sqlippool and exhausted pool

Mirko Alberio mirko.alberio at telemar.it
Mon Jul 19 16:56:49 CEST 2021


Ok, thanks, I did some packet capture in the problematic NAS, accounting 
Stop packet are actually being sent, but still the table is not updated. 
I attach the capture. So the NAS is sending account data!

And another quick question: we noticed also some cases where username 
deleted from the radcheck and radreply tables (dismissed customers) are 
still present in the radippool table, with past expiry_time: should not 
be automatically "pruned"? Those customers for example could disconnect 
the router cable and the NAS is not able to send the Stop packet.

Thanks again.

Mirko Alberio - Assistenza tecnica
e-mail: mirko.alberio at telemar.it

Telemar SpA Internet Quality Provider
Via Enrico Fermi, 235 - 36100 Vicenza - Italia
Tel 0444 291302 - Fax 0444 566310 - www.telemar.it
Assistenza tecnica 0444 1420000
Reg. Imp. Di Vicenza /C.F./P.I. 02508710247
Cap. Soc. € 120.000,00 I.V.
R.E.A. VI-236292

Il 19/07/2021 16:21, Alan DeKok ha scritto:
> On Jul 19, 2021, at 9:30 AM, Alberio Mirko <mirko.alberio at telemar.it> wrote:
>> Ok, thanks: investigating in the NAS: i tried debugging that user with IP 185.138.36.176
>>
>> that has expiry_time on 2021-01-15 20:12:31
>>
>> I tried disconnecting his PPPOE session, shortly afterward I get this request in the freeradius/radacct/NASIPADDRESS/ log files
>>
>> Mon Jul 19 15:25:35 2021
>>          Packet-Type = Access-Request
>    That doesn't help.  You need to look at your local configuration to see what happens with accounting packets, and where they're going.
>
>    Then, look in the accounting log files.  Usually a "detail" file.
>
>> And the authentication is fine. But still the expiry_time isn't updated. I should se another Accounting request below that right?
>    No.
>
>    Accounting packets get logged to different locations than authentication packets.
>
>    Alan DeKok.
>
-------------- next part --------------
No.     Time           Source                Destination           Protocol Length Info
      1 0.000000       NAS_IP         RADIUS_IP       RADIUS   356    Accounting-Request id=18

Frame 1: 356 bytes on wire (2848 bits), 356 bytes captured (2848 bits)
Ethernet II, Src: Routerbo_58:95:00 (cc:2d:e0:58:95:00), Dst: Routerbo_15:51:db (cc:2d:e0:15:51:db)
Internet Protocol Version 4, Src: NAS_IP, Dst: RADIUS_IP
User Datagram Protocol, Src Port: 34421, Dst Port: 1813
RADIUS Protocol
    Code: Accounting-Request (4)
    Packet identifier: 0x12 (18)
    Length: 314
    Authenticator: c10dbde6ad97f992a3b54f47711ca9e2
    [The response to this request is in frame 2]
    Attribute Value Pairs
        AVP: t=Service-Type(6) l=6 val=Framed(2)
        AVP: t=Framed-Protocol(7) l=6 val=PPP(1)
        AVP: t=NAS-Port(5) l=6 val=15842090
        AVP: t=NAS-Port-Type(61) l=6 val=Ethernet(15)
        AVP: t=User-Name(1) l=14 val=CUSTOMER_RADIUS_USERNAME
        AVP: t=Calling-Station-Id(31) l=19 val=60:32:B1:FD:B3:26
        AVP: t=Called-Station-Id(30) l=9 val=vlanXXXX
        AVP: t=NAS-Port-Id(87) l=25 val=vlanXXXX-POP_NAME
        AVP: t=Acct-Session-Id(44) l=10 val=8151bac6
        AVP: t=Framed-IP-Address(8) l=6 val=XX.XX.XX.45
        AVP: t=Acct-Authentic(45) l=6 val=RADIUS(1)
        AVP: t=Event-Timestamp(55) l=6 val=Jul 19, 2021 16:44:56.000000000 ora legale Europa occidentale
        AVP: t=Acct-Session-Time(46) l=6 val=1596
        AVP: t=Idle-Timeout(28) l=6 val=0
        AVP: t=Session-Timeout(27) l=6 val=0
        AVP: t=Unknown-Attribute(197) l=6 val=01388000
        AVP: t=Vendor-Specific(26) l=12 vnd=Ascend Communications Inc.(529)
        AVP: t=Unknown-Attribute(197) l=6 val=000fa000
        AVP: t=Vendor-Specific(26) l=12 vnd=Ascend Communications Inc.(529)
        AVP: t=Vendor-Specific(26) l=44 vnd=MikroTik(14988)
        AVP: t=Acct-Input-Octets(42) l=6 val=370833
        AVP: t=Acct-Input-Gigawords(52) l=6 val=0
        AVP: t=Acct-Input-Packets(47) l=6 val=3138
        AVP: t=Acct-Output-Octets(43) l=6 val=4463138
        AVP: t=Acct-Output-Gigawords(53) l=6 val=0
        AVP: t=Acct-Output-Packets(48) l=6 val=4555
        AVP: t=Acct-Status-Type(40) l=6 val=Stop(2)
            Type: 40
            Length: 6
            Acct-Status-Type: Stop (2)
        AVP: t=Acct-Terminate-Cause(49) l=6 val=User-Request(1)
        AVP: t=NAS-Identifier(32) l=17 val=Castegnero Alto
        AVP: t=Acct-Delay-Time(41) l=6 val=0
        AVP: t=NAS-IP-Address(4) l=6 val=NAS_IP

No.     Time           Source                Destination           Protocol Length Info
      2 0.005867       RADIUS_IP       NAS_IP         RADIUS   62     Accounting-Response id=18

Frame 2: 62 bytes on wire (496 bits), 62 bytes captured (496 bits)
Ethernet II, Src: Routerbo_15:51:db (cc:2d:e0:15:51:db), Dst: Routerbo_58:95:00 (cc:2d:e0:58:95:00)
Internet Protocol Version 4, Src: RADIUS_IP, Dst: NAS_IP
User Datagram Protocol, Src Port: 1813, Dst Port: 34421
RADIUS Protocol
    Code: Accounting-Response (5)
    Packet identifier: 0x12 (18)
    Length: 20
    Authenticator: 05a6a022a73131e9c0242dead4a70399
    [This is a response to a request in frame 1]
    [Time from request: 0.005867000 seconds]

No.     Time           Source                Destination           Protocol Length Info
      3 2.398938       NAS_IP         RADIUS_IP       RADIUS   194    Access-Request id=19

Frame 3: 194 bytes on wire (1552 bits), 194 bytes captured (1552 bits)
Ethernet II, Src: Routerbo_58:95:00 (cc:2d:e0:58:95:00), Dst: Routerbo_15:51:db (cc:2d:e0:15:51:db)
Internet Protocol Version 4, Src: NAS_IP, Dst: RADIUS_IP
User Datagram Protocol, Src Port: 47625, Dst Port: 1812
RADIUS Protocol
    Code: Access-Request (1)
    Packet identifier: 0x13 (19)
    Length: 152
    Authenticator: 058be9390bf7ae3258d7e53bff88a265
    [The response to this request is in frame 4]
    Attribute Value Pairs
        AVP: t=Service-Type(6) l=6 val=Framed(2)
        AVP: t=Framed-Protocol(7) l=6 val=PPP(1)
        AVP: t=NAS-Port(5) l=6 val=15842091
        AVP: t=NAS-Port-Type(61) l=6 val=Ethernet(15)
        AVP: t=User-Name(1) l=14 val=CUSTOMER_RADIUS_USERNAME
        AVP: t=Calling-Station-Id(31) l=19 val=60:32:B1:FD:B3:26
        AVP: t=Called-Station-Id(30) l=9 val=vlanXXXX
        AVP: t=NAS-Port-Id(87) l=25 val=vlanXXXX-POP_NAME
        AVP: t=User-Password(2) l=18 val=Encrypted
        AVP: t=NAS-Identifier(32) l=17 val=Castegnero Alto
        AVP: t=NAS-IP-Address(4) l=6 val=NAS_IP

No.     Time           Source                Destination           Protocol Length Info
      4 2.415228       RADIUS_IP       NAS_IP         RADIUS   112    Access-Accept id=19

Frame 4: 112 bytes on wire (896 bits), 112 bytes captured (896 bits)
Ethernet II, Src: Routerbo_15:51:db (cc:2d:e0:15:51:db), Dst: Routerbo_58:95:00 (cc:2d:e0:58:95:00)
Internet Protocol Version 4, Src: RADIUS_IP, Dst: NAS_IP
User Datagram Protocol, Src Port: 1812, Dst Port: 47625
RADIUS Protocol
    Code: Access-Accept (2)
    Packet identifier: 0x13 (19)
    Length: 70
    Authenticator: e8a2de069e636da63828bb12e93bc949
    [This is a response to a request in frame 3]
    [Time from request: 0.016290000 seconds]
    Attribute Value Pairs
        AVP: t=Vendor-Specific(26) l=44 vnd=MikroTik(14988)
        AVP: t=Framed-IP-Address(8) l=6 val=XX.XX.XX.45

No.     Time           Source                Destination           Protocol Length Info
      5 2.417845       NAS_IP         RADIUS_IP       RADIUS   216    Accounting-Request id=20

Frame 5: 216 bytes on wire (1728 bits), 216 bytes captured (1728 bits)
Ethernet II, Src: Routerbo_58:95:00 (cc:2d:e0:58:95:00), Dst: Routerbo_15:51:db (cc:2d:e0:15:51:db)
Internet Protocol Version 4, Src: NAS_IP, Dst: RADIUS_IP
User Datagram Protocol, Src Port: 49664, Dst Port: 1813
RADIUS Protocol
    Code: Accounting-Request (4)
    Packet identifier: 0x14 (20)
    Length: 174
    Authenticator: 996f1bb2b4f78dbc8b735f9c5f86c58c
    [The response to this request is in frame 6]
    Attribute Value Pairs
        AVP: t=Service-Type(6) l=6 val=Framed(2)
        AVP: t=Framed-Protocol(7) l=6 val=PPP(1)
        AVP: t=NAS-Port(5) l=6 val=15842091
        AVP: t=NAS-Port-Type(61) l=6 val=Ethernet(15)
        AVP: t=User-Name(1) l=14 val=CUSTOMER_RADIUS_USERNAME
        AVP: t=Calling-Station-Id(31) l=19 val=60:32:B1:FD:B3:26
        AVP: t=Called-Station-Id(30) l=9 val=vlanXXXX
        AVP: t=NAS-Port-Id(87) l=25 val=vlanXXXX-POP_NAME
        AVP: t=Acct-Session-Id(44) l=10 val=8151bac7
        AVP: t=Framed-IP-Address(8) l=6 val=XX.XX.XX.45
        AVP: t=Acct-Authentic(45) l=6 val=RADIUS(1)
        AVP: t=Event-Timestamp(55) l=6 val=Jul 19, 2021 16:44:58.000000000 ora legale Europa occidentale
        AVP: t=Acct-Status-Type(40) l=6 val=Start(1)
            Type: 40
            Length: 6
            Acct-Status-Type: Start (1)
        AVP: t=NAS-Identifier(32) l=17 val=Castegnero Alto
        AVP: t=Acct-Delay-Time(41) l=6 val=0
        AVP: t=NAS-IP-Address(4) l=6 val=NAS_IP

No.     Time           Source                Destination           Protocol Length Info
      6 2.422639       RADIUS_IP       NAS_IP         RADIUS   62     Accounting-Response id=20

Frame 6: 62 bytes on wire (496 bits), 62 bytes captured (496 bits)
Ethernet II, Src: Routerbo_15:51:db (cc:2d:e0:15:51:db), Dst: Routerbo_58:95:00 (cc:2d:e0:58:95:00)
Internet Protocol Version 4, Src: RADIUS_IP, Dst: NAS_IP
User Datagram Protocol, Src Port: 1813, Dst Port: 49664
RADIUS Protocol
    Code: Accounting-Response (5)
    Packet identifier: 0x14 (20)
    Length: 20
    Authenticator: 6f0d060806420e9177f0a7e74529e3f2
    [This is a response to a request in frame 5]
    [Time from request: 0.004794000 seconds]


More information about the Freeradius-Users mailing list