From: "Dale Reed" <daler@iea-software.com> Subject: RE: [Emerald] Error while processing a custom search Date: Fri, 10 Oct 2003 12:18:56 -0700 Message-ID: <MNEDJOKKCMEOCDBBIABFGEDOCAAA.daler@iea-software.com>
---------------
> We are running radius version 4.0.28. We have 5 radius machines, on the
> same LAN with the database server. We have around 3100 phone line
> distributed on 36 heterogeneous access servers (we have cisco,
> livingston, ascend, tigris).
I would think that 2-3 RADIUS servers would handle the load fine.
I would run the RADIUS servers in -x15 debug mode and try and
find out where the bottleneck is. Most likely its NOT the
RADIUS servers and may be the backend database. 5 RADIUS
servers can be less efficient than 2, since you have more putting
a load on your RDBMS.
> What is the proper dimensioning of this network? What are the
> needed radius
> machines in terms of memory, operating system, configuration, cpu ... ?
I would say your RADIUS servers could be any decent PII or higher
processor, with 128-256mb of RAM. As noted above, your RDBMS is
really what I would profile. Adding more memory and spreading the
DB over multiple i/o (physical disks) can give a dramatic improvement.
> What is the recommended configuration (one radius backing up the
> others, or a circular reference) does it integrate well with Emerald ?
It doesn't really matter. With how RADIUS is designed, you can
have say 2 RADIUS servers, where 50% of #1 as their Primary, #2
as their secondary and the other 50% are reversed.
> We need to find the best solution for us in order to stop the
> authentication failure.
My recommendation would be to run them in -x15 debug and see whats
causing the stop or preformance issue. Double check your timeout
settings on your NASes and make sure they are at reasonable settings.
Some ascend default to 1 second for auth/accounting timeouts which
can cause a snowball effect if your RADIUS server gets bogged down.
Typical timeouts should be 3-7 seconds. Also, never list a RADIUS
server multiple times (for example, Ascend gives three RADIUS server
slots...do NOT put the same RADIUS server in all three slots).
Dale