Re: Proxy home server failover
Tomas Hoger wrote:
I have a question regarding proxy failover in FreeRadius 1.x. Proxy
code chooses first active home server for realm and send packet to
that one. If no reply is received after configured number of retries,
request is rejected, other servers are *not* tried.
Yes.
Does version 2.0
have the same behavior? According to comments in sample proxy.conf it
seems new version will also try only one server and reject request if
no reply is received.
That's not what the documentation says. It says that a request will
be rejected once it has timed out. If the home server is marked dead
while the request is still alive, AND the NAS retransmits, then the
request will be sent to another home server.
I have made a quick modification of request_list.c, so that
request_reject is not called when try_count drops to 0. After that,
when NAS retries, different home server is selected. Can not calling
request_reject have any negative impact (memory leak, internal
structures inconsistency, ...)?
No.
Wouldn't it make sense to make
configuration parameter, which will instruct radiusd whether it should
reject or silently drop request, for which it has not received reply
from home server?
In 2.0.0, the request is automatically sent to another home server in
the same server pool. If there is no response, the post-proxy-type
"fail" section is run.
For realms with single home server, it won't make
much difference, as request will be rejected on next NAS retry (all
home servers are marked dead), but for realms with multiple home
servers, reject will not be sent just because one of the home servers
is not responding.
Various hacks can be added to 1.1.x, but the problem is deeper than
that. The code in 1.1.x isn't easy to debug or modify. The code in 2.x
is much clearer, better organized, and supports *much* more
functionality than 1.1.x.
At this point, new features will not be added to 1.1.x. If you want
new features, use 2.0.0 when it comes out.
Alan DeKok.
This archive was generated by a fusion of
Pipermail (Mailman edition) and
MHonArc.