Robust proxy accounting

Chris Howley C.P.Howley at
Wed Jun 10 10:51:52 CEST 2009


I used the example configuration and got the same result.

>>> Sending proxied request internally to virtual server.
server {
+- entering group accounting {...}
[] Suppressing writes to detail file as the request was just read from a detail file.++[] returns noop } # server Going to the next request <<< Received proxied response from internal virtual server.
 server {

1) The following is in the robust-proxy-accounting file.

#  (5) Define the virtual server to write the packets to the detail file
#  This will be called when ALL home servers are down, because of the
#  "fallback" configuration in the home server pool.
server {
        accounting {

#  (6) Define a virtual server to handle pre/post-proxy re-writing server {
        pre-proxy {
                #  Insert pre-proxy rules here

        post-proxy {
                #  Insert post-proxy rules here

                #  This will be called when the CURRENT packet failed
                #  to be proxied.  This may happen when one home server
                #  suddenly goes down, even though another home server
                #  may be alive.
                #  i.e. the current request has run out of time, so it
                #  cannot fail over to another (possibly) alive server.
                #  We want to respond to the NAS, so that it can stop
                #  re-sending the packet.  We write the packet to the
                #  "detail" file, where it will be read, and sent to
                #  another home server.
                Post-Proxy-Type Fail {

        #  Read accounting packets from the detail file(s) for
        #  the home server.
        #  Note that you can have only ONE "listen" section reading
        #  detail files from a particular directory.  That is why the
        #  destination host name is used as part of the directory name
        #  below.  Having two "listen" sections reading detail files
        #  from the same directory WILL cause problems.  The packets
        #  may be read by one, the other, or both "listen" sections.
        listen {
                type = detail
                filename = "${radacctdir}/*:*"
                load_factor = 10

        #  All packets read from the detail file are proxied back to
        #  the home servers.
        #  The normal pre/post-proxy rules are applied to them, too.
        #  If the home servers are STILL down, then the server stops
        #  reading the detail file, and queues the packets for a later
        #  retransmission.  The Post-Proxy-Type "Fail" handler is NOT
        #  called.
        #  When the home servers come back up, the packets are forwarded,
        #  and the detail file processed as normal.
        accounting {
                # You may want accounting policies here...

                update control {
                        Proxy-To-Realm := ""


2. I moved the following from the robust-proxy-accounting file to the proxy.conf file.

#  (1) Define two home servers.
home_server {
        type = acct
        ipaddr =
        port = 1813
        secret = <remvoved>

        #  Mark this home server alive ONLY when it starts being responsive
        status_check = status-server
        #status_check = request
        #username = "test_user_status_check"

        #  Set the response timeout aggressively low.
        #  You MAY have to increase this, depending on tests with
        #  your local installation.
        response_window = 6

#  (2) Define a virtual server to be used when both of the #  home servers are down.
home_server {
        virtual_server = }

#  Put all of the servers into a pool.
home_server_pool {
        type = load-balance     # other types are OK, too.

        home_server =
        # add more home_server's here.

        # If all home servers are down, try a home server that
        # is a local virtual server.
        fallback =

        # for pre/post-proxy policies
        virtual_server = }

#  (3) Define a realm for these home servers.
#  It should NOT be used as part of normal proxying decisions!
realm {
        acct_pool = }

Chris Howley

More information about the Freeradius-Users mailing list