RE: [Emerald] Error while processing a custom search

New Message Reply Date view Thread view Subject view Author view
Dale Reed (daler@iea-software.com)
Fri, 10 Oct 2003 12:18:56 -0700



From: "Dale Reed" <daler@iea-software.com>
Subject: RE: [Emerald] Error while processing a custom search
Date: Fri, 10 Oct 2003 12:18:56 -0700
Message-ID: <MNEDJOKKCMEOCDBBIABFGEDOCAAA.daler@iea-software.com>

---------------
> We are running radius version 4.0.28. We have 5 radius machines, on the
> same LAN with the database server. We have around 3100 phone line
> distributed on 36 heterogeneous access servers (we have cisco,
> livingston, ascend, tigris).

I would think that 2-3 RADIUS servers would handle the load fine. I would run the RADIUS servers in -x15 debug mode and try and find out where the bottleneck is. Most likely its NOT the RADIUS servers and may be the backend database. 5 RADIUS servers can be less efficient than 2, since you have more putting a load on your RDBMS.
 
> What is the proper dimensioning of this network? What are the
> needed radius
> machines in terms of memory, operating system, configuration, cpu ... ?

I would say your RADIUS servers could be any decent PII or higher processor, with 128-256mb of RAM. As noted above, your RDBMS is really what I would profile. Adding more memory and spreading the DB over multiple i/o (physical disks) can give a dramatic improvement.

> What is the recommended configuration (one radius backing up the
> others, or a circular reference) does it integrate well with Emerald ?

It doesn't really matter. With how RADIUS is designed, you can have say 2 RADIUS servers, where 50% of #1 as their Primary, #2 as their secondary and the other 50% are reversed.
 
> We need to find the best solution for us in order to stop the
> authentication failure.

My recommendation would be to run them in -x15 debug and see whats causing the stop or preformance issue. Double check your timeout settings on your NASes and make sure they are at reasonable settings. Some ascend default to 1 second for auth/accounting timeouts which can cause a snowball effect if your RADIUS server gets bogged down. Typical timeouts should be 3-7 seconds. Also, never list a RADIUS server multiple times (for example, Ascend gives three RADIUS server slots...do NOT put the same RADIUS server in all three slots).

Dale



New Message Reply Date view Thread view Subject view Author view
This archive was generated on Fri Oct 10 2003 - 12:21:01 Pacific Daylight Time