timeout and period values are rounded

Alan DeKok aland at deployingradius.com
Mon Jul 10 00:34:26 CEST 2017


On Jul 9, 2017, at 5:31 PM, denis <den.zinevich at gmail.com> wrote:
> 
> "It also has to be lower than max_request_time" - I did not see that in
> docs.. may be missed.

  The documentation says that "max_request_time" is the maximum time for a request.  After that time, the server gives up on the request.

  Please explain how it makes sense to set "response_window" larger than that makes sense.

> If I said nothing about home server does not mean I'm not investigating
> it's behaviour to get it fixed.

  I can only go by what you post.  If you ignore comments about fixing the home server, I can only assume you're ignoring the idea to fix the home server.

> Besides home server issue those warning still looks questionable, so even
> if it's not related I'd like at least to understand what's happening with
> timeouts.

  Please explain how the warning is "questionable".  If the home server doesn't respond for 30 seconds, it's broken, down, or it never received the request.

> i.e for some reason even with max_request_time=30, setting
> response_window=70 makes it 60, and 55 makes it 30.
> zombie_period - setting 29 is fine, no warning. setting 20 - makes it 25.
> so looks like in both cases there are some rules/additional dependencies
> that are not in docs.

  Maybe it's a bug.  Or maybe you're reading the debug output incorrectly.  Since you're not posting the whole debug output...

> regards home server itself - reason I asked for undefined/non-specific
> question about "best practices" is because yet I can't identify any
> specific problem on home server.

  It takes 30s to respond.  That's bad.  You've been told this repeatedly.

  How can you conclude "there's no specific problem on the home server?"

> if proxy did not receive any response from
> home server means either home did not get request, or response was not
> received at all or came out of time range.

  Again, if the home server takes 30s to respond, it's broken.  If the home server responds after the proxy has given up on the request, the proxy will print a message saying that.

> home server stats looks good for me:

  i.e. You're not following a packet from the proxy to the home server and back again.  You're looking at something *else*.

> i.e in case of problems I guess Total-Acct-Dropped-Requests will increase,
> right ?

  No.

> so if you have any hints how to diagnose issue on home server - tel me
> please.

  Run the server in debugging mode as suggested in the FAQ, "man" page, web pages, and daily on this list.

  Run BOTH servers in debugging mode.  Send the proxy a packet.  See if the packet makes it to the home server.  This shouldn't be difficult.

> for now I have only suggestion try to switch to tcp instead of udp.

 TCP won't fix routing or firewall problems.

  Making random changes won't help you understand the problem, or to fix it.  You have to figure out what's going wrong, and then fix that.

  Alan DeKok.




More information about the Freeradius-Users mailing list