Dynamic clients
Alan DeKok
aland at deployingradius.com
Sat Jun 14 14:25:29 CEST 2008
Arran Cudbard-Bell wrote:
> Wow this is such a neat way of doing it. Don't reload the entire client
> table every time there's an update, just provide provision for bringing
> new clients into the list dynamically
Yup.
> until we get a chance to reload the client list properly.
Nope. If they client is loaded dynamically, it's in the list
"properly". There is no difference between clients loaded at boot time
and clients loaded dynamically, other than a few entries in the "client"
data structure.
> Hmm... though because we see such large startup times when loading in
> clients from SQL, it'd be nice to be able to turn that DoS protection
> off, and just run the whole setup using dynamic clients, I dare say it'd
> save quite a bit of memory too (currently loading 600+ NAS).
The main problem right now is that the SQL lookups (or whatever) are
done in the main server thread. i.e. until the lookups finish, ALL new
requests are ignored. This is bad, but not catastrophic if your SQL
servers are up.
If the SQL servers are down, bad things can happen, like large
timeouts, and maybe lost packets.
Once I get the dynamic client lookups pushed to a child thread, the
main worker thread can go back to processing other packets. I can then
relax some of the DoS provisions.
> Did you include client assignment to virtual-servers, I don't see an
> attribute listed in the example...?
Yes. It's in the "update" section that isn't doing SQL lookups.
Alan DeKok.
More information about the Freeradius-Devel
mailing list