Re: Proxy state attribute in accounting

Sun, 17 Apr 2011 23:17:12 -0700 

On Sat, Apr 16, 2011 at 9:19 PM, Alan DeKok <al...@deployingradius.com> wrote:
> Waqas Toor wrote:
>> Yes, Understood, Can I can limit those proxy-state attributes to lets
>> say 100 attributes only.
>> Because the other server is complaining about possible DoS attacks.
>
>  <sigh>  It would have been useful for you to say that at the beginning.
>
>  If there are 100 Proxy-State attributes, it's likely because you
> screwed up proxying somewhere.  It makes *no* sense to proxy packets
> through 100 servers.

Ok here is my robust-example-accounting that I am using for proxy
==============================================================

home_server home1.example.com {
        type = acct
        ipaddr = 10.1.67.37
        port = 1813
        secret = free-rad512

        #  Mark this home server alive ONLY when it starts being responsive
        status_check = request
        username = "test_user_status_check"

        response_window = 6
}

home_server home2.example.com {
        type = acct
        ipaddr = 10.1.67.28
        port = 1813
        secret = free-rad512

        #  Mark this home server alive ONLY when it starts being responsive
        status_check = request
        username = "test_user_status_check"

        response_window = 6
}

home_server acct_detail.example.com {
        virtual_server = acct_detail.example.com
}


home_server_pool acct_pool.example.com {
        type = load-balance     # other types are OK, too.

        home_server = home1.example.com
        home_server = home2.example.com

        fallback = acct_detail.example.com

        virtual_server = home.example.com
}

realm test_cpe.com{
        acct_pool = acct_pool.example.com
        nostrip
}

server acct_detail.example.com {
        accounting {
                detail.example.com
        }
}

server home.example.com {
        pre-proxy {
        }

        post-proxy {
                Post-Proxy-Type Fail {
                        detail.example.com
                }
        }

        listen {
                type = detail
                filename = "${radacctdir}/detail.example.com/detail-*:*"
                load_factor = 10
        }

        accounting {

                update control {
                        Proxy-To-Realm := "test_cpe.com"
                }
        }

}

================================================

It works fine, but when one of the server goes down of a long period,
It sends a lot of proxy state attributes.

Regards
Waqas

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to