This topic was designed to provide information but also to gather feedback from
other pfSense users operating on SSD drives.
If you were hoping to make pfSense ultra reliable by adding a SSD then this is a must read,
otherwise you could actually decrease the reliability more then your current drive.
SSDs are not simple upgrades for systems doing frequent disk writes. I wrote this
after my SSD upgrade planning so that you know what you're dealing with.
Having a pfSense firewall/router in a production environment that handles and routes data 24/7 made me rethink the hardware approach and to upgrade to prevent future problems.
The idea was to make the system run entirely solid-state with virtually no moving parts to fail (except fans and
the system I chose has redundant fans). Similar to Cisco routers and other embedded solutions, designing
an entirely solid-state system was as simple as replacing the mechanical hard drive with a solid state drive.
However, if you think it ends here there is actually much more to go and failure to do so could result
in a SSD drive life time much less than the typical mechanical drives. Without tuning, your SSD could last only
months. That's right, months.
Almost all common SSD drives today utilize NAND flash cells. NAND flash cells can only handle about 10,000
writes before they become unusable. For this reason SSD manufacturers use controllers that are able to distribute
data for even wear. Even if you really only need a few gigabytes of space make sure to upsize significantly on the
SSD so the drive controller has more memory area to spread across.
Some SSDs are better then others and use higher quality NAND flash components so it's a good idea to look around
for a good SSD and upsize considerably.
Now, no matter the SSD quality, there are several key factors on the pfSense system that you will have to address
to maximize the life of your SSD. This applies to all SSD drives of any manufacturer.
- Use higher amounts of RAM and disable the swap file (During install delete the /swap partition)
The swap file can quickly wear out your SSD if not disabled. Remember, 10k writes per memory cell is it.
- Disable firewall rule logging
The logging will also quickly wear out your SSD. If you require logging perhaps use a remote syslog server.
- RRD Graphing
The RRD graphing backend runs and writes graph files to the drive (SSD) every minute. Disable RRD graphing backend.
** May be a good feature in pfSense to add the option to change the RRD /tmp directory from hard disk to ram disk for SSDs. Only down
side is graphs will be lost on power down/reboot because the RAM is volatile.
- Upgrade to pfSense 2.0 for features such as Hard Drive S.M.A.R.T. Status
pfSense 2.0 includes a very important tool if you're running a SSD and that is S.M.A.R.T. monitoring. With this feature you will be
able to check the SSD's S.M.A.R.T. logs for I/O errors and drive problems. By monitoring this you can help see a failure coming.
- Disable ANY packages that could frequently write to the disk. If you are using a SSD drive for reliability it does require a sacrifice
of many/most packages for pfSense. If you want a ultra reliable and fast pfSense system, it's crucial that you are willing to give up
Alternative to SSDs, you could use hardware RAID with regular hard drives if you require all of the packages, logging and extras. In my experience, you
want as little running as possible on a firewall. If you use a SSD, then you really have no choice. It's a must or you will have a failure. Time before failure
depends on the SSD quality, the SSD controller, the SSD size and frequency/size of disk writes. In some cases with continuous writes and high disk traffic
could damage the SSD in months.
This applies to all SSD drives no matter the brand, quality or features. Hybrid SSDs may work a bit differently because of the RAM buffer/cache but
you should still apply the same rules.
Keep pfSense simple and eliminate frequent drive writing and your system could last 10 years or more.
Question? Is this all absolutely necessary or is it just "optimization".
Answer: It is absolutely necessary, otherwise you're much better off using regular non-SSD drives in RAID. More then likely you chose SSDs for reliability so this is crucial. Placing SSDs in RAID is almost useless because the wear patterns would be mirrored and chances are they would both fail at the exact time assuming there are no manufacturing flaws. I simply cannot stress enough how dangerous it is to run SSDs with continuous writes. Your SSD will fail otherwise, only question is when.
Hope this helps everyone thinking about SSDs and please post all of your thoughts. I'm sure I missed other stuff.
** This does not affect NanoBSD/Embedded versions of pfSense and to resolve these issues installing the embedded version will solve all of these problems because it will run entirely from ram **
FIX: To solve the problem install the embedded version of pfSense that runs NanoBSD. This version was aimed at compact flash cards where limited writes are a factor. SSDs use the same technology so make sure to install the embedded version (NanoBSD) if you use a SSD. The embedded version loads the entire file system in to ram so that RRD, logs and any other write intentive tasks are handled in ram instead of on disk. Just prepared to lose your VGA console and you will need to use serial to configure. Default settings are 9600 baud 8-n-1. Thank you for the input/ideas everyone.
-- koukobin pointed out that there is a NanoBSD version that has VGA support. Thank you for the info!