On Thu, 31 Jan 2002, pavesi wrote: > I have ~10k users and having some performance issues on my two FreeRadius > 0.4 servers. > I am using MySQL for radius accounting and LDAP as my authentication > methods, along with CHAP. > I get consistent messages of the type: Error: Dropping duplicate > authentication packet from client, from my research this means we are not > answering the radius requests fast enough. > When my load is broaching 200, 300, etc, I can understand that. What kind > of tweaks do you guys have running to get better performance? Do I just > need a more beefy server? > > I am running two servers of the following stats: > P3 500mhz > 256M
The server along with the major modules are mostly I/O bound and not CPU bound. I think that your hardware is just fine. IWhat you should check are the following: 1. Are you using threads? If yes post the thread pool configuration. Try playing with the start_servers,max_servers and {min,max}_spare_servers. In general you should have more threads available than the number of simultaneous Access+Accounting Requests (more or less). 2. What is the timeout on your nas(es)? Try enlarging it a bit (say 5-7 secs). 3. Are the LDAP and Mysql servers on the same machine or not? If not how are the other machines doing? 4. Try enabling indexing on your mysql for the radacct table. Make an index for the UserName with additional attributes: AcctSessionId,AcctStartTime,AcctStopTime,NASIPAddres 5. Try playing with the num_sql_socks. It should be larger than the number of simultaneous Accounting-Stop/Start packets. 6. Are you using the counter module? If yes enlarge the cache-size directive to suite your needs. 7. Have you enabled indexing of the uid attribute in ldap? Do you have attributes like usercertificate or jpegphoto in your ldap entries? If yes then it will take more time for the server to retrieve your entries. Try using the latest CVS snapshot. It has serious LDAP tweaks. 8. If possible don't use the detail and unix(radwtmp) modules in accounting. 9. Enable noatime on the radius.log file andany other log file you may have (radutmp, etc). 10. How is the caching on the ldap server doing? Normally you should have a very large entry/database cache hit ratio (somewhere around 80-90%). If you see smaller values then try enlarging the cache sizes. 11. Stupid question: How is the network between nas<->radius<->ldap/sql? It should 10-100 Full duplex without any errors. -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 10 7721861 'Go back to the shadow' Gandalf > > Same HDD for /usr and /var > > max_request_time = 15 > delete_blocked_requests = no > cleanup_delay = 7 > max_requests = 900000 (i've played with many different values here) > > Both running RH 7.X > > I am in process of building a sparc 20 w/ solaris and a FreeBSD machine to > see if I can get better results from them. > > Any help appreciated. > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html