# FreeBSD 10 stability on router



## wrkilu (Aug 21, 2014)

Hi,

I'm wondering whether to install FreeBSD 10 with ZFS on router (at ISP with 200Mb flow full duplex). I mean I don't know if it will work stable? Has it any known bugs already or maybe it is quite good checked already? Or I should install 8.4 just? Also I'm afraid of ZFS. Should I be scared indeed or not?

Thanks in advance.


----------



## junovitch@ (Aug 21, 2014)

I believe both pfSense and the BSDRP have released their most recent FreeBSD based router releases on 10.0-STABLE.  While it wasn't a "stability" as in crashing the box issue, I am aware of a nasty issue with IPSEC packets getting tagged to ignore firewalling on 10.0-RELEASE and I'm betting that would be an issue for both those projects.  The decision to use 10.0-STABLE where that issue is fixed makes a lot of sense.  If it works for them, it probably would work for you.  Although, always test in advance rather than rolling out something into production blindly.  If it's just for home, probably not an issue.  My home router is 10.0-STABLE.

As far as ZFS on a router, that's up to you.  I don't see what gain you really get from running it since you typically don't serve too many files from disk on a router.


----------



## SirDice (Aug 21, 2014)

ZFS would indeed be a bit overkill on a router but there's no reason to be afraid of it. UFS isn't going anywhere now that we have ZFS. So if you're not comfortable with ZFS, just stick to UFS.


----------



## wrkilu (Aug 21, 2014)

The reason I want to use ZFS on a router is that it doesn't need any fsck after a power failure. The system starts right away. This is very important to a core router (most important), it needs to start as fast as possible. After @junovitch's mention of problems with IPSec I think I will use 8.4. I can't afford to install a router with any bugs, so 8.4 (which is checked best), I think will be best.

So my summary decision will be 8.4 with ZFS  . If you have any other notes, advices still - write please.


----------



## SirDice (Aug 21, 2014)

wrkilu said:
			
		

> The reason I want to use ZFS on router is, it doeasn't need any fsck after power failure - system starting right away. This is very important to core router (most important) start fastest as is possible.


You can enable journalling on UFS, that would greatly speed up any fsck(8). 



> After Junovitch's mention about problems with IPSec I think I will use 8.4. I can't let to install router with any bugs so 8.4 (which is checked best), I think will be best.


I would use 9.3. FreeBSD 8.4 (and the entire 8.x branch) will be end-of-life in June 2015. FreeBSD 9.3 is supported until December 2016 and there's very likely going to be a 9.4. Upgrading a minor version is usually pretty straightforward. Upgrading a major version is a little more difficult and requires rebuilding of all used ports.


----------



## wrkilu (Aug 21, 2014)

> You can enable journalling on UFS, that would greatly speed up any fsck(8).


I know, but ZFS doesn't have any fsck so start will be faster yet


> I would use 9.3. FreeBSD 8.4 (and the entire 8.x branch) will be end-of-life in June 2015. FreeBSD 9.3 is supported until December 2016 and there's very likely going to be a 9.4. Upgrading a minor version is usually pretty straightforward. Upgrading a major version is a little more difficult and requires rebuilding of all used ports.


Recently I installed another router with 9.2 and there is strange problem with shaping in IPFW. Upload is ok but download in half of value, very strange problem and I didn't find solution and cause. So now I will check this 9.3 - if shaping will work ok I stay with it , if no - 8.4.

Thanks to all for discussion!


----------



## junovitch@ (Aug 21, 2014)

wrkilu said:
			
		

> After @junovitch's mention of problems with IPSec I think I will use 8.4. I can't afford to install a router with any bugs, so 8.4 (which is checked best), I think will be best.



Well, the bug is fixed so 10.1-RELEASE will be fine.  Don't let one bug guide your decision.  Secondly, every OS will have bugs somewhere, from the cheap home routers to the routers that cost more than a year's salary for most of us.  It's all about testing that they work for your particular use.

Another thing I'd like to mention if you are looking for reliability in a routing appliance situation is that the NanoBSD scripts are great for this use case.  It's the same thing that pfSense and BSDRP uses.  Since config is in RAM until you run `sh /root/save_cfg`, it's very similar to the `copy running-config startup-config` on a Cisco.  The OS being read only with two OS partitions is very similar to just uploading a whole IOS and rebooting the router into the new IOS.  It is extra work if you want to make changes to the read only portion but if you use it to do the appliance like upgrade in place you should have a very reliable solution.  For that matter, you can build NanoBSD images for each major release and just reboot from one to next to test them all out.  The read-only OS also helps with your concern about UFS and fsck issues on an unclean reboot.


----------



## wrkilu (Aug 22, 2014)

Such a solution would be quite revolutionary for us and I would have to spend some time to test it and so on, so, I think we will stay with the old good standard FreeBSD which we know very well - this aspect is very important. This is a production environment and you know, we can not allow for any experiments. But thanks for the suggestion.


----------

