NAT sizing
-
I've set up a pfSense box to NAT users during athletic events. The total possible user count is 50k but more realistically 15k. I'm looking for some sizing guidance. Thanks
-
15,000 users?
What kind of box do you have? And what type of internet connection? Are you taking wireless?
When you say athletic events I am thinking a sports arena? So your going to supply internet access to spectators at the event?
Some more details would be very helpful to be sure.. But a 15k node network connected to a pfsense as the gateway would seem like a pretty big move.. I would think direct contact with the developers and commercial support would be in order for such a large network.
-
You are right on all points it's a domed stadium, supporting internet access for wireless users. I can load balance the users onto different vlans that would then represent different NAT boxes. We looked at the Blue Socket stuff and they were talking 4k users per box, A10 networks said they would do 30k users on their smallest box. Just trying to get a sense of sizing using pfSense. I will send a note to the developers, that's a good idea. FWIW we have another pfSense box handling 5k users on a VM instance without any issue, but it's a SSL and NAT and I won't need the SSL for the stadium setup.
-
Sounds like a blast of a project.. how many access points? What is the internet pipe size? There is just going to be so many clients in such a small space.. How do you distribute the load to the different access points?
I would love to see the write up on such a project! Could be great press for pfsense as well I would think! If you go with pfsense please get it written up somewhere.
At worst case please do let us know how it turns out! Even if you don't go with pfsense, I would love to hear the details of providing such access and the performance provided, etc.
-
I'm not completely sure of this, but I think you will need multiple public IP addresses for the NAT to support that many users (if you are even using just one box for the whole thing). To balance the use of the public IP addresses, you would need to do manual outbound NAT rules to either use a specific public IP address for given local IP address ranges or you could use one of the load balancing options for the translation address on the outbound NAT rule.
-
@Efonne:
I'm not completely sure of this, but I think you will need multiple public IP addresses for the NAT to support that many users (if you are even using just one box for the whole thing).
Probably not, the only scenario where that would be a concern is if everyone is contacting the same service on the same remote IP at more or less the same time. The only limit is in how many source ports can be mapped for a particular remote IP and destination port, which most likely even with tens of thousands of users doing general Internet access won't be an issue.
-
I figured the load balanced pfSense NAT would take care of the the need for multiple IPs, since each box will have a different public address. Any idea about number of users supported on NAT? I realize that hardware is a factor, but I'm wondering if there are other limits, say the number of source ports on the public side, or ????
-
Another way to ask this question re performance limits, is how many NAT clients have you supported on a pfSense server? I'm trying to get an idea for system design. Thanks
-
Any idea about number of users supported on NAT? I realize that hardware is a factor, but I'm wondering if there are other limits, say the number of source ports on the public side, or ????
My post right above yours explains that. I've seen multiple thousands on a single public IP, and in most use cases doing 10,000+ is a non-issue.
