Proxy to two RADIUS Servers
Stefan A.
a.freeradius at premit.de
Mon Jun 14 21:31:46 CEST 2010
Thanks Arran,
I have to provision the DEST1 using live session information, and DEST1 only
needs the information during the current IP, but if I set up:
1. manual Proxy from sites-enabled/default file: all ACK Packages are
delayed to the NAS, if DEST1 is not there, and the NAS possibly retries...
not good!?
2. if I use'copy-acct-to-home-server', I have to keep track of the packet,
to not send too old information to the DEST1. In strange cases, where DEST1
is down for hours, I will keep sending packets of old sessions, until I went
through all left files...
3. I could possibly mix it: I might send START and STOP packets to DEST1. In
case DEST1 is not available, I put all STOP Packets into the
'copy-acct-to-home-server' files. After DEST1 is back up, all previous ended
sessions will be cleared and new sessions will overwrite the possibly old
status in the DEST1 databases ..., but this might not work, as 'redundant'
does not take updates on a attribute list.
also... 'copy-acct-to-home-server' seems to delay the forwarded packet at
about 0.2 to 0.5 seconds...
I checked to use a ramdisk for this, but it did not speed up the process...
I sometimes see 0.05 but often 0.4
Again, nobody cares about start packets after the session has been
terminated, but fast delivery is critical...
Any ideas, on how to handle this situations?
System: test system, no load, SUN X4100, 8GB, Mirrored Disks, FR 2.1.7,
Solaris 10, normally no local disk access, FR is connected to MySQL Cluster
Thank you
Stefan
> -----Original Message-----
> From: freeradius-users-
> bounces+a.freeradius=premit.de at lists.freeradius.org [mailto:freeradius-
> users-bounces+a.freeradius=premit.de at lists.freeradius.org] On Behalf Of
> Arran Cudbard-Bell
> Sent: Monday, June 14, 2010 7:57 PM
> To: FreeRadius users mailing list
> Subject: Re: Proxy to two RADIUS Servers
>
> Use copy-acct-to-home-server, it's what it's there for. Delay is
> usually sub second, but it depends on the throttling values you set in
> the detail reader server.
>
> On 14/06/2010, Stefan A. <a.freeradius at premit.de> wrote:
> > I checked, whether I am able to manually proxy from sites-
> available/default,
> > using unlang.
> > It works fine, using the following commands.
> >
> >
> > if (request:Acct-Status-Type == "Start" || request:Acct-Status-
> Type
> > == "Stop") {
> > if (request:Called-Station-Id == "apn.isp.de") {
> > update control {
> > Replicate-To-Realm += "DEST1"
> > }
> > }
> > }
> >
> >
> > But I do not get it to work, if I try to proxy the same packet to two
> > servers:
> >
> > if (request:Acct-Status-Type == "Start" || request:Acct-Status-
> Type
> > == "Stop") {
> > if (request:Called-Station-Id == "apn.isp.de") {
> > update control {
> > Replicate-To-Realm += "DEST1"
> > Replicate-To-Realm += "DEST2"
> > }
> > }
> > }
> >
> > I only uses the first 'Replicate-To-Realm' entry DEST1 and does not
> seem to
> > cycle through a list or destination RADIUS Servers...
> >
> >
> > Is this the intended behavior? Should I go for 'copy-acct-to-home-
> server' ?
> > How much delay would this add between writing the file and sending
> the
> > packet to the home server?
> >
> >
> > Thank you
> > Stefan
> >
> >
> >
> >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> >
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list