[ previous ] [ next ] [ threads ]
 From:  "Jonathan De Graeve" <Jonathan dot DeGraeve at imelda dot be>
 To:  "John Gar" <begood at gmail dot com>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] 50K concurrent users - possible?
 Date:  Mon, 4 Sep 2006 12:38:18 +0200
> Is this the bottleneck? Is it for concurrent logins or concurrent
> active sessions? How about performance of the OS networking stack,
> does it benefit from SMP today?

Currently it is a bottleneck since its this architecture who is
responsible for the accounting of users (sending it the radius) logging
out users etc.

The interval will probably be changed from 1minute to 5minute interval
to be scalable. Furthermore the current design needs to be changed to
allow for threading this accounting and user management.

> > In that case it will certainly be possible to
> > handle 50k users (although it will be without mac locking) and I
> What is MAC locking?

Locking a user ip to a specific MAC (it requires 2 extra rules)

> > know the maximum ruleset for a BSD based system. But for the moment,
> > yet... I'm in the way of moving to such an infrastructure.
> I don't need firewall rules.(except redirect for unauthenticated
> >
> > PS even a Cisco doesn't handle this atm. I know only one system that
> I think Cisco limit is at line speed.

BSD is also line speed depending on the CPU's but the server with your
specs should do linespeed, in case of the Cisco: you're forgetting the
ACL overhead. A Cisco also needs to check this and I know of 2x7500 with
30k users logged in not being able to handle the ACL rules

> > able of handling 100k users but its not public available yet and it
> > on linux. It is from a guy who works at my old university (KULeuven)
> > consists of at least 2hardware boxes. (router/login-logout frontend
> > server)
> I am not hooked on FreeBSD. Just looking for scalable solution with
> minimum integration to our billing.

I wish you good luck because I don't know of any current open source
project being able to handle this amount of users (except the KULeuven

> > Can I ask for which situation you need to handle 50k users?
> It is for citi wide wireless cpe aaa, traffic shaping and session
> control. Most of the users are
> /John
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch

Jonathan De Graeve
Network/System Engineer
Imelda vzw
Informatica Dienst
+32 15/50.52.98
jonathan dot de dot graeve at imelda dot be

Always read the manual for the correct way to do things because the
number of incorrect ways to do things is almost infinite