Max listening ports
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Thu Nov 13 16:05:24 CET 2014
> On 13 Nov 2014, at 09:52, Kev Pearce <email.me at kevp.com> wrote:
>
>>>>> I'd like to run a FR with more than 256 virtual servers/listening
> ports.
>>>> Why? That's a bit unusual.
>>>
>>> It's for multi-tenancy by port.
>>
>> That isn't necessary. See the "virtual_server" example in clients.conf.
> It is
>> intended for this EXACT purpose.
>>
>
> My multi-tenancy needs to work like this:
>
> Each customer gets their own udp port to authenticate to.
> They have their own shared secret that applies to all their clients (i.e any
> client that connects to their udp port).
> They can have any client IP address authenticate, use their own shared
> secret and authenticate their own user list (in mysql).
>
> What I have built is a virtual server per customer.
> Each VS has its own listen port and has its own shared secret (using dynamic
> clients read from mysql, looked up by a udp port field).
> The shared secret is setup using 128.0.0.0/1 and 0.0.0.0/1 CIDR hosts read
> by dynamic clients (as per previous posts I made).
> This then allows any client to auth to that udp port with that customers
> shared secret.
>
> If there is any way to isolate 'lots' of customer so they each have their
> own port and shared secret without lots of seperate virtual servers I'd
> definitely be interested.
No, but you can do something similar with client IP ranges.
If you're set on using ports, realise that FreeRADIUS uses select() to determine
when there's data available to read.
select does not scale to thousands of file descriptors, in fact it doesn't
perform very will with anything over 30. There's also usually a compiled in
upper boundary FD_SETSIZE which is 1024 on most systems.
As this is undoubtedly a commercial enterprise perhaps you'd like to sponsor
the development work needed to remove the current file descriptor limitation.
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS development team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
More information about the Freeradius-Devel
mailing list