Hi all, I've recently come into some issues with the load on my PacketFence setup during peak times and so we're now looking at seeing if we can split the service into separate components across servers, and also across our two sites for high availability.
Loads are currently around 2000 devices concurrently at peak times, all using 802.1x through the freeradius mschap component to our backend active directory server. At peak times there are sometimes 500 devices sitting in the captive portal. Our current setup is a VMWare server with 4vCPUs & 32GB of memory. Inverse have had a look and have suggested that our server is being battered by devices in our captive portal. However I'm not sure there's much we can do to alleviate this, as it's a BYOD environment, and we have little to no control over the devices that come into the network. I've added some apache filters to 501 certain apps that are hitting the portal, but it doesn't seem to be making a huge difference, and some apps are still hitting the portal even after the 501 error is given. So, some quick questions regarding this: - Will moving the MySQL component of the setup onto a dedicated server make a marked difference to the performance? - If I gave each university site a PF httpd/radius service, would they both need to access one single central MySQL server or would this cause deadlocks? - Is splitting PF into 3 separate components: apache, freeradius and MySQL also an option to bring server load down? Has anyone else run into this sort of issue with devices sitting in the captive portal, and if so how do you combat it? Larger environments, what is your setup regarding PF hardware and services? Cheers, Andi ________________________________ [Cardiff Metropolitan University - 150 years of nurturing talent]<http://www.cardiffmet.ac.uk/cardiffmet150>
------------------------------------------------------------------------------
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
