sqlippool IP conflict problem
Коньков Евгений
kes-kes at yandex.ru
Tue Dec 20 08:22:27 CET 2011
Здравствуйте, Fajar.
Вы писали 20 декабря 2011 г., 8:30:36:
FAN> 2011/12/20 Коньков Евгений <kes-kes at yandex.ru>:
>> Hi, FreeRadius.
>>
>> while frame IP address to user there are three stage in sqlippool
>>
>> clear
>> find
>> update
>>
>> clear stage - clear info about expired framed IP (JUST CLEAR!)
>> so *new* connected user have a chance get IP address of *current* online user
>> whose IP address is expired.
FAN> That is how sqlippool works
>>
>> This will cause IP conflict.
FAN> Not if you configure it correctly.
>>
>> does radius make any signal to nitify this situation?
>> or is it possible to frame other IP address to *current* online user?
>> or at least drop *current* online user?
FAN> For sqlipool to work correctly, the NAS needs to send accounting
FAN> packets, and interim updates must be enabled. You'd then set
FAN> sqlippool's lease-duration to a reasonable value (two times
FAN> Acct-Interim-Interval would be a good choice). Follow that, and you
FAN> won't have IP address conflict.
sql/mysql/ippool.conf
allocate-update = ...
...
expiry_time = NOW() + INTERVAL ${lease-duration} SECOND \
I see that expire_time keep updated while radiusd will receive
interim-update packets. BUT radius listen on UPD port and this
mean that: no garantee that server will receive interim-update packet. So there
is a chance to lose two interim packets for current user.
Therefore IP leased for current user will be countered as expired and may be
leased for other user causing IP conflict error.
I think there must be a mechanism to force check that IP is *really*
unused before freeing or 're lease' it.
--
С уважением,
Коньков mailto:kes-kes at yandex.ru
More information about the Freeradius-Users
mailing list