Hi list,
Perhaps someone could direct me on the correct path here.
In a previous discussion (Using ident to authorize users in transparent
proxy) we decided it would be best to use External ACL's to control the
authorization of which dialup client is allowed access to the transparent
proxy.
The route we decided on was along these lines...
RAS sends AAA to FreeRadius. FreeRadius then (using the on login/logoff
trigger or similar) sends who is online, on what IP, including start time to
a DB on the proxy machine.
The Billing app, send provisioning information (how much time a user has
left) to the same DB on the proxy machine.
From this squid will need to decide (using external ACL's) if the user is
allowed access or not.
Ok, so the question really, is how much of the load we can leave up to
squid?
What sort of performance hit can we expect on the proxy machine? (Assuming a
500-750 concurrent user scenario)
More importantly, does squid run the external acl check for every single
request?
And last but not least, if the acl condition changes, and a user is no
longer allowed access. What happens to their long pending download... Will
it get cut off, or will it be allowed to finish?
Your resonse and ideas are greatly appreciated.
-Rob
Received on Tue May 04 2004 - 07:41:32 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Jun 01 2004 - 12:00:01 MDT