[ previous ] [ next ] [ threads ]
 
 From:  "liran tal" <liransgarage at gmail dot com>
 To:  "Soren Vanggaard Jensen" <svanggaard at hotmail dot com>
 Cc:  Jonathan dot DeGraeve at imelda dot be, begood at gmail dot com, m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] 50K concurrent users - possible?
 Date:  Mon, 4 Sep 2006 04:58:20 -0400
I agree.
Though this is something that isn't currently supported by official m0n0wall
distribution (i'm refering to the
script that would go through the idle-users and disconenct them).


On 9/4/06, Soren Vanggaard Jensen <svanggaard at hotmail dot com> wrote:
>
> I would expect the maximum number of rules to be directly related to the
> amount of RAM. Also i would expect, that 50k users is the number of
> possible
> users - not concurrent users. If 20% of the users are online, this will
> require approx. 10k rules. Iterating over these rules - say once every 5
> minutes - in order to logout idle users should be possible on a standard
> desktop PC with sufficient RAM.
>
> The user/mac database must however be located on an external RADIUS
> server.
>
> BR

>
>
>
>
>
> >From: "Jonathan De Graeve" <Jonathan dot DeGraeve at imelda dot be>
> >To: "John Gar" <begood at gmail dot com>, <m0n0wall at lists dot m0n0 dot ch>
> >Subject: RE: [m0n0wall] 50K concurrent users - possible?
> >Date: Mon, 4 Sep 2006 10:40:08 +0200
> >
> >If somebody does the appropriate funding I will be happy to rewrite
> >everything to an OO infrastructure which will make threading of the
> >captive portal possible. In that case it will certainly be possible to
> >handle 50k users (although it will be without mac locking) and I don't
> >know the maximum ruleset for a BSD based system. But for the moment, not
> >yet... I'm in the way of moving to such an infrastructure.
> >
> >PS even a Cisco doesn't handle this atm. I know only one system that is
> >able of handling 100k users but its not public available yet and it runs
> >on linux. It is from a guy who works at my old university (KULeuven) and
> >consists of at least 2hardware boxes. (router/login-logout frontend
> >server)
> >
> >Can I ask for which situation you need to handle 50k users?
> >
> >Kind Regards,
> >
> >J.
> >
> >--
> >Jonathan De Graeve
> >Network/System Engineer
> >Imelda vzw
> >Informatica Dienst
> >+32 15/50.52.98
> >jonathan dot de dot graeve at imelda dot be
> >
> >---------
> >Always read the manual for the correct way to do things because the
> >number of incorrect ways to do things is almost infinite
> >---------
> >
> > > -----Oorspronkelijk bericht-----
> > > Van: John Gar [mailto:begood at gmail dot com]
> > > Verzonden: maandag 4 september 2006 8:04
> > > Aan: m0n0wall at lists dot m0n0 dot ch
> > > Onderwerp: [m0n0wall] 50K concurrent users - possible?
> > >
> > > I need to support session control for 50,000 concurrent users using
> > > MAC RADIUS authentication and up/down bandwidth throttling. For the
> > > task I have no Dual CPU Dual core XEON 3.0GHZ/4MB (4 way).
> > > I don't need any firewall rules, except redirecting users to an
> > > activation portal where they can add their MAC address (no
> > > user/password login is needed).
> > >
> > > Can m0n0wall do the job? I read somewhere it can only use one
> >CPU/Core.
> > >
> > > Also I need to add CARP (but not pfsynch). How difficult is that?
> > > I looked at pfSense too, but the current version will no do MAC auth,
> > > will not process RADIUS bandwidth reply attributes,  and I do need to
> > > shape upload too, which  ALTQ wont.
> > >
> > > /John
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> > >
> > >
> >
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> >For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>