sqlippool IP conflict problem

[Коньков Евгений]

Здравствуйте, Fajar.

Вы писали 20 декабря 2011 г., 9:37:41:

FAN> 2011/12/20 Коньков Евгений <kes-kes at yandex.ru>:
>> I see that expire_time keep updated while radiusd will receive
>> interim-update packets. BUT radius listen on UPD port and this
>> mean that: no garantee that server will receive interim-update packet. So there
>> is a chance to lose two interim packets for current user.

FAN> Correct.

>> Therefore IP leased for current user will be countered as expired and may be
>> leased for other user causing IP conflict error.

FAN> That's why I suggested two times Acct-Interim-Interval would be a good
FAN> choice. If one packet goes missing hopefully we'll be able to get the
FAN> next one. If you're feeling paranoid you could use a big timeout value
FAN> (e.g. 10x Acct-Interim-Interval), with the consequence that it will
FAN> take longer before IP addresses used by stale sessions can be reused.
I have Acct-Interim-Interval = 300
And I have script that ckeck zombie sessions once per 15min

Date: Sun, 18 Dec 2011 21:15:01 +0000 (UTC)
$VAR1 = [
          {
            'NASPORT' => 193,
            'ID' => 1221104,
            'USERNAME' => '10228',
            'TERMINATECAUSE' => 'OnLine',
            'FRAMEDIPADDRESS' => '192.168.16.195',
            'SESSIONID' => 'dfe6caf212e8f842',
            'BILL' => undef,
            'BYTESOUT' => '53208742',
            'STARTTIME' => '2011-12-18 19:02:49',
            'CALLTO' => '10.5.0.17',
            'STOPTIME' => '2011-12-18 20:49:03',
            'BYTESIN' => '9158505',
            'CALLFROM' => '10.7.30.58 / 00:24:54:5d:1a:b5 / vlan76',
            'ONLINETIME' => 6375
          }
        ];

It check 'OnLine' and STOPTIME more that 15min (3times AcctInterimInterval)
As you see 20:49:03 was last acct-interim-interval was received
script was runned at 21:15:01 so 25min are passed from last AcctInterimInterval
it is 5times. Per day I get about from 5 to 10 such sessions. It is noising (

NAS server and freeradius both are on localhost and there is about
50%Idle on CPU there are about 200-300users online with 5min
acctInterimInterval.

Is it possible to force FreeRadius to listen on TCP port?

>>
>> I think there must be a mechanism to force check that IP is *really*
>> unused before freeing or 're lease' it.

FAN> It's a tradeoff, really. In theory, you COULD write your own module
FAN> that verifies whether a user is online. Kinda like what simultaneous
FAN> use using radutmp & checkrad does, which performs checking using
FAN> snmp/telnet/ssh to the NAS. However that would inflict heavy
FAN> performance penalty. It might be acceptable if you only handle (for
FAN> example) 10 AAA/minute, but it won't be feasible if you need to handle
FAN> 10 AAA/second.

FAN> For most practical purposes, the current sqlippool is good enough. Not
FAN> perfect, but good enough.




-- 
С уважением,
 Коньков                          mailto:kes-kes at yandex.ru