Duplicate Radius Accounting
Christopher Manigan
cmanigan at towerstream.com
Mon Aug 6 17:11:49 CEST 2012
The status page I was looking at for these numbers had the labels and values mismatched. There do not appear to be an malformed or invalid messages now that they are lined up. Radius has been restarted, so the numbers are all pretty low right now. I will reply again when I have some more numbers to share later today, but over the last 40 minutes I am seeing 4077 duplicates and 14566 drops for accounting, which still seems high to me.
So that eliminates any malformed/invalid/zero response issues. As for the errors I see in the logs, I do not believe it to be a slow database. The database is responsive to other queries against the radius database while we experience timeouts and crashses.
Do you have any suggestions on how we might troubleshoot that end of it?
Chris
________________________________________
From: freeradius-users-bounces+cmanigan=towerstream.com at lists.freeradius.org [freeradius-users-bounces+cmanigan=towerstream.com at lists.freeradius.org] on behalf of Alan DeKok [aland at deployingradius.com]
Sent: Monday, August 06, 2012 9:19 AM
To: FreeRadius users mailing list
Subject: Re: Duplicate Radius Accounting
Christopher Manigan wrote:
> In my logs I see many entries like the following:
>
> Info: WARNING: Child is hung for request 51651 in component <core> module <queue>.3
> Error: Dropping request (2049 is too many): from client myhost.mysite port 32869 - ID: 239
Something is blocking the server. This is usually a slow database.
> In the last ~10 hours, the status server reports the following for accounting:
>
> Responses 0
> Duplicate 954442
> Malformed 115045
> Invalid 564029
That is *terrible*. Zero responses? It indicates a catastrophic
failure in the system.
And *malformed* packets? Something is sending NON RADIUS packets to
the RADIUS port. Go fix that.
And "invalid" packets? Something is sending non-accounting packets to
the accounting port.
> Dropped 0
> Unknown 0
>
> Radius will hang and start to time out and eventually die. It looks like the duplicate count gets extremely high very quickly. Could it be the NAS that are pointing to it? Or could it be my radius configs somehow causing this? I am not really sure how to prove it out or troubleshoot. I can increase the max requests but I don't think that is the right solution.
Your RADIUS system is horribly slow, and isn't finishing any requests.
Go fix that. The default configuration *works*.
And your NAS is broken. Something is very, very, wrong in your
network. Find out what it is. Ensure that only RADIUS accounting
packets go to the RADIUS accounting port.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list