I am not sure how much it will help but here is what we did / are doing:
We have 50+ buildings that operate independently, so while not truly "remote"
sites they are routed links so they are very similar.
We are expecting about 3K hosts (expecting bec we are not in FULL production
yet ... PF is ready now its management that has to give us the go ahead!) so
you may want to factor that into what I am about to say, also the VAST majority
of our hosts are wireless...
We have 2 servers: 1 PF server, 1 FreeRADIUS/MYSQL.
The servers are not HUGE,
single quad core proc @ 2.4 Ghz
8GB Ram
RAID 1
Given how PF works with MYSQL in retrospect I probably would have gone with the
PF and MYSQL on the same server with better disk IO and possibly slightly
better HW and let the FR server stand alone on a smaller box, but live and
learn...
As for routing your vlans, what we did is setup a containment vlan on each
building (for you building = site) then let the Pf server handle DHCP and DNS
for that vlan, it works quite well for us.
Our servers are safely tucked away behind our firewall on a dedicated server
network ... (depending on your topology) there shouldn't be any reason that the
servers would need to be @ a gateway location ... unless I am misunderstanding
your question...
According to Inverse our current setup should be fine for the amount of users
we are expecting.
***CAUTION***
This setup does not have ANY redundancy, if either PF / MYSQL / FR fail then
the whole thing will stop working!
We will soon be looking into redundancy, so any out there with it set up,
please share : )
***/CAUTION***
BTW: A word about support, in an enterprise deployment such as yours where you
cannot afford downtime and/or the application is considered "mission critical",
I would highly suggest you purchase some support. AFAIK the only company
selling support for PF is Inverse, the people who make it. Unless you are a
Perl expert and have time to burn, they are an invaluable asset when you
encounter a bug or need a new feature added. We used them in helping us with
our proof of concept and pilot deployment, with excellent results.
I'm not trying to sound like a fan-boy(I know I have posted about Inverse
before), I am only giving my honest opinion.
Jake Sallee
Godfather Of Bandwidth
Network Engineer
Fone: 254-295-4658
Phax: 254-295-4221
-----Original Message-----
From: Willis, Ben [mailto:[email protected]]
Sent: Friday, February 11, 2011 9:06 AM
To: [email protected]
Subject: [Packetfence-users] Packetfence Deployment
Hi, I'm looking to possibly deploy Packetfence on my network but I have several
questions.
1. In a fairly large, destributed, network with 6k hosts where should I place
the NAC? Do I need an instance on each segment or will one installation at the
internet gateway work?
2. If one instance can be used will I have to route my remote vlans to the
interface on the NAC to get the quarantine finctionality?
3. Will a single installation be able to handle 6k hosts across 22 remote
locations?
Thanks to anyone willing to give me some direction!
Ben
________________________________
ANDERSON SCHOOL DISTRICT FIVE NOTICE: This email may contain business related
information that is PERSONAL AND CONFIDENTIAL. If you have received this email
in error, this does not constitute permission to examine, copy or distribute
the accompanying material.
If you receive this message in error, please notify the sender immediately or
call 864-260-5000.
------------------------------------------------------------------------------
The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
Pinpoint memory and threading errors before they happen.
Find and fix more than 250 security defects in the development cycle.
Locate bottlenecks in serial and parallel code that limit performance.
http://p.sf.net/sfu/intel-dev2devfeb
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
Pinpoint memory and threading errors before they happen.
Find and fix more than 250 security defects in the development cycle.
Locate bottlenecks in serial and parallel code that limit performance.
http://p.sf.net/sfu/intel-dev2devfeb
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
