Status of v4

Fri Feb 28 20:14:25 UTC 2025

Hi,

I'd love to see more official training materials, paid or free. The
documentation is great as it is, and I built my employer's production
servers off it, but many people have an easier time learning from
structured training courses.

Regards,
Rolf Harald Holmvik

On Fri, Feb 28, 2025, 13:14 Alan DeKok <aland at deployingradius.com> wrote:

>   While there have been many rumours of v4 and promises of releases, it's
> likely time for a realistic summary of what's going on.
>
>   v4 has take a long time in part because we want to do it "right", and in
> part because the development model has changed substantially since 3.0.0
> was released.
>
>   Prior to v4, FreeRADIUS was largely a part-time effort for the people
> involved.  Everyone had day jobs, and pushed the server forward a little
> bit, based on available time.  The result was something which worked, but
> which definitely had some rough edges.
>
>   Since the release of 3.0.0, FreeRADIUS has become a full-time job for
> the core developers.  This means that while there is significantly more
> work done on FreeRADIUS than before, the new releases have slowed down
> substantially.  Why?
>
>   There are two reasons.  The first reason is that people like to eat.
> Customer projects take time away from FreeRADIUS, but also pay the bills.
> The second reason is that we now have the resources to re-architect the
> server to be everything we've wanted it to be.  And rearchitecture takes
> time.
>
>   The good news is that v4 is stable, and is running in multiple ISP
> environments.  NDAs etc. prevent naming names, but be assured that it's
> running on many sites with millions of users.
>
>   Another piece of good news is that the list of "TODOs" for v4 is growing
> much shorter.  The current list of features in v3 which are missing in v4
> is:
>
> * statistics, so that people can monitor server behaviour
>
> * RADIUS/TLS or RadSec.
>
>   That's pretty much it.  And I think even RADIUS/TLS could be dropped
> from an initial 4.0, and added to a later release.  We could call 4.0 an
> "ISP" version, and then add RADIUS/TLS later, to ensure that the eduroam
> people are happy with it.
>
>   There are also lower priority features in v3 which aren't in v4:
>
> * EAP-FAST
> * EAP-TEAP
> * changes to the DPSK module
>
>   We're OK with adding those later, as they are lower priority.
>
>   So what took us so long?  We ended up essentially re-doing everything
> from scratch.  This is known as the "second system syndrome".
>
>   But I think the results are worth it.  While the configuration is still
> recognizably FreeRADIUS, the outcome is enormously better than v3.  All of
> the weird / confusing issues have been cleared up.  The documentation is
> obsessively complete (and we have a full-time person working on it).  There
> are hundreds of unit tests / regression tests.  It's automatically run
> under multiple static analyzers and fuzzers.
>
>   The list of new features in v4 is large:
>
> * DNS, DHCPv4, DHCPv6, and even LDAP sync are now core protocols, and are
> fully supported.  All in the same binary at the same time.  We're adding
> support for more, too.  (Native DER decoding!)
>
> * the server is fully asynchronous, so blocking databases are much less of
> a problem.  Observed throughput is noticeably higher
>
> * unlang has been updated with many new keywords and functionality.  You
> can now do expressions in-place.   The "update" section is no longer
> needed, so configurations get simpler and clearer.  The function syntax
> finally makes sense, and looks a lot better
>
> * and many, many, more.
>
>   At this point, if we're willing to drop RADIUS/TLS from a v4 release,
> the only blocking issue is statistics.  And there's no reason why we can't
> have that done by June.
>
>   Comments?  Feedback?
>
>   Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>