Thanks for the reply.
Do the "internal representations of ports" consume resources even if
they ports aren't used? Unfortunately the server ports aren't assigned
sequentially in contiguous ranges. If I configured delegate using port
ranges there would be many ports included in the ranges that wouldn't
actually get used.
How high could I go when redefining the "PORTSSIZE" value defined in
include/dglib.h? The server(s) that I would use would be dedicated to
running delegate for this application.
Might running delegate as an SSL VPN endpoint be a better way to do this?
Yutaka Sato wrote:
> In message <_A4050@delegate-en.ML_> on 08/06/08(03:08:08)
> you Joe in MPLS <email@example.com> wrote:
> |TCP port open for EACH of our retail stores. In other words, every store
> |has a destination port on the server specially designated and configured
> |for that particular store. There are over 300 stores.
> |I could probably configure an individual port on the delegate box for
> |each store, but I'm wondering if there might be a better way to do this.
> |Is there a way that this could be done more transparently? E.G. if I
> |were to route the traffic to the delegate box and it could decrypt it
> |and forward it to the credit host on the same destination port? If this
> |is not possible, how many ports could I realistically proxy on a single
> |box running delegated? The transactions are very small, typically a 5
> |packet exchange. The TCP connections are persistent. Once a client sets
> |up a TCP connection it stays up for days, weeks, or even months. Usually
> |until a network or power outage occurs somewhere along the path.
> It can be configured as follows (for port number 2001 to 2050):
> delegated STLS=fcl TIMEOUT=io:0 -P2001-2050 SERVER=tcprelay://host:-
> Due to the size of the buffer for internal representation of ports,
> upto about 70 ports can be specified at maximum. You can expand it
> by enlarging the "PORTSSIZE" value defined in include/dglib.h.
> 9 9 Yutaka Sato <firstname.lastname@example.org> http://delegate.org/y.sato/
> ( ~ ) National Institute of Advanced Industrial Science and Technology
> _< >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
> Do the more with the less -- B. Fuller