[rbak-nsp] AAA daemon load is too high

Stefano Rapari s.rapari at gmail.com
Thu Oct 21 09:41:18 EDT 2010 

Hi Navin, 

can you check that your radius server has the same secret key as per the Smartedge configuration. 

Message-authenticator is described in RFC 2869:

Description

      This attribute MAY be used to sign Access-Requests to prevent
      spoofing Access-Requests using CHAP, ARAP or EAP authentication
      methods.  It MAY be used in any Access-Request.  It MUST be used
      in any Access-Request, Access-Accept, Access-Reject or Access-
      Challenge that includes an EAP-Message attribute.

      A RADIUS Server receiving an Access-Request with a Message-
      Authenticator Attribute present MUST calculate the correct value
      of the Message-Authenticator and silently discard the packet if it
      does not match the value sent.

      A RADIUS Client receiving an Access-Accept, Access-Reject or
      Access-Challenge with a Message-Authenticator Attribute present
      MUST calculate the correct value of the Message-Authenticator and
      silently discard the packet if it does not match the value sent.

Thanks
Stefano


On Oct 21, 2010, at 12:23 PM, Navin Nepali wrote:

> This high cpu load problem in SE800 is still giving me problem. I have tried everything to control this. To test we have blocked all the PPPoE request (PADI) coming to SE800 but still we can see the cpu is still High. I have collected the AAA log in SE800 during blocking PADI.
>  
> I see following message:
> Oct 21 14:39:02: [0002]: [255/22:1:27/6/2/70475]: %AAA-7-RADIUS: aaa_idx 1cc0683b: aaaidx_tree_insert: insert aaa_idx to idx tree for context db_request_type Accounting Update. (adsl5532891) 
> Oct 21 14:39:02: %AAA-7-RADIUS: rad_process_received_pkt: Receive 20 bytes from radius server 192.168.117.16 (1813)
> Oct 21 14:39:02: [0002]: %AAA-7-RADIUS: rad_find_match_srv: Find matching server 192.168.117.16/1813
> Oct 21 14:39:02: %AAA-7-RADIUS: rad_process_received_pkt: Receive 20 bytes from radius server 192.168.117.16 (1813)
> Oct 21 14:39:02: [0002]: %AAA-7-RADIUS: rad_find_match_srv: Find matching server 192.168.117.16/1813
> Oct 21 14:39:02: %AAA-7-RADIUS: rad_process_received_pkt: Receive 48 bytes from radius server 192.168.117.16 (1812)
> Oct 21 14:39:02: [0002]: %AAA-7-RADIUS: rad_find_match_srv: Find matching server 192.168.117.16/1812
> Oct 21 14:39:02: %AAA-7-RADIUS: rad_response_sanity_check: Message-Authenticator is not present
> Oct 21 14:39:02: %AAA-7-RADIUS: rad_process_received_pkt: Receive 48 bytes from radius server 192.168.117.16 (1812)
> Oct 21 14:39:02: [0002]: %AAA-7-RADIUS: rad_find_match_srv: Find matching server 192.168.117.16/1812
> Oct 21 14:39:02: %AAA-7-RADIUS: rad_response_sanity_check: Message-Authenticator is not present
> Oct 21 14:39:02: %AAA-7-RADIUS: rad_process_received_pkt: Receive 46 bytes from radius server 192.168.117.16 (1812)
> Oct 21 14:39:02: [0002]: %AAA-7-RADIUS: rad_find_match_srv: Find matching server 192.168.117.16/1812
> Oct 21 14:39:02: %AAA-7-RADIUS: rad_response_sanity_check: Message-Authenticator is not present
> Oct 21 14:39:03: %AAA-7-RADIUS: rad_send, Process radius requests in authen high priority queue
>  
> Can someone tell me what does it mean by "rad_response_sanity_check: Message-Authenticator is not present"
>  
> Anyway i have attached the log with this mail.
>  
> Thanks!
> 
> <debugradius.txt>_______________________________________________
> redback-nsp mailing list
> redback-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/redback-nsp

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/redback-nsp/attachments/20101021/89f998a7/attachment.html>

More information about the redback-nsp mailing list