On Mon, 07 Jul 2003 07:13:25 -0400 "Alan DeKok" <[EMAIL PROTECTED]> wrote:
> Graeme Hinchliffe <[EMAIL PROTECTED]> wrote: > > So this server is NOT short of grunt. However, if I fire a list of > > 19000+ users in quick succession at the RADIUS server it quickly fills > > the 5-10 SQL connections to the DB backend and begins rejecting all > > the requests with the odd one authenticating. > > As I said before, the server does not currently STOP grabbing new > packets when it's too busy to process them. I know this, and am not questioning it, I am after a possible reason for the server NOT processing them fast enough. > Lower the rate at which the packets come in, and it will be OK. I have done this with my test, but this is not really possible when 7000 people all try and auth at the same time. I dropped the rate of requests so there was a 1 second delay and all was happy. I reduced the delay further and all was happy. However if the delay is 10000 msec (using select as the timer with NULL lists), then I can see burst of successful requests equal in number to the number of sql connections, followed by a delay and then another burst of success. (all the time the server is rejecting 99% of the packets) > Or, submit patches to the server to make it stop listening on the > RADIUS port, until there's a free thread to handle the request. > > > If I increase the number of SQL connections to say 80 then more are > > authenticated initially but at a VERY slow rate, and then after > > 400-500 have successfully authenticated it begins to reject enmasse > > again. > > Which is exactly the sign of the problem: the server is getting more > requests than it can handle. You have added a quote from a different post of mine there. In it's current config the server is getting less than 300 requests a second and failing most of them. > > I must have something wrong in the configs somewhere, could someone > > please point me in the direction of possible causes for this severe > > performance hit? > > If you will look at the history of this list, you will see that the > server has no problems handling 100's to 1000's of requests per > second. If you're sending it 10,000+ requests in one second, you > shouldn't be surprised that it's overloaded. I accept this, however the server on my machine is NOT doing this, I am after a possible solution to this, it is obvioulsy some form of config bug as the server hardware is more than upto the task. > You're attacking the server with a DoS attack. Of course it has > problems... Unfortunately a very high level of authentication requests are required. My code is only sending requests via one port so is limiting itself to 256 tops. Could the bottleneck be something to do with SQL? (this is what I am thinking as the actual freeRADIUS daemon itself is happily receiving and rejecting packets as fast as they are coming in, so it has no problems, just the responce from MySQL which must be holding back for some reason. Any suggestions? -- ----- Graeme Hinchliffe (BSc) Core Internet Systems Designer Zen Internet (http://www.zen.co.uk) ICQ 3842605 (link) Sales : 0870 6000 971 Fax : 0870 6000 972 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
