Claude Brown wrote:
> We didn't try this.

  That would fix it.

> Our design goal is:
> - 250K users all needing to get on the network at the same time
> - each user performing 7 authentications during EAP negotiation

  That should be fixed, too.  There is NO NEED to do 7 SQL queries.  You
can put pretty much everything into "post-auth".

> - one hour duration to get everyone sorted

  Which works out to ~70 auths/s.  That's trivial.

> This is about 486 authentications per second. I'm sure that a MySQL 
> configuration can be constructed to achieve this, but I'm not confident it 
> would be a simple setup.

  It's dead easy.  Create a custom table as I said before.  SELECT on
that.  Do the select in the post-auth section.  Separate auth from acct.

  70 queries/s is a small system.  I've built MySQL systems which do
sustained hundreds of queries per second, and hundreds of accounting
packets/s.  It's pretty simple.

> In any case, assuming MySQL can be configured appropriately, I believe the 
> thread-loss stability issue we experienced with high authentication rates 
> would remain.

  I don't see why.  I've never seen any "thread loss" issue.

  If you use the same SQL module for auth & acct, you WILL run into
contention, locks, and massive delays.  The solution for that is above.

> However, as you note it doesn't solve the accounting performance issues on 
> the database. This was a significant issue for us as we are only able to 
> learn the customers IP address (needed for many business processed) from the 
> "accounting start" request.  If this is delayed due to an avalanche of 
> requests it affects customers in certain business states.

  Wild.

> We were able to gain a significant performance improvement over and above 
> "rlm_sql" accounting by writing the essential data to a flat-file and then 
> batch-loading that into the SQL database.

  That can help, yes.

> The improvement came down to SQL transactions - the batch load only created 
> one transaction for 1000's of accounting events rather than one transaction 
> per event.  

  Well... I've run MySQL systems with 100's of accounting inserts/s,
using pretty much a stock config.  It should be possible.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to