Performance tweaking and testing.

Michael Mitchell mitchell.michael at bigpond.com
Sat Jun 11 14:01:58 CEST 2005


> 
> We have 1500 customers connected to our PPPoE servers, to autenticate we 
> have 2 freeradius servers connected to a mssql server.

How many authentications per second are you expecting?

With decent hardware you should be able to authenticate all 1500 within 
a couple of seconds. I've tested our development Sun V440 to over 600 
authentications per second using openLDAP as a backend with 1,000,000+ 
entries and a random spread of usernames across those 1,000,000 entries. 
My client was the limiting factor though, I couldn't max out the CPU of 
the RADIUS server.


> 
> Does anyone got a tip on how to improve performance on the radius servers?

The biggest bottleneck is likely to be your database. Check your 
indexes, etc.

Homename lookups may be an issue too if the server is waiting to for DNS 
lookups. Not sure if this is an issue at request processing time or just 
at startup. Try turning it off (radiusd.conf) and see if it makes a 
difference.

Only log what is necessary. Are you logging request and reply packets? 
If so, do you *need* to?

If authentication is *REALLY* slow (ie more than a couple of seconds per 
request), run the server in debug mode and you may be able to see which 
operations are taking the time.

> 
> And how to test preformance?

radclient can be used to send multiple requests to a radius server.

I wrote myself some rough perl scripts to perform authentication and 
accounting "load" testing and report on average number of requests 
handled per second, etc.

Hope that helps a little

regards,
Mike




More information about the Freeradius-Users mailing list