Hi, I wanted to ask how much effect would disabling the session resumption would make on the server? If any? Would it reduce number of simultaneous eap sessions server can handle in any manner? BR, Anirudh Malhotra 8zero2 Mail: 8zero2.in@gmail.com Facebook: www.facebook.com/8zero2 Twitter: @8zero2_in Blog: blog.8zero2.in
On Apr 13, 2016, at 11:37 AM, Anirudh Malhotra <8zero2ops@gmail.com> wrote:
Hi,
I wanted to ask how much effect would disabling the session resumption would make on the server? If any?
Reduce auth/s
Would it reduce number of simultaneous eap sessions server can handle in any manner?
Yes, and increase auth latency.
Hi Arran, Thanks for your reply. I posted a question earlier http://lists.freeradius.org/pipermail/freeradius-users/2016-April/083081.htm... I am facing some issue in session resumption can you please look at that question else i will have go through the source code which i am not good at :p BR, Anirudh Malhotra 8zero2 Mail: 8zero2.in@gmail.com Facebook: www.facebook.com/8zero2 Twitter: @8zero2_in Blog: blog.8zero2.in On 13 Apr 2016, 21:35 +0530, Arran Cudbard-Bell<a.cudbardb@freeradius.org>, wrote:
On Apr 13, 2016, at 11:37 AM, Anirudh Malhotra<8zero2ops@gmail.com>wrote:
Hi,
I wanted to ask how much effect would disabling the session resumption would make on the server? If any?
Reduce auth/s
Would it reduce number of simultaneous eap sessions server can handle in any manner?
Yes, and increase auth latency.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
I am facing some issue in session resumption can you please look at that question else i will have go through the source code which i am not good at :p
well, you only asked this free, not paid, support list about this just yesterday. you could avoid session resumption/caching but your RADIUS server will not scale so high. alan
Ok thanks anyways :) Just a small question.. If it is a feasible one to answer. How many concurrent users can freeradius handle if it is a big 16 gb 8 core server? And how much would disabling session resumption can scale it down to. Just want a rough number BR, Anirudh Malhotra 8zero2 Mail: 8zero2.in@gmail.com Facebook: www.facebook.com/8zero2 Twitter: @8zero2_in Blog: blog.8zero2.in On 13 Apr 2016, 21:53 +0530, A.L.M.Buxey@lboro.ac.uk, wrote:
Hi,
I am facing some issue in session resumption can you please look at that question else i will have go through the source code which i am not good at :p
well, you only asked this free, not paid, support list about this just yesterday. you could avoid session resumption/caching but your RADIUS server will not scale so high.
alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Apr 13, 2016, at 12:32 PM, Anirudh Malhotra <8zero2ops@gmail.com> wrote:
Ok thanks anyways :)
Just a small question.. If it is a feasible one to answer. How many concurrent users can freeradius handle
Several million if they never re-authenticate... You're measuring the wrong thing. You need to figure out what the rate of authentications are going to be and then test the server to figure out if it'll meet that. The rate of authentications does roughly correlate with the number of concurrent sessions, but is *HIGHLY* dependent on your environment. If you're a university you'll likely see massive peaks and troughs in auth rates that coincide with lectures starting/ending. If you're enterprise you might see peaks around 9:00am and then hardly anything the rest of the day. Media matters, if it's wireless you'll have phones roaming between APs. Wireless equipment matters, can the controller handle roaming between APs without forcing full re-authentication. Then there are other factors, what CPU are you using, does it have instructions available to accelerate AES and RSA calculations. What type of certificates are you using? EC is less expensive than RSA. It's better just to create your own benchmarking solution and compare the results, there's no way we can give meaningful estimations given hardware specs, there are too many other variables. -Arran
On Apr 13, 2016, at 12:15 PM, Anirudh Malhotra <8zero2ops@gmail.com> wrote:
Hi Arran,
Thanks for your reply. I posted a question earlier http://lists.freeradius.org/pipermail/freeradius-users/2016-April/083081.htm...
I am facing some issue in session resumption can you please look at that question else i will have go through the source code which i am not good at :p
If you move to v3.1.x i'd be happy to help you :) I don't believe the v3.0.x code associates the &session-state: list with the actual SSL_SESSION struct, and i'm also pretty sure we don't expose the session ID as an attribute, meaning there's no proper way to bind cache entries to SSL sessions. In v3.1.x you can cache the session-state list, the TLS session resumption blob, and the certificate attributes all together in the same entry. It lets you write much saner configurations. The idea is that you can populate the session-state list with any autz data from LDAP or SQL, and have the contents of that list persist across all resumptions of that session. We're not creating new sessions when a session is resumed, so it seems appropriate that session-state should persist. -Arran
participants (3)
-
A.L.M.Buxey@lboro.ac.uk -
Anirudh Malhotra -
Arran Cudbard-Bell