Proxy state attribute in accounting

Waqas Toor waqasnasirtoor at gmail.com
Mon Apr 18 08:06:22 CEST 2011


On Sat, Apr 16, 2011 at 9:19 PM, Alan DeKok <aland at deployingradius.com> wrote:
> Waqas Toor wrote:
>> Yes, Understood, Can I can limit those proxy-state attributes to lets
>> say 100 attributes only.
>> Because the other server is complaining about possible DoS attacks.
>
>  <sigh>  It would have been useful for you to say that at the beginning.
>
>  If there are 100 Proxy-State attributes, it's likely because you
> screwed up proxying somewhere.  It makes *no* sense to proxy packets
> through 100 servers.

Ok here is my robust-example-accounting that I am using for proxy
==============================================================

home_server home1.example.com {
	type = acct
	ipaddr = 10.1.67.37
	port = 1813
	secret = free-rad512

	#  Mark this home server alive ONLY when it starts being responsive
	status_check = request
	username = "test_user_status_check"

	response_window = 6
}

home_server home2.example.com {
	type = acct
	ipaddr = 10.1.67.28
	port = 1813
	secret = free-rad512

	#  Mark this home server alive ONLY when it starts being responsive
	status_check = request
	username = "test_user_status_check"

	response_window = 6
}

home_server acct_detail.example.com {
	virtual_server = acct_detail.example.com
}


home_server_pool acct_pool.example.com {
	type = load-balance	# other types are OK, too.

	home_server = home1.example.com
	home_server = home2.example.com

	fallback = acct_detail.example.com

	virtual_server = home.example.com
}

realm test_cpe.com{
	acct_pool = acct_pool.example.com
	nostrip
}

server acct_detail.example.com {
	accounting {
		detail.example.com
	}
}

server home.example.com {
	pre-proxy {
	}

	post-proxy {
		Post-Proxy-Type Fail {
			detail.example.com
		}
	}

	listen {
		type = detail
		filename = "${radacctdir}/detail.example.com/detail-*:*"
		load_factor = 10
	}

	accounting {

		update control {
			Proxy-To-Realm := "test_cpe.com"
		}
	}

}

================================================

It works fine, but when one of the server goes down of a long period,
It sends a lot of proxy state attributes.

Regards
Waqas




More information about the Freeradius-Users mailing list