Problem with Discarding packets. It is the Radius, MySQL or PostgreSQL?

Wed Apr 24 22:20:19 CEST 2013

Hello guys,

I would like an opinion concerning a situation that is happening with us. I'm
sure you have faced a similar situation.

Currently I have about 3000 clients connected simultaneously in 8
concentrators Mikrotik. These concentrators authenticate to 3 servers
freeradius doing consulting and accounting users in a mysql db.

The time we have the message "Discarding duplicate request ..." and "
Discarding conflicting ..." and in recent days began using ippool in
postgresql where we started having problems duplicating IPs.

We believed that such duplication was due to these messages which were
caused by our server mysql which was ancient and did not allow more make the
necessary adjustments as the number of clients and memory.

So we did the installation of new server Mysql and changed the parameters
possible and even indicated by mysqltunner and mysqlprimer, but the message
continued Discarding occurs.

So we started using two tables for the radacct, but the message remains.

Finally, we migrated the radacct for postgresql, where the number (two
tables) where the incidence of this message decreased, but remains on
average 50 per hour to about 1300 sections with pppoe interim-update 5
minutes.

What are the parameters that could be changed to make the tuning of
freeradius?
The question that remains ... MySQL or PostgreSQL?

We've done several settings in radius and mysql and still can not stop these
messages.
Attached my freeradius settings.

I appreciate the attention and the help of everyone,

Att
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130424/e236e05e/attachment-0001.html>
-------------- next part --------------
prefix = /usr
exec_prefix = /usr
sysconfdir = /etc
localstatedir = /var
sbindir = ${exec_prefix}/sbin
logdir = /var/log/freeradius
raddbdir = /etc/freeradius
radacctdir = ${logdir}/radacct
name = freeradius
confdir = ${raddbdir}
run_dir = ${localstatedir}/run/${name}
db_dir = ${raddbdir}
libdir = /usr/lib/freeradius
pidfile = ${run_dir}/${name}.pid

user = freerad
group = freerad

max_request_time = 60

cleanup_delay = 5

max_requests = 2048

listen {
	type = auth
	ipaddr = *
	port = 0
}

listen {
	ipaddr = *
	port = 0
	type = acct
}

hostname_lookups = no

allow_core_dumps = no

regular_expressions	= yes
extended_expressions	= yes

log {
	destination = files
	file = ${logdir}/radius.log
	syslog_facility = daemon
	stripped_names = no
	auth = yes
	auth_badpass = yes
	auth_goodpass = no
}

checkrad = ${sbindir}/checkrad

security {
	max_attributes = 200
	reject_delay = 0
	status_server = yes
}

proxy_requests  = yes
$INCLUDE proxy.conf

$INCLUDE clients.conf

thread pool {
	start_servers = 5
	max_servers = 32
	min_spare_servers = 3
	max_spare_servers = 10
	max_requests_per_server = 0
}

modules {
	$INCLUDE ${confdir}/modules/
	$INCLUDE eap.conf
	$INCLUDE sql.conf
}

instantiate {
	exec
	expr
	expiration
	logintime

}

$INCLUDE policy.conf

authorize {
	preprocess
	chap
	mschap
	digest
	suffix
	eap {
		ok = return
	}
	files
	bdmysql
	expiration
	logintime
	pap
}

authenticate {
	Auth-Type PAP {
		pap
	}
	Auth-Type CHAP {
		chap
	}
	Auth-Type MS-CHAP {
		mschap
	}
	digest
	unix
	eap
}

preacct {
	preprocess
	acct_unique
	suffix
	files
}

accounting {
	detail
	unix
	radutmp
	bdpgsql
	exec
	attr_filter.accounting_response
}

session {
	bdpgsql
}

post-auth {
	exec
	Post-Auth-Type REJECT {
		attr_filter.access_reject
	}
}

pre-proxy {
}

post-proxy {
	eap
}
-------------- next part --------------

sql bdmysql {
	database = "mysql"
	driver = "rlm_sql_${database}"
	server = "server.domain.com.br"
	login = "radius-user"
	password = "Radius!23"
	radius_db = "radius"
	acct_table1 = "radacct"
	acct_table2 = "radacct"
	postauth_table = "radpostauth"
	authcheck_table = "radcheck"
	authreply_table = "radreply"
	groupcheck_table = "radgroupcheck"
	groupreply_table = "radgroupreply"
	usergroup_table = "usergroup"
	deletestalesessions = yes
	sqltrace = no
	sqltracefile = ${logdir}/sqltrace.sql
	num_sql_socks = 150
	connect_failure_retry_delay = 60
	lifetime = 0
	max_queries = 0
	readclients = yes
	nas_table = "nas"
	$INCLUDE sql/${database}/dialup.conf
}

sql bdpgsql {
        database = "postgresql"
        driver = "rlm_sql_${database}"
        server = "serverpg.domain.com.br"
        login = "radius_user"
        password = "Radius!23$"
        radius_db = "pgsql_autenticacao"
        acct_table1 = "pgsql_autenticacao.radacct1"
        acct_table2 = "pgsql_autenticacao.radacct0"
        postauth_table = "pgsql_autenticacao.radpostauth"
        authcheck_table = "pgsql_autenticacao.radcheck"
        authreply_table = "pgsql_autenticacao.radreply"
        groupcheck_table = "pgsql_autenticacao.radgroupcheck"
        groupreply_table = "pgsql_autenticacao.radgroupreply"
        usergroup_table = "pgsql_autenticacao.usergroup"
        deletestalesessions = yes
        sqltrace = no
        sqltracefile = ${logdir}/sqltrace.sql
        num_sql_socks = 30
        connect_failure_retry_delay = 60
        lifetime = 0
        max_queries = 0
        nas_table = "pgsql_autenticacao.nas"
        $INCLUDE sql/${database}/dialup.conf
}