Dead Proxy Detection?

Alan DeKok aland at deployingradius.com
Mon Apr 14 08:42:55 CEST 2008


Lemaster, Rob wrote:
> I revewed raddb/sites-available/default and found Post-Proxy "fail"; Post-Proxy-Type Fail {detail}
> This appears to be to write Accounting logs locally if the remote proxy is down. 

  Yes.

> I'm not clear if this will be enabled if only ONE of the remote proxies are down, or if ALL proxies are down. It would go through normal round-robin and then only turn on if ALL proxies are down, correct?

  No.  It is run for a *request*, not for a proxy.

  For example, if you have 10,000 home servers, a request will time out
before it can try all of them.  It will be then run through the
Post-Proxy-Type Fail section.  Because it failed to be proxied.

> I would like to configure a Post-Proxy type action to take if ALL of a Realm's remote proxies are down. To be specific, I'd like to configure a realm to send access-accepts to all requests for that realm if ALL the remote proxies for that realm are unavailable, until they become available again. Can this be done here? If so, can you give me a syntax example? I could not find that in default, example, or README.

  That's something completely different.  See proxy.conf:

	...
	#  If a realm exists, but there are no live home servers for
	#  it, we can fall back to using the "DEFAULT" realm.  This is
	...

  That can work in most situations.  However, there's only one DEFAULT
realm, which may be a problem if you have many pools of home servers.
It's probably only about 20 lines of code to add a configurable fallback
for a home_server_pool.

  In CVS head, you can proxy to a virtual server.  So if you have a
fail-over section, the last one listed could be a virtual server, which
would take care of dealing with the "all home servers are down" problem.

  Alan DeKok.



More information about the Freeradius-Users mailing list