the performance is good enough for us, delivering enough IOPS for our needs. Also management was kept to a minimum; again from a cost perspective it made sense. Our Oracle instances use file-based storage management which makes the whole setup relatively easy to grasp.We are now facing storage demands that makes this ad-hoc way of doing things obsolete and border-line dangerous. Besides after interacting with the centralized console of the S400 it is hard to not want to get the same ease of management... for a fraction of the cost. Our options are so far:
  1. Get another 3Par
  2. Get another brand of SAN (e.g. Compellent, XIV, Dell/EMC, etc.) if it turns out to be cheaper
  3. Build scripts to manage existing XServe-RAIDs
  4. Buy a Sun x4500 Thumper and turn it into an iSCSI target.

Option #1 is the most desirable if money were no object. We would then benefit from a uniform storage substrate, maybe get better deals on expansion based on volume purchases, turn on SAN-to-SAN replication to also use that unit as a disaster recovery unit. The downside is, beside cost, vendor lock-in and living at the mercy of proprietary pricing.

Option #2 is mostly interesting for ease of management. Total cost is probably going to be marginally lower and integration with the production infrastructure is less-than-optimal.

For Option #3 if I put my geek hat then it is by far the most appealing option as it promises interesting flexibility at a cost that's hard to beat (a bit over $1 per terabyte). ZFS looks very promising (despite Joyent's recent troubles with the open-source version of Solaris, maybe they should have stuck with the supported Sun version). ZFS would not work for all uses, notably to store database blocks (lest we start using Oracle 11g and its DirectNFS storage). Once I remove my geek hat this proposition is less interesting as we are not a Solaris shop to start with, we have limited experience with iSCSI and the thing has to be production-ready as we would not be able to afford many issues with it.

As for Option #4 it is a variation on #3, albeit at a lower risk. Still the units' limitation on 10.5 TB being split between two discreet controllers means a brittle use of linux's Logical Volume Manager for unix hosts. As long as we are operating storage at the block level (as opposed to a file-level or at a higher-level) this is unlikely to scale.

Which one is it going to be? 

Sun 2200M2 + Apple XserveRaid

This should prove a worthy Oracle 10g combination. We plan to use it for development purposes. The Sun server is a nice little 1U (specs here), connected via an HBA to 10.5TB of raw storage from Apple. I'll post a quick review shortly. For the real thing we use a Sun x4600, a great machine to run Oracle on Linux. Don MacAskill of SmugMug beat me to it and published an interesting review of these 2200M2.