Aradial AAA Server Performance Settings
The document lists the recommended AAA server settings for high performance.
RADIUS Server
Configuration
Enable Multithreading
Number of Authentication Threads
Number of Accounting Threads
Number of Control Threads
Number of TCL Interpreters
Low Level Server Settings
Configuration
Admin Polled Server Service Name
Maximum Size of Request List
Delay Finished Request List Cleanup
by
Maximum Size of Proxy Request List
Proxy Target Timeout
Recommended Value
Must be enabled
A multiple of the number of cores on which the RADIUS server
runs. Can be tuned to achieve optimal configuration.
For example 4 x number-of-cores.
Same rule as for authentication threads. However, it may be set
to a lower number to give higher priority (more resources) for
authentication.
Always 1. Control threads are used for handling PoD and CoA
requests.
Max (number of authentication threads, number of accounting
threads).
Recommended Value
Not relevant for performance tuning. Denotes the name of the
Windows service of the RADIUS server.
The maximal number of RADIUS request that can be queued by
the RADIUS server, waiting to be processed. Any request arriving
while the request queue is at maximal size will be dropped.
There is a separate request queue for access requests and for
accounting.
Recommended value for high end systems: between 500-1000.
Setting a large value helps to allow the RADIUS server absorb
short bursts of requests.
In case of long bursts or if the system capacity is not able to
handle the incoming payloads, increasing the queue size will not
help in treating the extra messages and will cause the last
requests in the queue to incur a long latency.
How long to keep a finished request for the case of a retransmit
of that same packet. Experience shows that the best value for
this is 0.
The size of the request list for proxied messages. Maximal
possible size if 256.
Timeout in seconds for considering the current proxy targets as
dead and switching to an alternate one.
This value should be set according to target RADIUS behavior.
Database / Application Connection
Configuration
Maximal Server Open Connections
Maximal Admin Open Connections
Server Connection Timeout (-1 =
disabled)
Admin Connection Timeout (-1 =
disabled)
Periodic Runner Connection Timeout
(-1 = disabled)
Recommended Value
Number of authentication threads + number of accounting
threads + 2
Number of database connections for the admin application.
Recommended: 20.
Can be used to enable a timeout mechanism for long running
database transactions. IT is useful if a transaction gets stuck.
Recommended: 5 seconds.
Same as above but for Admin.
Recommended: -1 due to possible long queries.
Same as above but for Periodic Runner.
Recommended: -1.
Performance Log

The performance log describes the performance of the RADIUS server and is useful for performance
monitoring and tuning.

Example:

12/14/2011 12:25:17 #14 9F2B DB Connections Stats: Db-Up=Yes, Num-Connections=130, Unused=125, Failed=0

12/14/2011 12:25:17 #14 9F2B ------------------------------ Performance Statistics ------------------------------

Stat: 30 Seconds, From-Server-Start: 0:01:17:30 (x/y[/z] : x=from last update, y=from init, z=per second)

Stat: Total: Requests: 979/169407/32, Dropped: 14/2332/0, Duplicates: 1/17/0

Stat: Auth : Requests: 762/137930/25, Dropped: 14/2316/0, Duplicates: 0/1/0, Invalid:0/0, Malformed: 14/2315, BadAuth:0/0

Stat: Auth : Accepts: 77/12580, Rejects: 672/123028, Challenges: 0/0, UnknownType:0/0

Stat: Acct : Requests: 217/31477/7, Dropped: 0/16/0, Duplicates: 1/16/0, Invalid:0/0, Malformed: 0/0, BadAuth:0/0

Stat: Acct : Responses: 217/31461, Not Recorded:0/0, UnknownType:0/0

Stat: Latencies:

Stat Auth : Processing: Avg: 33, Max: 428, Spread: <50: 86%, 100: 0%, 200: 5%, 500: 7%, 1000: 0%, >1000: 0%

Stat Auth : Latency : Avg: 33, Max: 428, Spread: <50: 86%, 100: 0%, 200: 5%, 500: 7%, 1000: 0%, >1000: 0%

Stat Acct : Processing: Avg: 61, Max: 435, Spread: <50: 65%, 100: 22%, 200: 5%, 500: 5%, 1000: 0%, >1000: 0%

Stat Acct : Latency : Avg: 61, Max: 435, Spread: <50: 65%, 100: 22%, 200: 5%, 500: 5%, 1000: 0%, >1000: 0%

DB Connection Status

Provides the status of the connection of the RADIUS server to the database:

 DB-Up – Whether the connection to the database is up or down.

 Num-Connections – number of configured database connections.
 Unused – number of used connections. A high number of used connections indicates a high
server load.
 Failed – number of failed connections. Usually a failed is due to a database down and then all
connections will be in that status.

Request statistics

Provides different statistic counters on the various RADIUS requests.

There are three types of statistics counters which are presented as triplets (x/y/z):
  From serve start – from the last time the RADIUS server started.
 From last update – for the last period (30 seconds).
 Per second – average requests per second for the last period.

The following counters are displayed:

 Total – a total of the RADIUS requests

o Requests –every request.
o Drops – requests that were dropped.
o Duplicates – requests that were marked as duplicates.
 Auth – Authentication requests.
 Acct – Accounting requests.

Latencies

Provides different statistics on the latencies of service requests of the last period (30 seconds).

There are two topics:

 Auth – Authentication.
 Acct – Accounting.

There are two categories:

 Avg – The average latency.

 Max – The maximal latency.
 Spread: the distribution of the latencies:
o <50 – The percentage of requests under 50 milliseconds.
o 100 – The percentage of requests between 50-100 milliseconds.
o 200 – The percentage of requests between 100-200 milliseconds.
o 500 – The percentage of requests between 200-500 milliseconds.
o 1000 – The percentage of requests between 500-1000 milliseconds.
o >1000 – The percentage of requests over 1000 milliseconds.

There are two types of statistics:

 Processing – The time in milliseconds it took the server to process the request.
 Latency – The time in milliseconds that it took the server to respond to the request. This time
includes the processing time plus the queue time, which is the time the request waited in the
requests queue inside the server.