Skip to content

Running pfsense on a QNAP TS-251

September 5, 2016

Introduction

I was considering consolidating some equipment in my home lab.  I wasn’t happy with the Surveillance Station software on the QNAP and recently switched to a different NVR solution.  This allowed me to repurpose the QNAP for other tasks.  I wanted to determine if the QNAP TS-251 could replace my existing pfsense SG-2220 Security Gateway Appliance.

Based on the hardware the TS-251 seemed like a perfect candidate for pfsense. Here are the specs for the TS-251:

CPU Intel Celeron J1800 dual-core 2.41 GHz Bay Trail D
RAM 8GB
Ethernet (2) Intel WGI210TA

Configuration

I downloaded the latest version 2.3.2-RELEASE (amd64) from pfsense.org/download

Screen Shot 2016-09-05 at 2.24.37 AM

Once I downloaded the .ISO installer I uploaded it to a shared directory on my QNAP TS-251 where I store all of my .ISO files.

The QNAP TS-251 has two physical network ports.  I connected one of the network ports (Physical Adpater 2) to my Cable Modem and the other (Physical Adapter 1) to my Cisco 3560CG-8PC-S Gigabit PoE Switch.  Then I clicked on Network Setting in the left menu bar and configured my Network Topology as follows:

Screen Shot 2016-09-05 at 2.35.18 AM

Next I logged into my QNAP TS-251 and opened Virtualization Station 2.2 (Beta).  In the left menu bar I selected Create VM then in the middle pane I chose Create Custom VM.

Screen Shot 2016-09-05 at 2.32.15 AM

Note: I choose the settings above because I wanted to compare the performance to the virtual machine to my pfsense SG-220 hardware appliance.  The SG-220 has an Intel “Rangeley” Atom C2338 1.7 Ghz CPU with 2GB DDR3L RAM.  Depending on your use, you may be able to use fewer resources.

When creating a New Custom VM you can only select a single Network  and it doesn’t allow you to select the Device Model.  After creating the virtual machine immediately go to Virtual Machine Settings.  Choose Add Device and make sure that this Network Adapter 2 Mode is Virtual Switch 2 and the Device Model is Virtual Gigabit Ethernet (VM Driver Required)

Screen Shot 2016-09-05 at 2.47.43 AM

Now we are ready to install pfsense.  Attach the .ISO to the virtual machine, then power it on.

Screen Shot 2016-09-05 at 2.53.53 AM

During the installation I chose the Quick Easy Install and used the Std Kernel.  The WAN and LAN adapters are auto-detected – it appears as though it looks for the adapter that has DHCP and auto-assigns that as the WAN port.

Screen Shot 2016-09-05 at 2.57.55 AM

If the adapters are em0 and em1 instead of vtnet0 and vtnet1 then you forgot to change the Device Model to Virtual Gigabit Ethernet.

After the installation completed I attempted to ping the LAN interface 192.168.1.1 from my test machine.

Troubleshooting Tip: If you are unable to ping the LAN port after installing there is a good chance that you switched the interfaces.  Open the console of the VM and choose option 1 to Assign Interfaces properly.

Performance Tests

Testing Equipment:

There were two settings that had a significant impact on performance:

  • Hardware Checksum Offloading
  • Device Model Selection

During my initial testing I found that my download speed was awful 2.72 Mbps, that is not a typo it was 2.72 Mbps after multiple tests.  Checking the box to Disable hardware checksum offload restored my download speed to 255.53 Mbps.

Open a web browser connection to http://192.168.1.1 and logged in as admin with password pfsense.  From the top menu select System –> Advanced –> Network and then select the check box to disable Hardware Checksum Offloading.

Screen Shot 2016-09-05 at 3.08.24 AM

When I originally installed pfsense I used the Device Model Intel Gigabit Ethernet and although it provided a respectable download speed of 84.74 Mbps, switching to the Device Model Virtual Gigabit Ethernet provided the best download speed at 255.33 Mbps.

I monitored CPU Utilization during testing and found that utilization rates were relatively high spiking anywhere from 40% up to 60% during most tests.

Conclusion

Using the pfsense SG-220 Security Gateway appliance I am able to achieve download speeds of in excess of 350 Mbps consistently.  Although the pfsense virtual machine peaked at 255.53 Mbps I could not reliably reproduce that download speed, download speeds ranged from 160 – 255 Mbps when using the virtual machine.

CPU Utilization rates on the SG-220 also spiked to 40% during the download speed test, however because the SG-220 is a dedicated appliance the CPU Utilization would not impact other applications.  I continue to use the QNAP TS-251 for other applications and was afraid that adding the pfsense virtual machine may impact performance of those applications.

As a result of the lower throughput, and potential risk to the performance of other applications running on the QNAP TS-251, I decided to keep my pfsense SG-220 appliance. The device is silent and has low power consumption, 6-9 watts during runtime – and provides outstanding performance.

 

 

Identifying VMware Software Versions in your SDDC

January 12, 2016

I recently had to conduct a software inventory on a customer’s VMware Software Defined Datacenter (SDDC).  The environment consisted of the following VMware software products:

  • VMware vCenter
  • VMware ESXi
  • VMware NSX
  • VMware vRealize Operations Manager
  • VMware vRealize Log Insight

Below are the steps used to identify the current version of each product in the SDDC.

To determine the  ESXi Version use the vSphere Web Client
In the Inventory Pane (left) select an ESXi host, then click on the Summary tab (center).  Expand the Configuration.

Screen Shot 2016-01-11 at 2.49.55 PM

To determine the  vCenter use the vSphere Web Client
In the Inventory Pane (left) select a vCenter Server, then click on the Summary tab (center).  Expand Version Information.
Note: Don’t use Help —>About to determine the vSphere version.  Using Help —>About in the vSphere Web Client will give you the vSphere Web Client’s version.

Screen Shot 2016-01-11 at 2.51.19 PM

To determine the NSX Version use the vSphere Web Client                                                  From the Home Menu go to Networking and Security.  In the left pane select the NSX Managers link.  The Version is located in the Objects tab.
Screen Shot 2016-01-11 at 3.00.14 PM

For vRealize Operations open a web browser to the default Operations Manager web page then click About in the top menu bar.

Screen Shot 2016-01-11 at 2.53.47 PM

For vRealize Log Insight open a web browser to the default Log Insight web page            In the top right hand corner click on the drop down list then select About.

Screen Shot 2016-01-11 at 2.58.42 PM

 

The NFS server does not support NFS version 3 over TCP – QNAP

December 26, 2015

After recently powering-on an ESXi host I found that all of the NFS Shares hosted on my QNAP TS-231 storage appliance were disconnected.  I first attempted to reconnect by using the vSphere Client option Rescan All in the Configuration –> Storage –> Datastores pane.  When that was unsuccessful I attempted to manually remove and re-add the datastore.  Unfortunately that too was unsuccessful.  I didn’t want to restart my QNAP appliance so I decided to restart the NFS service.  First I enabled SSH on my QNAP appliance.

Screen Shot 2015-12-26 at 10.07.53 AM

Once SSH was enabled I connected to the QNAP appliance from my Mac by using the Terminal application ssh admin@192.168.1.10

The last step was to restart the NFS service.

Screen Shot 2015-12-26 at 10.10.14 AM

Once I successfully restarted the NFS Service, I re-opened the vSphere client and clicked on Rescan All.. once more.  This time access to my shares had been restored.

Installing vCenter Server Appliance vCSA 6.0

May 17, 2015

vSphere 5.5 offered the vCSA as an .ovf file, which was imported into a running ESXi host.  Installing the vCSA is a little different in vSphere 6.0.  First, you begin by downloading an .iso file, yep .iso, not .ovf.  The name of the .iso file as of this writing is VMware-VCSA-all-6.0.0-2562643.iso of course that will change once a new build is released.  After downloading the 2.86 GiB .iso file, you will need to mount it to a Windows host.  I used a Windows 7 virtual machine that was running in my lab environment, Slysoft Virtual Clone Drive is a great piece of freeware that you can use to mount .iso files to your Windows host.  Once the .iso file is mounted open the vcsa folder and install the VMware Client Integration Plugin VMware-ClientIntegrationPlugin-6.0.0.  The installation is quick.  Next, launch/double-click the vcsa-setup from the mounted .iso.  Screen Shot 2015-05-17 at 8.29.00 AM

Note: The Windows host must be able to communicate with the management interface of the ESXi host you plan on installing the vCenter Server Appliance.

The VMware vCenter Server Appliance Deployment installer will guide you through the installation.

Screen Shot 2015-05-17 at 8.18.06 AM

Note: When you enter the System Name under Network Settings the installer expects that it is resolvable by DNS, if you have not configured DNS use an IP Address for the name.  If you enter a FQDN that is not resolvable the installation will fail.

Once you have installed the vCenter Server Appliance you can visit the same URL you’ve become accustomed to https://x.x.x.x/vsphere-client/ the :9443 is no longer required :-)  Don’t forget the default user name is administrator

Dell U2412M vs Dell U2713HM & Monitor Resolution for the MacBook Pro

December 29, 2014

Last month I was in the market for a secondary monitor that I could connect to my MacBook (Apple 13.3″ MacBook Pro Notebook Computer with Retina Display – Late 2013).  With a modest budget of around $500, I began looking for a monitor that had the following features:

  • 27″ Widescreen (16:9 Aspect Ratio) IPS monitor
  • 2560×1440 Resolution
  • Anti-glare coating/Matte Finish
  • Height-Adjustable stand
  • Energy Efficient

I was so happy with the Dell U2412M monitor I bought last year, that when B&H Photo Video offered the Dell U2713HM at $518.19 + Free S&H I purchased it immediately. 

Here is a quick overview of the differences between the two monitors.

Monitor Dell U2412M Dell U2713HM
Type IPS IPS
Size 24″ 27″
Aspect Ratio (16:10) (16:9)
Resolution 1920×1200 2560×1440
Brightness 300 Nits 350 Nits
Response Time 8ms 8ms
Pixel Pitch .27mm .23mm
USB Yes (2.0) Yes (3.0)
DisplayPort Yes (1.1) Yes (1.2)
DVI-D & VGA Yes Yes
HDMI No Yes
Power 38 watts 42 watts
Price $249.95 $518.19

The addition of USB 3.0 and DisplayPort 1.2 were welcome features.  The .23mm pixel pitch and 350 Nit brightness present a beautiful picture, and Dell has managed to keep power consumption at a miserly 42 watts.  However, I was disappointed that HDMI 1.4 wasn’t offered on the U2713HM as HDMI 1.3 is limited to a maximum resolution of 1920×1080.  Note: HDMI 1.4 is available on the more expensive U2713H monitor ($799) which also adds a Mini DisplayPort 1.2 connection.

Given the outstanding review by Chris Heinonen in the Anandtech article Dell U2713HM – Unbeatable performance out of the box, I was surprised to see that out of almost 700 customer ratings the average score was only 4.35/5.0.

Vendor Rating Reviews
Amazon 4.2 421
NewEgg 4 146
B&H 4.5 80
Best Buy 4.7 32
Total 4.35 679

What I found after reading many of the reviews posted was that several Apple MacBook owners had complained about being unable to achieve the maximum resolution of 2560×1440.  Apparently, many of those who purchased the monitor didn’t realize that the U2713HM only supports HDMI 1.3, which provides a native resolution of 1920×1080.  It is the more expensive U2713H ($799.00) that supports HDMI 1.4, which can provide the maximum resolution of 2560×1440.  If you bought the U2713HM don’t fret! You can still achieve the monitor’s maximum resolution, you just can’t use the HDMI port to do so.

To achieve the maximum resolution out of the U2713HM using your MacBook you will have to use either the DisplayPort connection or the DVI-D connection.  To use the DisplayPort connection simply purchase a Accell Mini DisplayPort to DisplayPort 1.2 Cable for $11.99.  The Apple Mini DisplayPort to DVI Adapter is Single-Link and will only give you 1920×1200.  To use the DVI-D port at 2560×1440 you would need to purchase an Apple Mini DisplayPort to Dual-Link DVI adapter for $99.00 and use the provided Dell DVI-D cable.

I would recommend using the DisplayPort connection, it is the lower cost option and provides you with the monitors maximum resolution of 2560×1440.  Although Mini DisplayPort to DisplayPort cables from other manufacturers are available, many of them are not VESA compliant which can cause several problems such as: flickering; no sound; or unable to wake from sleep.  To avoid any grief, make sure you buy the Accell cable!

Here is a summary of the supported resolutions based on your connection to the Dell U2713HM.

Connection Max Resolution Required Adapter and Cable
VGA 2048×1152 Apple Mini DisplayPort to VGA Adapter + VGA Cable
HDMI 1920×1080 HDMI 1.3 Cable
DisplayPort 2560×1440 Accell B143B Mini DisplayPort to DisplayPort 1.2 Cable
DVI-D Dual-link 2560×1440 Apple Mini DisplayPort to Dual-Link DVI Adapter + DVI-D cable
DVI-D Single-link 1920×1200 Apple Mini DisplayPort to DVI Adapter + DVI-D Cable

Extracting Text Messages from your iPhone

October 9, 2014

Over the course of two years I have accumulated several SMS text messages that I wanted to archive.  I could have used iTunes to backup the contents of my phone to my Mac, unfortunately to read the archived messages I would have to restore them to another iPhone.  I discovered several paid apps in the App Store that would allow me to extract messages and read them on my Mac, however they were rather expensive.  After a quick Google Search I stumbled upon Nelson Aguilar’s WonderHowTo article How to Extract & Back Up All Your Text Messages & Picture Messages from your iPhone to your Mac.  Following Nelson’s instructions, I downloaded Chelsey Baker’s iOSMessageExport script on GitHub and it worked perfectly!

Configuring NFS on the QNAP TS-251 with VAAI for vSphere ESXi 5.5

October 4, 2014

I recently purchased the QNAP TS-251 to use as a shared storage solution for my VMware NSX Lab environment.  QNAP offers both iSCSI and NFS connectivity, however in my lab environment I will only be using NFS.  I have multiple ESXi hosts in my lab environment connected to a Cisco Cisco Catalyst 2960-8TC-L Compact Gigabit switch.  Although the QNAP TS-251 has dual GbE adapters, I will only be connecting one interface at this time.

Screen Shot 2014-11-23 at 11.20.32 AM

Configuring connectivity for a vSphere ESXi host involves the following:

  • Configure NFS for QNAP – Disable Cache, Enable NFS Service, Create Shared Folder(s), Configure Access Permissions.
  • Configure NFS for the vSphere ESXi Host(s) – Install VAAI Support (Download, Upload, Install QNAP NFS VIB), Create a unique VMkernel Port, Add Storage.
  • Test the environment.

Configure NFS for QNAP

1. Disable Write Caching.

Screen Shot 2014-11-23 at 11.21.16 AM

Open Control Panel, System Settings, Hardware then select the General tab.  Uncheck the Enable write cache (EXT4 delay allocation) box.

2. Enable the NFS Network Service.

Screen Shot 2014-11-23 at 11.22.06 AM

Open Control Panel, Network Services, Win/Mac/NFS then select the NFS Service tab.  Check the Enable NFS Service box.

3. Create the Shared Folders you will use in your VMware Lab environment.

Screen Shot 2014-11-23 at 11.11.31 AM

Open Control Panel, Privilege Settings, Shared Folders then select the Shared Folder tab.  Click the Create button, then select Shared folder.  Enter a folder name e.g. SharedVMs.  Then click on the Create button.

Screen Shot 2014-11-23 at 11.12.03 AM

4. Configure Access Permissions.  Once the folder has been created click on the Access Permissions icon (looks like a folder with a hand under it).  When the Shared Folder properties page appears, click on the Select permission type: drop down list and choose NFS host access.

Screen Shot 2014-11-23 at 11.14.20 AM

Next, click on the Access right: drop down list and select No Limit.  Verify that the Squash option: is NO_ROOT_SQUASH.  In the Allowed IP Address or Domain Name section you can use the Any wildcard * , or you can enter the IP Address of the VMkernel Port you are using on your VMware ESXi host to connect to the QNAP TS-251.

Screen Shot 2014-11-23 at 11.14.48 AM

Configure NFS for vSphere ESXi 5.5

With the QNAP configuration complete, the next step is to configure the vSphere ESXi 5.5 Host using the vSphere Client.  Although vSphere Storage APIs for Array Integration (VAAI) is not a required, it provides the following benefits which make it a worthwhile installation.

  • VAAI NAS Space Reserve – Allows the creation of Thick Provisioned virtual disks.
  • Full File Clone – Enables the QNAP storage to make full copies of data within the NAS without needing to have the ESXi host read and write the data.  This offloads processing to the QNAP, and significantly reduces the amount of network traffic generated to create a clone of a virtual machine.
  • Extended Statistics – Enables vSphere to query space utilization details for virtual disks on QNAP NFS datastores.

1. Download the VAAI VIB from QNAP.  VAAI NFS requires the installation of VAAI plugin on each ESXi hosts.  I downloaded the file QNAP_QNPNasPlugin_1.0.zip to my desktop, and extracted the contents.

2. Upload the VAAI VIB to a local datastore. Open the vSphere client and login to your ESXi host.  Select your ESXi host in the Inventory panel, then click on the Configuration tab in the right-hand pane.  Under Hardware click Storage then right click on a local datastore and choose Browse Datastore… from the context menu.  Use the Datastore Browser to upload the QNAP-QNPNasPlugin-1.0-1.0i.vib file to your local datastore.

Screen Shot 2014-11-23 at 1.45.26 PM (3)

3. Enable SSH on the vSphere ESXi Host.  We will need to use the command-line to install the VIB, this will require SSH or Console access to the vSphere ESXi host.  Select your ESXi host in the Inventory panel, then click on the Configuration tab in the right-hand pane.  Under Software, click Security Profile.  In the Services section, click Properties.  In the Label section select SSH, then click the Options button – select Start and stop manually.  Click Start to enable the service, then click OK.

4. Use PuTTy to start an SSH Session to your vSphere ESXi host and install the VIB by executing the command esxcli software vib install -v /vmfs/volumes/VMFS00/QNAP_QNPNasPlugin_1.0-1.0i.vib.  Verify the Installation Result.  Note: VMFS00 is the name of my local VMFS datastore.

Screen Shot 2014-11-23 at 1.37.38 PM

5. Create a unique VMkernel port.  In my lab environment the QNAP resides on the Management Network, therefore I will not be adding an additional VMkernel port.

6. Add the Shared Folder to your ESXi Host.  Select your ESXi host in the Inventory panel, then click on the Configuration tab in the right-hand pane.  Under Hardware click Storage then click the Add Storage… link.  At the Select Storage Type dialog box, select the Network File System radio button then choose Next.  At the Locate Network File System enter the IP address of your QNAP in the Server: text box and /share/YourSharedFolderName in the Folder: text box.  Enter a Datastore Name, I typically use the share name here.

Screen Shot 2014-11-23 at 2.13.54 PM

Testing

Without VAAI you can only select Thin Provision to create a virtual disk.  To ensure that VAAI has been enabled attempt to build a virtual machine, if the Thick Provision options are available the VIB has been installed.

Screen Shot 2014-11-23 at 5.03.53 PM

Resources:

More about the QNAP TS-251 Turbo NAS – QNAP recently released the TS-251 Turbo NAS, it is currently offered online for $339.99 + free S/H from SuperBiiz.  Recent reviews from PC Magazine and SmallNetBuilder made a compelling argument for making the TS-251 the shared storage solution for my VMware NSX Lab Environment.  PC Magazine awarded the QNAP TS-251 Turbo NAS the coveted Editor’s Choice Award. SmallNetBuilder now ranks the TS-251 number 1 on the NAS Charts and details the features and performance in the article QNAP TS-251 & TS-451 Turbo NASes Reviewed.

Screen Shot 2014-11-19 at 6.39.43 AM

Hardware Specifications:

CPU Intel® Celeron® 2.41GHz dual-core processor J1800 (Bay Trail D)
Ethernet Intel WGI210TA (x2) 1 GbE
RAM 1 GB DDR3L SoDIMM (expandable to 8 GB)
Flash 512 MB
SATA Asmedia ASM1061 dual-port PCIe to SATA
Power Consumption Standby: 10W, In operation: 19W (with 2 x 1TB HDD)

Reported Write and Read Performance Numbers in MB/s:

Resource Test Write Read
SmallNetBuilder iSCSI 100.7 101.1
NASPT 108.4 105.8
%d bloggers like this: