[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Radius+LDAP Benchmarks


As several people asked for it I post my benchmark result although
as they are very small (the first test showed that LDAP is fast 
enough so I did not do any further testing :-))

Software: OpenLDAP and Radiator radius server (both latest versions)
* OpenLDAP
  loglevel	0
  schemacheck	off
  database        ldbm
  dbcachesizea    111222333
  lastmod on
  index dn,objectclass,o,ou,cn,radiuspassword,radiususername,radiusprofile

* Radiator
 <AuthBy LDAP2>
     AuthDN              cn=radius,ou=dienste,dc=westend,dc=com
     AuthPassword        XXXXXXX
     BaseDN              dc=westend,dc=com
     UsernameAttr        RadiusUsername
     PasswordAttr        RadiusPassword

     AuthAttrDef RadiusService-Type,             Service-Type,           check

     AuthAttrDef RadiusAscend-Assign-IP-Pool,    Ascend-Assign-IP-Pool,  reply
	.... ten more items that are currently present at no entry ....

     AuthAttrDef RadiusProfile,                  Profile,                reply
 PostAuthHook  file:"%D/replaceIfNotExistProfiles"

 AcctLogFileName /var/log/radiator/%C/detail
  The Postauthhook contains:

  -> Meaning: One LDAP-query per authentification request and reading the
     whole "entry" not just one value.
     No LDAP-query for accounting.

* Entries 
  I polluted the LDAP database with 20,000 entries of the form:
  dn: ou=27825, ou=Kunden, dc=westend, dc=com
  objectclass: organizationalUnit
  objectclass: westendKunde
  cn: AzDfQ9vPt
  email: 9W0rs@O2dFOB3bTf

  dn: ou=DialupAccounts,ou=27825,ou=Kunden, dc=westend,dc=com
  objectClass: organizationalUnit
  objectClass: westendDialupAccounts

  dn: cn=pp27825, ou=DialupAccounts, ou=27825,ou=Kunden, dc=westend,dc=com
  objectClass: westendRadiusAccount
  RadiusUsername: pp27825
  RadiusPassword: Faajn
  RadiusProfile: westend-dynamic-dialup
  (all test values :-))

  As the numbers were generated randomly "20000+rand(10000)" there were only
  about 8900 real entries. The rest was rejected as double.

  It took 35mb space in /var/lib/openldap.
  Inserting took about 31h (yes: thirty-one hours !!!!)  

  1. 1000 randomly valid entries with a C program called radbench
     which just does authentification.
     It took 20 entries/s == 0.05s/entry to read and brought that
     machine to a 2,3 load (P6-360 IIRC). 
     Radiator took 65% CPU load and slapd (LDAP) just 3% :)
     The access times were equally balanced among that time.

  2-4. Then I tested using radiator:
  	auth+acct: 0.72s/entry
	auth: 0.67s/entry
	acct: 0.65s/entry

  Result: OpenLDAP just laughs at this amount of Data.  

Christian Hammers    WESTEND GmbH - Aachen und Dueren     Tel 0241/701333-0
ch@westend.com     Internet & Security for Professionals    Fax 0241/911879