sqlippool, allocate_find and duplicate address if NAS packets are received in the reverse order

Alan DeKok aland at deployingradius.com
Mon Sep 19 13:20:33 UTC 2022

On Sep 17, 2022, at 11:03 AM, Terry Burton <terry.burton at gmail.com> wrote:
> Does the NAS allocate a session identifier at auth time?

  No.  That's my #1 changeI would have made to RADIUS.   Everything else is minor.

> Is
> Acct-Unique-Id stable between auth and acct, or can it be made so? In
> which case consider using this as the pool_key. This way activity
> related to updating/closing of the old session will not affect the new
> allocation since the pool_key will not match.

  The debug output should say... but if it's the same called / calling-station ID, NAS IP / port, etc.  Then it's difficult to tell the sessions apart.

  The only workaround is to use the Acct-Start-Time, and to record the 'last allocation time' when the IP is allocated.  But doing that may cause the SQL database to avoid the index.

> NASs often generate auth requests instantaneously in response to
> incoming events (PPPoE PADI, IPoE FSoL), and generate acct requests
> via a low-priority, timer-driven state machine, often with less than
> ideal opportunities for coordination between these mechanisms.
> Therefore it's not uncommon for the CPE to retry possibly multiple
> authentications before the accounting session is terminated, e.g. due
> to a long PPPoE keepalive-timeout. It's somewhat normal to receive
> Stops (and even I-Us) for the ongoing sessions that are awaiting
> timeout.

  i.e. "RADIUS is horrible".  :(

  Alan DeKok.

More information about the Freeradius-Users mailing list