proxy.conf: no_response_fail

Alan DeKok aland at
Sat Apr 16 18:22:23 CEST 2011

Josip Almasi wrote:
> there is a scenario that might require "no_response_fail = yes".
> First, network breaks; power outage, spanking trees, something other but
> massive.
> Then clients start comming online, put some heavy load on backend
> server. Retry, retry, and - clients DoS backend.
> In that case I might want to send Access-Reject, to get some breathing
> space.

  Or, set "max_outstanding" for the home servers.  And set a "fallback"
server in the "home_server_pool" section.  That fallback server can
reject the packets.

> I had one case much like this with a buggy BRAS a few years ago.
> And I was involved in another, where Access-Reject made things much
> worse, due to buggy IADs - once rejected, they reset to factory defaults:>
> So, although I can't really say I need this feature, I know of cases
> that make it usefull.

  There are usually other ways to do the same thing.

  Alan DeKok.

More information about the Freeradius-Devel mailing list