FreeRADIUS can't make progress under certain load

rihad rihad at
Sun Sep 11 12:51:18 CEST 2011

On 09/11/2011 01:58 PM, Alan DeKok wrote:
> rihad wrote:
>> We're using preprocess, rlm_perl (for AAA),
>    I think it's abundantly clear you don't understand what you're doing.
>    Perl doesn't do AAA.  Perl is a programming language.
In case I wasn't clear enough: Perl scripts servicing AAA requests.

>    What I *suspect* you're doing is using Perl to connect to a DB.
> (Notice how I keep mentioning DB, and you keep ignoring it?  Maybe it's
> important!)
>    Your Perl script is breaking the server.  Fix it.
I know that. The auth & billing software we're using is admittedly slow. 
But see how easy it was to lower max_requests and allow FreeRADIUS to 
make progress on its own during load spikes (like when a NAS reboots). 
PPPoE clients (most of which are ADSL modems) retry auth anyway. Noting 
in radiusd.conf that max_clients shouldn't be set higher than the system 
can process within cleanup_delay seconds might save some poor soul their 
spare time in the future.

Let me just quote Mr. Arran again:
> Your NAS is also behaving very strangely. FreeRADIUS only gives up on processing a request if a request with a duplicate ID, SRC IP, and SRC PORT but a different REQUEST AUTHENTICATOR is received.
> When a NAS retransmits it should use the same ID, SRC IP, SRC PORT and REQUEST AUTHENTICATOR.
By this it should be clear that it's not NAS resending unanswered auth 
requests, but rather ADSL modems issuing _new_ requests.

More information about the Freeradius-Devel mailing list