Throttle Authentication Requests
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Sat Nov 30 12:17:43 CET 2013
On 30 Nov 2013, at 00:36, Fahad Saleem <addyrocker at gmail.com> wrote:
> Greetings All,
>
> What would be the best way to rate limit the number of authentication requests. Our current setup has one server doing 150 Auths per sec but under certain circumstances during GGSN migrations the auths per seconds go up to 1000 for a 20 to 30 minute period before things start to calm down. So I was wondering if this was possible in anyway from the freeradius end, kind of as a safe guard. I've looked at the rlm_cache module and the idea of getting packets dropped is a bit scary. Any thoughts about this will be appreciated!
1000 PPS is trivial load, if your server can't handle that you've done something truly horrific on the back end.
If you don't want to drop packets and let the NAS try later, how exactly were you envisaging this would work? There's no way to signal the NAS to say that it should come back again in X seconds.
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team
More information about the Freeradius-Users
mailing list