On 05/10/11 09:56, Arran Cudbard-Bell wrote:
On 5 Oct 2011, at 10:40, Phil Mayers wrote:
On 10/05/2011 09:26 AM, Alan DeKok wrote:
Phil Mayers wrote:
I guess that's ok, in that it stops an unresponsive realm
blocking other realms, but wouldn't another solution be to add
a config item to the detail reader to drop packets which are>X
seconds old?
if (Acct-Delay-Time> 3600) { ok } else { ... do proxy .... }
Ah ha! Clever. I had forgotten the detail reader created/updated
that attribute. Yay FreeRADIUS!
It's a bad way of doing it. At least with replicate every accounting
packet has a chance... Using Acct-Delay-Time you'll end up dumping
anywhere between 1-15 seconds accounting data for all realms if one
realm is unreachable.
Whereas with rlm_replicate, you risk dropping arbitrary accounting
packets because there is no retry. There is no ideal solution, because
radius accounting was never designed for the kind of loosely-coupled
federation that is Eduroam.
For me, since most Eduroam sites don't care about receiving federated
accounting, my primary concern is for my server to carry on functioning,
and that means the detail file should not grow without bound. I don't
really care how that happens - as long as it does.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
