radrelay: cross-replication of accounting records between two redundant freeradius servers

Arch Mangle archmangle at gmail.com
Fri Dec 16 23:17:47 CET 2011 

Hi List

I've got radrelay replicating accounting packets from a primary radius
server to a secondary radius server. The secondary radius server is capable
of handling radius accounting/auth requests if NASes cannot reach the
primary or the primary fails. I want to replicate packets from the
secondary to the primary server in addition to replicating from primary to
secondary, and so I tried setting up radrelay on the secondary identically
to the one on the primary. The idea is to use radrelay as a simple
mechanism to ensure that both servers have a copy of all the accounting
packets.

However, when I test sending accounting packets to the secondary, the two
systems go into some kind of circular loop, neither being smart enough to
recognise a replicated auth packet when it sees one :-)

When I look at the incoming packet dumps I see  accounting requests being
replicated and responded to with ever-increasing numbers of  Proxy-State
attributes, until the radrelay  instance crashes with a thread related
error:

---
Sending Accounting-Request of id 76 to 10.1.1.112 port 1646
        User-Name = "morpork at ankh.morpork.org"
        Service-Type = Framed-User
        NAS-IP-Address = 196.7.321.6
        NAS-Identifier = "196.7.321.6"
        NAS-Port = 1234
        NAS-Port-Type = Async
        Acct-Session-Id = "00001234"
        Acct-Status-Type = Stop
        Called-Station-Id = "123456789"
        Calling-Station-Id = "987654321"
        Acct-Delay-Time = 5108
        Acct-Session-Time = 1000
        Acct-Input-Octets = 20000
        Acct-Output-Octets = 30000
        Proxy-State = 0x3231353235
        Proxy-State = 0x3236333439
        Proxy-State = 0x3135343437
        Proxy-State = 0x3136313331
        Proxy-State = 0x35383236
        Proxy-State = 0x3435313436
        Proxy-State = 0x3532303932
        Proxy-State = 0x3137323331
        Proxy-State = 0x39323331
        Proxy-State = 0x3239343737
        Proxy-State = 0x3435383237
        Proxy-State = 0x3138313734
        Proxy-State = 0x3239343138
        Proxy-State = 0x373430
        Proxy-State = 0x393131
.
.
---

My question is, how would i configure two-way replication in a scenario
like this, without the loops ?

Informational:

 Server 1/Primary :    FreeRADIUS Version 2.1.10, for host
i686-pc-linux-gnu, (Debian squeeze/sid)
 Server 2/Secondary : FreeRADIUS Version 2.1.7, for host
i686-redhat-linux-gnu (CentOS 5.5)

(both systems on the same physical network and subnet)

Thanks in advance,
Arch
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20111217/cc2ccdaf/attachment.html>

More information about the Freeradius-Users mailing list