FreeRADIUS and EDUROAM timeout issues

Alan DeKok aland at deployingradius.com
Thu Oct 9 17:58:17 CEST 2008


Arran Cudbard-Bell wrote:
> That'd work. So when a server is marked as a Zombie Access-Requests
> still sent to it until the Zombie period has expired?

  Yes.  I also noticed that the current code doesn't send Status-Server
packets until "check_interval" time AFTER it's marked "dead".  So we
have "response_window" delay, followed by "zombie_period", followed by
"check_interval".  In some cases, it might not start pinging the home
server until a minute after it stops responding.  Not nice.

  My current proposal is to start pinging it at the start of
"zombie_period".  If you then set:

	zombie_period = 21
	check_interval = 6
	num_pings_to_alive = 3

  It will start pinging the home server as soon as it stops responding.
 if it responds to all 3 pings, it will be marked "live" again, without
ever being marked "dead".

> If so do responses
> to Access-Requests sent during the Zombie Period force the server live
> again?

  Yes.

> But of course you can't guarantee successful authentication within the
> Zombie Period... So you send the Status-Server packets before you Mark
> the server as dead, if the server responds then the first hop is good,
> and it's the ORPS that's dead. If it doesn't, then the first hop is bad
> and we fail over to another server.

  Yes.

  This still means that requests will be sent to that home server,even
if they're for an upstream realm that's dead.  If there are multiple
paths to the upstream realm, then those other paths won't be discovered.

  But there is no RADIUS "routing protocol"[1].  So that's that.

  Alan DeKok.

[1] For now.



More information about the Freeradius-Users mailing list