Date: Wed, 27 Jun 2007 14:30:07 +0300 From: Ovi <ovi@unixservers.us> To: mav@freebsd.org Cc: freebsd-net@freebsd.org, mpd-users@lists.sourceforge.net Subject: Re: Mpd-4.2 released. Message-ID: <46824A3F.3020208@unixservers.us>
next in thread | raw e-mail | index | archive | help
Alexander Motin wrote: > Nikolay Pavlov wrote: > >> This is probably a new feature request, but is this possible to create >> some kind of VirtualTemplate interface like it is in Cisco access >> routers. Currently i have to configure bunch of different ng interfaces >> for every kind user. However on my Cisco 7206VXR i can bundle physical >> link together with VirtaulTemplate interface in one vpdn-group config >> like this: >> >> And all the ppp interfaces for all users will use this configuration >> as a template. > > > > Yes, I am thinking about that. That is not trivial change. It will > require changing all internal model from static to the dynamic one. > But that change also should give many other bonuses so I would like to > try. > > One of problems is more or less new config file syntax required. I > have very limited cisco experience, so it is difficult for me to adopt > their model to mpd, but I would not like to reinvent a wheel. I will > be grateful for any ideas/examples of how do you see that. > Hello guys Mpd is a great piece of software, I use it for almost 3 years. There are some things I want to share with you I've used in the past pppoed, but I had to switch to mpd because I had problems with pppoed crashing because of a bad switch (burned port) on my network. I have a small network (Ethernet + Fiber) in a small town, and sometimes it happend for a switch to freeze or even stop working, flooding pppoe server with arp requests, that crashes the pppoe server. Using pppoed few years ago it started to crash when I had few users, like up to 100. Replacing it with mpd solved the problem then. Well, my network grew to 2000 users (1000 connected at the same time, on peek hours), and now, if a switch port crashes, mpd crashes too. I am talking about mpd4. I've used 3.18, and I can say 4 is a lot faster...... on 3.18 i had on a P IV at 3 GHZ with 2GB RAM, 70% cpu usage for 600-700 users connected at the same time. With mpd4, I have not more than 20% cpu usage with same number of users. This is great thinking that I have an 100mbps network, and some people are using pppoe connection when transfer files from other users in same network, which put some load on pppoe server. I did install a dhcp server, with private addresses, and usualy comunication between LAN users is done directly and not via pppoe server (which shoud be use for Internet connection). For my 2000 users I have a config file witch holds 2000 sections for every pppoe tunnel. It took me some time to generate it, I've wrote a php script do do that. It would be useful a feature like one Nikolay wrote. Also as you know PPPoE is vulnerable to arp poisoning and to DoSs. Having a small network with 10-20 computers using mpd is easy, but having 2000 users or more, things changes, problems appears. Solving arp poisoning or DoS attack (sometimes caused by a burned switch port which mixes RX with TX) I thing can be done using a Layer2 managed switch, with ACLs, I will try and I'll inform you. When having many users, it is useful to have high availability, so it would be nice and useful to setup multiple pppoe servers . I've tried that, using a router, connected to 2 pppoe servers, and at every pppoe connection, a route was added to the router and when user disconnected, the route was deleted from router. This is still a buggy implementation, we had problems messing up routing table. So to conclude: - an option like Nikolay said, would be very useful, not to generate thousands of rules manualy - it would be nice to have a documentation, or to give me some clues how could be done high availability with mpd pppoe servers, and I'll wrote a documentation for that - would be nice to have a documentation for tuning mpd for lots of users, I can do that but I would need your feedback Best Regards, Ovidiu
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?46824A3F.3020208>