We have about 10000 ports and 200 access points via a controller running on 2 pf vms that share a vmware fault tolerant SQL database. The only reason we have 2 vms is to minimize downtime if a vmware host goes down. Your proposed solution would be good for a "bazillion" ports. You don't need much.
Sent from my iPhone On Mar 28, 2014, at 7:13 AM, Frederic Hermann <[email protected]> wrote: Dear List, I'm looking for some insight on how to setup a PF cluster able to handle millions of (wireless) connections (at least on paper). Our basic configuration will use MAC-Auth, with a custom postgresql cluster backend as external authentication source, and several captive portals, depending on the user location or SSID. Some switches may use WPA2 or 802.1x, but that would be an exception. All the manages switches would be connected through routed networks, and vlan will be used to provide registration/isolation networks. Ideally, our setup would be scalable, depending on the number of switches or wireless AP to manage. For exemple, add a new PF serveur for every 100 / 500 / 1000 switches. In that context, here is the architecture we have in mind: - 2 or more PF servers, maybe as DRDB clusters, connected to all switches - 1 Mysql cluster (3 node at least) for all mysql requests - 1 captive portal cluster (2 nodes) , behind load balancer - 1 online shop cluster, behind load balancer - 1 postresql cluster (3 node at last) as main authentication source We are wondering, in that architecture, if it would be useful, recommanded mandatory (or useless) to put the freeradius service on another node, using some proxy mechanism to ensure also HA and scalability for this critical service. Any idea or suggestions? Cheers, ------------------------------------------------------------------------------ _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
