Fwd: Child is hung (max_request)

Jonathan huffelduffel at gmail.com
Tue Mar 24 10:09:55 CET 2015


We've had alike issues but had this fixed with the pushed patch
towards 2.2.6 from Alan.

It's in the repositories but sadly 2.2.7 is not released yet

On Tue, Mar 24, 2015 at 9:41 AM, srithar jeevadurai
<srijeevadurai1 at gmail.com> wrote:
> Hi Team,
>
> Can anyone help on below request please?
>
>
> Regards,
> Srithar
>
> On Sat, Mar 21, 2015 at 8:50 PM, srithar jeevadurai <
> srijeevadurai1 at gmail.com> wrote:
>
>> Hi Team,
>>
>> I have understanded the proxy implementation. We are going to revamp our
>> application with following design.
>>
>> I would like to know whether we will face any challenge in our design i.e.
>> freeRadius stack wise.
>>
>> 1) GGSN to send request to Radius proxy (listening on standard ports 1812
>> and 1813).
>> 2) Radius proxy to accept only auth and allocate IP address and response
>> to auth request.
>> 3) Radius proxy to forward acct request to home_server pool ( may be 2-3
>> home server on same server with different user id and port for acct request
>> instead of 1813).
>> 4) Home_server to handle only acct request and fwd it to rad-dia converter
>> (diaclient). diaclient to convert rad request to dia request and send to
>> IN. diaclient to send response back to corresponding home server and home
>> server to send response back to Radius proxy.
>>
>> Same Host: 1 Radius Proxy, 3 Home-Servers (different user id and port no
>> for acct req), 1 diaclient.
>>
>>
>> Assumption:
>> 1) 2-3 home servers can be configured and run on same host with different
>> user name and port number for acct request.
>> 2) Radius proxy to choose acct-start to be sent among home_servers and
>> forward further accouting request (i.e. updates and stop) to same
>> home_servers. i.e. load balancing can be automatically handled by Radius
>> proxy.
>> 3) Radius proxy server can be modified to allocate IP address and response
>> to auth request (only for auth) and for acct-request it has to forward it
>> to home_server.
>> which configuration directs R-proxy to handle auth request by itself by
>> calling customized module and forward acct to home_server. It will be great
>> help if you can provide us same configuration for proxy to handle auth and
>> forward acct to home_servers.
>>
>> Thanks in advance for your reply. Please let us know if there is any risk
>> or not right approach in above explaned design.
>>
>> Regards,
>> Srithar
>>
>>
>> On Mon, Nov 24, 2014 at 12:28 PM, Iliya Peregoudov <iperegudov at cboss.ru>
>> wrote:
>>
>>> On 22.11.2014 18:01, srithar jeevadurai wrote:
>>>
>>>> Hi LLiya,
>>>>
>>>> Thanks for your reply.
>>>>
>>>> If I understand your reply correctly. Our current implementation is like
>>>> radius worker thread calls our customized module of Radius (rlm_raddia)
>>>> to send request to diameter client (dia client will send the request to
>>>> IN and reponse will be sent back to radius thread from dia client). It
>>>> is a blocking call of Radius worker thread.
>>>>
>>>
>>> Yes, your current implementation uses custom freeradius module that
>>> implements in-house protocol client. All freeradius modules are blocking
>>> and your module is not an exception.
>>>
>>>  If we implement, radius server as proxy then it will take request from
>>>> NAS and send it to dia client (without waiting for response from dia
>>>> client) which is non blocking call of radius worker thread. Dia client
>>>> has to send response to radius server and radius server to send the
>>>> repsonse to NAS. The only change here is rad-worker thread is no need to
>>>> wait after sending request to dia client. Sending request and processing
>>>> respose from dia client will happen idependedlly by FreeRad.
>>>>
>>>
>>> Yes, RADIUS proxy functionality of freeradius is non-blocking.
>>>
>>>  If my above understanding is correct, Can we get a sample module code to
>>>> send radius request to external process (here it is dia client) and
>>>> process response from external process (idependedlly without waiting
>>>> req-res). I hope that we would have used any IPC like TCP/IP or message
>>>> queue etc.
>>>>
>>>
>>> RADIUS proxy functionality does not need any freeradius module. RADIUS
>>> proxy functionality is already implemented in freeradius core. RADIUS proxy
>>> functionality sends RADIUS requests to external RADIUS server (called
>>> "home" server). If your preacct section sets control:Proxy-To-Realm
>>> attribute for the accounting request received by freeradius from NAS,
>>> freeradius core will proxy this accounting request to the home server
>>> associated with designated realm. When the answer comes from home server
>>> freeradius core will proxy this answer back to the NAS.
>>>
>>> Example configuration of freeradius proxy:
>>>
>>> # raddb/proxy.conf
>>> home_server radius-diameter-translator-1 {
>>>         type = acct
>>>         ipaddr = 127.0.0.1
>>>         port = 4013
>>>         secret = secret
>>>         response_window = 3
>>>         no_response_fail = yes
>>>         zombie_period = 86400 # 1 day
>>>         revive_interval = 0
>>>         status_check = none
>>> }
>>> home_server_pool radius-diameter-translator {
>>>         home_server = radius-diameter-translator-1
>>> }
>>> realm radius-diameter-translator {
>>>         acct_pool = radius_diameter_translator
>>> }
>>>
>>> # raddb/sites-available/default
>>> ...
>>> preacct {
>>>    # Proxy all Accounting-Requests to radius-diameter-translator realm
>>>    update control {
>>>       Proxy-To-Realm := radius-diameter-translator
>>>    }
>>> }
>>> ...
>>>
>>> Your radius-diameter-translator module should listen RADIUS protocol on
>>> UDP/4013 port. Translator should implement RADIUS server (receive requests,
>>> send responses) and Diameter client (send requests, receive answers). Flow
>>> diagram is following:
>>>
>>>
>>> NAS         radiusd        r-d-t      diameter-server
>>>  |             |             |               |
>>>  |RADIUS ACR   |             |               |
>>>  |------------>|RADIUS ACR   |               |
>>>  |             |------------>|Diameter ACR   |
>>>  |             |             |-------------->|
>>>  |             |             |   Diameter ACA|
>>>  |             |   RADIUS ACA|<--------------|
>>>  |   RADIUS ACA|<------------|               |
>>>  |<------------|             |               |
>>>
>>>  I need to know how to start with proxy radius server impementation for
>>>> radius-diameter converter. It would be great if you can give me a
>>>> document link on the same please.
>>>>
>>>
>>> Proxy functionality is documented in raddb/proxy.conf.
>>>
>>>
>>> -
>>> List info/subscribe/unsubscribe? See http://www.freeradius.org/
>>> list/users.html
>>>
>>
>>
>>
>> --
>> Regards,
>> Srithar Durairaj
>> Alternate Mail I.D: srijeevadurai1 at yahoo.co.in
>> Mobile: +919886251852
>>
>>
>>
>
>
> --
> Regards,
> Srithar Durairaj
> Alternate Mail I.D: srijeevadurai1 at yahoo.co.in
> Mobile: +919886251852
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list