[RADIATOR] Performance logging
Tuure Vartiainen
vartiait at open.com.au
Wed Mar 30 08:10:00 CDT 2016
Hi,
> On 30 Mar 2016, at 14:55, Hartmaier Alexander <alexander.hartmaier at t-systems.at> wrote:
>
> we use PEAP-TLS, EAP-PEAP as outer EAP type with EAP-TLS as inner.
> Not sure if the outher EAP-PEAP adds any real security as the Radiator
> cert is the same one for both types as it only hides the transmission of
> the user cert which can be classified like a public key imho.
>
Ack.
> I've already tuned the EAPTLS_MaxFragmentSize to have as few roundtrips
> as possible (1350 for the outer PEAP and 1300 for the inner EAP-TLS).
>
Yes, unfortunately beside that the only real option to minimize a delay of an EAP authentication is to
minimize the round-trips either by sending less certificate data or
by using an EAP method with fewer rounds.
> You see how I calculate the response_time in my email yesterday.
>
$p->{RecvTime} is set with a time of receive when an Access-Request is received, so
$message->{response_time} = Radius::Util::timeInterval(
$p->{RecvTime},
$p->{RecvTimeMicros}, Radius::Util::getTimeHires());
will calculate a response time only for that Access-Request.
When running Radiator with Trace 4 or 5, a total time for an EAP
authentication can be seen in the log.
E.g.
Wed Mar 30 12:55:58 2016 816812: DEBUG: EAP Success, elapsed time 0.71221
We’ll add a feature, which will allow the total time along with an on-demand
timing to be used through %{...} special format in AuthLogs etc.
BR
--
Tuure Vartiainen <vartiait at open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
More information about the radiator
mailing list