Zombie Infestation of Log file
Josip Rodin
joy at entuzijast.net
Thu Apr 22 10:19:06 CEST 2010
On Wed, Apr 21, 2010 at 05:47:43PM +0200, Alan DeKok wrote:
> > Without status_check, you rely on the timeouts - revive_interval and
> > zombie_period.
>
> Which is much worse than status checks.
>
> > But, if you're talking to FR 1.1.7, that should be able to make it respond
> > negatively to a single fake user/domain, and then you can use that for
> > status_check = request on its clients.
> >
> > *Any* status_check is better on FR 2.x than none... speaking from horrible
> > experience...
>
> Yup. It's not that 2.x is bad without status checks, it's that there
> is *no way* for anyone to do "the right thing" without status checks.
One thing that we talked I believe in private mail is good to point out on
the mailing list as well - the current request cleaning up logic isn't
really being kind to proxy settings and how the admins might interpret them
- meaning there is nothing in the proxying code that will avoid having
individual requests silently dropped on the floor if the timeouts expire.
Indeed the only way to get the FR 2.x proxy code to retry and move on to a
second home server in a pool is for its original *client* to retry too,
within max_request_time, which can then trigger a fail-over in the proxying
logic.
--
2. That which causes joy or happiness.
More information about the Freeradius-Users
mailing list