NPS Accounting Proxy Test

Once the access server completes the connection process with the access client, it sends an Accounting-Request message to the NPS RADIUS proxy. The NPS RADIUS proxy logs the accounting data and forwards the message to the RADIUS server. The RADIUS server then sends an Accounting-Response to the NPS RADIUS proxy, where it is forwarded to the access server.

If the access servers experience accounting delays, it could either be owing to a slowdown in the NPS RADIUS proxy that routes the responses or the poor processing ability of the RADIUS server that sends the responses to the proxy. Malformed packets, packets with invalid attributes/addresses, and non-RADIUS packets can aso contribute to the time lag at the proxy server end. Another common reason for the slowdown is a request overload on the NPS RADIUS proxy.

Using the NPS Accounting Proxy test, administrators can measure how effectively the proxy is handling accounting requests, detect slowdowns, and pinpoint the probable reasons for the same.

Target of the test : An NPS server

Agent deploying the test : An internal agent

Outputs of the test : One set of results for the NPS RADIUS Proxy

Configurable parameters for the test
Parameters Description

Test period

This indicates how often should the test be executed.

Host

The host for which the test is to be configured.

Port

The port at which the NPS server listens. The default is NULL.

Measurements made by the test
Measurement Description Measurement Unit Interpretation

Accounting-Requests

Indicates the rate at which the NPS RADIUS proxy receives accounting requests.

Reqs/Sec

This is a good indicator of the workload on the server.

Accounting - Responses

Indicates the rate at which the NPS RADIUS proxy is responding to requests.

Reqs/Sec

If the value of this measure is much lower than the value of the Accounting-Requests measure, it could indicate that the server is not responding to requests quickly. You may want to investigate the reasons for the same. This could either be caused by a processing bottleneck on the proxy server, a poor network connection between the proxy and the RADIUS server, or a slowdown on the RADIUS server.

Bad authenticators

Indicates the rate at which the proxy received requests containing an invalid Message Authenticator attribute.

Reqs/Sec

Ideally, the value of this measure should be 0.

Packets dropped

Indicates the rate at which the proxy silently discarded the request packets it received for a reason other than "malformed," "invalid Message Authenticator," or "unknown type".

Packets/Sec

Ideally, the value of this measure should be 0.

Invalid addresses

Indicates the rate at which the proxy received packets with invalid addresses.

Reqs/Sec

Ideally, the value of this measure should be 0.

Malformed packets

Indicates the rate at which the proxy received malformed packets.

Packets/Sec

Ideally, the value of this measure should be 0.

Packets received

Indicates the rate at which requests packets were received by the proxy.

Packets/Sec

 

Request timeouts

Indicates the rate at which requests to the proxy timed out.

Reqs/Sec

A high value indicates frequent timeouts.

Under such circumstances, you may want to consider changing the timeout setting for requests, so that timeouts are kept at a minimum.

Retransmissions

Indicates the rate at which requests were retransmitted to the proxy.

Reqs/Sec

Retransmits can increase the number of requests to the proxy server, thus overloading it. It is hence good practice to keep the rate of retransmissions minimal.

One of the reasons for a high rate of retransmissions is a low Timeout setting on the server.

If the value of this measure is very high, you may want to change the timeout setting to reduce retransmits.

Unknown type

Indicates the average number of unknown type (non-RADIUS) packets received by the proxy per second.

Packets/Sec

 

Pending requests

Indicates the rate of requests destined for the proxy that have not yet timed out or received a response.

Reqs/Sec

A high value could either indicate a processing bottleneck on the proxy, a high timeout setting on the proxy (which could be causing many requests to be retransmitted to the server), or the poor processing power of the RADIUS server. A flaky network connection between the proxy and the RADIUS server can also contribute to the processing delay and add to the count of pending requests.