Authentication, Authorization, and Accounting. Performance, scalability, load testing, and validation.
One of the most critical steps when building a RADIUS system is performance characterisation. This means testing the system to see if both authentication (i.e., read-only) and accounting (i.e., read-write) behavior is acceptable.
In many cases, the performance will be good enough for normal loads. However, high loads are commonly seen when a NAS reboots and many users flood the network at the same time. If the system cannot handle this load, then it will be unsuitable for a production environment.
RadPerf helps you make this determination. It can send both authentication and accounting packets at varying rates. Even better, you do not need to know anything about RADIUS in order to use RadPerf.
Starting with a list of users and passwords in a CSV file, RadPerf can generate both authentication and accounting packets. It can simulate spikes in traffic, long-lived user sessions, and end-to-end user behavior.
Once RadPerf has finished testing, it produces a set of reports that summarize offered load versus accepted load. Total accepted packets per second can quickly be determined. These reports gives you the data that you need to make an informed decision about placing a system into production.
radperf-u14.04# ./radperf -A1,5 -c 1 -p 100 -s -f test.csv 192.168.5.174:1812 auth mysecretkey
-A1,5 parametresi ile 1 saniye sonra CREATE accounting request 5 SANIYE sonra ise DELETE request gonderilmesini sagliyoruz.
-p paralel 100 gonderim yapildigini anlamina geliyor.
radperf - Performance testing tool for RADIUS systems.
Copyright (C) 2012 Network RADIUS SARL. All rights reserved.
Usage: radperf [options] server[:port] <command> [<secret>]
<command> One of auth, acct, status, coa, or disconnect.
-a type Use authentication method <type> (pap, chap, none)
-A d,l After Access-Accept, send accounting packets.
-c count Send each packet 'count' times.
-d raddb Set dictionary directory.
-D file Print packet statistics to file
-f file Read packets from file, not stdin.
-F Update Framed-IP-Address, too.
-n num Send a maximum of 'num' packets per second
-p num Send a maximum of 'num' packets in parallel.
-q Do not print anything out.
-r retries If timeout, retry sending the packet 'retries' times.
-R realm Realm name to append to the User-Name
-s Print out summary information of auth results.
-S file read secret from file, not command line.
-t timeout Wait 'timeout' seconds before retrying (may be a floating point number).
-T template Use template file with every request
-u number Generate requests for 'number' users.
-v Show program version information.
-x Debugging mode.
-4 Use IPv4 address of server
-6 Use IPv6 address of server.
Post a Comment