[32230] in Kerberos
Re: Snapshot of monthly KDC traffic for stanford.edu
daemon@ATHENA.MIT.EDU (Russ Allbery)
Fri Apr 2 03:34:42 2010
From: Russ Allbery <rra@stanford.edu>
To: Ken Raeburn <raeburn@mit.edu>
In-Reply-To: <04A150D7-A819-4597-824C-4FB6A3F7F7EE@mit.edu> (Ken Raeburn's
message of "Fri, 2 Apr 2010 03:16:18 -0400")
Date: Fri, 02 Apr 2010 00:34:37 -0700
Message-ID: <87mxxme29e.fsf@windlord.stanford.edu>
MIME-Version: 1.0
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Ken Raeburn <raeburn@MIT.EDU> writes:
> Nice info, thanks!
> If it's easy to compile the data, I'd be curious to see what your peak
> load per {some small unit of time -- second, minute?} is.
As it turns out, I wrote a script to do that too a while back when
ensuring that we wouldn't overflow the session table of our firewall.
Here are the results on the logs for our primary KDC (which handles nearly
all of our authentications and is listed first for all the clients) for
yesterday. This includes all AS-REQ and TGS-REQ log lines, including
failed and preauth requests, since it's a pure load metric rather than a
metric of successful use.
Saw a total of 9,589,057 AS_REQs or TGS_REQs
Peak estimated session count was 14,786 (60s timeout)
So yesterday we saw a peak of 14,786 requests to the KDC in a one-minute
period. (The script is quick and dirty and doesn't count multiple
requests from the same IP as being part of the same session, since the
goal was a pessimistic count.)
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
