Netgate SG-1000 microFirewall

Author Topic: PfSense w/Squid: SSD still ill-advised?  (Read 498 times)

0 Members and 1 Guest are viewing this topic.

Offline oguruma

  • Jr. Member
  • **
  • Posts: 48
  • Karma: +0/-0
    • View Profile
PfSense w/Squid: SSD still ill-advised?
« on: February 04, 2018, 02:03:57 pm »
I currently have pfSense installed on an old 300GB HDD, which is not long for this world. I use it for my home network, and I do use Squid. I want to replace the HDD. I have read previously that SSDs are ill advised because of their sensitivity to being written to frequently. However, I have also read that modern SSDs have many TB of "endurance", which for me, would theoretically outlast most spinning hard drives, even cheap SSDs.


Is it still best practice to use spinning HDDs?

Offline muppet

  • Newbie
  • *
  • Posts: 22
  • Karma: +1/-0
  • I'm a Muppet
    • View Profile
    • Tim H
Re: PfSense w/Squid: SSD still ill-advised?
« Reply #1 on: February 04, 2018, 02:15:34 pm »
Well it'll always be true (at least for the forseeable future) that an SSD "wears out" where as a spinning platter doesn't (though it can of course fail in many other ways!)

So I'd say that yes, the advice still stands, but for a small network you'll probably be OK.  Do you have plans/the ability to recover should the SSD fail hard in 5 years?  If yes, then I'd proceed.

I think the bigger question is, in 2018, what benefit does Squid give you on a small home network?  You can probably rest easier at night removing squid from the network.

If you're using squid just to do some sort of site ACL stuff, well if you have enough memory you can run squid "in memory" with no disk caching and thusly solve your "problem" that way too.

Offline johnkeates

  • Hero Member
  • *****
  • Posts: 837
  • Karma: +60/-1
    • View Profile
Re: PfSense w/Squid: SSD still ill-advised?
« Reply #2 on: February 04, 2018, 02:43:20 pm »
It really depends on the workload and the SSD. A big SSD with reasonable firmware will do fine. But a small SSD with crappy firmware in a high-load setup will die within months.

Offline kejianshi

  • Hero Member
  • *****
  • Posts: 4995
  • Karma: +199/-43
  • Debugging...
    • View Profile
Re: PfSense w/Squid: SSD still ill-advised?
« Reply #3 on: February 04, 2018, 03:11:09 pm »
The write duration is the write duration.  If the specs suit your needs, it should be fine. 

I've been running several old SSDs for about 6 years for pfsense and none have failed.

Offline johnkeates

  • Hero Member
  • *****
  • Posts: 837
  • Karma: +60/-1
    • View Profile
Re: PfSense w/Squid: SSD still ill-advised?
« Reply #4 on: February 04, 2018, 03:13:10 pm »
The write duration is the write duration.  If the specs suit your needs, it should be fine. 

I've been running several old SSDs for about 6 years for pfsense and none have failed.

Well, Squid might hammer with tiny writes all day long, and that could have an impact bigger than you'd expect. Hard to put a number on the amount of writes, but I suspect it's a non-standard workload (from a desktop perspective).

Offline kejianshi

  • Hero Member
  • *****
  • Posts: 4995
  • Karma: +199/-43
  • Debugging...
    • View Profile
Re: PfSense w/Squid: SSD still ill-advised?
« Reply #5 on: February 04, 2018, 04:19:19 pm »
My disks are old SLC drives and I love SLC. 

I am currently only running mlc tlc vnand etc on desktop computers.



Offline johnkeates

  • Hero Member
  • *****
  • Posts: 837
  • Karma: +60/-1
    • View Profile
Re: PfSense w/Squid: SSD still ill-advised?
« Reply #6 on: February 04, 2018, 04:26:48 pm »
My disks are old SLC drives and I love SLC. 

I am currently only running mlc tlc vnand etc on desktop computers.

Yeah, one of those marketing wank nand (3d nand? v-nand?) had an issue where if you did a lot of tiny writes, i.e. use it as a log device or ZIL, it would die really fast because the only way they could make it fast and reliable was to optimise the firmware for desktop use or something like that.

Too bad they don't ship SLC more often, it's mostly the older or more expensive DC-type SSDs that get that.

Offline kejianshi

  • Hero Member
  • *****
  • Posts: 4995
  • Karma: +199/-43
  • Debugging...
    • View Profile
Re: PfSense w/Squid: SSD still ill-advised?
« Reply #7 on: February 05, 2018, 05:57:56 am »
I think there are still a few never used SLC drives out there from years ago for sale.

You can buy modern SLC drives also, but they cost a fortune...   Probably because they are no better than the MLC, TLC etc etc drives (joke).

Have you noticed that people will completely lose their cool if you insinuate that SLC is better?  Seems like the price would give it away.

Offline vjekob

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Re: PfSense w/Squid: SSD still ill-advised?
« Reply #8 on: February 05, 2018, 07:25:16 am »
Could you give an example of a good used SLC drive to look for ?

I bought a fanless i3 7100U /16GB mini pc considering running
either pfsense directly on hardware or pfsense + cisco virtual
wireless controller as VM's on ESXI (all newbie territory to me)
and was wondering whether I would need something better
than eg an Intel S3500 SSD (have a couple of small /120GB laying around)
 i.e. something like an S3700 (more write intensive) ?

Online VAMike

  • Sr. Member
  • ****
  • Posts: 429
  • Karma: +65/-11
    • View Profile
Re: PfSense w/Squid: SSD still ill-advised?
« Reply #9 on: February 05, 2018, 08:43:19 am »
I think there are still a few never used SLC drives out there from years ago for sale.

You can buy modern SLC drives also, but they cost a fortune...   Probably because they are no better than the MLC, TLC etc etc drives (joke).

Have you noticed that people will completely lose their cool if you insinuate that SLC is better?  Seems like the price would give it away.

They're more expensive mainly because they're much lower density/lower yield, and low demand/low volume parts. There's no way a squid instance on someone's home network is going to push through the write limits of even a consumer grade SSD.

That said, I second the opinion that implementing squid is mostly a waste of time that will slow things down, regardless of the drive choice.

Offline johnkeates

  • Hero Member
  • *****
  • Posts: 837
  • Karma: +60/-1
    • View Profile
Re: PfSense w/Squid: SSD still ill-advised?
« Reply #10 on: February 05, 2018, 09:27:38 am »
Running Squid will have a few small use cases like limited connections where speed isn't the issue but traffic cost is, or as stated before, ACL.

Most setups will have a serious negative impact with Squid because of the added latency and the ton of crap websites load today to display a simple page.

Offline Harvy66

  • Hero Member
  • *****
  • Posts: 2321
  • Karma: +213/-12
    • View Profile
Re: PfSense w/Squid: SSD still ill-advised?
« Reply #11 on: February 05, 2018, 12:26:46 pm »
You really need to know your use case. Many are saying squid gives less than a 1% hit rate for the modern internet. Places where it could really help is caching updates, but these kinds of issues may work better using a special purpose cache. like WSUS for Windows Updates.

Offline kejianshi

  • Hero Member
  • *****
  • Posts: 4995
  • Karma: +199/-43
  • Debugging...
    • View Profile
Re: PfSense w/Squid: SSD still ill-advised?
« Reply #12 on: February 05, 2018, 01:48:54 pm »
I'm not actually a proponent of squid for most people either. 

Offline stephenw10

  • Administrator
  • Hero Member
  • *****
  • Posts: 12002
  • Karma: +474/-15
    • View Profile
Re: PfSense w/Squid: SSD still ill-advised?
« Reply #13 on: February 06, 2018, 11:14:30 am »
Yup, both those things are true IMO:

Any half decent SSD should have no problems. Most of the bad rep comes from early cheap drives.

Squid is of very limited value for most users.

Steve

Online johnpoz

  • Hero Member
  • *****
  • Posts: 15172
  • Karma: +1414/-206
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: PfSense w/Squid: SSD still ill-advised?
« Reply #14 on: February 06, 2018, 11:45:36 am »
Chime in as well on this.  Any current SSD is not going to have any sort of issues.. They have 100's of  TBs of writes in their life.. No possible way your going to come close to this in some home system proxy in any amount of time where that drive would have been replaced normally from just being old and slow..

And 2nd to be honest the use of proxy in a home setup for "caching" purposes in modern internet pretty pointless.  Are you wanting to filter your you son's or something from p0rn?  if so there is prob easier solutions based upon dns vs actual proxy that would be easier to implement and manage, etc.
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.4.2-RELEASE-p1 (work)
1x SG-4860 2.4.2-RELEASE-p1 (home)