New Features Development Question
Alan DeKok
aland at deployingradius.com
Sat May 16 15:19:27 CEST 2020
On May 16, 2020, at 6:42 AM, Alan Buxey <alan.buxey at gmail.com> wrote:
> thats how I read it - all servers use a state value stored in a REDIS
> (could be others such as memcache) so that the ongoing session is
> known as doesnt have to go back to the
> same server in a cluster (I've recently done the same with a SAML setup)
Our tests show that this isn't a large help. Serializing an SSL session and writing it to a DB has a huge cost. Plus, EAP packets for the same session come very quickly. Quickly enough that the serializing the SSL sessions slows it down noticeably.
What's better is to use a RADIUS-aware load balancer in front of a cluster. It can hash the callers MAC address, and ensure that all packets for an EAP session go to one back-end.
We can also serialize the session resumption data. Since users resume sessions at long intervals (minutes to hours), it's OK total the cost of serializing it, and to put that data in a DB.
Alan DeKok.
More information about the Freeradius-Devel
mailing list