[ previous ] [ next ] [ threads ]
 
 From:  "Soren Vanggaard Jensen" <svanggaard at hotmail dot com>
 To:  Jonathan dot DeGraeve at imelda dot be, begood at gmail dot com, m0n0wall at lists dot m0n0 dot ch
 Subject:  RE: [m0n0wall] 50K concurrent users - possible?
 Date:  Mon, 04 Sep 2006 08:51:15 +0000
I would expect the maximum number of rules to be directly related to the 
amount of RAM. Also i would expect, that 50k users is the number of possible 
users - not concurrent users. If 20% of the users are online, this will 
require approx. 10k rules. Iterating over these rules - say once every 5 
minutes - in order to logout idle users should be possible on a standard 
desktop PC with sufficient RAM.

The user/mac database must however be located on an external RADIUS server.

BR






>From: "Jonathan De Graeve" <Jonathan dot DeGraeve at imelda dot be>
>To: "John Gar" <begood at gmail dot com>, <m0n0wall at lists dot m0n0 dot ch>
>Subject: RE: [m0n0wall] 50K concurrent users - possible?
>Date: Mon, 4 Sep 2006 10:40:08 +0200
>
>If somebody does the appropriate funding I will be happy to rewrite
>everything to an OO infrastructure which will make threading of the
>captive portal possible. In that case it will certainly be possible to
>handle 50k users (although it will be without mac locking) and I don't
>know the maximum ruleset for a BSD based system. But for the moment, not
>yet... I'm in the way of moving to such an infrastructure.
>
>PS even a Cisco doesn't handle this atm. I know only one system that is
>able of handling 100k users but its not public available yet and it runs
>on linux. It is from a guy who works at my old university (KULeuven) and
>consists of at least 2hardware boxes. (router/login-logout frontend
>server)
>
>Can I ask for which situation you need to handle 50k users?
>
>Kind Regards,
>
>J.
>
>--
>Jonathan De Graeve
>Network/System Engineer
>Imelda vzw
>Informatica Dienst
>+32 15/50.52.98
>jonathan dot de dot graeve at imelda dot be
>
>---------
>Always read the manual for the correct way to do things because the
>number of incorrect ways to do things is almost infinite
>---------
>
> > -----Oorspronkelijk bericht-----
> > Van: John Gar [mailto:begood at gmail dot com]
> > Verzonden: maandag 4 september 2006 8:04
> > Aan: m0n0wall at lists dot m0n0 dot ch
> > Onderwerp: [m0n0wall] 50K concurrent users - possible?
> >
> > I need to support session control for 50,000 concurrent users using
> > MAC RADIUS authentication and up/down bandwidth throttling. For the
> > task I have no Dual CPU Dual core XEON 3.0GHZ/4MB (4 way).
> > I don't need any firewall rules, except redirecting users to an
> > activation portal where they can add their MAC address (no
> > user/password login is needed).
> >
> > Can m0n0wall do the job? I read somewhere it can only use one
>CPU/Core.
> >
> > Also I need to add CARP (but not pfsynch). How difficult is that?
> > I looked at pfSense too, but the current version will no do MAC auth,
> > will not process RADIUS bandwidth reply attributes,  and I do need to
> > shape upload too, which  ALTQ wont.
> >
> > /John
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >
> >
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>