Clarification on proxy backend states (Zombie vs Dead) and possible packet loss

Alan DeKok alan.dekok at inkbridge.io
Tue Sep 16 19:09:04 UTC 2025 

On Sep 16, 2025, at 2:42 PM, Erdal Emlik via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> We are running FreeRADIUS as a proxy setup, and we are trying to better understand how backend states (Alive, Zombie, Dead) behave in practice.

  The documentation describes what those states are, and how the server transitions between them.

> If a backend does not reply within response_window, the proxy marks it as Zombie.
> The backend remains Zombie until the zombie_period expires. If no valid responses are received during this time, it becomes Dead.
> If there are no Alive backends left, the proxy prefers sending to a Zombie backend instead of dropping requests.
> Periodic Status-Check packets can bring a Zombie backend back to Alive.

  Yes.  That's all documented.

> 👉 My questions / doubts:
> 
> In the Zombie state, we sometimes see packet loss (packets not reaching the backend). Is this the expected behavior, since the proxy still forwards traffic to a potentially unstable backend?

  I'm not sure what you're asking here.

  If the home server is zombie, then it might be alive, or it might be dead.  The proxy isn't sure.  So it still forwards packets to it.  But... if the home server is actually dead, then the packets will be lost.

  That is, you will likely see packet loss when a home server is down.

> When the documentation says “if the home servers are still down” in the context of robust-proxy-accounting, does “down” strictly mean Dead, or are Zombie servers also considered “down”?

  Perhaps a better word is "unresponsive" instead of "down".

  If you think about it a bit, the proxy doesn't have any magical knowledge about whether or not the home server is "down".  The proxy instead tracks the states "dead", "alive", or "zombie".  i.e. what it *thinks* is happening.

  The proxy then transitions between those states, depending on whether or not it's received replies.

> In our understanding, if a backend is in Zombie state, packets may still be sent but can get lost due to intermittent connectivity (before the backend ever becomes Dead). Is this correct?

  Pretty much, yes.

> What would be the recommended approach to avoid accounting packet loss in such scenarios ( i know network must be stable but shit happens :(…)— should we rely on robust-proxy-accounting to queue locally until the backend is fully Alive again?

  The best way to avoid packet loss is to make sure that the home server doesn't go down.  If you can't do that, run robust-proxy-accounting.   That's what it's for.

  Alan DeKok.

More information about the Freeradius-Users mailing list