Log InWe are happy to announce that FreeRADIUS 3 is now fully compliant with the base DHCP standards. Previous versions supported the base DORA exchange, but lacked some features such as Decline packets.
With greater flexibility and performance that is as fast or faster than the ISC DHCP server, FreeRADIUS is now a compelling option if you find yourself limited by your current implementation.
For the last twenty years, FreeRADIUS has been known as the world’s leading open source RADIUS server. At Network RADIUS, we have a long history of leading the maintenance and development of FreeRADIUS. During that time, FreeRADIUS has been focused on the RADIUS standards, with other protocols being a secondary consideration. One of the other protocols it has supported for over a decade is DHCP.
We decided that it was time to take a closer look at the DHCP implementation. Our goal was to evaluate its stability and performance, to meet or exceed industry standards, to make adjustments where necessary, and to beef up support for edge cases in the protocol. The results of our work are included in FreeRADIUS 3.0.22 which is available now.
FreeRADIUS 3 now includes a DHCP server which provides several major benefits over the ISC DHCP solution. These benefits include performance, no limits on the size of IP pools, the ability to use multiple data sources, and finally a much more flexible solution.
Better performance due to multi-threaded implementation
FreeRADIUS is multi-threaded by default, and has been for almost two decades. It can robustly support high input packets rates using many threads. For example, our benchmarking tests were using thirty-two threads, because there was no performance benefit in using more threads. In contrast, ISC DHCP is single threaded, while the more recent Kea implementation is single threaded by default, and only supports up to four threads as an “experimental” feature.
The mature multi-threaded capability of FreeRADIUS translates into higher performance in high load scenarios. While one thread is accessing the database, another thread can be applying complex local policies. The graph below shows how FreeRADIUS significantly outperforms both the ISC and Kea servers.
Zero performance impact in High Availability configurations
Many network environments need to accommodate wide fluctuations in device load, and to provision devices that frequently change their network location such as with WiFi. Typical solutions use a High Availability configuration in order to accommodate both the performance and stability needed for high load networks. Both ISC DHCP and Kea incur significant performance penalties in these scenarios. Counterintuitively with these solutions, increasing the size or number of address pools results in slower performance. This limitation means that the performance of those systems gets worse exactly in the situations where you need higher performance.
With FreeRADIUS DHCP, there is zero performance cost to High Availability configurations. We leverage modern database features, coupled with careful schema design. This design means that the performance of FreeRADIUS is independent of the size or number of address pools. This capability makes FreeRADIUS an obvious choice in environments which need flexibility. And how many environments don’t need flexibility?
Zero performance impact as address pool approaches capacity
In network environments provisioned by ISC DHCP or Kea, there is an additional performance dip as the address pool approaches capacity. Balancing the performance impact of either over provisioning address pools, or not provisioning them enough can make optimization a nightmare for system administrators. FreeRADIUS DHCP suffers no performance impact in either of these scenarios, dramatically simplifying operational considerations.
You just provision the IP addresses you want in your database. The database and FreeRADIUS then work together as efficiently as possible to track IPs in your network.
Adapts to your existing data store strategy - rather than forcing you to adapt to it
Both ISC DHCP and Kea have major limitations around the databases they use. In practice, these limitations mean that there is no way to update or extend the schemas used for DHCP.
In contrast, the built-in modularity and flexibility of FreeRADIUS means that it can be configured to accommodate your existing back-end data store systems, and even doing “mix and match”, where it pulls data from multiple sources such as LDAP directories, SQL databases, or text files.
In short, FreeRADIUS gives you control over your network, whereas other solutions restrict that control.
More bang for your buck
With all these benefits to FreeRADIUS as a DHCP server, it is important to remember that it is also a RADIUS server, and the leading one at that. FreeRADIUS has a more complete policy language than either ISC DHCP or Kea. That language makes it easier to write policies which give you fine-grained control over your network . Which in our experience, means happier and more productive system administrators.
Need help?
If you need help deploying FreeRADIUS DHCP in your network, we’ve got you covered. We’re the team that literally wrote the implementation. After designing FreeRADIUS environments for over 20 years, we’ve seen pretty much every variation out there. Contact us if you need experts. We’ll build and deploy your network, and then hand it over to your team to run and manage.
Read more:
