[Chilli] Questions concerning large scale deployment of coova chilli

Alexander Szlezak a.szlezak at unwired.at
Tue Jul 12 23:04:14 UTC 2011

Dear All,

Thanks for the great work so far and for the contineous development of 
Coova Chilli. We've been using wifidog so far and we're thinking about 
using coova in a large scale open source project. Thus we do have a few 
questions concerning coova chilli. A few facts about the planned setup:

- one central uplink with a core2quad, 8gb ram debian squeeze server for 
nat/firewalling/captive portal/openvpn termination
- 300 to up to  3000 openwrt based access points connecting to the 
server via openvpn layer 2 tunnel

How would you setup coova to satisfy these requirements - we've tested a 
little bit and found out the following:

a) coova & openvpn kernel/userspace switching for each packet consumes a 
lot cpu (much more than e.g. l2tp tunneling in kernel mode) - is there 
any kind of optimization, multi processor support etc?

b) a pentium 4 3ghz single core without hyperthreading can server around 
120 mbit with coova and openvpn running until maxxed out - do you have 
conducted similar tests and if yes what was the result - I could only 
find an entry on the mailinglist mentioning max. 1000 ap's on a single 

c) how do you work around the limitations of briding tables (max 1024 
devices on linux bridge and openvpn bridge)  if you have lot's of vpn 
interfaces - can you cascade bridges and coova chilli will still work?

d) we use layer2  tunnels (with client isolation on wlan and openvpn) to 
allow wifi clients to roam between access points. Coova chilli is 
installed centrally, not on the access points. How should we setup Coova 
to handle max 26000 devices (macs) and provide dhcp service

e) splash pages for the clients need to be regionalized - thus groups of 
ap's present a certain login page - we thus need to know which ap the 
client is on and when it is roaming - currently we get this information 
from openvpn - you mention in your blog that certain enterprise ap's can 
talk to chilli using radius and update chilli about the events - would 
that work with hostapd on openwrt too or what solution do you propose to 
personalize based on the ap a client comes from

f) what is the management interface of your choice for managing the 
freeradius db in mysql - currently we try daloradius - it is great, just 
not useful for the enduser administrator creating a new access point

Thank you for your answers and opinions!


Follow me on Twitter @ http://twitter.com/magicshark
Mag. Alexander SZLEZAK                            Unwired Networks
Tel.: +43 699 13504101                           Reischergasse 6/2
Fax.: +43 720 345179                        A-1130 Vienna, Austria

More information about the Chilli mailing list