Norbert Wegener wrote: > Simple authentication with login/password can be handled in large > numbers with a recent cpu and freeradius. > . > EAP authentication on the other hand requires a great amount of cpu > processing.
It's all in the SSL rsa keying setup. > Therefore I have a simple(?) question: > Did someone already calcute the theoretically maximum number of eap > authentications per second, that a recent x86 cpu is able to handle? $ openssl speed Or $ openssl speed rsa http://www.madboa.com/geek/openssl/#benchmark-speed For 2048 bit rsa keys, the web page gives 77 signs/s for a 2GHz Intel Core 2. My 1GHz laptop gives around 20/s. That number becomes the limiting factor for any TLS-based EAP method. It doesn't matter if the rest of the server can handle 5k PAP requests/s. If it can only do 77 rsa signings/s, that is the maximum number of EAP-TLS/TTLS/PEAP sessions that it can do. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html