FreeRADIUS Thread Behaviour

Alan DeKok aland at deployingradius.com
Mon Oct 16 17:29:40 CEST 2017 

On Oct 16, 2017, at 11:21 AM, Doug Wussler <doug.wussler at fsu.edu> wrote:
> When a thread dies off, it tears down its LDAP connection and when the new thread starts up
> it stands up a new LDAP connection.  If you start these threads on an idle system you can see
> (using Wireshark) that they do not turn over and the LDAP connections remain stable through
> the use of keepalives.  But on a busy system, the threads turn over and thus so do the LDAP
> connections.  I thought I had things configured so that threads never die off.

  The documentation describes when threads die off.

> The question I am trying to answer is why the threads turn over at all, and in particular
> so frequently.  Here is my config for the settings I thought control the thread behavior:
> 
> From “radiusd.conf”
> # THREAD POOL CONFIGURATION
> thread pool {
>        start_servers = 8
>        max_servers = 32
>        min_spare_servers = 2
>        max_spare_servers = 8

 i.e. if there are more than 8 spare threads, one is deleted.  If there are fewer than 2 spare threads, one is created.

> Have I overlooked a setting or misunderstood the way these settings work?

  I'm not sure.  The documentation is pretty clear on this.

> The motivation for looking into this is that I have occasions where freeradius
> reports “Could not start TLS: Can't contact LDAP server”
> which seems to only occur when a new thread fires up and tries to start TLS
> to the LDAP server.

  Because the OpenLDAP API is crappy.  There's no explicit "initialize" routine, so the OpenLDAP code has to guess, and can get it wrong.

>   This happens randomly for a few seconds a couple times a month.
> Regardless of whether or not this indicates a problem
> with my LDAP server or the connection to it, I would like to know why
> I have threads continuously dying and spawning every few minutes even
> though my config, as I understand it, is set so that the threads should not die.

  Again, the documentation is VERY clear on this:

	#  It does this by periodically checking how many servers are
	#  waiting for a request.  If there are fewer than
	#  min_spare_servers, it creates a new spare.  If there are
	#  more than max_spare_servers, some of the spares die off.

 If you don't want threads to spawn / die, se:

start_servers = 32
max_servers = 32
min_spare_servers = 0
max_spare_servers = 32

  Alan DeKok.

More information about the Freeradius-Users mailing list