Question about Hotspot 120.000 account @ 200 concurrent user

Hello,


anyone knows or tested thousands of users in /ip hotspot users?

We added 120.000 users in a RB1100AH x2

We will create a hotspot in the RB1100AH x2 and we will “catch” the users with 3 RB433AH to give 1h of Internet in a event.

Now it works in our “office” tests with 2-3 laptops/iphones, but I need to know how it will work with more concurrent users / login tries. I don’t know if the 1100 will use tons of memory/CPU to look for the username and give the OK to the hotspot. Sometimes winbox hangs opening ip/hotspot/users : P!

Sergejs , normis , caaaan yoou read meee? ; )


thanks,

OMG, it’s impossible that we are the only one testing this things.. xD

We have not tested HotSpot on 120000 users, however RADIUS server is required for /“ip hotspot user print”>200.

Hello sergejs, we will try it with a radius server, but we have many hotspots in 450Gs with 5.000 local users and 100 active users at a time.

Perhaps in the second day of the event, we disable the radius and we enable the local users only to try and report to you.


thanks,

Do you mean User Manager package or some external RADIUS server? I am using RB1200 with User Manager package as central user database for hotspot on itself (with some WiFi APs connected to it) and also for other hotspots (like RB433) using it’s central user database. I don’t have so many users, but I am curious how many it can handle, so please Martín, keep us informed

In fact I have a little problem with disk space - RB1200 has 64 MB only and when I want to upgrade software, there is not enough space - so I need to do a reboot (I don’t know why, but it make some space) and then upgrade quickly.

I mean users in hotspot, without usermanager.

hey Ibersystems, how have u succeeded finally?

I’m asking because we have to serve ~40000 (maybe hundreds or thousands concurrent) users on one-day event coming in 2 weeks.
I’ve been thinking about serving them with one RB1100AH x2, radius auth and the wireless stuff build on couple of Ubnt Rockets or RB433.
Have you meshed your APs or used different SSIDs, used Radius or not, etc.?
I would be grateful for any help or information

Thank you, Steve.

Hello!

As Mikrotik told me: “We don’t recomend it because hotspot isn’t made for this amount of local users”, we decided to use a Radius server.

(we added the 120.000 users to local database and it works fine in office, with 10 users at the same time..! But..)


We made 5 events. All succeed.

Finally the best was: 3-4 routerboard 433ah with dbiif50pro and dbiif20pro (1 and 1). (with N radios, if there are 20 or 30 users in a radio, iphones won’t work, hotspot login page don’t work. Doesn’t matter the traffic.. Can’t connect)

Same ssid different channel.

More APs-> more interferences.

Max users connected to the 3-4 radios: 465 users (only 30 or 40 with real traffic)

Script to ban DHCP fake servers.

We used script to kick users with bad signal.. But can’t calibrate as good as needed and gived problems with lot of users connected.

5ghz radios never get saturated and ipads worked perfect always. If the customer says “it doesn’t work”-> show your ipad. Company {If (ipad==0) ipad ++;}


Finally we get from 1000 to 1500 dhcp leases in the events. About 2000 in bigger ones with 3-4 days of event.

We calculated about 2,5% conected to the wifi. And about 10-15% of this 2,5% introduced a valid key in the hotspot)

if you have to serve 1hour of internet, play with timeout of the hotspot to let the zombie user connected since first login till 1 hour. Or time you need. Its better than 10 minutes now, 10 later, etcc.

We used fiber connection or 2 ADSL of 10 mbps (with chupaka’s load balancing without scripting. Yes people, it works perfect.. Maya and me knows xD)


We used Radius Manager to validate users and see stadistics. Its perfect..!
We used cacti to graph active users in hotspot, users connected to wlans, dhcp leases (use lease time as daysoftheevent+timeyouwanttoseethegraph!!)

Use a /16 network

Firewall all you need
Avoid forward between users
Create virus firewall filters


Good luck!

Thank you for the quick reply

If i understood, you’ve used the hotspot just for the login page feature and used Radius Manager for client authentication?
What about the shaping, bandwidth management? Have you used PCQ?
I will have a 30-40Mbit uplink there, no Load Balancing, just one PTP set up just for this.

We have to serve about 3-4 hours of internet, i can not predict and imagine how much users will connect, but we expect an attendance of 45000.

Same SSID different channel? Have you tried to build it with Mesh? I’m thinking about going this way.
I don’t know yet, whether we will use as well as 5G or just 2,4 for the clients.

Have you used the 1100ah x2 finally or not? What about the CPU usage?

Thanks a lot for the other tips, all seems well,

Steve.

The controller is the least of your worries.

We do some very large events, and the 15% uptake is what we see at events that attract social media users (using twitter,facebook etc) - such as music concerts, festivals. Of course, Ibersystems saw just 2.5% uptake so you need to pick a number to work with.

45,000 users at say 15% uptake is 6750. That would require a minimum of 225 low cost APS such as the rockets if you assume 30 users per rocket. Mesh would fail in seconds. You’re going to need to split it up into separate
networks using backhauls. You are going to need to use 5ghz and 2ghz for client access.

The number of APs, depends on what TheWifiGuy said..

% of people that uses the network and the size of the place.

15% is a lot, but in OFFF Barcelona we had 450 active users in a “room” of 80x30 meters. Too much people to work fine.


MESH will die. Make PTP dedicated links and put 2 or 3 nodes on each site with diferent freqs.

Ibersystems

please can you share the cacti graphing of active hotspot users.
l have tried but not successful.
Thanks

Hello Ibersystens, thank u for sharing this knowledge, can u please post fake dhcp script and bad signal client kick please?

Hi, I’m very busy on this weeks… sorry.

Script to ban DHCP fake servers is only configure the DHCP seetings to find DHCPs in the network, then you select the MACs that aren’t yours and fill the filters on bridge filters, for example or in firewall filters (DROP). I don’t have here right now.


Script to disconect users when less than 4000 bytes of possible throughput:

/system script
add name=chequear-throughput policy=\
    ftp,reboot,read,write,policy,test,winbox,sniff,sensitive source="/interfac\
    e wireless registration-table\r\
    \n:foreach i in=[ /interface wireless registration-table find ap=no] do={\
    \r\
    \n:if ([get \$i p-throughput] < 4000) do={\r\
    \n:log warning ([get \$i mac-address] . \" @ \" . [get \$i last-ip] . \" s\
    e ha desconectado debido a la baja calidad de throughput\")\r\
    \n/interface wireless registration-table remove \$i\r\
    \n:delay 150ms\r\
    \n}\r\
    \n}"

Script to disconect users when less than 50% of CCQ:

/interface wireless registration-table
:foreach i in=[ /interface wireless registration-table find ap=no] do={
:if ([get $i tx-ccq] < "50") do={
:log warning ([get $i mac-address] . " was disconnected due to low CCQ - Tx: " . [get $i tx-ccq] . "% / Rx: " . [get $i rx-ccq] . "%")
/interface wireless registration-table remove $i
:delay 5s
}
}

CONFIGURE SCHEDULER AND VALUES WITH YOUR NEEDS..

Rainmaker, what is the exact thing you need? I don’t have access to a radius with this right now. : (


I don’t know if this scripts are in the wiki.. or we made it : ?

steef, use 5GHz and 2.4GHz for users… this will take Ipads and some samsungs/iphones out of the 2.4GHz collapsed network