Alan DeKok wrote:
Walter Gould wrote:
Here's where my concerns lie - I am concerned about how many simultaneous authentication requests that a single Freeradius server can handle. I have read the "Testimonials" and the "Why we're #1" pages on the freeradius site - which says there are numerous sites using freeradius to support more than 10,000 or 20,000 users.
And, sites with 15,000,000 users.
Our school currently has around 21,000 students on our campus. Of that 21,000 - there is usually around 1000 users logged into our wireless network at any given time, however, that number continually increases.
The authentication load on the server is relatively easy to calculate. If you have N users on, each with an average session time of S seconds, the load on the system will be N/S.
e.g. 1K users, 20 minute session time (1200s) is about 1 auth/s. That is very little load...
With EAP, there are multiple packet per user authentication, and SSL setup overhead. See raddb/certs/README. Interaction with Active Directory adds even more overhead.
But a 2Gh machine should be fine. As was pointed out, you'll need a second machine for failover before the first one is at all busy.
Questions: 1. Do any of you have feedback/thoughts/experience on how our freeradius server may handle the auth. request load given our situation?
2. Do you think that we may need to tweak any of the settings in the radiusd.conf file (max_requests, max_request_time, etc)?
The default configuration should be pretty much fine.
3. Any other advice/suggestions you have or think of would be welcome and appreciated.
Test the system to prove for yourself that the above numbers are true. Use "eapol_test" from "wpa_supplicant" on client machines to hammer the server with test authentications. That will give you a *measured* number for server performance.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Alan D. and Alan B., Thanks for both of your inputs and suggestions. I appreciate them. They have given me some good direction for testing and measuring performance. Thanks again, Walter