> -----Original Message-----
> From: Chris Parker [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, August 01, 2001 9:46 AM
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: Re: 0.2 Remaining Bug
>
>
> At 12:24 PM 8/1/2001 -0400, [EMAIL PROTECTED] wrote:
> >VISP Systems Administration <[EMAIL PROTECTED]> wrote:
> > > Excellent release. I do notice one item we discussed
> earlier when I was
> > > running 0.1 regarding the tons of duplicate Accounting
> requests while
> > proxying.
> > >
> > > sample line:
> > > DATE: Info: Accounting: login: entry for NAS
> nasname.foo.bar port 51
> > duplicate
> > >
> > > The patch Chris Parker posted does a good job eliminating
> most of the
> > > duplicate Info logs requests in radius.log, but it is not
> implemented
> > in 0.2.
> >
> > OK...
> >
> > > ----------- BEGIN PATCH -----------------
> > > the 'acct.c' file:
> > >
> > > Change:
> > > if(pairfind(request->config_items, PW_PROXY_TO_REALM)) {
> > > To:
> > > if((!request->proxy) && pairfind(request->config_items,
> > PW_PROXY_TO_REALM)) {
> > > ----------- END PATCH -----------------
> >
> > I'm not sure I agree with that. The patch posted earlier
> this week
> >appeared to be a bit better.
>
> I hadn't committed anything as I wasn't satisfied with the
> fix. I posted
> it so that people could try it, but I'm still looking to find
> a cleaner
> way to "fix" the problem.
>
> > That is, the "preacct" AND the "accounting" sections should be
> >executed for all modules, even if the packet is about to be proxied.
> >This allows the server to log the accounting information, EVEN IF it
> >never sees a proxied reply.
> >
> > If the accounting packet is NOT proxied, OR we've seen an
> accounting
> >reply from the end server, THEN and ONLY THEN should the server
> >respond with an accounting response packet to the NAS.
>
> One issue I have with this, is that this can put a load on the NAS if
> for some reason the end-radius is not responding. Given my situation,
> where we proxy accounting for >2200 realms to >1000 ISP's, not sending
> a reply to accounting ( full disk, misconfigured server, etc. ).
>
> My opinion is that the NAS should be replied to once the record has
> been stored locally. Then the server should retry to send
> the accounting
> packet to the remote server a configurable number of times before
> dropping the packet.
>
> Otherwise, if a large customer is having problems with their
> accounting
> server and not replying we've just increased the load on our proxies
> *and* on our NAS as both will retry. I think it's cleaner to reply
> to the NAS once the record is stored locally, so that if the
> end-radius
> fails to respond the accounting server only has to retry.
>
> -Chris
I tested accounting proxy with 0.2. My results hadn't been successful. It
stored accounting packets locally correctly, and it sent accounting packets
out to the end RADIUS servers, but the NAS didn't get answer back from the
proxy and caused several retries. My initial guess is that the returned
result from storing packets locally affects proxying. I still got positive
results with the CVS snapshot on 07/09 patched acct.c with my solution (
failed with the orignal snapshot itself). Like I said before. The following
patch on acct.c will fix the logging problems without side-effects on the
program itself:
if(pairfind(request->config_items, PW_PROXY_TO_REALM)) {
somevalue = module_accounting(request);
(error log here if any);
return reply;
}
I didn't get the time to check the new codes. Some other changes on proxy.c
or etc might cause the problem.
I agree with Chris's idea on accounting proxy. It seemed that caused some
structure change in the software as Alan's decription. There is another
issue that to support >2200 realms most of the data structures in the
software need to be changed. With linked lists for the data structures, the
processes will run very slow. At least some kind of hash algorithms are
needed for the REALM structure.
-- Qinxue Chen
__________________________________________
NetZero Platinum
Sign Up Today - Only $9.95 per month!
http://www.netzero.net
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
