Well, it's encouraging to hear that other people feel our pain and have come to the same answers.
-- Jorj -- Jorj Bauer Manager of Engineering, Research and Development Information Systems and Computing, University of Pennsylvania 215.746.3850 XMPP: [email protected] On Jun 12, 2014, at 1:50 PM, Joni Julian <[email protected]> wrote: > To test RADIUS, I've looked at > http://www.serverwatch.com/sreviews/article.php/3935211/5-Free-RADIUS-Testing-and-Monitoring-Tools.htm > for options. > > We discovered our FreeRADIUS performance problems by being affected ourselves > and checking Splunk for errors associated with our logins. When we first > started with EAP-TTLS, we needed to spread the load across 6 FreeRADIUS > servers because we use kerberos, and the FreeRADIUS module for kerberos isn't > multithreaded before FreeRADIUS 3.x (which didn't exist when we started > adding servers to keep authentications from timing out). In terms of each > server's load average, that stays low (often under 1%). So it wasn't a LOAD > problem so much as a single-threaded bottleneck. We now have a script on > Splunk to let us know if those errors crop up again, but I hope we'll use > FreeRADIUS 3.x before that happens. > > - Joni > -- > Joni Julian, Ph.D. > Associate Director of Networking, > Network Management Systems and Services > UNC ITS Networking > > On Jun 12, 2014, at 10:45 AM, Turner, Ryan H wrote: > >> We are using freeRadius and ran a large EAP-TTLS deployment prior to >> deprecating it in favor of EAP-TLS. We did spread out our authentications >> across multiple servers on campus so that the load wouldn't swamp our >> servers. We see around 60k wireless devices a day (max concurrent around >> 30k), and spread the load across 6 or 7 freeRadius servers. >> >> Ryan Turner >> Senior Network Engineer, ITS >> The University of North Carolina at Chapel Hill >> +1 919 274 7926 Mobile >> +1 919 445 0113 Office >> >>> On Jun 12, 2014, at 10:32 AM, "Charles Rumford" <[email protected]> >>> wrote: >>> >>> We are currently in the process of evaluating new RADIUS servers at the >>> moment. >>> One of the problems we are having is coming up with a reliable and >>> realistic way >>> of testing them to make sure that they are able to handle the load our >>> wireless >>> network is going to throw at them. >>> >>> I was curious if anyone had any testing frameworks or methodologies they >>> have >>> used in the past to test performance and conduct load testing on RADIUS >>> servers. >>> I'm ultimately looking for a solution that simulates 802.1X EAP-TTLS/PAP >>> requests at the peak rate coming from our controllers. >>> >>> Thanks! >>> >>> -- >>> Charles Rumford >>> Network Engineer/Senior Wireless Engineer >>> ISC Network Operations >>> University of Pennsylvania >>> OpenPGP Key ID: 0xF3D8215A >>> (p) 215-746-2808 >>> (c) 267-398-7939 > > ********** > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
