Capacity Testing for FreeRADIUS
To simulate RADIUS authentication traffic, we use eapol_test in combination with Apache JMeter. While other RADIUS benchmarking tools exist, they typically do not support TLS and EAP, making eapol_test essential for accurate performance evaluation.
Connection and setup
We perform capacity testing in our AWS Development Environment. Follow the setup instructions in this document to perform the tests.
The code for the capacity testing suite is kept in govwifi-terraform.
Results April 2026
The results of the 2026 tests can be found in this report. They may be made public after approval from our stakeholder.
Results July 2025
Performance tests were conducted using custom EC2 instances in the GovWifi staging environment, targeting FreeRADIUS under two authentication methods: EAP-MSCHAPv2 and EAP-TLS.
This document details how the legacy capacity tests were performed.
EAP-MSCHAPv2
- Sustained throughput: ~290 auth/s per RADIUS container
- Scales linearly across multiple clients and server instances
- CPU and memory usage remained stable
EAP-TLS
- Default config (with verify directive):
- ~23 auth/s, due to external OpenSSL verification
- Spawns separate process per auth; unsustainable at scale
- Optimised config (internal chain validation):
- ~213 auth/s
- Uses X509_V_FLAG_PARTIAL_CHAIN and removes verify
- CPU becomes primary bottleneck (single-threaded processing)