I had to conduct a heavy performance test against our AAA freeRadius server. I googled around and found there are not many options available. There are, however, few tools available around such as evolynx , JRadius and RadPerf, that were not helpful a lot in our requirement prospect.
Specially, like in our case, using EAPol (Extensible Authentication Protocol over LAN Software), leaves no choice other than using RadPerf if you're not creative enough. The problem is, RadPerf is only a name! the download link has been broken for years and no one "wants" to fix it up.
I sent several request to the RadPerf website admin (that turned out to be Alan Dekok, founder of freeRadius), who always promises to provide the updated link in "few weeks", of course if bothers to reply at all.
Therefore, I decided to find a new way to perform this test, and here is how I achieved that victory:
If you're a freeRadius user and working around EAPol protocols, you are most probably introduced to eapol_test command. That is a simple inline command to test AAA process remotely, but not designed for multi-thread processes. Obviously, you can mimic "multi-threading" by using pipelines as one command, but it's not feasible if you need to benchmark the process with 10s or even 100s of requests per second constantly.
The good news is, there are many good performance test tools that allow you to run a "process" in concurrent threads. JMeter and LoadUI are both free, and are capable to do this.
So for me, it was enough to open a "process runner" in my LoadUI, and run my eapol_test command from there: ./eapol_test -c ./eapol_test.conf.tls -a10.80.10.109 -p1812 -stesting123 t16
If you have a powerful test machine connected to your AAA server with no bandwidth problem, then the only bottleneck you may encounter is the target itself. I could successfully ramp up to 300/second until the AAA servers CPU and swap memory got fully populated.
Specially, like in our case, using EAPol (Extensible Authentication Protocol over LAN Software), leaves no choice other than using RadPerf if you're not creative enough. The problem is, RadPerf is only a name! the download link has been broken for years and no one "wants" to fix it up.
I sent several request to the RadPerf website admin (that turned out to be Alan Dekok, founder of freeRadius), who always promises to provide the updated link in "few weeks", of course if bothers to reply at all.
Therefore, I decided to find a new way to perform this test, and here is how I achieved that victory:
If you're a freeRadius user and working around EAPol protocols, you are most probably introduced to eapol_test command. That is a simple inline command to test AAA process remotely, but not designed for multi-thread processes. Obviously, you can mimic "multi-threading" by using pipelines as one command, but it's not feasible if you need to benchmark the process with 10s or even 100s of requests per second constantly.
The good news is, there are many good performance test tools that allow you to run a "process" in concurrent threads. JMeter and LoadUI are both free, and are capable to do this.
So for me, it was enough to open a "process runner" in my LoadUI, and run my eapol_test command from there: ./eapol_test -c ./eapol_test.conf.tls -a10.80.10.109 -p1812 -stesting123 t16
If you have a powerful test machine connected to your AAA server with no bandwidth problem, then the only bottleneck you may encounter is the target itself. I could successfully ramp up to 300/second until the AAA servers CPU and swap memory got fully populated.
Hi. As you said, radperf nowadays is only provided to paying customers. The old, albeit fast, was only able to do pap and chap tests. Your trick to calculate load is very clever. Do you know eapol_test also has a -r option, where you can specify the number of authentications done? However I warn you it must have some bug, as it peaks around 70, and starts giving errors. Albeit your approach is very good to calculate load, however for timings, I know for experience eapol_test takes too long to setup things to be able to test. I have my auth times between 8 and 15 ms and timing eapol_test it gave me consistently 150-200ms. I might be interested to contact with you to exchange some testing ideas, my email is ruyrybeyro@gmail.com Regards,
ReplyDeleteThis comment has been removed by the author.
ReplyDelete