TCP transport again
Gabriel Blanchard
gabe at teksavvy.ca
Thu Sep 24 22:45:30 CEST 2009
On 2009-09-24, at 4:37 PM, Alan DeKok wrote:
>
> It's not really recommended for NASes to use TCP, *unless* they have
> high loads. See RFC 3539 for details.
Yes I believe I've read about that already, maybe I'll have another
look.
>
> What is "high load"? 100pps? 1000 pps?
Sounds about right actually. Averages out at 100pps (we use Interim
updates) and it can peak around 1000pps. Most of that load comes from
users leaving their home routers on with an invalid username and/or
password and hammering our NASes at about 3-4 attempts per second per
user. Juniper (not sure about Cisco) has a fix to limit these kinds of
"attacks" but it doesn't always work and due to the nature of our
network we can't always find exactly who the user is.
-Gabe
More information about the Freeradius-Devel
mailing list