Well, the math is simple

1000mbit/10000 users = 100 kilobit/sec, or 12K per second, or 1200
seconds, 20 minutes per downlaod. Marginally acceptable by todays
standards.

To concurrently process that much data, that many connections, you will
want a load balancer out front.

With the system I'm currently administering, with a dual 3Gig Xeon we can
safely handle about 2000 concurrent connections non SSL, although we have
a rather overweight config. I would expect you need at least two boxes,
and 5 would probably not be overkill.

BTW, do you really need SSL? From a project design perspective, would it
be possible to encrypt the file to be down downloaded (encryption cost
only once)? Then using sendfile you could really have it hum.


Jeffrey Burgoyne

Chief Technology Architect
KCSI Keenuh Consulting Services Inc
burgoyne@keenuh.com

On Mon, 26 Sep 2005, Pigeon wrote:

> Ok, lets assume I can get a network connection with:
> A)10mbit
> B)100mbit
> C)1000mbit
>
> And I will have 10k concurrent downloads (let us throw out 100k for now..
> because i can alwasy scale up figures if we get a base).
>
> (The reason I say 10k concurrent is because we have an update system (sorta
> like windows update).. and as soon as we tell their computer to update, we
> have 10k boxes saying give me the file!)
>
> So my question is..
> What would be the best (given we cannot do blades or the like since we have
> to use 'standard' 1u/2u/4u boxes from the dedi center).
> Should we definitly beat the problem with iron and get 5servers doing load
> balancing? 2servers? If 2servers go with the 1000mbit connection?
>
>
>
> thank you for all of your time and input!
>
> thanks
> Lee
>
>
>
>
>
> ----- Original Message -----
> From: "Mads Toftum"
> To:
> Sent: Monday, September 26, 2005 1:27 PM
> Subject: Re: Mod_ssl and how to reduce overhead
>
>
> > On Mon, Sep 26, 2005 at 11:28:11AM -0400, Pigeon wrote:
> >> Hmm.. 10k -100k are pretty much guaranteed numbers..
> >>

> > That's quite a wide margin. Are we talking concurrent users or just
> > number of people who could be using it over a period of xx?
> >
> >> So my main computer crunching will be done at the beginning? (and to
> >> relive
> >> this I can do session key caching.. how long can I cache a key? is this
> >> 'secure'?) (also.. all transfers will be ~15megs in size)
> >>

> > well, with 15meg files you've got more work to do encrypting the content
> > as the session goes along. You can cache the key as long as you want,
> > but depending on the type of encryption used, most browsers will not
> > allow the key to live for all that long. I usually run for about 1 hour,
> > but ymmv depending on the chosen parameters.
> >
> >> And using a single server is out of the question?
> >>

> > the number of concurrent users has very much to say in that regard.
> > Maybe an ibm power 5 64 proc or a fully loaded sun e25k - and add an
> > ssl accelerator to the mix.
> >
> >> If we just go with one server.. shouldn't it be something super fast..
> >> amd64 1gig ram?
> >>

> > Super fast / amd 64 with only 1 gig mem? you've got to be kidding - I'm
> > pretty sure you couldn't keep even without SSL.
> > Doesn't your pr0n streaming business generate enough income to pay for a
> > real server?
> >
> > vh
> >
> > Mads Toftum
> > --
> > `Darn it, who spiked my coffee with water?!' - lwall
> >
> > __________________________________________________ ____________________
> > Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> > User Support Mailing List modssl-users@modssl.org
> > Automated List Manager majordomo@modssl.org
> >

> __________________________________________________ ____________________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>

__________________________________________________ ____________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org