-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Alan DeKok wrote: > Arran Cudbard-Bell wrote: >> Really in an system of chained proxy servers like EDUROAM you only want >> to be testing first hop connectivity. > > Exactly. > >> Alan, do you think it might be a good idea to provide an option to >> disregard failures from standard authentication requests, and instead >> use periodic status_checks to mark servers alive or dead? > > How about having it send Status-Server packets (or whatever you > configure) at the START of the zombie period. i.e. as soon as it > determines that the server hasn't responded to a request, start pinging > it with Status-Server packets.
That'd work. So when a server is marked as a Zombie Access-Requests still sent to it until the Zombie period has expired? If so do responses to Access-Requests sent during the Zombie Period force the server live again? But of course you can't guarantee successful authentication within the Zombie Period... So you send the Status-Server packets before you Mark the server as dead, if the server responds then the first hop is good, and it's the ORPS that's dead. If it doesn't, then the first hop is bad and we fail over to another server. > > If it responds to the Status-Server, it will be marked "live", even if > it doesn't respond to Access-Request packets. > > That will help, but the only solution to working with broken servers > is to implement the N x M realm/server management. > Thanks, Arran - -- Arran Cudbard-Bell ([EMAIL PROTECTED]), Authentication, Authorisation and Accounting Officer, Infrastructure Services (IT Services), E1-1-08, Engineering 1, University Of Sussex, Brighton, BN1 9QT DDI+FAX: +44 1273 873900 | INT: 3900 GPG: 86FF A285 1AA1 EE40 D228 7C2E 71A9 25BB 1E68 54A2 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkjuH7oACgkQcaklux5oVKJb8wCfb3ZEDi5ZVuCmHzA4HR05jHF9 WacAniG+Vpf7rGZBHE2m94RzQuR5oTsF =8Om7 -----END PGP SIGNATURE----- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html