eap authentication and cpu utilization
Alan DeKok
aland at deployingradius.com
Wed Feb 13 15:30:37 CET 2008
Norbert Wegener wrote:
> Simple authentication with login/password can be handled in large
> numbers with a recent cpu and freeradius.
> .
> EAP authentication on the other hand requires a great amount of cpu
> processing.
It's all in the SSL rsa keying setup.
> Therefore I have a simple(?) question:
> Did someone already calcute the theoretically maximum number of eap
> authentications per second, that a recent x86 cpu is able to handle?
$ openssl speed
Or
$ openssl speed rsa
http://www.madboa.com/geek/openssl/#benchmark-speed
For 2048 bit rsa keys, the web page gives 77 signs/s for a 2GHz Intel
Core 2. My 1GHz laptop gives around 20/s.
That number becomes the limiting factor for any TLS-based EAP method.
It doesn't matter if the rest of the server can handle 5k PAP
requests/s. If it can only do 77 rsa signings/s, that is the maximum
number of EAP-TLS/TTLS/PEAP sessions that it can do.
Alan DeKok.
More information about the Freeradius-Users
mailing list