We run a similar setup with primary/secondary radius servers. We use a pair of MySQL database servers to maintain the session database for enforcement of Simultaneous-use restrictions. The session databases are configured to replicate in a circular master/slave, slave/master relationship. This has functioned flawlessly for a year or so now. Too help insure the databases are up-to-date with the NAS's (portmasters) we run a small perl script via cron every 5 minutes that uses snmp to query the appropriate NAS for each entry currently in the session database and verify the session is still active. If the session has gone away, the entry is deleted from the session database. This way invalid entries will get removed even if a stop packet is lost between the NASs and the radius servers. Because we use database replication, the corrections need only be applied to one session database and they will propagate very quickly with no need for intervention or multiple queries.
This system has recovered flawlessly through several power outages that brought our network down in a less graceful manner (yes, we do have UPSs in the system). When the servers come back up, the entries in the session databases are corrected within a few minutes.
Regards,
David Miller
At 07:22 PM 1/2/03 +0100, you wrote:
Having the standard set-up with Prim/Sec Radiator server with a backend with Prim/Sec database let's suppose we would like to implement the port limit check(per DNIS) by means of dedicated AuthByPortlimit or Simultaneous-use check+SessiondatabaseMy question is about performance and accuracy of the counters in case of failure( I suppose only for the backend) I can think of two scenarios 1. When a database from the backend goes down then the other one takes over. The second one I suppose has "quite an old update" due to of any possible replication mechanism. If this is the case then the port limit check is not quite accurate from now on. Question here is how we can synchronise the database with the NAS(if the NAS type is not mentioned). Can we run a command(from Radiator) in the middle of the night to interrogate all NAS's in order to have this synchronisation back? 2. Setting two sessiondatabases one for the primary database and one for the secondary database but the drawback here could be the performance due to two extra queries(insert/delete) to the backend(maybe I am wrong) Does anybody have an experience about this?What would be the best set-up versus performance? Thanks in advance Kind Regards Marius Stefan #*************************************************************************** # # Dit e-mailbericht met eventuele attachments is uitsluitend bestemd voor de # geadresseerde(n) en bevat mogelijk vertrouwelijke gegevens en/of is # beschermd door intellectuele eigendomsrechten. Bent u niet de # geadresseerde, neemt u dan zo spoedig mogelijk contact op met de afzender # en verzoeken wij u het e-mailbericht en eventuele attachments van uw # computer te verwijderen. Elk gebruik van de inhoud van dit e-mailbericht # en eventuele attachments (waaronder verveelvoudiging, verspreiding of het # anderzins openbaar maken in welke vorm dan ook) door andere personen dan # de bedoelde geadresseerden is verboden. De weergegeven mening is puur # persoonlijk en hoeft niet noodzakelijk over een te komen met die van # Enertel. Enertel is niet aansprakelijk voor de inhoud van dit # e-mailbericht en eventuele attachments. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
David Miller | System Engineer | Linux User #37518 Newport Internet | [EMAIL PROTECTED] | 541-265-3596 | === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
