From owner-freebsd-isp@FreeBSD.ORG Sun Oct 1 13:03:27 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E17D316A403 for ; Sun, 1 Oct 2006 13:03:27 +0000 (UTC) (envelope-from cswiger@mac.com) Received: from pi.codefab.com (pi.codefab.com [199.103.21.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7F94243D4C for ; Sun, 1 Oct 2006 13:03:27 +0000 (GMT) (envelope-from cswiger@mac.com) Received: from localhost (localhost [127.0.0.1]) by pi.codefab.com (Postfix) with ESMTP id B68475EE9; Sun, 1 Oct 2006 09:03:26 -0400 (EDT) X-Virus-Scanned: amavisd-new at codefab.com Received: from pi.codefab.com ([127.0.0.1]) by localhost (pi.codefab.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DivAf3fPKm1B; Sun, 1 Oct 2006 09:03:25 -0400 (EDT) Received: from [192.168.1.251] (pool-68-161-96-195.ny325.east.verizon.net [68.161.96.195]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by pi.codefab.com (Postfix) with ESMTP id 68B105C57; Sun, 1 Oct 2006 09:03:25 -0400 (EDT) Message-ID: <451FBC9C.5070404@mac.com> Date: Sun, 01 Oct 2006 09:03:24 -0400 From: Chuck Swiger User-Agent: Thunderbird 1.5.0.7 (Windows/20060909) MIME-Version: 1.0 To: Catalin Ioan CURCANU References: <4f4ba40e0609301306w2f21fba8x8f39dd2746be5eec@mail.gmail.com> In-Reply-To: <4f4ba40e0609301306w2f21fba8x8f39dd2746be5eec@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-isp@freebsd.org Subject: Re: Scalability of a pppoe server. X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 Oct 2006 13:03:28 -0000 Catalin Ioan CURCANU wrote: [ ... ] > If someone have a real experience with pppoe in a production environment > please give me some advices about: > > 1. How scalable is a pppoe server with 3000 users and how much of hardware > resources eats in general. (CPU+physical memory) I can recall people setting up mpd for PPPoE and handling 500-1000 users on moderate (1GHz P3 + 1GB RAM) hardware. I'm not sure whether the program has a limit at 1024 due to the select() call, but perhaps others can give you insight about running ~3000 users. > 2. All data from connected LANs would be trasported to pppoe server > throught VLANs. Which would be the posibility of anyone from a connected location of > doing a man in the middle attack and gather passwords from its local area > network using arp poisoning? if that's possible, are there any methods that > eliminates the effects on a such attack? The simple answer is that it depends upon your switches and setting up individual ports for specific VLANs properly, but in general, you should not rely on VLAN switches to provide complete and reliable separation of traffic. http://www.sans.org/resources/idfaq/vlan.php -- -Chuck