NPS Accounting Proxy Test
Once the access server completes the connection process with the access client, it sends an Accounting-Request message to the NPS RADIUS proxy. The NPS RADIUS proxy logs the accounting data and forwards the message to the RADIUS server. The RADIUS server then sends an Accounting-Response to the NPS RADIUS proxy, where it is forwarded to the access server.
If the access servers experience accounting delays, it could either be owing to a slowdown in the NPS RADIUS proxy that routes the responses or the poor processing ability of the RADIUS server that sends the responses to the proxy. Malformed packets, packets with invalid attributes/addresses, and non-RADIUS packets can aso contribute to the time lag at the proxy server end. Another common reason for the slowdown is a request overload on the NPS RADIUS proxy.
Using the NPS Accounting Proxy test, administrators can measure how effectively the proxy is handling accounting requests, detect slowdowns, and pinpoint the probable reasons for the same.
Target of the test : An NPS server
Agent deploying the test : An internal agent
Outputs of the test : One set of results for the NPS RADIUS Proxy
Parameters | Description |
---|---|
Test period |
This indicates how often should the test be executed. |
Host |
The host for which the test is to be configured. |
Port |
The port at which the NPS server listens. The default is NULL. |
Measurement | Description | Measurement Unit | Interpretation |
---|---|---|---|
Accounting-Requests |
Indicates the rate at which the NPS RADIUS proxy receives accounting requests. |
Reqs/Sec |
This is a good indicator of the workload on the server. |
Accounting - Responses |
Indicates the rate at which the NPS RADIUS proxy is responding to requests. |
Reqs/Sec |
If the value of this measure is much lower than the value of the Accounting-Requests measure, it could indicate that the server is not responding to requests quickly. You may want to investigate the reasons for the same. This could either be caused by a processing bottleneck on the proxy server, a poor network connection between the proxy and the RADIUS server, or a slowdown on the RADIUS server. |
Bad authenticators |
Indicates the rate at which the proxy received requests containing an invalid Message Authenticator attribute. |
Reqs/Sec |
Ideally, the value of this measure should be 0. |
Packets dropped |
Indicates the rate at which the proxy silently discarded the request packets it received for a reason other than "malformed," "invalid Message Authenticator," or "unknown type". |
Packets/Sec |
Ideally, the value of this measure should be 0. |
Invalid addresses |
Indicates the rate at which the proxy received packets with invalid addresses. |
Reqs/Sec |
Ideally, the value of this measure should be 0. |
Malformed packets |
Indicates the rate at which the proxy received malformed packets. |
Packets/Sec |
Ideally, the value of this measure should be 0. |
Packets received |
Indicates the rate at which requests packets were received by the proxy. |
Packets/Sec |
|
Request timeouts |
Indicates the rate at which requests to the proxy timed out. |
Reqs/Sec |
A high value indicates frequent timeouts. Under such circumstances, you may want to consider changing the timeout setting for requests, so that timeouts are kept at a minimum. |
Retransmissions |
Indicates the rate at which requests were retransmitted to the proxy. |
Reqs/Sec |
Retransmits can increase the number of requests to the proxy server, thus overloading it. It is hence good practice to keep the rate of retransmissions minimal. One of the reasons for a high rate of retransmissions is a low Timeout setting on the server. If the value of this measure is very high, you may want to change the timeout setting to reduce retransmits. |
Unknown type |
Indicates the average number of unknown type (non-RADIUS) packets received by the proxy per second. |
Packets/Sec |
|
Pending requests |
Indicates the rate of requests destined for the proxy that have not yet timed out or received a response. |
Reqs/Sec |
A high value could either indicate a processing bottleneck on the proxy, a high timeout setting on the proxy (which could be causing many requests to be retransmitted to the server), or the poor processing power of the RADIUS server. A flaky network connection between the proxy and the RADIUS server can also contribute to the processing delay and add to the count of pending requests. |