To test RADIUS, I've looked at http://www.serverwatch.com/sreviews/article.php/3935211/5-Free-RADIUS-Testing-and-Monitoring-Tools.htm for options.
We discovered our FreeRADIUS performance problems by being affected ourselves and checking Splunk for errors associated with our logins. When we first started with EAP-TTLS, we needed to spread the load across 6 FreeRADIUS servers because we use kerberos, and the FreeRADIUS module for kerberos isn't multithreaded before FreeRADIUS 3.x (which didn't exist when we started adding servers to keep authentications from timing out). In terms of each server's load average, that stays low (often under 1%). So it wasn't a LOAD problem so much as a single-threaded bottleneck. We now have a script on Splunk to let us know if those errors crop up again, but I hope we'll use FreeRADIUS 3.x before that happens. - Joni -- Joni Julian, Ph.D. Associate Director of Networking, Network Management Systems and Services UNC ITS Networking On Jun 12, 2014, at 10:45 AM, Turner, Ryan H wrote: > We are using freeRadius and ran a large EAP-TTLS deployment prior to > deprecating it in favor of EAP-TLS. We did spread out our authentications > across multiple servers on campus so that the load wouldn't swamp our > servers. We see around 60k wireless devices a day (max concurrent around > 30k), and spread the load across 6 or 7 freeRadius servers. > > Ryan Turner > Senior Network Engineer, ITS > The University of North Carolina at Chapel Hill > +1 919 274 7926 Mobile > +1 919 445 0113 Office > >> On Jun 12, 2014, at 10:32 AM, "Charles Rumford" <[email protected]> >> wrote: >> >> We are currently in the process of evaluating new RADIUS servers at the >> moment. >> One of the problems we are having is coming up with a reliable and realistic >> way >> of testing them to make sure that they are able to handle the load our >> wireless >> network is going to throw at them. >> >> I was curious if anyone had any testing frameworks or methodologies they have >> used in the past to test performance and conduct load testing on RADIUS >> servers. >> I'm ultimately looking for a solution that simulates 802.1X EAP-TTLS/PAP >> requests at the peak rate coming from our controllers. >> >> Thanks! >> >> -- >> Charles Rumford >> Network Engineer/Senior Wireless Engineer >> ISC Network Operations >> University of Pennsylvania >> OpenPGP Key ID: 0xF3D8215A >> (p) 215-746-2808 >> (c) 267-398-7939 ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
