[EXT] Using netbox as a backend for FreeRADIUS

[Arran Cudbard-Bell]

> On 10 Mar 2025, at 14:19, Michael Schwartzkopff via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> 
> 
> On 10.03.25 20:12, Brian Julin wrote:
>> Michael Schwartzkopff wrote:
>>> I jusst published a blog article how to use netbox as a backend for
>>> FreeRADIUS to lookup MAC addresses for MAC-bypass. It is a nice exercise
>>> of the use of the rest module of FreeRADIUS.
>> Nice... yes netbox is a pretty easy REST target.  I'd encourage a test environment with
>> it though as the netbox devs like to... change stuff... a lot.
>> 
>> Also, last time I looked at rlm_rest I was a bit concerned about the number of connections
>> it seems to want to keep running.  Maybe overly so... there isn't much of a guide about
>> whether every thread really needs a connection or whatnot.  Consolidated all transactions
>> into an SQL database to eliminate races and batched them up from a single-connection
>> REST script instead.
>> 
>> A linux box running netbox won't be bothered very much by this but with some appliances
>> there's a pretty low limit on the number of REST connections allowed, so if you have a lot
>> of services/servers trying to hit something over REST any extra connections can add up fast.
>> 
>> Maybe I misunderstand the way REST uses connections or maybe FR4 has improvements
>> in sharing live connections between threads.

It doesn't share connections.  There's one libcurl multi-handle for each module instance, for each worker thread.

libcurl manages the network connections associated with the multi-handle.  If you're using v4 with Netbox, with HTTP/2.0, libcurl will likely open a single connection to Netbox per worker thread.  By default the number of workers is the number of cores on the system - 1.

-Arran

Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2