FreeRADIUS can't make progress under certain load
rihad
rihad at mail.ru
Sun Sep 11 07:46:38 CEST 2011
On 09/10/2011 11:45 PM, Alan DeKok wrote:
> rihad wrote:
>> BTW, I'm not sure why, but
>> under comparable workloads openradius does not exhibit this problem.
> Look at the source code to OpenRADIUS. It doesn't do duplicate
> detection that's suggested by RFC 5080 (which I'm the author of). This
> is understandable, because the most recent release of OpenRADIUS is 4
> years ago, before RFC 5080 was published.
>
> So OpenRADIUS is worse than FreeRADIUS. It will process both the old
> and the new request, which *increases* the load on your system. And it
> *won't* tell you that there's a problem.
>
> You are making a very, very, common mistake. You see an error
> message, and you're trying to get rid of the error message. You are
> *not* trying to understand the problem. You are *not* trying to solve
> the real problem.
>
> Go find out why something is blocking FreeRADIUS. And this is bad, too:
>
>> The duplicate requests come from PPPoE clients after they fail to
>> receive a response within 5 seconds or so.
> Your NAS is broken. Giving up on requests after 5 seconds is
> *stupid*. RFC 5080 suggests a better method. RADIUS clients in 1993
> had better methods than "give up after 5s".
>
AFAIK it's not the NAS decision per se to resend the auth after about 5
seconds, but clients' ADSL modems'.
> Use a NAS that isn't broken. Fix your database so it can handle the load.
>
> *Don't* go poking at FreeRADIUS. It's fine.
>
> Alan DeKok.
>
>
More information about the Freeradius-Devel
mailing list