On Sep 17, 2022, at 11:03 AM, Terry Burton <terry.burton@gmail.com> wrote:
Does the NAS allocate a session identifier at auth time?
No. That's my #1 changeI would have made to RADIUS. Everything else is minor.
Is Acct-Unique-Id stable between auth and acct, or can it be made so? In which case consider using this as the pool_key. This way activity related to updating/closing of the old session will not affect the new allocation since the pool_key will not match.
The debug output should say... but if it's the same called / calling-station ID, NAS IP / port, etc. Then it's difficult to tell the sessions apart. The only workaround is to use the Acct-Start-Time, and to record the 'last allocation time' when the IP is allocated. But doing that may cause the SQL database to avoid the index.
NASs often generate auth requests instantaneously in response to incoming events (PPPoE PADI, IPoE FSoL), and generate acct requests via a low-priority, timer-driven state machine, often with less than ideal opportunities for coordination between these mechanisms. Therefore it's not uncommon for the CPE to retry possibly multiple authentications before the accounting session is terminated, e.g. due to a long PPPoE keepalive-timeout. It's somewhat normal to receive Stops (and even I-Us) for the ongoing sessions that are awaiting timeout.
i.e. "RADIUS is horrible". :( Alan DeKok.