While I do agree with you, working on the SQL aspect is not a possibility in this case. It also first appeared that invoking any external code only when its outcome will be meaningful is more appropriate and easier to do. And if Stefan suggestion works, it would then be true. In any case, it does appear illogical to request 4-5 times the same query (independentely of their time taken to execute) to an SQL database and discard its result each time based on a username that is not yet validated (not the inner-tunnel username) and may not be the correct one. 2014-03-27 11:30 GMT-04:00 Alan DeKok <aland@deployingradius.com>:
Yannick Koehler wrote: ...
> I have an authorization module to write for FreeRADIUS that does
a
> fair amount of CPU intensive SQL queries 1-2 seconds time.
That is a problem. You need to fix that.
There is no good reason for the SQL queries to take 1-2 seconds. Any CPU intensive work should be moved out of the critical path. The SQL server should respond to FreeRADIUS within 10ms ideally, or 100ms at the most.
You should re-design your use of SQL. Since you didn't say *why* the queries are taking 1-2 seconds, I can't offer any more specific advice.
FYI, when I look at poorly performing RADIUS systems, it's almost always due to the SQL database. I spend probably 5% of my time fixing FreeRADIUS configuration, and 95% of my time fixing bad SQL configuration.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Yannick Koehler Courriel: yannick@koehler.name Blog: http://corbeillepensees.blogspot.com