Hi list, Perhaps someone could direct me on the correct path here.
In a previous discussion (Using ident to authorize users in transparent proxy) we decided it would be best to use External ACL's to control the authorization of which dialup client is allowed access to the transparent proxy. The route we decided on was along these lines... RAS sends AAA to FreeRadius. FreeRadius then (using the on login/logoff trigger or similar) sends who is online, on what IP, including start time to a DB on the proxy machine. The Billing app, send provisioning information (how much time a user has left) to the same DB on the proxy machine. >From this squid will need to decide (using external ACL's) if the user is allowed access or not. Ok, so the question really, is how much of the load we can leave up to squid? What sort of performance hit can we expect on the proxy machine? (Assuming a 500-750 concurrent user scenario) More importantly, does squid run the external acl check for every single request? And last but not least, if the acl condition changes, and a user is no longer allowed access. What happens to their long pending download... Will it get cut off, or will it be allowed to finish? Your resonse and ideas are greatly appreciated. -Rob
