rlm_ippool vs rlm_sqlippool

Alan DeKok aland at deployingradius.com
Tue Apr 30 14:30:40 CEST 2013

George Chelidze wrote:
> We use rlm_ippool for pool management. Each pool is configured with 16K
> addresses. About 10K are used in the peek time (per pool).

  The DBM files underlying IP pools really aren't that scalable.

> I believe we have almost reached our IO capacity, because heavy IO
> operations like gzipping a 300M file cause freeradius to throw errors like:
> Error: Discarding duplicate request from client C port 65038 - ID: 109
> due to unfinished request 34797335
> Error: Discarding duplicate request from client C port 65035 - ID: 98
> due to unfinished request 34797336

  Yeah.  Starving FreeRADIUS isn't a good idea.

> Will it make any sense to switch to rlm_sqlippool? Will it be less IO
> sensitive?

  You should be using SQL.  It will still be IO sensitive, but maybe
less so.

  The short answer is that you shouldn't overload critical systems while
they're running.  Perhaps a simpler solution is to move FreeRADIUS + DB
into a dedicated machine.  And don't do ANYTHING ELSE on it.  Use syslog
to get all logs off of the machine.  So there are really no cron jobs,
user logins, etc.

  That is by far and away the safest way of running a RADIUS server.

  Alan DeKok.

More information about the Freeradius-Users mailing list