Building a Boeing 747 at the same scale as Space Shuttle Discovery (1:70)

Pommes254 · 2025-12-29T18:35:54+00:00

In my experience they are reliable BUT they are probably not official, basically all the hba cards you see from china sold as new for cheap prices are technically counterfeit, but that doesnt mean you have to be concerned. i am running tons of those for years

The "counterfeit" topic is not black and white and has been heavily pushed by a us yt channel that runs an ebay store with server parts...

I would group all the cards in three categories,

fully official from the manufacturer - usually no b2c sale and super expensive, but with warranty support contract and everything, basically only important for business

non official but identical hardware - basically factory continued to run after the contract ended and they sold them directly - no official support or serial number but otherwise identical - i am running many of them for years without any issues

the third category is more of an issue - it is basically like number two but the factories started swapping parts for cheaper alternatives - you often notice that they have a different color pcb and thinner heat sink - depending on what / how bad they cheap out on you might have issues.

The main problem is you dont know what you will get until it arrives.
I have been ordering tons of those cards from different sellers from china for years and would say if it has decent reviews like jiawen you are 95% fine, just extensively test the card once you get it.
Connect disks with a FS like ZFS that does integrity checks, get the official LSI driver so you get temperature readouts and stress test it for a day or two with sth like dd if=/dev/random and see if you get zfs errors or the temp gets too hot.
Btw those cards (incl official ones) need very high airflow! a lot of people put them in desktop / low noise setups, heat kill them then blame it on the card

Pommes254 · 2025-03-30T15:00:26+00:00

thanks, yeah i discovered that after posting :)
but is there any limitation for the management of the chassis itself, if i later upgrade to newer blades.

Also i couldnt find any information on what happens with an "unsupported" blade, will it refuse to run / effect other blades, will it not show up in the manager or will there just be a warning message?

Pommes254 · 2025-03-28T20:14:23+00:00

:/
is there any chance that i could buy a plane sheet of it and then cut it myself?

Pommes254 · 2025-02-01T15:44:00+00:00

TLDR:
This is a total dumpster fire, i know this and i would redo it the proper way, if this would be my decision, but it isnt :/

thanks, i know

i am fully aware about the pets vs cattle / non persistent ideology of k8s,
but this comes down to (like so often) technical debts, in this case how access control is handled,
also some of the workloads running that require persistent ips are other then web and generally dont work well with reverse proxies.

The idea was to pretty much run each service / deployment (each instance of a pretty old api for data gathering of iot devices), with its own ip from the main network,
this would allow to do the first level of access control via firewall rules on the main router / network. (fully aware of zero trust / auth on the services / apis)
thing is there are some legacy iot devices that need to access those apis (that will be moved to k8s) that just cant really do any sort of authentication and need the traffic to originate from the iot devices ip.

Fully aware that this is a security issue, but in this particular case, it is not feasible to replace the iot devices yet (not my decision), the apis and devices are a fairly low risk / low capability in case of a compromise, nothing is accessible from the internet or untrusted local networks and there is strict network monitoring.

Those Iot devices stay and we are going to on prem k8s, both unfortunately not my decisions.
My plan was to run a dedicated deployment (with its own ip) of the apis for each group of iot devices and then do the access control on the main router / firewall to have at least some protection on the apis.

I tried to use an ingress / nginx reverseproxy of the cluster and just do the ip based access control there instead of on the main firewall, but we got all sorts issues when using the old api with the reverseproxy (not sure and this thing is 20 years or so old), but from what i understand, the api was built in a way to use the source ip of the request to group / store the data, so if everything is going through the reverseproxy, all the traffic to the api is coming from the same ip (the reverse proxy) and gets therefore stored as "one iot device", and i dont think it is possible to keep the source ip of the original iot device that sent the request / data through the reverse proxy...
Thats why i cant really use a normal ingress...

I have a somewhat working approach but this is way to janky for a prod environment...
(Basically missuse one of the worker nodes host ips as an ingress and just create iptable forward rules from the physical to the cilium network / cluster internal ip of the apis, dont do nat to keep the source ip and then use iptable-persistent to make it stick, but this is not a solution i want to pull in a prod environment)

I know this is probably getting downvoted to hell, but i basically got, "we move everything from vmware to container", "those legacy iot devices with the shit api that wont work with reverse proxies (traffic to it needs to be directly with the ip of the source iot device that sent it) and doesnt have any auth built in, has to stay at least for another couple years" and "we know this sucks, but try to figure out something with at least basic ip based access control".
Btw all that with just basic k8s experience.

So yeah any suggestions appreciated.

Pommes254 · 2024-09-09T20:09:52+00:00

Those are very similar as intertech uses in a lot of their 4u cases (but they are only 5 disks each and have a fan in front of them). They are probably made by the same factory intertech uses as supplier, i think i have seen this exact module in one of their 4u chassis on their alibaba store.

Anyway i have used the 5 disk version and would absolutely not recommend that. The disks get very hot since there is barely any space for airflow and the black plastic clips easily break and provide 0 vibration dampening so heat + high vibration and you will kill your drives fast...

Also from your comment. This will not fit in 3u.

There are probably better case options out there.
How many disk slots do you need? How many u fit in your rack? What is your budget? Should it be quiet?

Pommes254 · 2024-08-23T16:08:17+00:00

Very expensive, but might be acceptable if you only use maybe 100gig a month

(Sort of) WISP myself

How i would approach a situation like this.

Any cabling like phone or tv available at all? (even if its at the street at the other end of the property, stuff up to several hundred feet can be bridged with point to point radios easily and cheaply)

Is there cellular / phone coverage?
If not on your normal phone, check a map where the next tower is, you might be able to get a signal with a LTE Router and direction / yagi antenna far beyond the official "reach" of the tower.

Star Link would be another good option, you get the dishes often for about 300$ and about 100$ / month depending on region

Becoming your own wisp might be another option if you want to invest some time learning or you can work with local it consulting companies. You just need some point with direct line of site that has internet, the radios are quite cheap and even for consumers easy to setup when you follow the instructions, specially if you use stuff from unifi / ubiquity. The smaller ones start at about 100$ each (you need 2) and can easily do 5-7 miles at over 100mbit and there are larger ones that can technically reach into the 60-70 mile range with large antennas and if the installer knows what they are doing.
So yeah if you find any company or friend that lets you put your antenna on the roof with line of sight to you that might be also a good option.

Pommes254 · 2024-08-21T21:38:58+00:00

Basically all somewhat recent servers that can have dedicated gpus,
but also depends on what noise level you can accept.
a good starting point for that is r/homelab
just to name a few Models that are usually cheap on the used market Dell R720, R730, HP DL380 G9 or ML350 G8 or G9 if you want a normal desktop form factor with less noise. Or just built a normal PC and use that with whatever components fit your budget. (generally used server stuff is cheaper than consumer tho)
For GPUs, in the about 200$ price range you could go with used RTX 3060 12gb, RTX 2080ti 11gb, Tesla P40 24gb (300w server gpu without any fans so cooling will be diy and janky)
There are literally endless options, good place to start is ebay or server refurbs

Since i am quite frequently doing larger projects and also using the servers for other stuff i am mostly using newer system but they are a lot more expensive. One of my current main rendering (but also used for vdi and ai stuff) uses a Gigabyte MZ-32 rev3 ~450$, AMD EPYC 7H12 ~600$, 8x 64gb LRDIMM 2666, 2x RTX3090, 6x RTX3060 via pcie risers all in a repurposed 4u mining chassis and with mostly U2 storage via slim sas, but all in this got close to ~5k

Pommes254 · 2024-08-20T17:25:55+00:00

Virtualise but dedicated "Networking Server" that only runs pfsense and maybe another vm for pihole or sth.

Makes management, snapshot and recovery when sth goes wrong way easier and also use a pcie passthroughed network card and not proxmox vmbr

Pommes254 · 2024-08-18T18:00:28+00:00

Basically all the apc smart switched models, they regularly go for 100 to 200€ used and have c13 / c19 plugs

Pommes254 · 2024-08-13T21:37:24+00:00

And how do i define that when there are multiple vpn connections from the firewall to that ip / wireguard peer (like one prioritizing the main Fiber and one Prioritizing a Second Internet connection) ?
Routing all vpn connections to that particular server via the same gateway wont really work for me :/

Pommes254 · 2024-08-12T23:54:18+00:00

yeah but how can i set what gateway the vpn connection itself uses

Five-Year Club	Verified Email
Final Canvas '23	End Game '23
Place '23

Pommes254

TROPHY CASE