Snapshot of monthly KDC traffic for stanford.edu

Russ Allbery rra at stanford.edu
Fri Apr 2 03:34:37 EDT 2010


Ken Raeburn <raeburn at MIT.EDU> writes:

> Nice info, thanks!

> If it's easy to compile the data, I'd be curious to see what your peak
> load per {some small unit of time -- second, minute?} is.

As it turns out, I wrote a script to do that too a while back when
ensuring that we wouldn't overflow the session table of our firewall.
Here are the results on the logs for our primary KDC (which handles nearly
all of our authentications and is listed first for all the clients) for
yesterday.  This includes all AS-REQ and TGS-REQ log lines, including
failed and preauth requests, since it's a pure load metric rather than a
metric of successful use.

Saw a total of 9,589,057 AS_REQs or TGS_REQs
Peak estimated session count was 14,786 (60s timeout)

So yesterday we saw a peak of 14,786 requests to the KDC in a one-minute
period.  (The script is quick and dirty and doesn't count multiple
requests from the same IP as being part of the same session, since the
goal was a pessimistic count.)

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>



More information about the Kerberos mailing list