FreeRADIUS blocked trying to close SQL connection

[Alan DeKok]

On Jul 2, 2020, at 7:52 AM, Alberto Martínez Setién via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> I'm having issues when dealing with an Oracle database.
> 
> When running with -Xxx (timestamps are important here) I see the following:

  Yes, sometimes it's necessary.

...
> That ~16 minutes delay seems to be consistent during these episodes:
> 
> Sun Jun 28 21:38:55 2020 : Debug: rlm_sql (sql_oracle_<REDACTED>): Closing
> expired connection (145): Hit max_uses limit
> Sun Jun 28 21:54:39 2020 : Debug: rlm_sql (sql_oracle_<REDACTED>): 0 of 0
> connections in use.  You  may need to increase "spare"
> 
> Is it normal to block while closing a SQL connection? Is FreeRADIUS waiting
> for something all that time?

  FreeRADIUS calls the Oracle client libraries to do things like open / close connections.  If the connection closing takes 16 minutes, then it's not the fault of FreeRADIUS.

  What is likely happening is that you have network issues.  i.e. TCP connections are being blocked in the network.  OR you have a stateful firewall between FreeRADIUS and Oracle, and the firewall is dropping TCP connections.

  The timeout is likely due to the OS and / or the Oracle library trying to gracefully close a connection.  The connection *should* exist, and *does* exist so far as the OS is concerned.  However, packets for that connection are dropped by the firewall.

  The solution here is to ensure that your network works properly.  Don't put a firewall between the RADIUS server and the database.  Or if you must have a firewall, ensure that it works properly.

  No amount of poking FreeRADIUS will make your local network work better.  You MUST fix the network.

  Alan DeKok.