(RADIATOR) Input queue size
Guðbjörn S. Hreinsson
gsh at centrum.is
Wed Nov 12 03:00:00 CST 2003
Cheers,
this may be unrelated, but I am interested to any and all tuning
listmembers have done in the OS for Radiator performance. We
are running two radiator servers with one proxy radiator in front
and a seperate sql machine and ldap machine.
Since we perform ldap auth the incoming requests are sequential
which limits our rate of authentication. We have seen that we can
handle at most about 1500 requests per minute per server during
peak loads (server restarts etc.) This is mostly load from xDSL
users (we do periodic tarpitting for "bad" users).
We have also seen that at these peaks udp packets begin to be
dropped (by the os I imagine) and aaa rates start to get worse.
This drop in rates seems to related to the fact that if the radius
servers do not respond in a timely fashion the NAS's begin to
resend the radius requests adding to the incoming rate of packets,
increasing the udp drop etc.
We actually monitor udp packet drops and restart the radiators
which increases the rate for a while, until there is another udp queue
buildup and udp packets start to be dropped, nas's start to resend
packets etc.until the monitor script restarts the servers.
Lengthening the udp queues seems to really have adverse effects on
this situation. We have not really tried shortening the queue which
might really have even more adverse effects, without testing though
I can't tell.
To counter this we have configured multiple instances of radiators
for authentication&authorization and accounting and instances for
seperate NAS's or NAS groups. This in effect simulates having a
threaded radiator to reduce the effect of this sequential processing.
This has not seemed to be related to CPU load or network performance,
we have looked at these in detail. We also looked at dropping radius
packets which were x seconds old but there is no practical way to do
this, since we really have no way of knowing when the NAS sent the
udp packet (I wish radius supported tcp, it's much better situated for
high traffic rates).
We did an estimate once for how many packets would fit in the queue
based on some average size but this did in the end have really no purpose.
If anyone has input on this issue or OS tuning for Radiator I'd love
to hear about it. Hope you understand my attempt to explain the above
scenario. Basically we have a pretty stable environment today, but
perhaps overly complex to manage because of the multiple instances.
Hugh, is a "threaded" ldap handler on the horizon? Is this perl or
radiator related?
Rgds,
-GSH
----- Original Message -----
From: "Hugh Irvine" <hugh at open.com.au>
To: "Claudio Lapidus" <c_lapidus at hotmail.com>
Cc: <radiator at open.com.au>
Sent: Wednesday, November 12, 2003 3:02 AM
Subject: Re: (RADIATOR) Input queue size
>
> Hello Claudio -
>
> This is really an operating system issue, as the UDP buffer space is
> managed by the OS.
>
> You should have a look at "netstat" and friends.
>
> Solaris may also have addtional tools that allow you to look at what
> the system is doing.
>
> regards
>
> Hugh
>
>
> On 12/11/2003, at 1:28 PM, Claudio Lapidus wrote:
>
> > Hello Hugh,
> >
> > Is there a way to inspect the length of the input queue during
> > runtime? I'm
> > running Radiator 3.6 on Solaris 8, Perl 5.8.0, no monitor setup.
> >
> > thanks in advance
> > cl.
> > ===
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.
> >
> >
>
> NB: have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list