Thanks for the reply. Many good tips, I have added som info/questions/answers under some of them. Another question: What did you set your max_requests, start_servers and max_servers to? freeradius-users-bounces@lists.freeradius.org wrote on 11.06.2005 14:01:58:
We have 1500 customers connected to our PPPoE servers, to autenticate
we
have 2 freeradius servers connected to a mssql server.
How many authentications per second are you expecting?
With decent hardware you should be able to authenticate all 1500 within a couple of seconds. I've tested our development Sun V440 to over 600 authentications per second using openLDAP as a backend with 1,000,000+ entries and a random spread of usernames across those 1,000,000 entries.
My client was the limiting factor though, I couldn't max out the CPU of the RADIUS server.
at least 700, if a server goes down, the other must take over. Or if we have to do a emergency reboot. It should handle at least that many.
Does anyone got a tip on how to improve performance on the radius
servers?
The biggest bottleneck is likely to be your database. Check your indexes, etc.
I will try some more tweaking, but I would like to have a test tool first. So I could see the differences.
Homename lookups may be an issue too if the server is waiting to for DNS
lookups. Not sure if this is an issue at request processing time or just
at startup. Try turning it off (radiusd.conf) and see if it makes a difference.
It is turned off
Only log what is necessary. Are you logging request and reply packets? If so, do you *need* to?
I have removed everything that I don't feel is necesarry.
If authentication is *REALLY* slow (ie more than a couple of seconds per
request), run the server in debug mode and you may be able to see which operations are taking the time.
It is not that slow, but I will try debug mode anyway to see if I can see any errors.
And how to test preformance?
radclient can be used to send multiple requests to a radius server.
I wrote myself some rough perl scripts to perform authentication and accounting "load" testing and report on average number of requests handled per second, etc.
So did I, but it ended up with the "test machine" taking up 100% cpu and not beeing able to authenticate more than 20 pr. sec. I should work on my coding skills ;) It would be great if you could share that script with me.
Hope that helps a little
regards, Mike
- List info/subscribe/unsubscribe? See