Arran Cudbard-Bell wrote: > That'd work. So when a server is marked as a Zombie Access-Requests > still sent to it until the Zombie period has expired?
Yes. I also noticed that the current code doesn't send Status-Server packets until "check_interval" time AFTER it's marked "dead". So we have "response_window" delay, followed by "zombie_period", followed by "check_interval". In some cases, it might not start pinging the home server until a minute after it stops responding. Not nice. My current proposal is to start pinging it at the start of "zombie_period". If you then set: zombie_period = 21 check_interval = 6 num_pings_to_alive = 3 It will start pinging the home server as soon as it stops responding. if it responds to all 3 pings, it will be marked "live" again, without ever being marked "dead". > If so do responses > to Access-Requests sent during the Zombie Period force the server live > again? Yes. > But of course you can't guarantee successful authentication within the > Zombie Period... So you send the Status-Server packets before you Mark > the server as dead, if the server responds then the first hop is good, > and it's the ORPS that's dead. If it doesn't, then the first hop is bad > and we fail over to another server. Yes. This still means that requests will be sent to that home server,even if they're for an upstream realm that's dead. If there are multiple paths to the upstream realm, then those other paths won't be discovered. But there is no RADIUS "routing protocol"[1]. So that's that. Alan DeKok. [1] For now. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html