sqlippool, allocate_find and duplicate address if NAS packets are received in the reverse order
Alan DeKok
aland at deployingradius.com
Mon Sep 19 13:20:33 UTC 2022
On Sep 17, 2022, at 11:03 AM, Terry Burton <terry.burton at gmail.com> wrote:
> Does the NAS allocate a session identifier at auth time?
No. That's my #1 changeI would have made to RADIUS. Everything else is minor.
> Is
> Acct-Unique-Id stable between auth and acct, or can it be made so? In
> which case consider using this as the pool_key. This way activity
> related to updating/closing of the old session will not affect the new
> allocation since the pool_key will not match.
The debug output should say... but if it's the same called / calling-station ID, NAS IP / port, etc. Then it's difficult to tell the sessions apart.
The only workaround is to use the Acct-Start-Time, and to record the 'last allocation time' when the IP is allocated. But doing that may cause the SQL database to avoid the index.
> NASs often generate auth requests instantaneously in response to
> incoming events (PPPoE PADI, IPoE FSoL), and generate acct requests
> via a low-priority, timer-driven state machine, often with less than
> ideal opportunities for coordination between these mechanisms.
> Therefore it's not uncommon for the CPE to retry possibly multiple
> authentications before the accounting session is terminated, e.g. due
> to a long PPPoE keepalive-timeout. It's somewhat normal to receive
> Stops (and even I-Us) for the ongoing sessions that are awaiting
> timeout.
i.e. "RADIUS is horrible". :(
Alan DeKok.
More information about the Freeradius-Users
mailing list