sqlippool IP conflict problem

[Коньков Евгений]

Здравствуйте, Коньков.

Вы писали 20 декабря 2011 г., 9:22:27:

КЕ> Здравствуйте, Fajar.

КЕ> Вы писали 20 декабря 2011 г., 8:30:36:

FAN>> 2011/12/20 Коньков Евгений <kes-kes at yandex.ru>:
>>> Hi, FreeRadius.
>>>
>>> while frame IP address to user there are three stage in sqlippool
>>>
>>> clear
>>> find
>>> update
>>>
>>> clear stage - clear info about expired framed IP (JUST CLEAR!)
>>> so *new* connected user have a chance get IP address of *current* online user
>>>  whose IP address is expired.

FAN>> That is how sqlippool works

>>>
>>> This will cause IP conflict.

FAN>> Not if you configure it correctly.

>>>
>>> does radius make any signal to nitify this situation?
>>> or is it possible to frame other IP address to *current* online user?
>>> or at least drop *current* online user?

FAN>> For sqlipool to work correctly, the NAS needs to send accounting
FAN>> packets, and interim updates must be enabled. You'd then set
FAN>> sqlippool's lease-duration to a reasonable value (two times
FAN>> Acct-Interim-Interval would be a good choice). Follow that, and you
FAN>> won't have IP address conflict.

КЕ> sql/mysql/ippool.conf
КЕ> allocate-update = ...
КЕ>   ...
КЕ>   expiry_time = NOW() + INTERVAL ${lease-duration} SECOND \

КЕ> I see that expire_time keep updated while radiusd will receive
КЕ> interim-update packets. BUT radius listen on UPD port and this
КЕ> mean that: no garantee that server will receive interim-update packet. So there
КЕ> is a chance to lose two interim packets for current user.
КЕ> Therefore IP leased for current user will be countered as expired and may be
КЕ> leased for other user causing IP conflict error.

КЕ> I think there must be a mechanism to force check that IP is *really*
КЕ> unused before freeing or 're lease' it.

Or may be force radius to listen TCP port. Is it possible?


-- 
С уважением,
 Коньков                          mailto:kes-kes at yandex.ru