NAS ? What is the best option

Ivan Kalik tnt at kalik.net
Tue Oct 13 11:31:16 CEST 2009


> I know that this list is not connected with any hardware vendor but I
> see that every couple days someone cries here .... NAS problems...
>
> I use Mikrotik and I'm not satisfied (duplicated packets, does not
> support POD correctly , etc)
>
> Also, yesterday I see that Cisco can be pain in the a*** too :)
>
> So, dear friends... What is the best solution for ISP (PPPoE)?

There is no problem with using Cisco for PPPoE termination. That chap
doesn't know the difference between duplicated (packet re-sent with same
id) and confilicting packet (packet with same port/user etc. but different
id). With default settings Cisco will send duplicated packets every 2
seconds (if there is no reply from radius server); after 30 seconds it
will discard the original request and try to mark the radius server as
dead (and fail over to secondary radius server). If there have been
responses from radius server to other requests it won't mark it as dead
(or fail over - it can be debated if that is the correct pathway; prehaps
second request should go to secondary server anyway; freeradius now
implements this when working in proxy mode) but send the new request (with
same user/port etc.).

In response to recieving this "conflicting" packet (user/port etc. matches
but not id) freeradius will discard the original packet correctly assuming
that NAS has abandoned it. For some reason user in thread you have
mentioned can't comprehend that this is the correct action. He would
continue processing original requests which will then get discarded by the
NAS. With default settings that would extend processing time some 30 times
in his example (perl processing that takes 1 second per request).

So, Cisco and freeradius work fine there. Problem is his perl script. I
assume he is using it to connect to the database and get data from there.
Connecting to the database is very expensive. If he would offload data
gathering to sql module and use perl just for calculation chances are that
request processing would take 100 time shorter and his problems would
vanish. But he is adamant that Cisco is broken (sending new requests every
few seconds, not 30 seconds or 2 minutes that are defaults known to me;
repeating same request defaults are 2 and 5 seconds on various devices).

All in all, don't worry about using Cisco and freeradius for broadband
aggregation. They work fine together. Just don't trust Cisco claims about
numbers device can handle. Divide it by 10. If brochure says device can
handle 10,000 connections it will handle about 1,000 in a realistic case.

Ivan Kalik
Kalik Informatika ISP




More information about the Freeradius-Users mailing list