FreeRADIUS can't make progress under certain load

rihad rihad at mail.ru
Sun Sep 11 07:46:38 CEST 2011


On 09/10/2011 11:45 PM, Alan DeKok wrote:
> rihad wrote:
>> BTW, I'm not sure why, but
>> under comparable workloads openradius does not exhibit this problem.
>    Look at the source code to OpenRADIUS.  It doesn't do duplicate
> detection that's suggested by RFC 5080 (which I'm the author of).  This
> is understandable, because the most recent release of OpenRADIUS is 4
> years ago, before RFC 5080 was published.
>
>    So OpenRADIUS is worse than FreeRADIUS.  It will process both the old
> and the new request, which *increases* the load on your system.  And it
> *won't* tell you that there's a problem.
>
>    You are making a very, very, common mistake.  You see an error
> message, and you're trying to get rid of the error message.  You are
> *not* trying to understand the problem.  You are *not* trying to solve
> the real problem.
>
>    Go find out why something is blocking FreeRADIUS.  And this is bad, too:
>
>> The duplicate requests come from PPPoE clients after they fail to
>> receive a response within 5 seconds or so.
>    Your NAS is broken.  Giving up on requests after 5 seconds is
> *stupid*.  RFC 5080 suggests a better method.  RADIUS clients in 1993
> had better methods than "give up after 5s".
>
AFAIK it's not the NAS decision per se to resend the auth after about 5 
seconds, but clients' ADSL modems'.

>    Use a NAS that isn't broken.  Fix your database so it can handle the load.
>
>    *Don't* go poking at FreeRADIUS.  It's fine.
>
>    Alan DeKok.
>
>




More information about the Freeradius-Devel mailing list