[ previous ] [ next ] [ threads ]
 From:  "Lee Sharp" <leesharp at hal dash pc dot org>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] 50K concurrent users - possible?
 Date:  Mon, 4 Sep 2006 21:52:28 -0500
From: "John Gar" <begood at gmail dot com>
> On 9/4/06, Lee Sharp <leesharp at hal dash pc dot org> wrote:

>> State table is limited to 30,000 states.  Again, this can be changed at a
>> cost of memory.  However, it will have to be done.  If there is any way, 
>> you
>> may want to consider distributed gateways to a central RADIUS server. 
>> With
>> this, you are using a proven system that works, as opposed to a custom
>> solution that "should" work.

> How would distributed gateways approach work over a single layer 2
> broadcast domain?

Dear God why?  Have you seen the broadcast traffic from windows just 
booting?  Broadcasts along will fill your bandwidth!

> One idea is to use a special DHCP server, that round robins multiple
> gateways while allocating IPs. Anyone know of such DHCP server?

Why not have all the m0n0walls point to different gateways?  Better yet, if 
the gateways are different providers, you can have all the comcast traffic 
go out comcast while the AT&T traffic goes out AT&T, and so on.  Big class B 
static routes.

> And then how many and what type of machines I would need?

Pop a small form factor box, or a WRAP in each location.  Lightweight at the 
edge, and a big RADIUS server, or better yet a few...