sqlippool IP conflict problem
Fajar A. Nugraha
list at fajar.net
Tue Dec 20 08:37:41 CET 2011
2011/12/20 Коньков Евгений <kes-kes at yandex.ru>:
> I see that expire_time keep updated while radiusd will receive
> interim-update packets. BUT radius listen on UPD port and this
> mean that: no garantee that server will receive interim-update packet. So there
> is a chance to lose two interim packets for current user.
> Therefore IP leased for current user will be countered as expired and may be
> leased for other user causing IP conflict error.
That's why I suggested two times Acct-Interim-Interval would be a good
choice. If one packet goes missing hopefully we'll be able to get the
next one. If you're feeling paranoid you could use a big timeout value
(e.g. 10x Acct-Interim-Interval), with the consequence that it will
take longer before IP addresses used by stale sessions can be reused.
> I think there must be a mechanism to force check that IP is *really*
> unused before freeing or 're lease' it.
It's a tradeoff, really. In theory, you COULD write your own module
that verifies whether a user is online. Kinda like what simultaneous
use using radutmp & checkrad does, which performs checking using
snmp/telnet/ssh to the NAS. However that would inflict heavy
performance penalty. It might be acceptable if you only handle (for
example) 10 AAA/minute, but it won't be feasible if you need to handle
For most practical purposes, the current sqlippool is good enough. Not
perfect, but good enough.
More information about the Freeradius-Users