PPPoE Problem when several requests

PPPoE related questions
Post Reply
andlui9
Posts: 37
Joined: 20 Jan 2017, 11:46

PPPoE Problem when several requests

Post by andlui9 »

Hi, I noticed that in the latest version (99fc79fd173f911596c0324046dd7515cf1dd7e7) a problem is occurring when the daemon receives many connection requests at the same time, for example, when some transport is inactive for a while and a large number of clients send the requests. It seems to me that the accel is entering some infinite loop, the sessions are "locked" for a short period of time, and do not end, and soon the CPE send again the problem and turns into a gigantic problem, in my case it gets even worse , because I use centralized ip pool in the radius, then when it happens all my IPs are blocked and exhaust quickly. I noticed that until the commit 54f225b10ddd13ad4a7e3e5359fdbd2bf927d130 this does not happen, then something is wrong, or with my conf, or with the daemon.

Here's my conf:
https://pastebin.com/raw/LfmgYgrp
dimka88
Posts: 866
Joined: 13 Oct 2014, 05:51
Contact:

Re: PPPoE Problem when several requests

Post by dimka88 »

Hi, run accel-cmd show stat when large number of clients send the requests.

Code: Select all

server=address,secret[,auth-port=1812][,acct-port=1813][,req-
       limit=0][,fail-timeout=0,max-fail=0,][,weight=1][,backup]
              Specifies IP address, secret, ports of RADIUS server.
              req-limit  - number of simultaneous requests to server (0
              - unlimited).
              fail-timeout  -  if  server  doesn't  responds  mark  it  as
              unavailable for this time (sec).
              max-fail  -  number  of unreplied requests in a row after
              that mark server as unavailable.
              weight - specifies weight of server for multi-server con‐
              figuration.
              backup  -  mark  server  as  backup  server f.e. use this
              server only when all other servers are failed.
              If you want to specify only authentication or  accounting
              server  then  set  auth-port/acct-port  to zero.  You may
              specify multiple radius servers.

try

Code: Select all

[radius]
...
server=10.3.3.153,testing123,auth-port=1812,acct-port=0,req-limit=30,fail-timeout=15,max-fail=100,weight=1
server=10.3.3.153,testing123,auth-port=0,acct-port=1813,req-limit=0,fail-timeout=0,max-fail=0,weight=1
andlui9
Posts: 37
Joined: 20 Jan 2017, 11:46

Re: PPPoE Problem when several requests

Post by andlui9 »

so I did the tests again, but it did not work, the problem still happens, even changing the parameters of the radius.

This error happens if you try to view the sessions (accel-cmd show sessions) at the time of the problem:
accel_read, 169: Impossible to read input: read () failed: Connection reset by peer
nik247
Posts: 108
Joined: 11 Oct 2014, 15:57

Re: PPPoE Problem when several requests

Post by nik247 »

try too:
[modules]
.....
connlimit

[pppoe]
...
padi-limit=3
...

[connlimit]
limit=10/min
burst=3
timeout=60
andlui9
Posts: 37
Joined: 20 Jan 2017, 11:46

Re: PPPoE Problem when several requests

Post by andlui9 »

Well, I did the test with these parameters, but the behavior was not expected, when the parameter padi-limit = 3 is set, only 4 users connect and the other vlan, all, issue the following message:

warn: pppoe: discarding overlimit PADI packets on interface eth2.XXXX

Anything else I can do?

Here is the log:
https://pastebin.com/raw/jmn7Ahn3
andlui9
Posts: 37
Joined: 20 Jan 2017, 11:46

Re: PPPoE Problem when several requests

Post by andlui9 »

Finally, I was able to find out the cause of the problem! It has to do with the pppd-compat module, more specifically the ip-pre-up parameter. I tested with a script that only one echo and the problem happens, just commenting the parameter already makes it work perfectly! I will leave the conf of this module and the contents of the script below for it to be analyzed, I will also leave the message that I noticed in the log at the time of failure.

conf:

Code: Select all

[pppd-compat]
verbose=1
radattr-prefix=/var/run/radattr
ip-up=/usr/local/bin/pppoe-up.sh
ip-down=/usr/local/bin/pppoe-down.sh
ip-change=/usr/local/bin/pppoe-change.sh
ip-pre-up=/usr/local/bin/pppoe-preup.sh
script pppoe-preup.sh content:

Code: Select all

#!/bin/bash
echo > /dev/null
exit 0
log at the moment of fail:

Code: Select all

[2018-03-21 11:12:30]:  info: pppoe31: pppd_compat: ip-pre-up finished (0)
[2018-03-21 11:12:30]: debug: pppoe33: pppd_compat: wakeup
[2018-03-21 11:12:30]: debug: pppoe35: radius(2): req_exit 14
[2018-03-21 11:12:30]:  info: pppoe28: pppd_compat: ip-pre-up finished (0)
[2018-03-21 11:12:30]:  info: pppoe33: pppd_compat: ip-pre-up started (pid 18395)
[2018-03-21 11:12:30]:  info: pppoe34: shaper: installed shaper 5000/2000 (Kbit)
[2018-03-21 11:12:30]: debug: pppoe35: radius(2): wakeup 0x7fb1081700a8
[2018-03-21 11:12:30]: debug: pppoe34: pppd_compat: sleep
[2018-03-21 11:12:30]:  info: pppoe35: recv [RADIUS(2) Accounting-Response id=1]
[2018-03-21 11:12:30]: debug: pppoe34: pppd_compat: wakeup
[2018-03-21 11:12:30]:  info: pppoe30: pppd_compat: ip-pre-up finished (0)
[2018-03-21 11:12:30]:  info: pppoe34: pppd_compat: ip-pre-up started (pid 18396)
[2018-03-21 11:12:30]:  info: pppoe32: pppd_compat: ip-pre-up finished (0)
[2018-03-21 11:12:30]:  info: pppoe33: pppd_compat: ip-pre-up finished (0)
[2018-03-21 11:12:30]: debug: pppoe31: pppoe: ppp started
[2018-03-21 11:12:30]: debug: pppoe28: pppoe: ppp started
[2018-03-21 11:12:30]:  info: pppoe35: shaper: installed shaper 5000/2000 (Kbit)
[2018-03-21 11:12:30]:  info: pppoe35: pppd_compat: ip-pre-up started (pid 18397)
[2018-03-21 11:12:30]:  info: pppoe31: pppd_compat: ip-up started (pid 18399)
[2018-03-21 11:12:30]: debug: pppoe29: pppd_compat: wakeup
[2018-03-21 11:12:30]:  info: pppoe29: pppd_compat: ip-up started (pid 18400)
[2018-03-21 11:12:30]:  info: pppoe28: pppd_compat: ip-up started (pid 18401)
Post Reply