Robust Proxy Accounting problem after switch from 2.2.10 to 3.2.1

Tue Nov 29 15:52:50 UTC 2022

> On 29 Nov 2022, at 17:46, Alan DeKok <aland at deployingradius.com> wrote:
> 
> On Nov 29, 2022, at 10:40 AM, Martin Zaharinov <micron10 at gmail.com> wrote:
>> Idea is when Main radius is miss to cache account data and to respons to client if Main server is not alive.
> 
>  I understand that.  That is what the documentation for the "robust proxy accounting" server says.  And I wrote that documentation, so I understand how it works.
> 
>> Do you have config for proxing directly , and if is direct idea is when Main server is dead to respons to users and user dont wait acct answer from main server.
> 
>  Read sites-available/robust-proxy-accounting
> 
>  That is how that virtual server works.  If you did anything else, you didn't follow the documentation.
> 
>>> The virtual server "robust proxy accounting" only uses the detail file if the home server is down.
>>> 
>>> So why is the home server down for extended periods of time?
>> 
>> Java radius in folder file is very fast process and not stay in folder.
> 
>  That doesn't answer my question.

Server is not down , May be respons very slow (Freeradius Main server)

> 
>> Freeradius server, AAA vendor write server is alive and respons but in folder i see this files and file is increase.
> 
>  So you configured the robust-proxy-account wrong.
> 
>  It looks like you have it ALWAYS writing to the detail file, and then proxying.  This is exactly the opposite of how that virtual server works.
> 
>  Instead, follow the documentation.  Have it proxy first, and then only write to the detail file if the home server is down.

this is config that i make read proxy.conf and robust-proxy-accounting : 

home_server home1.example.com {
    type = acct
    ipaddr = 192.168.0.1
    port = 1813
    secret = secret
    status_check = request
    username = "test_proxy"
    response_window = 20
    revive_interval = 30
    revive_interval = 120
    check_interval = 30
    check_timeout = 4
    num_answers_to_alive = 1
    max_outstanding = 65536
    zombie_period = 40

    limit {
        max_connections = 0
        max_requests = 0
        lifetime = 0
        idle_timeout = 0
    }
}

home_server_pool acct_pool.example.com {
    type = fail-over
    home_server = home1.example.com
    virtual_server = home.example.com
}

realm acct_realm.example.com {
    acct_pool = acct_pool.example.com
}

server home.example.com {
    post-proxy {
        Post-Proxy-Type Fail-Accounting {
            detail.example.com
        }

    }
    listen {
        type = detail
        filename = "${radacctdir}/detail-*:*"
        load_factor = 10
    }
    accounting {
        update control {
            &Proxy-To-Realm := 'acct_realm.example.com'
        }
    }

}

> 
>> Per Second.
> 
>  24K packets per second is a very high load system.  If a home server goes down for extended periods of time, then there will quickly be gigabytes of detail files written to disk.
> 

To allow accept 24k packets per second.

>  Alan DeKok.
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html