Section 20. Performance and tuning

20. Performance and tuning

Radiator has been tuned for maximum performance. You can find some examples of server performance on the Radiator web site. The performance you achieve will depend on many factors including the hardware and the authentication type. If you find you need to get better performance than you are achieving, you might try the following ideas and suggestions:

Operate multiple radius servers, and share the load between them. You would normally make each radius server the primary radius server for some of your NASs, and the secondary for a different group of NASs. Consider doing this anyway in order to make your network more robust in the face of a network or server failure. Consider using LOADBALANCE, VOLUMEBALANCE or ROUNDROBIN to distribute the incoming request load among multiple servers).
Use DBM, SQL, cached FILE or UNIX authentication in preference to any other method.
If you are using SQL, make sure that your User and Accounting tables have been designed for performance. This will usually mean adding indexes to the tables. Without indexes, selects on large tables can be very slow. A properly designed index will usually speed them up enormously.
Deploy Radiator on a different (faster) machine. Radiator is highly portable and will run on most Unix hosts, Windows 7/8/8.1/10 and Server 2008/2012/2016/2019.
Use exact Realm names instead of regexps.
If you are authenticating multiple realms, consider creating sub-servers, one for each realm, and a main server that uses AuthBy RADIUS to retransmit to the sub-servers.
Deploy any sub-servers on other machines on the same network as the main server.
If you are using SQL, deploy the SQL server and Radiator on different hosts.
If you are using LDAP, deploy the LDAP server and Radiator on different hosts.
Do not specify RewriteUsername unless you need it.
If you do not need accounting log files (perhaps you are already getting accounting logged by SQL) turn off AcctLogFileName.
If you do not need wtmp log files (perhaps you are already getting accounting logged by SQL or AcctLogFileName) turn off WtmpFileName.
Use the lowest Trace level you really need. Higher levels slow radiusd down.
Use as few check items as possible.
Do not use Simultaneous-Use check items that specify a filename.
Do not use check items that are regular expressions.
Use the Fork parameter if your authentication method is “slow”.
Do not specify MaxSessions or Simultaneous-Use. If you do, do not specify the Nas-Type in the <Client> clause (interrogating the NAS to confirm when logins are exceeded slows Radiator down).
Do not use PasswordLogFileName unless you really need it.
Do not specify an external Session Database with the <SessionDatabase ...> clause unless you need Simultaneous-Use limits and you are running multiple instances of Radiator.
Consider running separate servers, one for accounting and one for authentication.
If you have large number of concurrent users and require an external session database, consider using SessionDatabase SQL instead of SessionDatabase DBM.