Hi dear users,
After a whole night??s analysis, we found it??s pf that takes too much time
processing authentication request if the QPS is too high and hangs all radius
requests later and then Aruba AC meets the radius timeout setting and re-sends
the same radius access request to pf while pf just sent out the first radius
accept packet and then received the same request, it will response accept for a
second time and then delete the state id, but Aruba AC might has waited for
another 5 seconds and send a radius request for a third time, and this time pf
find no state id match this session and just response reject...And then more
and more reject responses will cause user re-connect wireless and the QPS is
much more...It's bad circle...
We find pf has below bottlenecks at least to lead to the hang issue:
1.Mysql query is too slow.
2."curl" keeps calling httpd service and it's very slow.
3."doperl" is too slow.
4."ntlm_auth" process is too slow.
5.A device will try to connect again if radiusd crashes or restarted or meets
its max requests
But we don't find which configuration will solve this issue yet. Is there any
suggestion on how to change configuration to handle this performance issue ? Or
any basic directions on how to adjust the parameters to handle 200 QPS,500 QPS
and 2000 QPS ?
Any response is appreciated. Thank you very very much.
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
