Error: Ignoring duplicate packet from client

Alan DeKok aland at deployingradius.com
Thu Jul 8 17:54:33 CEST 2021 

On Jul 8, 2021, at 11:41 AM, Nicolás Ciuffolotti via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> 
> Alan, again, thank you very much for the responses.
> 
> Trying to be clearer, the cpu processes that grow are on the slapd service,

  Then fix the slapd service.  This is not a FreeRADIUS issue.

> but only when the errors start "Error: (382) Ignoring duplicate packet from
> client" prior to this,

  Again, this is a side effect.  That message is coming because the LDAP server has ALREADY STOPPED RESPONDING TO FREERADIUS.

  I really don't know how to explain this in any other way.

> with only 2 NAS sending request does not happen, in
> the more I add one more Juniper NAS, these errors start.

  How many packets/s is it receiving?  Tens?  Millions?

  You're so stuck on reading the debug messages and the high CPU load, that you are doing NOTHING to understand the root cause of the issue.

  If the NAS is sending FreeRADIUS 100K packets/s, then of course there's an issue.  It likely can't keep up with the load.  Or, if you've configured FreeRADIUS to do 100K LDAP queries per packet, then of course there's an issue.

> About of configuration on FR, I changed minimus of default

  <sigh>  I didn't ask how much you changed.  I asked WHAT you changed.

  If you're not going to give useful answers to my questions, then I will probably just stop trying to help you.

  WHAT did you change?

  The rest of the information you posted is not helpful.  You've already posted the log messages with errors.  You're wasting your time by posting them again.  We already know that FreeRADIUS is talking to LDAP.  So posting "there are multiple connections established" is similarly useless.

  You need to find the CAUSE of the problem.  This involves tracking down what's going on, and understanding the system you built.

  Stop looking at CPU loads.  Stop looking at FreeRADIUS debug output.  Stop looking at connections between FreeRADIUS and the LDAP server.  All of that is useless and irrelevant.

  Instead, look ELSEWHERE for the problem.  You've looked at the current information many times, and gotten nowhere.  This should be a strong hint that the information you're looking at isn't useful.

  Start with the default configuration.  It works.  Make ONE change.  Test it.  If it works, save a copy of the configuration.  Repeat with more changes.  At some point, the system may go crazy.  THAT change is the one which is the problem.

  Alan DeKok.

More information about the Freeradius-Users mailing list