At 12:24 PM 8/1/2001 -0400, [EMAIL PROTECTED] wrote:
>VISP Systems Administration <[EMAIL PROTECTED]> wrote:
> > Excellent release. I do notice one item we discussed earlier when I was
> > running 0.1 regarding the tons of duplicate Accounting requests while
> proxying.
> >
> > sample line:
> > DATE: Info: Accounting: login: entry for NAS nasname.foo.bar port 51
> duplicate
> >
> > The patch Chris Parker posted does a good job eliminating most of the
> > duplicate Info logs requests in radius.log, but it is not implemented
> in 0.2.
>
> OK...
>
> > ----------- BEGIN PATCH -----------------
> > the 'acct.c' file:
> >
> > Change:
> > if(pairfind(request->config_items, PW_PROXY_TO_REALM)) {
> > To:
> > if((!request->proxy) && pairfind(request->config_items,
> PW_PROXY_TO_REALM)) {
> > ----------- END PATCH -----------------
>
> I'm not sure I agree with that. The patch posted earlier this week
>appeared to be a bit better.
I hadn't committed anything as I wasn't satisfied with the fix. I posted
it so that people could try it, but I'm still looking to find a cleaner
way to "fix" the problem.
> That is, the "preacct" AND the "accounting" sections should be
>executed for all modules, even if the packet is about to be proxied.
>This allows the server to log the accounting information, EVEN IF it
>never sees a proxied reply.
>
> If the accounting packet is NOT proxied, OR we've seen an accounting
>reply from the end server, THEN and ONLY THEN should the server
>respond with an accounting response packet to the NAS.
One issue I have with this, is that this can put a load on the NAS if
for some reason the end-radius is not responding. Given my situation,
where we proxy accounting for >2200 realms to >1000 ISP's, not sending
a reply to accounting ( full disk, misconfigured server, etc. ).
My opinion is that the NAS should be replied to once the record has
been stored locally. Then the server should retry to send the accounting
packet to the remote server a configurable number of times before
dropping the packet.
Otherwise, if a large customer is having problems with their accounting
server and not replying we've just increased the load on our proxies
*and* on our NAS as both will retry. I think it's cleaner to reply
to the NAS once the record is stored locally, so that if the end-radius
fails to respond the accounting server only has to retry.
-Chris
--
\\\|||/// \ Chris Parker - Manager, Development Engineering
\ ~ ~ / \ WX *is* Wireless! \ [EMAIL PROTECTED]
| @ @ | \ http://www.starnetwx.net \ (847) 963-0116
oOo---(_)---oOo--\------------------------------------------------------
\ Without C we would have 'obol', 'basi', and 'pasal'
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
