Query on UDP proxy socket using freeradius version 3.0.16
saurabha badhai
saurabha.badhai at gmail.com
Fri Jun 16 17:40:18 UTC 2023
It's like
freeradius <-> loadbalancer <-> AAA
Based on proxy udp src port load balancer map the request to a AAA, so if a
src port is mapped to AAA1 for few initial access request and
access-challenge before accept, if next request get proxied with a new src
port then load balancer sends to a different AAA, may be AAA2 which reject
it.
Because of freeradius udp port change request get rejected.
That's why I asked this query ita related to freeradius.
Thanks,
Saurabha
On Fri, 16 Jun 2023, 22:39 Alan DeKok, <aland at deployingradius.com> wrote:
> On Jun 16, 2023, at 12:58 PM, saurabha badhai <saurabha.badhai at gmail.com>
> wrote:
> >
> > Yes customer deployed load balancer based on the source port map to
> > specific AAA server,
>
> So you're asking if someone else's load balancer is working properly?
>
> This isn't a FreeRADIUS issue.
>
> > Observed source port change for an ongoing
> > authentication session, access-request is initiated from a different port
> > after few access-challenges causing the load balancer to send the request
> > to a different AAA and then get rejected.
> >
> > Is this behavior proper and expected, source port change for an ongoing
> > authentication session ?
>
> It's allowed by the specifications.
>
> And again... why not ask this question *first*? Why spend all kinds of
> time asking useless and irrelevant questions? That is not productive.
>
> Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/devel.html
>
More information about the Freeradius-Devel
mailing list