Our Colo Adventure Pt II – The Software

Posted on by kyle

So you’ve got an absolute monster of a server, what do you run on it? There are some really great options. If you are like my co-worker and prefer clicky clicky management and a familiar interface, there is always Windows Server. If you are hardcore and want the most stable and most performant option, FreeBSD is a strong contender. Linux is a great all-around performer and has very strong software support for whatever task you are trying to accomplish. These days though, you aren’t really all that limited with any of them as we can leverage virtualization.

In order to keep the natives from getting restless, Windows Server was our first choice. We could leverage the switch-independent NIC teaming that is new to WS 2012. Also available is a native hypervisor for separating all of our services and controlling network access through the vswitch. We both use Hyper-v at work and support numerous customer deployments on the platform. It’s not a bad system, but the management utilities are slightly lacking, especially for advanced features such as clustering. But, as we have only a single server, these issues would have had minimal impact for us.

Windows server installed just fine and getting things up and running was plenty easy. But after placing a load on the machine, we discovered several problems. The first issue was an absolute showstopper. The NIC aggregation would simply not work in a stable manner for our dual Intel NICs. No matter what we did in terms of driver versions or settings would solve the issue. The network could only sustain between 30 seconds and 1 hour of sustained load before it would become entirely unresponsive and the system would need a reboot to become functional again. While this was a dealbreaker, and Windows was dead to us at that point, we were curious about another feature new to Server 2012. Storage Spaces sounds like just a magically awesome technology for pooling drives and managing storage. You just use the GUI to make virtual disks on top of whatever physical disks you want. Then you just carve out partitions on top of the storage as normal and go to town…when it works. For our purposes the only configuration that made sense was going to be dual-parity. We couldn’t just throw away half our disk space going with a mirrored configuration. With dual parity, we would only lose 2 disks worth of space for data redundancy. While I had read that parity spaces perform badly, I was shocked to find out just how poorly it performed. The writes were most concerning:

terribad_writes

80MB/s writes, under the most ideal conditions, across 24 7,200 RPM spindles is wildly unacceptable. 4k writes and re-writes were so bad you’d almost get better performance from a 3.5″ floppy drive. I was shocked!

terribad_reads

The read performance was sawtoothing all over the place, so I took Windows Server out behind the woodshed and put it out of its misery.

The next choice was Ubuntu Server LTS. It has a nice long 5 year support window, and it’s just a nice sane Linux implementation. We would have gone Centos, but I really needed a newer kernel because I wanted to employ ZFS. I could write an entire post on why ZFS is the most amazing thing since sliced bread. I might even do that sometime, but staying on point…ZFS was lightyears ahead of Spaces. With all the disks in three separate RAID-Z1 vdevs we made a single pool. Benchmarking this pool yields 1.2+ GB (yes, gigabytes) per second for sustained uncached reads. Writes hover around the 800MB/s range. The performance is just phenomenal. On top of that we get to make use of our 48GB of RAM for read caching, which just makes things even faster. I couldn’t be happier with our disk performance.

UFW makes a really simple IPTables frontend for managing our traffic and locking down ports.

We also started using KVM to keep things sane and separated, which leads us into part III.

Our Colo adventure Pt I – The Hardware

Posted on by kyle

After renting for a number of years you eventually decide that it is more financially viable to own longterm. And whether you are talking about housing or hardware, the logic is all the same. Everyone needs housing. Everyone also obviously needs a 100TB+ monster of a server with massive Internet connectivity. Following with the analogy of home ownership, you can really customize your own server to suit your particular needs. Shopping for myself, and my co-worker, we decided that storage was most important. You can rent servers with half as much storage as we built, but it will cost you dearly.

st72

If you aren’t worried about getting a fixer-upper, you can save even more. You can get a “turn-key” chassis secondhand on ebay and get dual sockets and redundant power. Something like the Supermicro 846 series is a good choice for that. Or you can do “new construction” and build your own in a serviceable new chassis like a Norco 4224. This allows you to splurge on only the amenities that you are looking for.

We decided to go with a 5 year old Supermicro 846 that came fully furnished with dual 6 core Xeons and 48GB of memory. For the money, it’s an absolute screamer. I mean that in several ways. The noise is really oppressive if you were going to live with it. Fortunately, we planned on shipping ours off and only visiting when it was being very naughty. As the Supermicro included IPMI for out-of-band management, our need to actually visit the datacenter is going to be very minimal.

With dual hyperthreaded Westmere generation Xeons, we have 24 logical cores to play around with. This is especially important as we both plan on utilizing Plex for media streaming. The on-the-fly video transcoding can shape bandwidth for any situation, but it needs plenty of CPU. As Plex recommends 2000 passmarks per stream, we will be “limited” to 6 transcoded 1080p streams at any one time.

The really fun part for me was provisioning storage. It’s hard to really get a good idea of what 24 hard drives are like until you really work directly with them. It took me 45 minutes just to get them slotted in their hot-swap bays. We ended up with 24 Toshiba 5TB monsters as they were 7,200 RPM and had an excellent price at the time of purchase. Each of these things has a 128MB cache, so we have 3GB of caching before we even get to the controllers or OS.

We needed something to drive the drives, so to speak. The Supermicro allowed us to utilize a backplane with a SAS expander so that we had the option of feeding it a single SAS 8087 cable and run everything that way. Unfortunately, we would be limited to hardware RAID and have limited drive monitoring and error recovery options within the OS. The decision was made to utilize three IBM M1015 HBA’s. These are quite cheap on eBay and three all together have enough ports to give a dedicated 300MB/s lane to each hard disk. Flashed to IT firmware, they are perfect for next-generation RAID.

Overall I’m very happy with the hardware that we have, considering that our savings over something like a Dell or HP are enough to purchase a car.

Look, up in the sky!

Posted on by kyle

old-man-yells-at-cloud

One of the modern industry terms that never fails to get on my nerves is “the cloud.” And I can understand that, for many people, uploading their images to iCloud is just sort of a magical fluffy concept that looks plenty like this. The term actually developed from a common industry shorthand used to describe The Internet. In countless non-nondescript and most likely poorly lit offices some shabby network engineer was, at one point, tasked with creating a network diagram. While that engineer could succinctly describe all devices that he or she has control over, the Internet just defies pictographic description. It’s not really a word you would want to draw in a game of Pictionary. It’s so obviously complex that reducing it to a single object is hilarious.

south-park-broken-internet

Eventually all those network diagrams just included a sort of amorphous blob. This is the magic box of packet pushing into which you dump things and those things are (mostly) recreated out on the other side.

Network-Diagram

Arthur Clarke once stated that “Any significantly advanced technology is indistinguishable from magic.” The closer you get to the actual machinery that runs the magic, though, the more it starts to look like machinery. It’s power hungry, expensive, loud, and hot. The enormous amount of work that it takes to keep everything running is just sort of dismissed in a hand-wavey manner by calling this amazing thing “the cloud.” If every packet plumber took a lunch at the same time the entire operation would be a trainwreck without the added benefit of cool aerial photos of the carnage.

I’m not the only one that takes offense. A very popular extension makes the web a more amusing place. It’s much more amusing to read about people sending their very large RAW images up to their Cloud now.

So support your local network engineers. Without them, we wouldn’t be able to secretly hate but simultaneously be jealous of Rich kids of Instagram. If you are thinking there must be a German word for that feeling, I’m sure you can pull it out of the cloud.

FreeBSD as a Hypervisor

Posted on by kyle

Since the most powerful machine that I own is my storage server, I thought it prudent to leverage its capabilities by running alternate operating systems to provide the services that I use. FreeBSD is awesome in that it is a coherent system coded by a passionate community and refined by decades of production service. Since I have 96TB of raw disk hanging off of the machine it was imperative that I use what is objectively the best filesystem currently in existence: ZFS. While ZFS runs on Linux now and is mostly nice and stable, I wanted the most tested and most performant platform for ZFS. Short of utilizing the slightly crazy and far less supported OpenIndiana, FreeBSD is the best choice. All of the storage functionality and exporting of shares is fairly straightforward under FreeBSD. What wasn’t quite so well documented was the process of getting virtual machines to run. There are some options:

The first option for virtualization on FreeBSD is to not use FreeBSD. VMWare will allow you to use their hypervisor and run FreeBSD as a guest on top. You then pass through the disks directly as long as you have VT-D capability in your environment. I’ve heard of examples of this working just fine. I’ve also heard of it causing problems that were difficult to diagnose. It’s really up in the air depending on what hardware you are using. In the end I decided against this approach mostly because I am a freedom loving American and I like my software to be as free as I am.

murica_6cd297e8f8b040c6ad41c1430077f1ba

Your second option actually uses FreeBSD as the hypervisor. It’s called bhyve but pronounced “beehive.” It’s eventually going to be to BSD as KVM is to Linux. Eventually. It’s still under development and just wasn’t quite ready when I was deploying my server. This will someday be the best option, but for now there is Virtualbox.

Virtualbox is a type 2 hypervisor that runs on just about everything. And while I would never even consider using it for any sort of serious business, in my experience it has been plenty good enough to use in a homelab setting. So how the heck do we get VMs spun up on a headless FreeBSD host?

Install virtualbox using the fancy new package management system:

pkg install virtualbox-ose

Before we begin creating the VM we need to set up FreeBSD to load the necessary kernel modules. There are three. Load them:

kldload vboxdrv
kldload vboxnetflt
kldload vboxnetadp

Make sure they load on startup every time by adding them to /etc/rc.conf

vboxdrv_load="YES"
vboxnet_enable="YES"
vboxheadless_enable="YES"

Now we create a VM and name it. This also registers the VM with Virtualbox. You can find your particular ostype by running VBoxManage list ostypes.

VBoxManage createvm --name w8 --ostype Windows81 --register

Then we need to define some attributes of the VM. The memory specification, hardware type, and networking setup. If you want the NIC for the VM to just show up as its own discreet NIC on the network, bridged mode is what you are looking for. My NIC is named “igb1.” You can find the one you need to use with ifconfig.

VBoxManage modifyvm w8 --memory 8048 --ioapic on --cpus 8 --chipset ich9 --nic1 bridged --nictype1 82540EM --bridgeadapter1 igb1

Define the storage in MegaBytes.

VBoxManage createhd --filename /path/to/store/HDDcontainer/w8.vdi --size 50000

Create a storage controller to attach it to.

VBoxManage storagectl w8 --name "SATA Controller" --add sata --controller IntelAhci --portcount 4

Attach it.

VBoxManage storageattach "w8" --storagectl "SATA Controller" --port 0 --device 0 --type hdd --medium /path/to/store/HDDcontainer/w8.vdi

We need to define an optical disk emulator to mount our ISO so that we can install to our VM.

VBoxManage storagectl w8 --name "IDE Controller" --add ide --controller PIIX4

Attach our .iso

VBoxManage storageattach w8 --storagectl "IDE Controller" --port 1 --device 0 --type dvddrive --medium /path/to/iso/file.iso

Start the VM. The option --vrde on starts a VNC session on the IP of the HOST NIC on port 3389 by default. You will need a VNC viewer to see the console output and install from the mounted media. I used TightVNC, which worked just fine.

VBoxHeadless --startvm w8 --vrde on

After you are done installing set the VM to boot from the “HDD” by default to prevent boot device confusion. If you fail to do this it will just boot up from the install media again and again.

VBoxManage modifyvm w8 --boot1 disk

It’s best to remove the VNC console after everything is set up the way you want it. Just enable your remote access option of choice from within the VM OS for management.

VBoxHeadless --startvm w8 --vrde off

One last thing to keep in mind is the NIC type that you assign to the VM. You are going to get the best performance by utilizing the virtio driver maintained by Red Hat. The package for the driver is available here. If you are installing another BSD or Linux VM then the driver is already there. If you installing a Windows guest then I found that it is best to use the Intel NIC from above and then download the driver .iso. Then change the --nictype1 to virtio. After booting use the VNC console to assign the driver to your new NIC. This allows for the best performance and, from what I have experienced, improved system stability.