I too run FreeRADIUS servers. I've used radperf & eapol_test to do performance testing & optimization: http://networkradius.com/radperf.html and http://deployingradius.com/scripts/eapol_test/ It's not the most user-friendly tool, but once dialed in they're easy to run and script.
Mike Albano UNLV On Thu, Jun 12, 2014 at 11:06 AM, Jorj Bauer <[email protected]> wrote: > Well, it's encouraging to hear that other people feel our pain and have > come to the same answers. > > -- Jorj > > -- > Jorj Bauer > Manager of Engineering, Research and Development > Information Systems and Computing, University of Pennsylvania > 215.746.3850 > XMPP: [email protected] > > > On Jun 12, 2014, at 1:50 PM, Joni Julian <[email protected]> wrote: > > > To test RADIUS, I've looked at > http://www.serverwatch.com/sreviews/article.php/3935211/5-Free-RADIUS-Testing-and-Monitoring-Tools.htm > for options. > > > > We discovered our FreeRADIUS performance problems by being affected > ourselves and checking Splunk for errors associated with our logins. When > we first started with EAP-TTLS, we needed to spread the load across 6 > FreeRADIUS servers because we use kerberos, and the FreeRADIUS module for > kerberos isn't multithreaded before FreeRADIUS 3.x (which didn't exist when > we started adding servers to keep authentications from timing out). In > terms of each server's load average, that stays low (often under 1%). So it > wasn't a LOAD problem so much as a single-threaded bottleneck. We now have > a script on Splunk to let us know if those errors crop up again, but I hope > we'll use FreeRADIUS 3.x before that happens. > > > > - Joni > > -- > > Joni Julian, Ph.D. > > Associate Director of Networking, > > Network Management Systems and Services > > UNC ITS Networking > > > > On Jun 12, 2014, at 10:45 AM, Turner, Ryan H wrote: > > > >> We are using freeRadius and ran a large EAP-TTLS deployment prior to > deprecating it in favor of EAP-TLS. We did spread out our authentications > across multiple servers on campus so that the load wouldn't swamp our > servers. We see around 60k wireless devices a day (max concurrent around > 30k), and spread the load across 6 or 7 freeRadius servers. > >> > >> Ryan Turner > >> Senior Network Engineer, ITS > >> The University of North Carolina at Chapel Hill > >> +1 919 274 7926 Mobile > >> +1 919 445 0113 Office > >> > >>> On Jun 12, 2014, at 10:32 AM, "Charles Rumford" < > [email protected]> wrote: > >>> > >>> We are currently in the process of evaluating new RADIUS servers at > the moment. > >>> One of the problems we are having is coming up with a reliable and > realistic way > >>> of testing them to make sure that they are able to handle the load our > wireless > >>> network is going to throw at them. > >>> > >>> I was curious if anyone had any testing frameworks or methodologies > they have > >>> used in the past to test performance and conduct load testing on > RADIUS servers. > >>> I'm ultimately looking for a solution that simulates 802.1X > EAP-TTLS/PAP > >>> requests at the peak rate coming from our controllers. > >>> > >>> Thanks! > >>> > >>> -- > >>> Charles Rumford > >>> Network Engineer/Senior Wireless Engineer > >>> ISC Network Operations > >>> University of Pennsylvania > >>> OpenPGP Key ID: 0xF3D8215A > >>> (p) 215-746-2808 > >>> (c) 267-398-7939 > > > > ********** > > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can be found at http://www.educause.edu/groups/. > > ********** > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can be found at http://www.educause.edu/groups/. > ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
