On 30 Nov 2013, at 00:36, Fahad Saleem <addyrocker@gmail.com> wrote:
Greetings All,
What would be the best way to rate limit the number of authentication requests. Our current setup has one server doing 150 Auths per sec but under certain circumstances during GGSN migrations the auths per seconds go up to 1000 for a 20 to 30 minute period before things start to calm down. So I was wondering if this was possible in anyway from the freeradius end, kind of as a safe guard. I've looked at the rlm_cache module and the idea of getting packets dropped is a bit scary. Any thoughts about this will be appreciated!
1000 PPS is trivial load, if your server can't handle that you've done something truly horrific on the back end. If you don't want to drop packets and let the NAS try later, how exactly were you envisaging this would work? There's no way to signal the NAS to say that it should come back again in X seconds. Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS Development Team