Workload in freeradius? platform
Guillaume Sigui
gsigui at live.fr
Fri Oct 14 17:47:10 CEST 2011
Ok, sorry. I explain below with more details:
-----------------------------------------------------------------------------------------------------------------------------------------
DESCRIPTION OF WORKLOAD PROBLEM WITH FREERADIUS PLATFORM
I- OBJECTIVES
It was a project that was implemented for an ISP to authenticate, to authorize and to account their ADSL’s Subscribers.
The main objective is to integrate radius in the process of attribution of IP Address to ADSL Subscribers.
This integration can be described by the steps follows:
Before integration of Radius Platform:
1- The subscribers are queries the BAS to affect an IP address
2- The BAS affects to this subscriber, an IP Address
3- The subscribers are connected to Internet
After integration of Radius Platform:
1- The subscribers are queries the BAS to affect an IP address
2- The BAS transfers these requests to Radius platform
3- The Radius platform authenticates this subscriber. If he is authorized, the Radius starts accounting; if not, BAS denied access of this subscriber.
4- When the authentication is on success, the BAS affects an IP Address of this subscriber
5- The subscribers are connected to Internet
6- Once subscriber terminates his connection to internet, the BAS send a request to Radius for stopping accounting
II- PROBLEM
There are three BAS. It’s Alcatel BAS SMS 1800.
All of subscribers are affected to one BAS as follow:
- BAS n°1: 8000 subscribers
- BAS n°2: 3000 subscribers
- BAS n°3 : 2000 subscribers
After transferring a first BAS’s requests to a RADIUS platform, it’s work well.
But, after configuring a second BAS to transfer his requests, the radius platform started to work slowly. The authentification process has become slow.
III- INTERNAL ARCHITECTURE OF RADIUS PLATFORM
There are eight virtual servers based on KVM:
- 02 authentication’s servers
- 02 accounting’s servers,
- each server has his own database server, so there are 04 database servers. It's Mysql 5.
Authentication and Accounting are configuring with Freeradius.
IV- LOGS AND CONFIGURATION
1. Radiusd –X | tee log
It's very long. So i give it, to an another file. View the file attached radius-X.log.
2. BAS’s Configuration
On each BAS, we have done this configuration:
context ISP
domain ISP_domain1
domain ISP_domain2
aaa authentication subscriber radius
aaa accounting subscriber radius
radius server IP_authentication_server1 key alcatel
radius server IP_authentication_server2 key alcatel
radius algorithm round-robin
radius accounting server IP_accounting_server1 key alcatel
radius accounting server IP_accounting_server2 key alcatel
radius accounting algorithm round-robin
radius attribute NAS-IP-Address interface cisco
Thanks a lot,
Guillaume Sigui
> Date: Fri, 14 Oct 2011 16:41:07 +0200
> From: aland at deployingradius.com
> To: freeradius-users at lists.freeradius.org
> Subject: Re: Workload in freeradius? platform
>
> siguillaume wrote:
> > Ok, thanks.
> > I give more details in the files attached.
> ...
> > *DESCRIPTION OF WORKLOAD PROBLEM WITH FREERADIUS.pdf* (291K) Download
> > Attachment
>
> I wish you were joking, but I'm sure you're not.
>
> As a hint, posting PDFs is rude. *NO ONE* else is doing it.
>
> Go read the documentation for how to ask sane questions.
>
> If you keep this up, I'll unsubscribe nabble.com, too. Very little of
> anything worthwhile comes from there.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20111014/55a7dba7/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: radiusd-X.log
Type: text/x-log
Size: 23316 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20111014/55a7dba7/attachment.bin>
More information about the Freeradius-Users
mailing list