[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Radius+LDAP Benchmarks
- To: openldap-software@OpenLDAP.org
- Subject: Re: Radius+LDAP Benchmarks
- From: Christian Hammers <ch@westend.com>
- Date: Wed, 22 Mar 2000 18:09:03 +0100
- In-reply-to: <20000322180709.D7794@westend.com>; from ch on Wed, Mar 22, 2000 at 06:07:09PM +0100
- References: <20000322165311.A7240@westend.com> <20000322180709.D7794@westend.com>
Hello
As several people asked for it I post my benchmark result although
as they are very small (the first test showed that LDAP is fast
enough so I did not do any further testing :-))
Software: OpenLDAP and Radiator radius server (both latest versions)
Configuration:
* OpenLDAP
...
loglevel 0
schemacheck off
database ldbm
dbcachesizea 111222333
lastmod on
index dn,objectclass,o,ou,cn,radiuspassword,radiususername,radiusprofile
* Radiator
...
<AuthBy LDAP2>
AuthDN cn=radius,ou=dienste,dc=westend,dc=com
AuthPassword XXXXXXX
BaseDN dc=westend,dc=com
HoldServerConnection
UsernameAttr RadiusUsername
PasswordAttr RadiusPassword
AuthAttrDef RadiusService-Type, Service-Type, check
AuthAttrDef RadiusAscend-Assign-IP-Pool, Ascend-Assign-IP-Pool, reply
.... ten more items that are currently present at no entry ....
AuthAttrDef RadiusProfile, Profile, reply
</AuthBy>
PostAuthHook file:"%D/replaceIfNotExistProfiles"
AcctLogFileName /var/log/radiator/%C/detail
---------------------------snipp---
The Postauthhook contains:
westend-dynamic-dialup:westend:Ascend-Assign-IP-Pool=1,Ascend-Idle-Limit=600,Ascend-Maximum-Channels=1,Framed-Protocol=PPP,Service-Type=Framed-User
westend-static-dialup:westend:Ascend-Idle-Limit=600,Ascend-Maximum-Channels=1,Framed-IP-Netmask=255.255.255.255,Framed-Protocol=PPP,Service-Type=Framed-User
westend-callback-dialup:westend:Ascend-Data-Svc=Switched-64K,Ascend-Expect-Callback=Expect-Callback-Yes,Ascend-Idle-Limit=90,Ascend-Send-Auth=Send-Auth-None,Framed-IP-Netmask=255.255.255.255,Framed-Protocol=PPP,Service-Type=Dialout-Framed-User
westend-generic-dialup:westend
-> Meaning: One LDAP-query per authentification request and reading the
whole "entry" not just one value.
No LDAP-query for accounting.
* Entries
I polluted the LDAP database with 20,000 entries of the form:
------------------------------------------------
dn: ou=27825, ou=Kunden, dc=westend, dc=com
objectclass: organizationalUnit
objectclass: westendKunde
cn: AzDfQ9vPt
email: 9W0rs@O2dFOB3bTf
dn: ou=DialupAccounts,ou=27825,ou=Kunden, dc=westend,dc=com
objectClass: organizationalUnit
objectClass: westendDialupAccounts
dn: cn=pp27825, ou=DialupAccounts, ou=27825,ou=Kunden, dc=westend,dc=com
objectClass: westendRadiusAccount
RadiusUsername: pp27825
RadiusPassword: Faajn
RadiusProfile: westend-dynamic-dialup
--------------------------------------
(all test values :-))
As the numbers were generated randomly "20000+rand(10000)" there were only
about 8900 real entries. The rest was rejected as double.
It took 35mb space in /var/lib/openldap.
Inserting took about 31h (yes: thirty-one hours !!!!)
* READING
1. 1000 randomly valid entries with a C program called radbench
which just does authentification.
It took 20 entries/s == 0.05s/entry to read and brought that
machine to a 2,3 load (P6-360 IIRC).
Radiator took 65% CPU load and slapd (LDAP) just 3% :)
The access times were equally balanced among that time.
2-4. Then I tested using radiator:
auth+acct: 0.72s/entry
auth: 0.67s/entry
acct: 0.65s/entry
Result: OpenLDAP just laughs at this amount of Data.
--
Christian Hammers WESTEND GmbH - Aachen und Dueren Tel 0241/701333-0
ch@westend.com Internet & Security for Professionals Fax 0241/911879