What is the purpose of the default accounting-on/off queries?
modesto at hubsoft.com.br
Sat Oct 9 16:51:22 CEST 2021
On 09/10/2021 11:24, Nathan Ward wrote:
>> On 10/10/2021, at 3:16 AM, Antônio Modesto <modesto at hubsoft.com.br> wrote:
>> Hello everyone,
>> I have two questions:
>> 1) What is the purpose of the default accounting-on and accounting-off queries bundled with freeradius? I am asking this because one of my customer's NAS is sending accounting-on packets for no reason, and Freeradius is closing the sessions with the 'NAS-Reboot' Acct-Terminate-Cause. I was thinking about disabling the accounting-on query altogether, and leaving only the accounting-off. Are there any side effects by doing this?
> This means the NAS is misbehaving.
> Accounting-On and Accounting-Off should only be sent when the NAS is booting or shutting down - i.e. when sessions are terminated en mass. In those situations, the NAS might not send Stop messages for each session (and in many cases, such as a crash, cannot).
> Leaving only Accounting-Off will mean in case of a NAS crash, it’ll come back and may not be able to get customers online until the sessions expire in the RADIUS server state - in case you limit concurrent sessions, or have limited IPs in sqlippool. Accounting-On is important in these situations.
> Perhaps to work around the poor RADIUS implementation on the NAS, you can filter out these messages - do they have any additional attributes? Some misbehaving NASes send Accounting-On/Off for subsystems, with additional attributes to identify the subsystem.
> Send the NAS vendor this page: https://freeradius.org/rfc/acct_status_type_subsystem.html <https://freeradius.org/rfc/acct_status_type_subsystem.html>
> Can you share who the vendor is?
It is a Juniper MX5 router.
Based on what you said, I think the safest choice for us is to ignore
accounting-on, and leave just accounting-off. We have other mechanisms
to deal with staled sessions and pool addresses. This NAS is sending
accounting-on in a totally random fashion.
>> 2) Does Freeradius use accounting-off packets to release IPs allocated in the sqlippool?
> By default, yes.
> Nathan Ward
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Att, *Antônio Modesto*
More information about the Freeradius-Users