proxy.conf: no_response_fail
Alan DeKok
aland at deployingradius.com
Sat Apr 16 18:22:23 CEST 2011
Josip Almasi wrote:
> there is a scenario that might require "no_response_fail = yes".
>
> First, network breaks; power outage, spanking trees, something other but
> massive.
> Then clients start comming online, put some heavy load on backend
> server. Retry, retry, and - clients DoS backend.
> In that case I might want to send Access-Reject, to get some breathing
> space.
Or, set "max_outstanding" for the home servers. And set a "fallback"
server in the "home_server_pool" section. That fallback server can
reject the packets.
> I had one case much like this with a buggy BRAS a few years ago.
> And I was involved in another, where Access-Reject made things much
> worse, due to buggy IADs - once rejected, they reset to factory defaults:>
>
> So, although I can't really say I need this feature, I know of cases
> that make it usefull.
There are usually other ways to do the same thing.
Alan DeKok.
More information about the Freeradius-Devel
mailing list