FreeRADIUS can't make progress under certain load
rihad at mail.ru
Sun Sep 11 12:51:18 CEST 2011
On 09/11/2011 01:58 PM, Alan DeKok wrote:
> rihad wrote:
>> We're using preprocess, rlm_perl (for AAA),
> I think it's abundantly clear you don't understand what you're doing.
> Perl doesn't do AAA. Perl is a programming language.
In case I wasn't clear enough: Perl scripts servicing AAA requests.
> What I *suspect* you're doing is using Perl to connect to a DB.
> (Notice how I keep mentioning DB, and you keep ignoring it? Maybe it's
> Your Perl script is breaking the server. Fix it.
I know that. The auth & billing software we're using is admittedly slow.
But see how easy it was to lower max_requests and allow FreeRADIUS to
make progress on its own during load spikes (like when a NAS reboots).
PPPoE clients (most of which are ADSL modems) retry auth anyway. Noting
in radiusd.conf that max_clients shouldn't be set higher than the system
can process within cleanup_delay seconds might save some poor soul their
spare time in the future.
Let me just quote Mr. Arran again:
> Your NAS is also behaving very strangely. FreeRADIUS only gives up on processing a request if a request with a duplicate ID, SRC IP, and SRC PORT but a different REQUEST AUTHENTICATOR is received.
> When a NAS retransmits it should use the same ID, SRC IP, SRC PORT and REQUEST AUTHENTICATOR.
By this it should be clear that it's not NAS resending unanswered auth
requests, but rather ADSL modems issuing _new_ requests.
More information about the Freeradius-Devel