[ previous ] [ next ] [ threads ]
 From:  "Alex M" <radiussupport at lrcommunications dot net>
 To:  "'liran tal'" <liransgarage at gmail dot com>, "'Jonathan De Graeve'" <Jonathan dot DeGraeve at imelda dot be>, <m0n0wall at lists dot m0n0 dot ch>, "'John Gar'" <begood at gmail dot com>
 Subject:  RE: [m0n0wall] 50K concurrent users - possible?
 Date:  Mon, 4 Sep 2006 20:30:06 -0400
I didn't really read full discussion, but I would never put 50k users on one
box, I would rather do decentralized  sub networks for your location... + I
highly would doubt that you can have 50k user in one physical location so
its better in my opinion have multiple network, more reliable and redundant
in case of failure...  (If I repeated some one, sorry didn't read everything

-----Original Message-----
From: liran tal [mailto:liransgarage at gmail dot com] 
Sent: Monday, September 04, 2006 4:49 AM
To: Jonathan De Graeve; m0n0wall at lists dot m0n0 dot ch; John Gar
Subject: Re: [m0n0wall] 50K concurrent users - possible?

I'm thinking the pitfalls are probably:
 * The firewall rules limit that BSD allows (if there is any)
 * If the httpd would be able to handle the load of requests for
authentication and such
 * The through-put of the box. 50k is alot, even if every client is only
receiving 256kbit/512kbit which is a
   minimum speed requirement by end-users these days.

Nice thinking about the OO port Jonathan.

On 9/4/06, Jonathan De Graeve <Jonathan dot DeGraeve at imelda dot be> wrote:
> If somebody does the appropriate funding I will be happy to rewrite
> everything to an OO infrastructure which will make threading of the
> captive portal possible. In that case it will certainly be possible to
> handle 50k users (although it will be without mac locking) and I don't
> know the maximum ruleset for a BSD based system. But for the moment, not
> yet... I'm in the way of moving to such an infrastructure.
> PS even a Cisco doesn't handle this atm. I know only one system that is
> able of handling 100k users but its not public available yet and it runs
> on linux. It is from a guy who works at my old university (KULeuven) and
> consists of at least 2hardware boxes. (router/login-logout frontend
> server)
> Can I ask for which situation you need to handle 50k users?
> Kind Regards,
> J.
> --
> Jonathan De Graeve
> Network/System Engineer
> Imelda vzw
> Informatica Dienst
> +32 15/50.52.98
> jonathan dot de dot graeve at imelda dot be
> ---------
> Always read the manual for the correct way to do things because the
> number of incorrect ways to do things is almost infinite
> ---------
> > -----Oorspronkelijk bericht-----
> > Van: John Gar [mailto:begood at gmail dot com]
> > Verzonden: maandag 4 september 2006 8:04
> > Aan: m0n0wall at lists dot m0n0 dot ch
> > Onderwerp: [m0n0wall] 50K concurrent users - possible?
> >
> > I need to support session control for 50,000 concurrent users using
> > MAC RADIUS authentication and up/down bandwidth throttling. For the
> > task I have no Dual CPU Dual core XEON 3.0GHZ/4MB (4 way).
> > I don't need any firewall rules, except redirecting users to an
> > activation portal where they can add their MAC address (no
> > user/password login is needed).
> >
> > Can m0n0wall do the job? I read somewhere it can only use one
> CPU/Core.
> >
> > Also I need to add CARP (but not pfsynch). How difficult is that?
> > I looked at pfSense too, but the current version will no do MAC auth,
> > will not process RADIUS bandwidth reply attributes,  and I do need to
> > shape upload too, which  ALTQ wont.
> >
> > /John
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >
> >
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch