db performance

[Phil Mayers]

> 
> What kind of performance are people getting in general ?

This is a pretty small installation I guess, but to give you an idea...

We have two servers; dual 3.2GHz HP DL380G4s with mirrored disks and 3Gb 
RAM. Both run identically configured radius instances. One of the radius 
servers also runs the main postgres server, the other radius server runs 
a postgres hot standby (slony replica). Postgres is v8.3, standard FR 
SQL schema.

Network is ~450 Cisco heavyweight APs, ~1000 3Com 4400 switches (of 
which 1/3rd are doing MAC-based vlans - the rest soon) and two heavily 
used PPTP VPN servers.

Quick disclaimer: these numbers were gathered quickly and may not be 
accurate, don't sell your house based on them yadda yadda.

We did ~25k authentications in the last 24 hours, about a 90/10 mix of 
EAP-PEAP/MS-CHAP (wireless) and plain MS-CHAP (PPTP). All breakout to AD 
via winbind. Average EAP exchange for us is 10 packets (5 request, 5 
response) and it's obviously crypto-heavy.

We handled ~115k accounting packets (mix of start, interim @ 300-second 
intervals and stop; averaged ratio 1:3.8:1) all of which were inserted 
direct into the SQL db on the primary radius server - no radsqlrelay or 
similar. At the same time, the SQL data was replicated to the 
installation on the slave SQL server (i.e. 2nd radius server).

We also handled about ~75k PAP requests (MAC-based vlans) on the primary 
radius server. Each of these used an Exec-Program (so, fork+exec) to 
syslog the info (different setup, no SQL there yet).

Finally we dump the SQL rows for finished sessions >3 days old from the 
radacct table into .csv files nightly. These files average ~15-30k 
entries - our average daily NAS session count, in other words.

The servers break even at about 3% utilisation per processor, most of 
which I'm confident is crypto.

Basically, FreeRadius is *fast*.