radippool and expiry time
Alan DeKok
aland at deployingradius.com
Fri Aug 27 16:38:32 CEST 2021
On Aug 27, 2021, at 10:04 AM, Mirko Alberio <mirko.alberio at telemar.it> wrote:
> All is clear, we (wrongly) thought that expired allocation were considered NOT available by the radius
See the queries, which are just text:
#
# Find a free IP address from the pool, choosing the oldest expired one.
#
allocate_find = "\
SELECT framedipaddress FROM ${ippool_table} \
WHERE pool_name = '%{control:${pool_name}}' \
AND expiry_time < NOW() \
ORDER BY expiry_time \
LIMIT 1 \
FOR UPDATE ${skip_locked}"
> the reason we want them to be freed is that we have limited IPv4 resources and need to optimize them at best, so we thought that the best way was for radius to free the allocation, but as you say expired allocation ARE free, that is fine... but just one doubt:
>
> If NAS suffer a long maintanance and in the meantime the IP Pool is exhausted so Radius clear those expired allocation and assign them to new users, but then the NAS comes back, we could experience a conflict with those PPPOE users still connected to that NAS and the new one that "stole" their allocation. Right?
The server can also send a Session-Timeout to the NAS, which causes the NAS to kick the user off when their IP expires. This isn't the default, because generally NASes don't "disappear" off of the network.
So if the sqlippool module has "lease_duration" of 86400, you should _also_ set 'Session-Timeout := 86400". That means that the NAS is supposed to drop sessions after that timeout. Which means that the IP will be unused.
And if your NAS is disappearing off of the network, then bad things can happen. Make sure it's alive, and sending updates to FreeRADIUS.
Alan DeKok.
More information about the Freeradius-Users
mailing list