Hi Tim, This is very interesting, for me and probably for the whole list.
Thank you very much for sharing your experience. ----- Mail original ----- > De: "Tim DeNike" <[email protected]> > À: [email protected] > Envoyé: Vendredi 28 Mars 2014 13:49:24 > Objet: Re: [PacketFence-users] Ideal Architecture for pf HA cluster > with load balancing and scalability? > Let me explain my setup in a little more detail. > ~10,000 ports across 80 switch stacks and over 200 Meru access points > connected via a controller. All authentication is RADIUS. Mac based > for switches and combination of MAC based and 802.1x for wireless. > 2 VMWare VMs w/ 8gb ram and 4 cores. (Ill probably be dropping to 2-3 > cores and 4GB), Affinity set in VMWare to keep them running on > separate hosts. > These both run the admin, portal, web services, memcached, dhcp > listener, pfdns, pfmon, pfsetvlan, snmptrapd. > RADIUS is listening on local interfaces on both servers. Switches/APs > set to go to both hosts for redundancy. > There is a floating IP handled by pacemaker that is the target for > DHCP Relay for dhcp listener and admin interface. > DHCP for registration/isolation networks is running on one box at a > time, handled by pacemaker. > Modified PFMON to only perform maintenance tasks on the node that has > the floating IP (The "master"). > Cron job to sync configs from "master" to "slave" every minute. > 1 VMWare Fault Tolerant VM with 2gb ram and 1 core for Mysql > database. For those that aren't familiar, Fault Tolerant VMs run on > 2 ESXI hosts at the same time so you can literally pull the plug on > one host and it will continue to run on the other. > The only reason we have 2 PF boxes is to have ZERO outage if one of > the ESXI hosts dies. Not even the time it takes for another host to > start the VM. > The CPU usage on the VMs is minimal. PF is pretty lightweight for > what it does. Now.. If you were running in SNMP managed mode instead > of RADIUS, I could see it using more resources. But your idea of > having 11 servers running PF is pretty over-kill.. I could literally > jump from 10,000 ports to 50,000 ports and from 200 to 1000 APs and > not have to increase the resources available to my VMs at all.
------------------------------------------------------------------------------
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
