Re: Ignoring too-frequent accounting packets from buggy NAS
On 26/10/12 15:03, Arran Cudbard-Bell wrote: On 26 Oct 2012, at 14:51, Phil Mayers wrote: On 26/10/12 14:20, Arran Cudbard-Bell wrote: It can, see wiki :) http://wiki.freeradius.org/modules/Rlm_cache In fact it documents your *exact* use case with config examples and everything. *twilight zone music* Ha spooky! N.B. I note the module comments might confuse people, since it doesn't mention being run in "accounting" but seems to support it. Ah yes, fixed the examples. I was about to say "that worked like a charm" then radiusd segfaulted :o( I'll try to get a core dump. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Optimal setup to handle large tps
On Fri, Oct 26, 2012 at 4:51 PM, Marius Booysen wrote: > I have a requirement to deploy Freeradius to handle about 2M > customers and of course I need to set up my environment > optimally. I am aiming for about 1500 auths or accounting > requests per second. > > 1.) Can Freeradius achieve that? Reading the performance > blurb suggests it can? Yes, but be very, very careful during design phase of your solution. Get experts to help you if you can. For example, 1500 auth or acct/sec for 2M users would probably corressponds to ... what, 15-30 minutes accounting interim update interval? While it's very tempting to have near-real-time-enough usage update for users, the cost might be too great. You could probably lower that to 1 - 3 hour interval, and still find it acceptable from business-case perspective, while greaty reducing the burden on your backend. Another example. 1500 packets per sec would roughly means your backend (e.g. db) should be able to handle that ammount of read/write transaction combined, multiplied by (roughly) anywhere from 2 - 10 times (depending on your exact config). Reads for FR are usually "cheap" enough (courtesy of cache and index), but writes are expensive. And even 3k write transaction / sec is no joke. If you use a db backend, make sure you have a qualified dba and sysadmin to design a suitable solution. Hint: if they offer something with only 4-10 disks in RAID 5/6 configuration for that amount of workload, it's usually an early sign that they're not qualified to do the job. -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Ignoring too-frequent accounting packets from buggy NAS
On 26 Oct 2012, at 14:51, Phil Mayers wrote: > On 26/10/12 14:20, Arran Cudbard-Bell wrote: > >> It can, see wiki :) >> >> http://wiki.freeradius.org/modules/Rlm_cache >> >> In fact it documents your *exact* use case with config examples and >> everything. *twilight zone music* > > Ha spooky! > > N.B. I note the module comments might confuse people, since it doesn't > mention being run in "accounting" but seems to support it. Ah yes, fixed the examples. -Arran - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Ignoring too-frequent accounting packets from buggy NAS
On 26/10/12 14:20, Arran Cudbard-Bell wrote: It can, see wiki :) http://wiki.freeradius.org/modules/Rlm_cache In fact it documents your *exact* use case with config examples and everything. *twilight zone music* Ha spooky! N.B. I note the module comments might confuse people, since it doesn't mention being run in "accounting" but seems to support it. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Ignoring too-frequent accounting packets from buggy NAS
On 26 Oct 2012, at 13:53, Phil Mayers wrote: > All, > > We are having a problem with our Cisco lightweight wireless since a recent > firmware upgrade. I am delving into it, and will probably open a TAC case, > but in the meantime I need a solution. > > The specific issue is that the NAS is sending interim accounting very, very > frequently, in violation of the spec, its own config, and the > Acct-Interim-Interval. > > My suspicion is that the device is sending an accounting update whenever some > internal "update" occurs (e.g. migrate to a new AP) and that this is an > unintended side effect of some internal changes. > > This is killing our SQL database :o( > > Until I can get this fixed, can anyone think of an easy way to throw away > interim accounting requests for a given "key" and time window? I'm wondering > if rlm_cache can be made to do it? It can, see wiki :) http://wiki.freeradius.org/modules/Rlm_cache In fact it documents your *exact* use case with config examples and everything. *twilight zone music* -Arran - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: eap-peap gtc configuration
Thanks! On Fri, Oct 26, 2012 at 6:39 PM, Alan DeKok wrote: > Nandkumar Palkar wrote: > > What is the attribute used in eap-peap gtc "login attempt with password > > attribute" (i.e. Challenge = "Password: ")? > > Reply-Message > > Alan DeKok. > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > -- Regards, Nandkumar Palkar Mob: 9967024237 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Ignoring too-frequent accounting packets from buggy NAS
Phil Mayers wrote: > Until I can get this fixed, can anyone think of an easy way to throw > away interim accounting requests for a given "key" and time window? I'm > wondering if rlm_cache can be made to do it? rlm_cache might help. Maybe Arran knows more. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: eap-peap gtc configuration
Nandkumar Palkar wrote: > What is the attribute used in eap-peap gtc "login attempt with password > attribute" (i.e. Challenge = "Password: ")? Reply-Message Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Ignoring too-frequent accounting packets from buggy NAS
All, We are having a problem with our Cisco lightweight wireless since a recent firmware upgrade. I am delving into it, and will probably open a TAC case, but in the meantime I need a solution. The specific issue is that the NAS is sending interim accounting very, very frequently, in violation of the spec, its own config, and the Acct-Interim-Interval. My suspicion is that the device is sending an accounting update whenever some internal "update" occurs (e.g. migrate to a new AP) and that this is an unintended side effect of some internal changes. This is killing our SQL database :o( Until I can get this fixed, can anyone think of an easy way to throw away interim accounting requests for a given "key" and time window? I'm wondering if rlm_cache can be made to do it? Cheers, Phil - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
eap-peap gtc configuration
Hi, What is the attribute used in eap-peap gtc "login attempt with password attribute" (i.e. Challenge = "Password: ")? Thanks, Nand. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Optimal setup to handle large tps
Marius Booysen wrote: > 3.) I was thinking of going mysql, but in my mind accessing > a DB *had* to be slower that accessing a dbm file ;) Not necessarily. > Anyway, thanks for the advice, I will test MySQL for sure. Honestly, I'd use postgres. It's much better. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radperf unavailable?
Marius Booysen wrote: > I see that there is a problem downloading Radperf from > networkradius.com. Does anybody know if it will become > available once again at some point? I'll try to get it back online in a few weeks. > Are there any other benchmarking utilities for Freeradius? Most are pretty simple, or very expensive. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Radperf unavailable?
Hi, I see that there is a problem downloading Radperf from networkradius.com. Does anybody know if it will become available once again at some point? Are there any other benchmarking utilities for Freeradius? Regards Kosie - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Optimal setup to handle large tps
Thanks Alan. 3.) I was thinking of going mysql, but in my mind accessing a DB *had* to be slower that accessing a dbm file ;) Anyway, thanks for the advice, I will test MySQL for sure. Kosie - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Optimal setup to handle large tps
Marius Booysen wrote: > I have a requirement to deploy Freeradius to handle about 2M > customers and of course I need to set up my environment > optimally. I am aiming for about 1500 auths or accounting > requests per second. That should be fine. > 1.) Can Freeradius achieve that? Reading the performance > blurb suggests it can? I've run it at 40K packets/s for days straight. > 2.) In order to achieve that, I guess it would be best to > split auth and accounting to different servers? Agree? Yes. > 3.) What is the optimal way to use the users file? As a > gdbm/dbm data file or plain text file or something else? Wow. For 2M users? Don't use the "users" file. Use a real DB. Though I have tested the users file with many millions of users. It uses a lot of memory, but it works. The server puts the entries into a hash table internally. So it has the same performance for 1 user, or 2M users. > 4.) Any other advice would be appreciated! Do lots of tests. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Optimal setup to handle large tps
Hi All, I was hoping for some advice from some of you: I have a requirement to deploy Freeradius to handle about 2M customers and of course I need to set up my environment optimally. I am aiming for about 1500 auths or accounting requests per second. 1.) Can Freeradius achieve that? Reading the performance blurb suggests it can? 2.) In order to achieve that, I guess it would be best to split auth and accounting to different servers? Agree? 3.) What is the optimal way to use the users file? As a gdbm/dbm data file or plain text file or something else? 4.) Any other advice would be appreciated! Thanks a lot! Kosie - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html