CPU intensize authorization module issue

Yannick Koehler yannick at koehler.name
Thu Mar 27 16:44:59 CET 2014

While I do agree with you, working on the SQL aspect is not a possibility
in this case.  It also first appeared that invoking any external code only
when its outcome will be meaningful is more appropriate and easier to do.
And if Stefan suggestion works, it would then be true.

In any case, it does appear illogical to request 4-5 times the same query
(independentely of their time taken to execute) to an SQL database and
discard its result each time based on a username that is not yet validated
(not the inner-tunnel username) and may not be the correct one.

2014-03-27 11:30 GMT-04:00 Alan DeKok <aland at deployingradius.com>:

> Yannick Koehler wrote:
> ...
> >     >   I have an authorization module to write for FreeRADIUS that does
> a
> >     > fair amount of CPU intensive SQL queries 1-2 seconds time.
>   That is a problem.  You need to fix that.
>   There is no good reason for the SQL queries to take 1-2 seconds.  Any
> CPU intensive work should be moved out of the critical path.  The SQL
> server should respond to FreeRADIUS within 10ms ideally, or 100ms at the
> most.
>   You should re-design your use of SQL.  Since you didn't say *why* the
> queries are taking 1-2 seconds, I can't offer any more specific advice.
>   FYI, when I look at poorly performing RADIUS systems, it's almost
> always due to the SQL database.  I spend probably 5% of my time fixing
> FreeRADIUS configuration, and 95% of my time fixing bad SQL configuration.
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html

Yannick Koehler
Courriel: yannick at koehler.name
Blog: http://corbeillepensees.blogspot.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/mailman/private/freeradius-users/attachments/20140327/46cc75d0/attachment.html>

More information about the Freeradius-Users mailing list