-------- Original-Nachricht --------
Datum: Wed, 13 Feb 2008 19:04:25 +0100 Von: Norbert Wegener <norbert.wegener@siemens.com> An: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Betreff: Re: eap authentication and cpu utilization
Alan DeKok wrote:
.. $ openssl speed
Or
$ openssl speed rsa
http://www.madboa.com/geek/openssl/#benchmark-speed
For 2048 bit rsa keys, the web page gives 77 signs/s for a 2GHz Intel Core 2. My 1GHz laptop gives around 20/s.
That number becomes the limiting factor for any TLS-based EAP method. It doesn't matter if the rest of the server can handle 5k PAP requests/s. If it can only do 77 rsa signings/s, that is the maximum number of EAP-TLS/TTLS/PEAP sessions that it can do.
Fine, that openssl switch has been new to me. Do you also have experience in how many percent of that theoretic value can be reached in practise with a database backend on the same machine where beside freeradius and the database nothing else is running?
Norbert Wegener
Alan DeKok. -
I don't know if it is helpful: As i mentioned in the other mailing-thread, i tried some kind of stress-test with freeradius and eap-tls. the freeradius-server is running on a virtual-machine (vmware-workstation) and the virtual suse linux server has about 300 mb ram and one cpu-core (intel xeon with 2.4 ghz (i think :-) ). i also installed a mysql-database and tried some tests with 4 simultaneous scripts on another server, that did eap-tls authentication requests. with my configuration, the freeradius-server can handle about 300 to 400 eap-tls-authentication-request per minute. the cpu load is about 30 - 35 %. Maybe this is helpful for you. :-) Sebastian -- Psst! Geheimtipp: Online Games kostenlos spielen bei den GMX Free Games! http://games.entertainment.web.de/de/entertainment/games/free