FreeRADIUS + 802.1X wireless rollout questions

Walter Gould gouldwp at auburn.edu
Mon Apr 21 18:13:04 CEST 2008


Alan DeKok wrote:
> Walter Gould wrote:
>   
>> Here's where my concerns lie -  I am concerned about how many
>> simultaneous authentication requests that a single Freeradius server can
>> handle.  I have read the "Testimonials" and the "Why we're #1" pages on
>> the freeradius site - which says there are numerous sites using
>> freeradius to support more than 10,000 or 20,000 users.
>>     
>
>   And, sites with 15,000,000 users.
>
>   
>>  Our school
>> currently has around 21,000 students on our campus.  Of that 21,000 -
>> there is usually around 1000 users logged into our wireless network at
>> any given time, however, that number continually increases.
>>     
>
>   The authentication load on the server is relatively easy to calculate.
>  If you have N users on, each with an average session time of S seconds,
> the load on the system will be N/S.
>
>   e.g. 1K users, 20 minute session time (1200s) is about 1 auth/s.  That
> is very little load...
>
>   With EAP, there are multiple packet per user authentication, and SSL
> setup overhead.  See raddb/certs/README.  Interaction with Active
> Directory adds even more overhead.
>
>   But a 2Gh machine should be fine.  As was pointed out, you'll need a
> second machine for failover before the first one is at all busy.
>
>   
>> Questions:
>> 1. Do any of you have feedback/thoughts/experience on how our freeradius
>> server may handle the auth. request load given our situation?
>>
>> 2. Do you think that we may need to tweak any of the settings in the
>> radiusd.conf file  (max_requests, max_request_time, etc)?
>>     
>
>   The default configuration should be pretty much fine.
>
>   
>> 3.  Any other advice/suggestions you have or think of would be welcome
>> and appreciated.
>>     
>
>   Test the system to prove for yourself that the above numbers are true.
>  Use "eapol_test" from "wpa_supplicant" on client machines to hammer the
> server with test authentications.  That will give you a *measured*
> number for server performance.
>
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>   

Alan D. and Alan B.,

Thanks for both of your inputs and suggestions.  I appreciate them.  
They have given me some good direction for testing and measuring 
performance. 

Thanks again,
Walter




More information about the Freeradius-Users mailing list