6. Recommended number of threads (McNutt, Justin M.) - Re: Freeradius-Users Digest, Vol 106, Issue 31

[Rui Ribeiro]

We have 2500 wireless clients at peak time, and I have seen as much as 20
simultaneous authentications before I optimised the freeradius server. We
only have one RADIUS server in operation, and another for failover.

The number of users is one tree in the forest IMO. Have you timed how long
one user takes to authenticate? What is the load of your current server?
How long the associate systems take to answer?

At the end of the day, again, IMO, you have to balance good sysadmin
practices while fine-tuning the associated systems, and fine-tune your
freeradius configuration as well. Pay well attention to the debug
information, as you can fine tune unlang for some events to not repeat all
the way in the several steps of the negotiation; also the latest 2.2
versions seem to perform better than the 2.1.X - we went from 50-90ms down
to less than 10ms.

Note: have a look at eapol_test and raddebug if you are not using them.

Regards


On 11 February 2014 22:01, <freeradius-users-request at lists.freeradius.org>wrote:

>
>
> Message: 6
> Date: Tue, 11 Feb 2014 20:53:08 +0000
> From: "McNutt, Justin M." <McNuttJ at missouri.edu>
> To: FreeRadius users mailing list
>         <freeradius-users at lists.freeradius.org>
> Subject: Recommended number of threads
> Message-ID:
>         <
> 81D8D62C6E5AD1499D9C16729DB5B3DEDED03CE8 at UM-MBX-N02.um.umsystem.edu>
> Content-Type: text/plain; charset="us-ascii"
>
> I've been seeing some unexplained failures to authenticate 802.1X clients
> when my system is under heavier load, and I suspect that I don't have
> enough threads running.  For reference, I currently have four servers in a
> load balanced group with identical configs.  Thread settings are these:
>
>         max_servers = 32
>         min_spare_servers = 3
>         max_spare_servers = 10
>         max_requests_per_server = 0
>
> We have about 14,500 wireless clients at peak times, though that number
> will climb, I'm sure.
>
> Is there a rule of thumb that will tell me how many threads I should have
> (max_servers)?  Also, I suspect that there have been authentication
> failures due to all threads on a server being busy.  Is there a good way to
> confirm that?  I've poked around in the radiusd logs a bit, but haven't
> found much, other than the odd "Login failed" with no reason given.  (For
> "normal" failures, there are two messages, one of which has a cause like
> "bad password" or "account locked out" or some such thing.)
>
> Advice is welcome.
>
> --J
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140212/a901bd22/attachment.html>