Hello Steve -
On Fri, 28 Jan 2000, Steve Suehring wrote:
> Hello-
>
> We're having some major performance problems. We're doing probably > 50
> auths/sec (maybe upwards of 75 to 100) via multiple radius servers and
> radiator seems to be having problems keeping up. We've got machines that
> are PIII's with decent amounts of ram(256-512) running Linux. The
> machines will hit load avg's of 1 straight across the board with radiusd
> taking nearly all of the proccessor. The machines store no accounting or
> session databases, just radius proxying and local authentication.
>
Could you please send us your configuration file (no secrets) so we can have a
look? There may be something obvious that we can suggest.
> There seem to be two commands that might help:
> SocketQueueLength (globally)
> Fork (in the <authby radius> sections)
>
Both of these are to be used with caution. SocketQueueLength will simply allow
more requests to be queued before the system starts to drop packets. As the
radius protocol specifies packet retransmissions in any case, I don't think
this will win you anything.
The Fork parameter is also to be used with caution, as when you turn it on, the
entire Radiator process will fork when it handles a radius proxy request. This
may very well overwhelm the box and have it spending all its time in the system
cloning processes.
> I'm wondering how/if people have done it in other locations, have you used
> SocketQueueLength and/or Fork with any success?
>
It would be useful to do some packet tracing and have a look at the times for
the following sequence: request arrives at Radiator, proxy request leaves
Radiator, proxy response arrives from remote, response sent from Radiator to
original requestor. I suspect you will discover that you are waiting on your
remote radius servers.
hth
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
