FreeRADIUS can't make progress under certain load
Alan DeKok
aland at deployingradius.com
Sat Sep 10 20:45:05 CEST 2011
rihad wrote:
> BTW, I'm not sure why, but
> under comparable workloads openradius does not exhibit this problem.
Look at the source code to OpenRADIUS. It doesn't do duplicate
detection that's suggested by RFC 5080 (which I'm the author of). This
is understandable, because the most recent release of OpenRADIUS is 4
years ago, before RFC 5080 was published.
So OpenRADIUS is worse than FreeRADIUS. It will process both the old
and the new request, which *increases* the load on your system. And it
*won't* tell you that there's a problem.
You are making a very, very, common mistake. You see an error
message, and you're trying to get rid of the error message. You are
*not* trying to understand the problem. You are *not* trying to solve
the real problem.
Go find out why something is blocking FreeRADIUS. And this is bad, too:
> The duplicate requests come from PPPoE clients after they fail to
> receive a response within 5 seconds or so.
Your NAS is broken. Giving up on requests after 5 seconds is
*stupid*. RFC 5080 suggests a better method. RADIUS clients in 1993
had better methods than "give up after 5s".
Use a NAS that isn't broken. Fix your database so it can handle the load.
*Don't* go poking at FreeRADIUS. It's fine.
Alan DeKok.
More information about the Freeradius-Devel
mailing list