Re: rlm_ippool feedback from CVS version
On Mon, 1 Sep 2003, Mohsen Chirara wrote: > After 3 days of testing, I am still having the same problem. Now out of the > entire class C, I aways have the same 7 IP > addresses available for the pool. Here's is IP Tool output: > NAS:w.x.y.z port:0x36 - ipaddr:172.16.4.147 active:1 cli:0 num:1 > NAS:w.x.y.z port:0x4e38 - ipaddr:172.16.4.6 active:1 cli:0 num:1 > NAS:w.x.y.z port:0x20 - ipaddr:172.16.4.75 active:1 cli:0 num:1 > NAS:w.x.y.z port:0x6 - ipaddr:172.16.4.145 active:1 cli:0 num:1 > NAS:w.x.y.z port:0x13 - ipaddr:172.16.4.200 active:1 cli:0 num:1 > NAS:w.x.y.z port:0x25 - ipaddr:172.16.4.244 active:1 cli:0 num:1 > NAS:w.x.y.z port:0x2 - ipaddr:172.16.4.198 active:1 cli:0 num:1 > > What next ? > > Mohsen OK i 've most probably found the problem. Since it involves a lot of code rewriting I 'll commit a fix tomorrow. Thanks for the help -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_ippool feedback from CVS version
See below my answers: > > > After 3 days of testing, I am still having the same problem. Now out of the > > entire class C, I aways have the same 7 IP > > addresses available for the pool. Here's is IP Tool output: > > NAS:w.x.y.z port:0x36 - ipaddr:172.16.4.147 active:1 cli:0 num:1 > > NAS:w.x.y.z port:0x4e38 - ipaddr:172.16.4.6 active:1 cli:0 num:1 > > NAS:w.x.y.z port:0x20 - ipaddr:172.16.4.75 active:1 cli:0 num:1 > > NAS:w.x.y.z port:0x6 - ipaddr:172.16.4.145 active:1 cli:0 num:1 > > NAS:w.x.y.z port:0x13 - ipaddr:172.16.4.200 active:1 cli:0 num:1 > > NAS:w.x.y.z port:0x25 - ipaddr:172.16.4.244 active:1 cli:0 num:1 > > NAS:w.x.y.z port:0x2 - ipaddr:172.16.4.198 active:1 cli:0 num:1 > > > > What next ? > > If that's with iptool -v, then we're in trouble, the fix didn't > solve it. > > iptool -v shows every entry, active or not. the output above is iptool -v. > > Oh, I forgot to say. You probably needed to recreate your > db files for rlm_ippool when you upgraded to CVS's rlm_ippool, or > otherwise confirm that the situation hasn't gotten worse since > you installed the CVS rlm_ippool. I did recreate the pool after upgrading cvs's rlm_ippool. The situation is worse as my pool shrunk even more. Conclusion: THE SITUATION IS GETTING WORSE. > > In fact, I've just had a look at my own server (which has been > running the same fix from CVS for a while now) and my 230-odd > pool has been depleted to 26, of which only 15 have been used. > I had to repair mine last on July 26th, and its not a busy > server. > > However, that's not decisive as the fix was only comitted on > the 28th, and I dunno how long I held off on installing it on > my production server. > > I'll repair mine, and then see if I suffer further. > > -- > = > Paul "TBBle" Hampson > Bubblesworth Pty Ltd (ABN: 51 095 284 361) > [EMAIL PROTECTED] > > This is a one line proof...if we start > sufficiently far to the left. > -- Cambridge University Math Department > - > Random signature generator 3.0 by Paul "TBBle" Hampson > = > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > --- Ce mail ne contient pas de virus. This mail is virus free Scanné par Escan Checked by Escan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: rlm_ippool feedback from CVS version
> From: Mohsen Chirara > Sent: Monday, 1 September 2003 7:08 PM > After 3 days of testing, I am still having the same problem. Now out of the > entire class C, I aways have the same 7 IP > addresses available for the pool. Here's is IP Tool output: > NAS:w.x.y.z port:0x36 - ipaddr:172.16.4.147 active:1 cli:0 num:1 > NAS:w.x.y.z port:0x4e38 - ipaddr:172.16.4.6 active:1 cli:0 num:1 > NAS:w.x.y.z port:0x20 - ipaddr:172.16.4.75 active:1 cli:0 num:1 > NAS:w.x.y.z port:0x6 - ipaddr:172.16.4.145 active:1 cli:0 num:1 > NAS:w.x.y.z port:0x13 - ipaddr:172.16.4.200 active:1 cli:0 num:1 > NAS:w.x.y.z port:0x25 - ipaddr:172.16.4.244 active:1 cli:0 num:1 > NAS:w.x.y.z port:0x2 - ipaddr:172.16.4.198 active:1 cli:0 num:1 > > What next ? If that's with iptool -v, then we're in trouble, the fix didn't solve it. iptool -v shows every entry, active or not. Oh, I forgot to say. You probably needed to recreate your db files for rlm_ippool when you upgraded to CVS's rlm_ippool, or otherwise confirm that the situation hasn't gotten worse since you installed the CVS rlm_ippool. In fact, I've just had a look at my own server (which has been running the same fix from CVS for a while now) and my 230-odd pool has been depleted to 26, of which only 15 have been used. I had to repair mine last on July 26th, and its not a busy server. However, that's not decisive as the fix was only comitted on the 28th, and I dunno how long I held off on installing it on my production server. I'll repair mine, and then see if I suffer further. -- = Paul "TBBle" Hampson Bubblesworth Pty Ltd (ABN: 51 095 284 361) [EMAIL PROTECTED] This is a one line proof...if we start sufficiently far to the left. -- Cambridge University Math Department - Random signature generator 3.0 by Paul "TBBle" Hampson = - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: rlm_ippool feedback from CVS version
Well, it seems I've got it up and running now. I'm running today's cvs-snapshot. Because I'm testing it on a MaxTNT I also got the Ascend-hack set in the config. The results so far aren't very good, I'm ip's aren't freed after calls are closed. In the radacct logging the start and stop records are logged. I'll try to get more info. Regards, Chris On Thu, 2003-08-28 at 15:20, Chris van Meerendonk wrote: > Hi Paul, > > > > I can install a recent (cvs) version, but I'd like to know how to check > > This is gonna take some time. I installed rlm_ippool only from cvs (the > rest is still 0.9.0 release), but by server is crashing with it. I'll > let you know when I have something interesting. > > Chris > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_ippool feedback from CVS version
No, I shrunk. My pool is an entire class C. (172.16.4.1-172.16.4.254) If you have enabled detail file accct logging can you find tge corresponding > acct-stop packets for the active nas/port pairs in it or where they lost? I do get a stop packet but only for the 7 Ip addresses available. I configured my cisco to assign an IP address if rlm_ippool does not do its job. Here is a stop packet: Mon Sep 1 09:37:03 2003 NAS-IP-Address = w.x.y.z NAS-Port = 26 NAS-Port-Type = Async User-Name = "user" Called-Station-Id = "2060" Calling-Station-Id = "8643233" Acct-Status-Type = Stop Acct-Authentic = RADIUS Service-Type = Framed-User Acct-Session-Id = "31A5" Framed-Protocol = PPP Framed-IP-Address = 172.16.4.145 Acct-Terminate-Cause = User-Request Acct-Input-Octets = 3026 Acct-Output-Octets = 8864 Acct-Input-Packets = 64 Acct-Output-Packets = 54 Acct-Session-Time = 25 Acct-Delay-Time = 0 Client-IP-Address = w.x.y.z Acct-Unique-Session-Id = "9ef15654266b31bb" If you try and log in through an already active nas/port pair isn't the > corresponding entry freed? No sure I understand what you mean. If nas/port pair is active, how can I log in to again. The cisco will do it ... Or do you mean testing it through radpingtest or so ? - Original Message - From: "Kostas Kalevras" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Monday, September 01, 2003 9:30 AM Subject: Re: rlm_ippool feedback from CVS version > On Mon, 1 Sep 2003, Mohsen Chirara wrote: > > > After 3 days of testing, I am still having the same problem. Now out of the > > entire class C, I aways have the same 7 IP > > addresses available for the pool. Here's is IP Tool output: > > NAS:w.x.y.z port:0x36 - ipaddr:172.16.4.147 active:1 cli:0 num:1 > > NAS:w.x.y.z port:0x4e38 - ipaddr:172.16.4.6 active:1 cli:0 num:1 > > NAS:w.x.y.z port:0x20 - ipaddr:172.16.4.75 active:1 cli:0 num:1 > > NAS:w.x.y.z port:0x6 - ipaddr:172.16.4.145 active:1 cli:0 num:1 > > NAS:w.x.y.z port:0x13 - ipaddr:172.16.4.200 active:1 cli:0 num:1 > > NAS:w.x.y.z port:0x25 - ipaddr:172.16.4.244 active:1 cli:0 num:1 > > NAS:w.x.y.z port:0x2 - ipaddr:172.16.4.198 active:1 cli:0 num:1 > > > > What next ? > > So your pool started with only 7 ip's in it or did it shrink? > > If you have enabled detail file accct logging can you find tge corresponding > acct-stop packets for the active nas/port pairs in it or where they lost? > > If you try and log in through an already active nas/port pair isn't the > corresponding entry freed? > > Thanks for the feedback > > > > > Mohsen > > > > - Original Message - > > From: "Mohsen Chirara" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Thursday, August 28, 2003 5:05 PM > > Subject: Re: rlm_ippool feedback from CVS version > > > > > Ok I installed rlm_ippool from cvs branch - I will let you know if > > > everything is OK within > > > 2 days. > > > > > > - Original Message - > > > From: "Chris van Meerendonk" <[EMAIL PROTECTED]> > > > To: <[EMAIL PROTECTED]> > > > Sent: Thursday, August 28, 2003 1:20 PM > > > Subject: RE: rlm_ippool feedback from CVS version > > > > > > > Hi Paul, > > > > > > > I can install a recent (cvs) version, but I'd like to know how to > > > check > > > > > > > > This is gonna take some time. I installed rlm_ippool only from cvs (the > > > > rest is still 0.9.0 release), but by server is crashing with it. I'll > > > > let you know when I have something interesting. > > > > > > > > Chris > > > > > > > > > > > > - > > > > List info/subscribe/unsubscribe? See > > > http://www.freeradius.org/list/users.html > > > > > > > -- > > - > > > Ce mail ne contient pas de virus. This mail is virus free > > > Scann? par Escan Checked by Escan > > > > > > > > > > > > > > > - > > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > > > -- - > > Ce ma
Re: rlm_ippool feedback from CVS version
On Mon, 1 Sep 2003, Mohsen Chirara wrote: > After 3 days of testing, I am still having the same problem. Now out of the > entire class C, I aways have the same 7 IP > addresses available for the pool. Here's is IP Tool output: > NAS:w.x.y.z port:0x36 - ipaddr:172.16.4.147 active:1 cli:0 num:1 > NAS:w.x.y.z port:0x4e38 - ipaddr:172.16.4.6 active:1 cli:0 num:1 > NAS:w.x.y.z port:0x20 - ipaddr:172.16.4.75 active:1 cli:0 num:1 > NAS:w.x.y.z port:0x6 - ipaddr:172.16.4.145 active:1 cli:0 num:1 > NAS:w.x.y.z port:0x13 - ipaddr:172.16.4.200 active:1 cli:0 num:1 > NAS:w.x.y.z port:0x25 - ipaddr:172.16.4.244 active:1 cli:0 num:1 > NAS:w.x.y.z port:0x2 - ipaddr:172.16.4.198 active:1 cli:0 num:1 > > What next ? So your pool started with only 7 ip's in it or did it shrink? If you have enabled detail file accct logging can you find tge corresponding acct-stop packets for the active nas/port pairs in it or where they lost? If you try and log in through an already active nas/port pair isn't the corresponding entry freed? Thanks for the feedback > > Mohsen > > - Original Message - > From: "Mohsen Chirara" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Thursday, August 28, 2003 5:05 PM > Subject: Re: rlm_ippool feedback from CVS version > > > Ok I installed rlm_ippool from cvs branch - I will let you know if > > everything is OK within > > 2 days. > > > > - Original Message - > > From: "Chris van Meerendonk" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Thursday, August 28, 2003 1:20 PM > > Subject: RE: rlm_ippool feedback from CVS version > > > > > Hi Paul, > > > > > > I can install a recent (cvs) version, but I'd like to know how to > > check > > > > > > This is gonna take some time. I installed rlm_ippool only from cvs (the > > > rest is still 0.9.0 release), but by server is crashing with it. I'll > > > let you know when I have something interesting. > > > > > > Chris > > > > > > > > > - > > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > > > -- > - > > Ce mail ne contient pas de virus. This mail is virus free > > Scann? par Escan Checked by Escan > > > > > > > > > > - > > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > --- > Ce mail ne contient pas de virus. This mail is virus free > Scann? par Escan Checked by Escan > > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_ippool feedback from CVS version
After 3 days of testing, I am still having the same problem. Now out of the entire class C, I aways have the same 7 IP addresses available for the pool. Here's is IP Tool output: NAS:w.x.y.z port:0x36 - ipaddr:172.16.4.147 active:1 cli:0 num:1 NAS:w.x.y.z port:0x4e38 - ipaddr:172.16.4.6 active:1 cli:0 num:1 NAS:w.x.y.z port:0x20 - ipaddr:172.16.4.75 active:1 cli:0 num:1 NAS:w.x.y.z port:0x6 - ipaddr:172.16.4.145 active:1 cli:0 num:1 NAS:w.x.y.z port:0x13 - ipaddr:172.16.4.200 active:1 cli:0 num:1 NAS:w.x.y.z port:0x25 - ipaddr:172.16.4.244 active:1 cli:0 num:1 NAS:w.x.y.z port:0x2 - ipaddr:172.16.4.198 active:1 cli:0 num:1 What next ? Mohsen - Original Message - From: "Mohsen Chirara" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, August 28, 2003 5:05 PM Subject: Re: rlm_ippool feedback from CVS version > Ok I installed rlm_ippool from cvs branch - I will let you know if > everything is OK within > 2 days. > > - Original Message - > From: "Chris van Meerendonk" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Thursday, August 28, 2003 1:20 PM > Subject: RE: rlm_ippool feedback from CVS version > > > Hi Paul, > > > > > I can install a recent (cvs) version, but I'd like to know how to > check > > > > This is gonna take some time. I installed rlm_ippool only from cvs (the > > rest is still 0.9.0 release), but by server is crashing with it. I'll > > let you know when I have something interesting. > > > > Chris > > > > > > - > > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > -- - > Ce mail ne contient pas de virus. This mail is virus free > Scanné par Escan Checked by Escan > > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > --- Ce mail ne contient pas de virus. This mail is virus free Scanné par Escan Checked by Escan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_ippool feedback from CVS version
Ok I installed rlm_ippool from cvs branch - I will let you know if everything is OK within 2 days. - Original Message - From: "Chris van Meerendonk" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, August 28, 2003 1:20 PM Subject: RE: rlm_ippool feedback from CVS version > Hi Paul, > > > > I can install a recent (cvs) version, but I'd like to know how to check > > This is gonna take some time. I installed rlm_ippool only from cvs (the > rest is still 0.9.0 release), but by server is crashing with it. I'll > let you know when I have something interesting. > > Chris > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > --- Ce mail ne contient pas de virus. This mail is virus free Scanné par Escan Checked by Escan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: rlm_ippool feedback from CVS version
Hi Paul, > > > I can install a recent (cvs) version, but I'd like to know how to check This is gonna take some time. I installed rlm_ippool only from cvs (the rest is still 0.9.0 release), but by server is crashing with it. I'll let you know when I have something interesting. Chris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: rlm_ippool feedback from CVS version
Wauw, that's fun! I'll try if I can find any bugs... Thanks, Chris On Wed, 2003-08-27 at 14:31, Paul Hampson wrote: > > From: Chris van Meerendonk > > Sent: Wednesday, 27 August 2003 7:12 PM > > > I can install a recent (cvs) version, but I'd like to know how to check > > which ip-addresses are assigned according to the radius-server. On the > > NAS I can check that, just need to know how to compare these. Radius > > keeps these things in memory, doesn't it? Are there tools for tracking > > this? > > To check the IP pool records, you need ippooltool (available on the 'net, > we'd integrate it into FreeRADIUS if the original author would reply to > my emails...) > > You need to stop FreeRADIUS to look at the files Otherwise they'll > appear blank due to GDBM file locking. > > Basically, the problem is that under high load, IP addresses will disappear > from the pool. It's not a problem with the NAS, it's purely internal to > FreeRADIUS. Basically, the list output from ippooltool gets shorter, but > it _should_ stay the same length. Eventually you find you've got half your > maximum users, but no IPs to allocate. > > -- > = > Paul "TBBle" Hampson > Bubblesworth Pty Ltd (ABN: 51 095 284 361) > [EMAIL PROTECTED] > > This is a one line proof...if we start > sufficiently far to the left. > -- Cambridge University Math Department > - > Random signature generator 3.0 by Paul "TBBle" Hampson > = > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: rlm_ippool feedback from CVS version
> From: Chris van Meerendonk > Sent: Wednesday, 27 August 2003 7:12 PM > I can install a recent (cvs) version, but I'd like to know how to check > which ip-addresses are assigned according to the radius-server. On the > NAS I can check that, just need to know how to compare these. Radius > keeps these things in memory, doesn't it? Are there tools for tracking > this? To check the IP pool records, you need ippooltool (available on the 'net, we'd integrate it into FreeRADIUS if the original author would reply to my emails...) You need to stop FreeRADIUS to look at the files Otherwise they'll appear blank due to GDBM file locking. Basically, the problem is that under high load, IP addresses will disappear from the pool. It's not a problem with the NAS, it's purely internal to FreeRADIUS. Basically, the list output from ippooltool gets shorter, but it _should_ stay the same length. Eventually you find you've got half your maximum users, but no IPs to allocate. -- = Paul "TBBle" Hampson Bubblesworth Pty Ltd (ABN: 51 095 284 361) [EMAIL PROTECTED] This is a one line proof...if we start sufficiently far to the left. -- Cambridge University Math Department - Random signature generator 3.0 by Paul "TBBle" Hampson = - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_ippool feedback from CVS version
Hi Paul, I can install a recent (cvs) version, but I'd like to know how to check which ip-addresses are assigned according to the radius-server. On the NAS I can check that, just need to know how to compare these. Radius keeps these things in memory, doesn't it? Are there tools for tracking this? Chris On Wed, 2003-08-27 at 10:38, Paul Hampson wrote: > I'm looking for feedback from people using a CVS snapshot > more recent than "Tue Jul 29 18:40:50 2003 UTC" and using > rlm_ippool. There's an intended bugfix for the problem of > ippool entries disappearing on busy servers, but it's not > been shown to be correct yet. > > The version of rlm_ippool.c with the bugfix is 1.23. > > The reason I ask is that the bugfix is fairly important > for 0.9.1 but I don't want to pull code changes in like > this one without knowing that they fix the bug. (I'm using > the code myself, but my RADIUS server's not busy enough > to trigger the bug repeatably.) > > Someone on this list had a test harness setup I think to > fire massive piles of requests at a FreeRADIUS server, and > had helped to identify the this bug. I'd _love_ to hear > from that person as to whether they can still do that test, > and whether the CVS fix works so I can roll it into 0.9.1 > assured that it's good. > > -- > = > Paul "TBBle" Hampson > Bubblesworth Pty Ltd (ABN: 51 095 284 361) > [EMAIL PROTECTED] > > This is a one line proof...if we start > sufficiently far to the left. > -- Cambridge University Math Department > - > Random signature generator 3.0 by Paul "TBBle" Hampson > = > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_ippool feedback from CVS version
I'm looking for feedback from people using a CVS snapshot more recent than "Tue Jul 29 18:40:50 2003 UTC" and using rlm_ippool. There's an intended bugfix for the problem of ippool entries disappearing on busy servers, but it's not been shown to be correct yet. The version of rlm_ippool.c with the bugfix is 1.23. The reason I ask is that the bugfix is fairly important for 0.9.1 but I don't want to pull code changes in like this one without knowing that they fix the bug. (I'm using the code myself, but my RADIUS server's not busy enough to trigger the bug repeatably.) Someone on this list had a test harness setup I think to fire massive piles of requests at a FreeRADIUS server, and had helped to identify the this bug. I'd _love_ to hear from that person as to whether they can still do that test, and whether the CVS fix works so I can roll it into 0.9.1 assured that it's good. -- = Paul "TBBle" Hampson Bubblesworth Pty Ltd (ABN: 51 095 284 361) [EMAIL PROTECTED] This is a one line proof...if we start sufficiently far to the left. -- Cambridge University Math Department - Random signature generator 3.0 by Paul "TBBle" Hampson = - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html