Status of v4

[nabble at felix.world]

Hi, 

First of all, thank you for doing all the work!

Unfortunately our servers are RadSec only. But we’re definitely using v4 when possible. 
Does stable also mean that it is very unlikely that the syntax of the configuration or unlang could change significantly?



> On 28. Feb 2025, at 13:13, Alan DeKok <aland at deployingradius.com> wrote:
> 
>  While there have been many rumours of v4 and promises of releases, it's likely time for a realistic summary of what's going on.
> 
>  v4 has take a long time in part because we want to do it "right", and in part because the development model has changed substantially since 3.0.0 was released.
> 
>  Prior to v4, FreeRADIUS was largely a part-time effort for the people involved.  Everyone had day jobs, and pushed the server forward a little bit, based on available time.  The result was something which worked, but which definitely had some rough edges.
> 
>  Since the release of 3.0.0, FreeRADIUS has become a full-time job for the core developers.  This means that while there is significantly more work done on FreeRADIUS than before, the new releases have slowed down substantially.  Why?
> 
>  There are two reasons.  The first reason is that people like to eat.  Customer projects take time away from FreeRADIUS, but also pay the bills.  The second reason is that we now have the resources to re-architect the server to be everything we've wanted it to be.  And rearchitecture takes time.
> 
>  The good news is that v4 is stable, and is running in multiple ISP environments.  NDAs etc. prevent naming names, but be assured that it's running on many sites with millions of users.
> 
>  Another piece of good news is that the list of "TODOs" for v4 is growing much shorter.  The current list of features in v3 which are missing in v4 is:
> 
> * statistics, so that people can monitor server behaviour
> 
> * RADIUS/TLS or RadSec.
> 
>  That's pretty much it.  And I think even RADIUS/TLS could be dropped from an initial 4.0, and added to a later release.  We could call 4.0 an "ISP" version, and then add RADIUS/TLS later, to ensure that the eduroam people are happy with it.
> 
>  There are also lower priority features in v3 which aren't in v4:
> 
> * EAP-FAST
> * EAP-TEAP
> * changes to the DPSK module
> 
>  We're OK with adding those later, as they are lower priority.
> 
>  So what took us so long?  We ended up essentially re-doing everything from scratch.  This is known as the "second system syndrome".
> 
>  But I think the results are worth it.  While the configuration is still recognizably FreeRADIUS, the outcome is enormously better than v3.  All of the weird / confusing issues have been cleared up.  The documentation is obsessively complete (and we have a full-time person working on it).  There are hundreds of unit tests / regression tests.  It's automatically run under multiple static analyzers and fuzzers.
> 
>  The list of new features in v4 is large:
> 
> * DNS, DHCPv4, DHCPv6, and even LDAP sync are now core protocols, and are fully supported.  All in the same binary at the same time.  We're adding support for more, too.  (Native DER decoding!)
> 
> * the server is fully asynchronous, so blocking databases are much less of a problem.  Observed throughput is noticeably higher
> 
> * unlang has been updated with many new keywords and functionality.  You can now do expressions in-place.   The "update" section is no longer needed, so configurations get simpler and clearer.  The function syntax finally makes sense, and looks a lot better
> 
> * and many, many, more.
> 
>  At this point, if we're willing to drop RADIUS/TLS from a v4 release, the only blocking issue is statistics.  And there's no reason why we can't have that done by June.
> 
>  Comments?  Feedback?
> 
>  Alan DeKok.
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html