-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Not to mention 15MB download * 100K concurrent users is some
*serious* traffic. If you're going to be paying that kind of $$$ for
bandwidth, I hope you've got some cash left over for a load balancer
and additional web servers. Some quick (and hopefully accurate) math:

For a T3:
15MB * 1024^2 bytes/MB * 8 bits/byte * 100,000 sessions / (45Mbit/s *
1024^2 bits/Mbit) / 60 sec/min / 60 min/hour = 74 hours

For a 100Mbps ethernet uplink:
15MB * 1024^2 bytes/MB * 8 bits/byte * 100,000 sessions / (100Mbit/s
* 1024^2 bits/Mbit) / 60 sec/min / 60 min/hour = 33 hours

And those assume zero overhead for framing and TCP/IP. Not to
mention, 100K Apache children/threads running to support all those
connections (not going to happen). So yeah, uh, them some serious
numbers. You're going to need some serious uplink and hardware (load
balancer, multiple boxes) to pull this off.

I gotta ask though, just what are you doing where you expect 100K
people trying to download a 15MB file all at the same time? You
working for Microsoft and planning the next security tuesday patch
update or something?

- --
Aaron Turner, Sr. Security Engineer

Ph: 408.329.6320 Fax: 408.329.6317


On Sep 26, 2005, at 8:52 AM, Dave paris wrote:

> In an earlier note, you said that it was 10K-100K *concurrent* users.
>
> a) that's a magnitude of difference, see if you can get better
> numbers from whomever is doing the marketing/project planning.
> b) ain't no way you're going to do that many *CONCURRENT*
> transactions on a single box.
>
> -d
>
> Pigeon wrote:
>
>> Hmm.. 10k -100k are pretty much guaranteed numbers..
>> So my main computer crunching will be done at the beginning? (and
>> to relive this I can do session key caching.. how long can I cache
>> a key? is this 'secure'?) (also.. all transfers will be ~15megs
>> in size)
>> And using a single server is out of the question?
>> If we just go with one server.. shouldn't it be something super
>> fast.. amd64 1gig ram?
>> thanks!
>> Lee
>>
>>>
>>> On Mon, 26 Sep 2005, Pigeon wrote:
>>>
>>>
>>>> Hello, I am trying to plan a system that can handle 10k-100k users.
>>>>
>>>> I am only using apache w/mod-ssl
>>>>
>>>> What should I look at to reduce overhead of bandwidth/cpu/mem?
>>>>
>>>> At what point should I look at ssl accelerators?
>>>>
>>>> Should I definitly look at clustering?
>>>>
>>>> Also.. I ahve heard about ssl session key caching, anyone know
>>>> how much this
>>>> will improve things?
>>>>
>>>> Any good resources I can read?
>>>>
>>>>
>>>> thanks!
>>>> Lee
>>>> __________________________________________________ _________________
>>>> ___
>>>> Apache Interface to OpenSSL (mod_ssl)
>>>> www.modssl.org
>>>> User Support Mailing List modssl-
>>>> users@modssl.org
>>>> Automated List Manager
>>>> majordomo@modssl.org
>>>>
>>>>
>>>
>>>

>> __________________________________________________ ___________________
>> _
>> Apache Interface to OpenSSL (mod_ssl)
>> www.modssl.org
>> User Support Mailing List modssl-
>> users@modssl.org
>> Automated List Manager
>> majordomo@modssl.org
>>

> __________________________________________________ ____________________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>
>


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)

iD8DBQFDOCI8klVhPAXg8nARAiP2AJ9sBkSOKy4mtsctO3XAb2 RbXhLnAACgkXh7
k9Fs38X1Q8nJ5b5t2Xg43kA=
=awV5
-----END PGP SIGNATURE-----
__________________________________________________ ____________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org