Fwd: Child is hung (max_request)

Mon Nov 24 07:58:02 CET 2014

On 22.11.2014 18:01, srithar jeevadurai wrote:
> Hi LLiya,
>
> Thanks for your reply.
>
> If I understand your reply correctly. Our current implementation is like
> radius worker thread calls our customized module of Radius (rlm_raddia)
> to send request to diameter client (dia client will send the request to
> IN and reponse will be sent back to radius thread from dia client). It
> is a blocking call of Radius worker thread.

Yes, your current implementation uses custom freeradius module that 
implements in-house protocol client. All freeradius modules are blocking 
and your module is not an exception.

> If we implement, radius server as proxy then it will take request from
> NAS and send it to dia client (without waiting for response from dia
> client) which is non blocking call of radius worker thread. Dia client
> has to send response to radius server and radius server to send the
> repsonse to NAS. The only change here is rad-worker thread is no need to
> wait after sending request to dia client. Sending request and processing
> respose from dia client will happen idependedlly by FreeRad.

Yes, RADIUS proxy functionality of freeradius is non-blocking.

> If my above understanding is correct, Can we get a sample module code to
> send radius request to external process (here it is dia client) and
> process response from external process (idependedlly without waiting
> req-res). I hope that we would have used any IPC like TCP/IP or message
> queue etc.

RADIUS proxy functionality does not need any freeradius module. RADIUS 
proxy functionality is already implemented in freeradius core. RADIUS 
proxy functionality sends RADIUS requests to external RADIUS server 
(called "home" server). If your preacct section sets 
control:Proxy-To-Realm attribute for the accounting request received by 
freeradius from NAS, freeradius core will proxy this accounting request 
to the home server associated with designated realm. When the answer 
comes from home server freeradius core will proxy this answer back to 
the NAS.

Example configuration of freeradius proxy:

# raddb/proxy.conf
home_server radius-diameter-translator-1 {
         type = acct
         ipaddr = 127.0.0.1
         port = 4013
         secret = secret
         response_window = 3
         no_response_fail = yes
         zombie_period = 86400 # 1 day
         revive_interval = 0
         status_check = none
}
home_server_pool radius-diameter-translator {
         home_server = radius-diameter-translator-1
}
realm radius-diameter-translator {
         acct_pool = radius_diameter_translator
}

# raddb/sites-available/default
...
preacct {
    # Proxy all Accounting-Requests to radius-diameter-translator realm
    update control {
       Proxy-To-Realm := radius-diameter-translator
    }
}
...

Your radius-diameter-translator module should listen RADIUS protocol on 
UDP/4013 port. Translator should implement RADIUS server (receive 
requests, send responses) and Diameter client (send requests, receive 
answers). Flow diagram is following:

NAS         radiusd        r-d-t      diameter-server
  |             |             |               |
  |RADIUS ACR   |             |               |
  |------------>|RADIUS ACR   |               |
  |             |------------>|Diameter ACR   |
  |             |             |-------------->|
  |             |             |   Diameter ACA|
  |             |   RADIUS ACA|<--------------|
  |   RADIUS ACA|<------------|               |
  |<------------|             |               |

> I need to know how to start with proxy radius server impementation for
> radius-diameter converter. It would be great if you can give me a
> document link on the same please.

Proxy functionality is documented in raddb/proxy.conf.