TCP transport again

Gabriel Blanchard gabe at
Thu Sep 24 22:45:30 CEST 2009

On 2009-09-24, at 4:37 PM, Alan DeKok wrote:
>   It's not really recommended for NASes to use TCP, *unless* they have
> high loads.  See RFC 3539 for details.

Yes I believe I've read about that already, maybe I'll have another  

>   What is "high load"?  100pps?  1000 pps?

Sounds about right actually. Averages out at 100pps (we use Interim  
updates) and it can peak around 1000pps. Most of that load comes from  
users leaving their home routers on with an invalid username and/or  
password and hammering our NASes at about 3-4 attempts per second per  
user. Juniper (not sure about Cisco) has a fix to limit these kinds of  
"attacks" but it doesn't always work and due to the nature of our  
network we can't always find exactly who the user is.


More information about the Freeradius-Devel mailing list