How can I check that it really is a slowdown of the PM or even my radius
server? What are the timing values? How can I check authentication
response time?
Also, can a switched HUB adversly affect a PM in this way?
By the way, here is my setup up, 6 fully loaded PMs on a switched HUB, each
PM has its own port. The radius server is on the local network and is
running DNS and QMail SMTP, POP3. The radius server has experimental code
which may be causing this but I need some way of measuring response time.
The experimental code logs to an SQL database and does psuedo authentication
from an SQL database. Psuudo because it is only going through the motions
of SQL authentication and is currently doing authentication via a DB users
file. So technically, its authenticating twice for each request.
Thanks,
Jose
-----Original Message-----
From: Doug Ingraham <dpi@rapidnet.com>
To: Rob Chandhok <chandhok@within.com>
Cc: portmaster-users@livingston.com <portmaster-users@livingston.com>
Date: Monday, January 26, 1998 7:54 AM
Subject: Re: (PM) Avalanche! Help! (fwd)
On Mon, 26 Jan 1998, Rob Chandhok wrote:
> Well, I understand the situation now, thanks for everyone's comments.
>
> I have to agree this sounds like a ComOS problem. The previously posted
> output filters depend on the PM having a pool on a nice address block
> boundary, which isn't always the case. So the filters can be a bit more
> complicated.
>
> Since the PM obviously *knows* that the address isn't in use, I can't
> imagine this would be a difficult or risky fix. Is there some subtle
issue
> here that makes this "squelching" a risky thing to implement?
>
> Our PM3 use a default router that's on the local switched 10MB ethernet,
so
> I don't think we are hurting from this. But it seems like something worth
> fixing.
Like I mentioned, I noticed it on the Switched ethernet when a PM-2 was
overwhelmed with packets bouncing from the Cisco. It started with an
attack on one of our IRC customers (Why do they seem to make enemies and
play stupid games?) but I discovered that even PM's that were not under
attack were faster. I expect that the switched hub would not have been
necessary when we got it if I had known about this traffic congestion. An
outside agent can overwhelm your ethernet with only a few large packets
when they come in over your T-1. A single 5000 byte packet in theory
would saturate your ethernet for a second. In reality, you have probably
have to go to twice or perhaps three times this much data before it
saturates. But the point is that without the filters you can see it even
with just a 180 or so ports even on a switched hub. The problem is much
greater with loops over lower speed interfaces.
I would like to see it added to Comos even though you can do it manually.
It is one of those things that has bit me a couple of times when moving
gear around and changing IP addresses. If you forget to change the
filter...
Doug Ingraham From the Ferengi Rules of Acquisition.
Rapid City, SD #34 "Peace is good for business."
USA #35 "War is good for business."
-
To unsubscribe, email 'majordomo@livingston.com' with
'unsubscribe portmaster-users' in the body of the message.
-
To unsubscribe, email 'majordomo@livingston.com' with
'unsubscribe portmaster-users' in the body of the message.