When subscriber growth pushed a major telecommunications provider's authentication infrastructure beyond its breaking point, threatening service quality for 15 million customers, we delivered a 300x performance breakthrough that saved their network.
A major US telecommunications provider was looking to update their legacy RADIUS system. They were unhappy with their existing vendor, and the uncertainty and risk around that product threatened service quality for their 15 million subscribers.
Their RADIUS authentication system was showing its age under increasing demand. The system had authentication timeouts and connection failures which directly affected customer experience and network reliability. The lack of flexibility of their existing system limited the kinds of customer products they could offer. The high support cost affected their bottom line.
These issues and more prevented customers from connecting to services, causing support ticket escalations and threatening the provider's reputation for network reliability—a critical differentiator in the competitive telecommunications market.
More than just a technical problem, this was rapidly becoming a business crisis that required immediate resolution to maintain carrier-grade performance standards.
Their team performed an initial migration to FreeRADIUS as a proof of concept. As they were unfamiliar with the product, they ran into issues, and then reached out to us for help.
The problem: Authentication overheads was crippling network performance
The telecommunications provider had deployed what initially seemed like a robust solution built on Python's flexible programming framework, with custom APIs designed to handle their specific authentication workflows.
However, this development approach was creating a critical performance constraint that prevented the system from handling carrier-grade traffic volumes effectively.
Our analysis uncovered the core issue: major inefficiencies in their policies. Their team knew Python, and FreeRADIUS has a Python module. So there was an obvious (but inefficient) solution: write all of their policies in Python.
Unfortunately, this meant that the policies were easy to write, but were incredibly slow due to the followingt issues:
- There were multiple data transformations between the FreeRADIUS and Python environments for each packet
- Python required complex object instantiation and manipulation for simple policy decisions
- Sequential processing through numerous independent Python modules substantially increased the above overhead
We examined their Python code, and talked to them to get their high level requirements. It turned out that the requirements were fairly simple, if long: a large amount of if/then/else checks, some string manipulation, IP address checks, etc.
The good news is that FreeRADIUS can do all of this internally via the “Unlang” policy language. And it’s hundreds to thousands of times faster than Python!
The solution: Purpose-built RADIUS optimization
We redesigned their authentication system using FreeRADIUS's optimized policy framework. Rather than processing requests through multiple conversion layers, this approach handles authentication logic directly within the RADIUS environment, dramatically reducing computational overhead.
Our implementation strategy focused on:
- Migrating their core business logic from Python to FreeRADIUS's native policy engine
- Eliminating redundant data transformation steps that were creating processing bottlenecks
- Optimizing the authentication workflow to minimize processing time per request
- Preserving all existing business logic while removing performance-constraining framework overhead
There were no major challenges with this process, but it still required careful attention to detail. The last thing we wanted to do was to get their business policies wrong!
We helped the customer create test cases to validate the behavior of the “Unlang” policies as compared to their old Python policies. We also worked though a number of additional optimization designs with them, which can make significant performance improvements. All of this effort was bases on our multi-decade experience of writing policies for thousands of ISPs world-wide.
The transformation maintained 100% functional compatibility while delivering massive performance gains—proving that sometimes the most effective solution is also the most efficient one.
As an aside, the only time we have ever used Python with FreeRADIUS is when we need to use it to call an external API. e.g. When the API is only usable via a Python library. In every other case across thousands of ISPs, we just use Unlang.
The results: Performance breakthrough
The authentication system transformation delivered remarkable improvements:
- 200-300x performance improvement across authentication processing
- Capacity increased from hundreds to tens of thousands of authentications per second to handling peak carrier traffic loads without degradation
- Complete elimination of authentication timeouts and connection failures
- Zero additional infrastructure investment required
- Avoided expensive commercial RADIUS system migration that would have cost hundreds of thousands
Beyond the technical metrics, the business impact was transformational: customer support tickets related to connection issues dropped dramatically, network reliability returned to carrier standards, and the provider could confidently support continued subscriber growth without authentication infrastructure concerns.
Key lesson: Infrastructure efficiency drives business results
This engagement demonstrates a critical principle for telecommunications providers: sophisticated development frameworks don't always translate to optimal performance in production environments. While flexible programming approaches offer development advantages, they can create significant performance constraints when processing high-volume network traffic.
For ISPs and telecommunications companies, authentication infrastructure must be designed for efficiency first. Every millisecond of processing delay multiplies across millions of customer interactions, directly impacting service quality and customer satisfaction. Every wasted CPU cycle increases hardware costs, and ongoing maintenance costs.
The FreeRADIUS optimized approach, though requiring different development expertise, is engineered specifically for high-performance authentication scenarios—making it the superior choice for carrier-grade deployments where performance directly impacts business outcomes.
The lesson here is that the obvious solution is not the most efficient one. And, that a small effort to improve existing systems can result in a huge decrease in operational and and capital expenses for years to come. Don’t just “write code and ship it”, sit down and understand it, to be sure that there isn’t a way to do better!
Need expert performance optimization?
InkBridge Networks has been at the forefront of network security for over two decades, tackling complex challenges across telecommunications infrastructure and ISP environments. Our team of seasoned experts has encountered and solved nearly every conceivable network security issue—from architectural bottlenecks to scaling challenges during critical business growth periods.
Don't let network bottlenecks threaten your service delivery. When your network authentication systems need to scale rapidly or perform under carrier-grade pressure, the difference between computer science theory and real-world optimisation becomes critical for customer satisfaction and business success.
Request a quote for network security solutions here and ensure your infrastructure is ready for whatever scaling challenges lie ahead.
Related Articles
Client Case Study: Slow network performance
When the pandemic hit, thousands of employees suddenly needed remote access overnight. This aerospace company's "simple" Python-based authentication system became their biggest business threat—until our experts created a 300x performance boost.
Why you should separate historical data from live data
ISPs and telecoms are often legally required to keep user session data for long periods of time. However, keeping these records can result in enormous databases tables which significantly affect the performance of your RADIUS system.