isc.FreeBSD.org Cluster Update

The FreeBSD project has three racks hosted by ISC with various servers. The use of the systems have been limited by the fact that there was no firewall in front of the systems, so each host had to have local firewall and/or access control rules.

To use the isc.FreeBSD.org systems better we have now installed a firewall in front of the systems. This means that the FreeBSD project can better use the facilities provided by ISC and the servers donated by various people and companies.

The firewall is in fact two separate Soekris net5501-70 systems running FreeBSD 7. They use pf for packet filtering and CARP to provide redundancy between the two systems. The redundant setup is done to reduce the risk of taking all the isc.FreeBSD.org systems offline due to hardware or software failure in one firewall.

The two Soekris net5501 systems were sponsored by the FreeBSD Foundation. The 1U rack mount case and flash cards were donated by Brad Davis. Brad also handled the initial configuration and installation of the systems at ISC. Peter Losher helped out from the ISC side with getting additional IP addresses, DNS, and other logistics. So a big thanks to all the before mentioned for helping making this possible, and to ISC in general for hosting the servers.

3 Responses to “isc.FreeBSD.org Cluster Update”

  1. ivoras says:

    What’s behind these firewalls? The use of low-power CPU and NIC suggest these are not the main, publicly-accessible servers.

  2. simon says:

    Whoops, I forgot to reply to this :-).

    The systems behind firewalls are mainly used by the FreeBSD ports building systems and other parts which doesn’t require huge ammounts of traffic. Without really tuning the firewalls etc I can get more than 100Mbit/s so it’s still pretty decent Internet connectivity :-). While it would be a problem for the FTP mirror etc. for stuff like http://www.FreeBSD.org it wouldn’t be a problem. Last time I checked http://www.FreeBSD.org didn’t use much more than ~5Mbit/s in avg.

    Simon

Leave a Reply

You must be logged in to post a comment.