[rbak-nsp] auth storm and problem with freeRadius
Marcin Kuczera
marcin at leon.pl
Sun Apr 19 17:01:11 EDT 2009
Frans Legdeur wrote:
> Hi Marcin,
>
> The problem could well be that the Redback works with an outstanding amount
> of requests that differs from what the radius server can handle.
>
> By default, the redback will work with 250 outstanding requests before it
> stops sending more authentication requests.
> Your radius server, as many others, might stop handling request at 100
> incoming requests (buffered).
yhm, well.
So - if that's the limit, I'll try to apply such rules.
Btw, on freeBSD, freeradius "freezes", on linux - process just diappears..
I have to do /etc/init.d/freeradius to have it running...
> This means that the redback will timeout 150 requests before it will send
> them again (See command "show radius statistics" number of "request timeout"
> should run up).
clear
> You can adjust the max number of outstanding requests on the redback by
> command: "radius max-outstanding 100" at the context where the radius server
> is configured (This example limits the amount to 100 outstanding requests).
that's ok for me. The worst is that I don't know why freeradius on linux
just disappears..
> With regards to the different type of radius servers, FreeRadius should
> performance wise works well. Personally we always work with Radiator, due to
> it's flexibility and ease of configuration, including connections to
> databases. I have recently tested 800 subscriber sessions, generated with
> SmartBits on PPPoA, which runs against an SE-100 with my laptop as radius
> server (Apple G4, Perl, Radiator and PostGreSQL), took 42 seconds to get
> them all authenticated.
I'll test it.
Do you have any tool to test i.e. 1000 requests for PPPoE ?
I know a very, very nice tool for GGSN (sgsn simulator, Trembler by
ericsson) and - I wish I could have something like that for pppoe..
> This included radius guided CCOD for each circuit and PPPoA, this would summ
> up to 1600 requests all together to get them authenticated (19 subs/sec) and
> accounting ... (that's 57 radius request per second handled)
>
> So, your problem is not within the radius server, just limit the amount of
> outstanding requests and it should work fine ;-)
I'll test it then.
> At Belgacom we once had complains that the SE didn't authenticate the
> subscribers quick enough, closer look showed the radius server couldn't
> handle the requests quick enough ... Once that was solved all worked fine.
well, evel several minutes after big crash is not a problem for us ;-)
Regards,
Marcin
> Kind regards,
>
>
> Frans.
>
>> From: Marcin Kuczera <marcin at leon.pl>
>> Date: Sat, 18 Apr 2009 12:54:17 +0200
>> To: <redback-nsp at puck.nether.net>
>> Subject: [rbak-nsp] auth storm and problem with freeRadius
>>
>> well,
>>
>> since some time we have some problems with radius, process dies just
>> like that (on one server) and on the other stops responding.
>>
>> let's pick the one that dies:
>> db:~# dpkg -s freeradius
>> Package: freeradius
>> Status: install ok installed
>> Priority: optional
>> Section: net
>> Installed-Size: 1604
>> Maintainer: Stephen Gran <sgran at debian.org>
>> Architecture: i386
>> Version: 2.0.4+dfsg-6
>> Provides: radius-server
>>
>> last night, after when I had a problem:
>> Apr 17 21:14:17: %PPAL2-3-PPPOE_ERR:
>> a593028b/0002524333/907900000:02/IPPA/EU00:Failed to allocate memory for
>> pppoe throttle node -
>> 0004c20c 0009ae08 0004bee4 0009036e 00098138 00098110 00000000
>>
>> I did a reload of card #2.
>> So - all subscribers (pppoe and clips) went down.
>>
>>
>> After reload all I had a little storm of auth requests.. and - I had to
>> start freeradius about 20 times for ~900subcribers (It's just start of
>> moving subscribers to redback so - not too much).
>>
>> Did anyone had such problems and what could help on freeradius side ?
>>
>> Or - which radius working with postgresql would you recommend ?
>>
>> Regards,
>> Marcin
>>
>> _______________________________________________
>> redback-nsp mailing list
>> redback-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/redback-nsp
>
>
>
More information about the redback-nsp
mailing list