Proxy issue - Failing proxied request for user error

Alan DeKok aland at deployingradius.com
Thu Jul 18 13:28:28 CEST 2019


On Jul 18, 2019, at 1:52 AM, James Wood <james.wood at purplewifi.com> wrote:
> 
> I checked `cat /proc/net/udp` and could see some packets being dropped in
> the UDP buffer queue; and whilst monitoring the dropped packets we're
> seeing from the clients, the numbers were going up in line with this.

  Ah, yes.  That issue is cropping up more and more lately.  It looks like networks are getting "burstier", which causes issues.

> So I increased the `net.core.rmem` and `net.core.wmem` values a little on
> the server via sysctl, to increase the default UDP buffer size which has
> stopped the timeouts from occurring.
> 
> I guess out the box the server has am appropriate value for the UDP buffer
> queue but when using FreeRADIUS it fills it up if there's enough traffic
> (and its all UDP) and then the kernel starts dropping packets.

  IIRC, the default size in Linux is 64K.  Which should be enough for hundreds of RADIUS packets.  If the server is processing packets normally, it should be able to process 1000's of packets per second.

> Whist I appreciate it's not FreeRADIUS related, is there any advice around
> the best sysctl values to use for a large FreeRADIUS server? Has anyone
> come across this before?

  It's becoming more common.  It's not really clear why.

  You can also change this setting in FreeRADIUS.  At least in recent releases.  See "recv_buff" setting in sites-enabled/default:

	#
	#  Set the default UDP receive buffer size.  In most cases,
	#  the default values set by the kernel are fine.  However, in
	#  some cases the NASes will send large packets, and many of
	#  them at a time.  It is then possible to overflow the
	#  buffer, causing the kernel to drop packets before they
	#  reach FreeRADIUS.  Increasing the size of the buffer will
	#  avoid these packet drops.
	#
#	recv_buff = 65536


  Alan DeKok.




More information about the Freeradius-Users mailing list