[ previous ] [ next ] [ threads ]
 
 From:  "List Receiver" <listreceiver at mastermindpro dot com>
 To:  "Alex M" <radiussupport at lrcommunications dot net>, <m0n0wall at lists dot m0n0 dot ch>, "John Gar" <begood at gmail dot com>
 Subject:  RE: [m0n0wall] 50K concurrent users - possible?
 Date:  Mon, 4 Sep 2006 19:47:29 -0700
I totally agree.  Even if you COULD have 50k users running through one
box, there's no way on Earth I'd WANT to do that.  That's an awful lot
of responsibility for one measly system.  Can you say "single point of
failure"?  :^)

We're building muni-fi meshes with multiple gateways.  There are a lot
of interesting projects out there that provide for load balancing and
redundancy, sometimes simultaneously.  Those in combination with
breaking your networks into smaller segments as Alex indicates below is
by far the way to go.  I can't believe you're thinking of putting 50k
users into a single broadcast domain.  Your network wouldn't even have
time to handle all of the ARP traffic.  :^)


-----Original Message-----
From: Alex M [mailto:radiussupport at lrcommunications dot net] 
Sent: Monday, September 04, 2006 5:30 PM
To: 'liran tal'; 'Jonathan De Graeve'; m0n0wall at lists dot m0n0 dot ch; 'John
Gar'
Subject: RE: [m0n0wall] 50K concurrent users - possible?

I didn't really read full discussion, but I would never put 50k users on
one box, I would rather do decentralized  sub networks for your
location... + I highly would doubt that you can have 50k user in one
physical location so its better in my opinion have multiple network,
more reliable and redundant in case of failure...  (If I repeated some
one, sorry didn't read everything :-P




-----Original Message-----
From: liran tal [mailto:liransgarage at gmail dot com]
Sent: Monday, September 04, 2006 4:49 AM
To: Jonathan De Graeve; m0n0wall at lists dot m0n0 dot ch; John Gar
Subject: Re: [m0n0wall] 50K concurrent users - possible?

I'm thinking the pitfalls are probably:
 * The firewall rules limit that BSD allows (if there is any)
 * If the httpd would be able to handle the load of requests for
authentication and such
 * The through-put of the box. 50k is alot, even if every client is only
receiving 256kbit/512kbit which is a
   minimum speed requirement by end-users these days.

Nice thinking about the OO port Jonathan.

On 9/4/06, Jonathan De Graeve <Jonathan dot DeGraeve at imelda dot be> wrote:
>
> If somebody does the appropriate funding I will be happy to rewrite 
> everything to an OO infrastructure which will make threading of the 
> captive portal possible. In that case it will certainly be possible to

> handle 50k users (although it will be without mac locking) and I don't

> know the maximum ruleset for a BSD based system. But for the moment, 
> not yet... I'm in the way of moving to such an infrastructure.
>
> PS even a Cisco doesn't handle this atm. I know only one system that 
> is able of handling 100k users but its not public available yet and it

> runs on linux. It is from a guy who works at my old university 
> (KULeuven) and consists of at least 2hardware boxes. 
> (router/login-logout frontend
> server)
>
> Can I ask for which situation you need to handle 50k users?
>
> Kind Regards,
>
> J.
>
> --
> Jonathan De Graeve
> Network/System Engineer
> Imelda vzw
> Informatica Dienst
> +32 15/50.52.98
> jonathan dot de dot graeve at imelda dot be
>
> ---------
> Always read the manual for the correct way to do things because the 
> number of incorrect ways to do things is almost infinite
> ---------
>
> > -----Oorspronkelijk bericht-----
> > Van: John Gar [mailto:begood at gmail dot com]
> > Verzonden: maandag 4 september 2006 8:04
> > Aan: m0n0wall at lists dot m0n0 dot ch
> > Onderwerp: [m0n0wall] 50K concurrent users - possible?
> >
> > I need to support session control for 50,000 concurrent users using 
> > MAC RADIUS authentication and up/down bandwidth throttling. For the 
> > task I have no Dual CPU Dual core XEON 3.0GHZ/4MB (4 way).
> > I don't need any firewall rules, except redirecting users to an 
> > activation portal where they can add their MAC address (no 
> > user/password login is needed).
> >
> > Can m0n0wall do the job? I read somewhere it can only use one
> CPU/Core.
> >
> > Also I need to add CARP (but not pfsynch). How difficult is that?
> > I looked at pfSense too, but the current version will no do MAC 
> > auth, will not process RADIUS bandwidth reply attributes,  and I do 
> > need to shape upload too, which  ALTQ wont.
> >
> > /John
> >
> > --------------------------------------------------------------------
> > - To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch