rihad wrote: > Absurd. The Dell PowerEdge 2950 w/ 2 quad-cores cannot itself without > human intervention survive the "NAS attack" exactly due to having to > give up on hundreds of requests per second
Your dual quad-core box can't handle hundreds of packets a second? Wow... your Perl script is doing something *really* bad. Simple tests of the server with PAP to a MySQL database show a single core machine can get 1000's of requests/s. If there's no DB, FreeRADIUS can do 10's of 1000's of requests per second. Test it yourself without your Perl script. It's not hard to do. > not replied to in under 1 > second, evidenced by an almost equal presence of many "Discarding > conflicting packet" and "Received conflicting packet" lines in the log. > That is, not many (if any) of our "Receved ..." lines are due to what > could be considered a NAS timeout, and they should be treated like > "Discarding ...", that is, the new request should be dropped. OK... so you don't understand how RADIUS works. Conflicting packets *are* NAS timeouts. Nothing else causes them. >> No. You do not understand how RADIUS works. The code will NOT be >> changed to discard the new packet. > > Perhaps someone more knowledgeable than you will be more able to assess > all points involved. This is a joke, right? There are maybe 10 people on the planet who know as much about RADIUS than I do. I doubt very much that anyone knows *more* about RADIUS. Good luck solving your problem. It's clear you don't want expert help. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
