Radius Accounting 0 Bytes

Radius related questions
Post Reply
mvangent
Posts: 27
Joined: 11 Aug 2017, 22:06

Radius Accounting 0 Bytes

Post by mvangent »

Hey All,

I have a weird issue, at 2am my accel-ppp tries to report into radius accounting, but when it reports in I get zero bytes of data usage. However throughout the day I have no issues with data report if the tunnel drops and comes back. Screenshot and configs below, I welcome any suggestions!
pppoe-radius-data.PNG
pppoe-radius-data.PNG (56.3 KiB) Viewed 8032 times
Version

Code: Select all

mvangent@accel-ppp-02:~$ accel-cmd -V
accel-cmd bff66de7a08a6c62d263efc4fd2ef151094c83b7
mvangent@accel-ppp-02:~$
Config file

Code: Select all

mvangent@accel-ppp-02:~$ cat /etc/accel-ppp.conf.dist
[modules]
log_file
#log_syslog
log_tcp
#log_pgsql

#pptp
#l2tp
pppoe
#ipoe

auth_mschap_v2
auth_mschap_v1
auth_chap_md5
auth_pap

radius
#chap-secrets

ippool

pppd_compat

shaper
#net-snmp
#logwtmp
#connlimit

#ipv6_nd
#ipv6_dhcp
#ipv6pool

#net-accel-dp

[core]
log-error=/var/log/accel-ppp/core.log
thread-count=20

[common]
single-session=replace
#sid-case=upper
#sid-source=seq
#max-sessions=1000


[ppp]
verbose=1
min-mtu=1400
mtu=1492
mru=1492
#accomp=deny
##pcomp=deny
##ccp=0
##check-ip=0
##mppe=require
#ipv4=require
#ipv6=deny
#ipv6-intf-id=0:0:0:1
#ipv6-peer-intf-id=0:0:0:2
#ipv6-accept-peer-intf-id=1

lcp-echo-interval=20
lcp-echo-failure=6
lcp-echo-timeout=120

#unit-cache=1
##unit-preallocate=1



[auth]
any-login=0
noauth=0


[pppoe]
verbose=1
called-sid=mac
#tr101=1
#padi-limit=0
#ip-pool=pppoe
#sid-uppercase=0
vlan-mon=ens2f3,1-4095
vlan-timeout=60
vlan-name=%I.%N
interface=re:^ens2f3\.


[l2tp]
verbose=1
#dictionary=/usr/local/share/accel-ppp/l2tp/dictionary
#hello-interval=60
#timeout=60
#rtimeout=1
#rtimeout-cap=16
#retransmit=5
#recv-window=16
#host-name=accel-ppp
#dir300_quirk=0
#secret=
#dataseq=allow
#reorder-timeout=0
#ip-pool=l2tp

[ipoe]
verbose=1
username=ifname
#password=username
lease-time=600
renew-time=600
max-lease-time=3600
#unit-cache=1000
#l4-redirect-table=4
#l4-redirect-ipset=l4
#l4-redirect-on-reject=300
#l4-redirect-ip-pool=pool1
shared=0
ifcfg=1
mode=L2
start=dhcpv4
#start=UP
#ip-unnumbered=1
#proxy-arp=0
#nat=0
#proto=100
#relay=10.10.10.10
vendor=Ascend
#attr-dhcp-client-ip=DHCP-Client-IP-Address
#attr-dhcp-router-ip=DHCP-Router-IP-Address
#attr-dhcp-mask=DHCP-Mask
#attr-dhcp-lease-time=DHCP-Lease-Time
#attr-dhcp-opt82=DHCP-Option82
#attr-dhcp-opt82-remote-id=DHCP-Agent-Remote-Id
#attr-dhcp-opt82-circuit-id=DHCP-Agent-Circuit-Id
#attr-l4-redirect=L4-Redirect
#attr-l4-redirect-table=4
#attr-l4-redirect-ipset=l4-redirect
#lua-file=/etc/accel-ppp.lua
#offer-delay=0,100:100,200:200,-1:1000
#vlan-mon=eth0,10-200
#vlan-timeout=60
#vlan-name=%I.%N
#ip-pool=ipoe
#idle-timeout=0
#session-timeout=0
#soft-terminate=0
#check-mac-change=1
#calling-sid=mac
#local-net=192.168.0.0/16
#interface=ens192 ens2f3.105 ens2f3.106 ens2f3.107 ens2f3.108 ens2f3.109 ens2f3.101 ens2f3.102 ens2f3.103 ens2f3.104 ens2f3.110


[dns]
dns1=<Redacted>
dns2=<Redacted>

[wins]
#wins1=172.16.0.1
#wins2=172.16.1.1

[radius]
dictionary=/usr/local/accel-ppp/share/accel-ppp/radius/dictionary
nas-identifier=<Redacted>
nas-ip-address=<Redacted>
gw-ip-address=<Redacted>
server=<Redacted>,<Redacted>,auth-port=1812,acct-port=1813,req-limit=0,fail-timeout=0,max-fail=10,weight=1
verbose=1
timeout=10
max-try=10
acct-timeout=120
acct-delay-time=0
acct-on=1
acct-interim-interval=30
interim-verbose=1
#attr-tunnel-type=My-Tunnel-Type
dae-server=<Redacted>,<Redacted>
dm_coa_secret=<Redacted>

[client-ip-range]
disable

[ip-pool]
gw-ip-address=<Redacted>
#vendor=Cisco
#attr=Cisco-AVPair
attr=Framed-Pool
<Redacted>

[log]
log-file=/var/log/accel-ppp/accel-ppp.log
log-emerg=/var/log/accel-ppp/emerg.log
log-fail-file=/var/log/accel-ppp/auth-fail.log
#log-debug=/dev/stdout
#syslog=accel-pppd,daemon
#log-tcp=127.0.0.1:3000
copy=1
#color=1
#per-user-dir=per_user
#per-session-dir=per_session
#per-session=1
level=4

[log-pgsql]
conninfo=user=log
log-table=log

[pppd-compat]
#ip-pre-up=/etc/ppp/ip-pre-up
ip-up=/etc/ppp/ip-up
ip-down=/etc/ppp/ip-down
ip-change=/etc/ppp/ip-change
radattr-prefix=/var/run/radattr
verbose=1

[chap-secrets]
gw-ip-address=<Redacted>
#chap-secrets=/etc/ppp/chap-secrets
#encrypted=0
#username-hash=md5

[shaper]
#attr=Filter-Id
vendor=Ascend
attr-up=Ascend-Xmit-Rate
attr-down=Ascend-Data-Rate
rate-multiplier=0.001
down-burst-factor=0.1
up-burst-factor=0.1
#latency=50
#mpu=0
#mtu=0
#r2q=10
#quantum=1500
#moderate-quantum=1
#cburst=1534
#ifb=ifb0
up-limiter=police
down-limiter=tbf
#leaf-qdisc=sfq perturb 10
#leaf-qdisc=fq_codel [limit PACKETS] [flows NUMBER] [target TIME] [interval TIME] [quantum BYTES] [[no]ecn]
#rate-multiplier=0.01
#fwmark=1
verbose=1

[cli]
verbose=1
telnet=127.0.0.1:2000
tcp=127.0.0.1:2001
#password=123

[snmp]
master=0
agent-name=accel-ppp

[connlimit]
limit=10/min
burst=3
timeout=60


[accel-dp]
socket=/var/run/accel-dp.so

dimka88
Posts: 866
Joined: 13 Oct 2014, 05:51
Contact:

Re: Radius Accounting 0 Bytes

Post by dimka88 »

Hi, client had traffic on interface at 2am?
mvangent
Posts: 27
Joined: 11 Aug 2017, 22:06

Re: Radius Accounting 0 Bytes

Post by mvangent »

Not likely that there was actually traffic on the interface at 2am beyond normal windows heartbeats, but it should have reported all of the data usage since the last report in, which it doesnt seem to. I see this on every single customer I have put on Accel-ppp PPPoE tunnels, it even happens at the same time, so a customer whose tunnel has been stable for 8hrs reports in with 0 bytes at 2am, which i know for a fact to be false.
dimka88
Posts: 866
Joined: 13 Oct 2014, 05:51
Contact:

Re: Radius Accounting 0 Bytes

Post by dimka88 »

Do you can capture traffic on port 1813 and accel-ppp.log([log] level=5, confirm accel-cmd reload) at 2am?
Do you use radius attribute gigawords at the radius server on calculate sessions traffic?
mvangent
Posts: 27
Joined: 11 Aug 2017, 22:06

Re: Radius Accounting 0 Bytes

Post by mvangent »

We do not believe we need gigawords on the radius server as it is on a 64bit system. I might can run a packet capture, and i will definitely run a log level 5 tonight to try to catch the issue when it happens.


Thanks
mvangent
Posts: 27
Joined: 11 Aug 2017, 22:06

Re: Radius Accounting 0 Bytes

Post by mvangent »

Caught the radius data being sent, accel-ppp seems to be sending good data, will be looking into my radius server today.


[2018-02-28 02:34:48]: info: ppp0: send [RADIUS(1) Accounting-Request id=1e <User-Name "<Redacted>"> <NAS-Identifier "<Redacted>"> <NAS-IP-Address <Redacted>> <NAS-Port 0> <NAS-Port-Id "ppp0"> <NAS-Port-Type Virtual> <Service-Type Framed-User> <Framed-Protocol PPP> <Calling-Station-Id "04:f0:21:38:11:ce"> <Called-Station-Id "8c:7c:ff:21:d4:73"> <Acct-Status-Type Alive> <Acct-Authentic RADIUS> <Acct-Session-Id "ee9e59cb25df9bca"> <Acct-Session-Time 85503> <Acct-Input-Octets 100042792> <Acct-Output-Octets 2120154716> <Acct-Input-Packets 1078992> <Acct-Output-Packets 1593548> <Acct-Input-Gigawords 0> <Acct-Output-Gigawords 0> <Framed-IP-Address <Redacted>>]
mvangent
Posts: 27
Joined: 11 Aug 2017, 22:06

Re: Radius Accounting 0 Bytes

Post by mvangent »

Okay, I dug in further to this issue, looking in my radius database directly and I think this might be an accel-ppp issue.

Whenever i see zero bytes, that is a start session entry, sometimes i see 4 session starts before a stop, which means i am missing a bunch of stops, i do see this last night, multiple starts without sending stops which means we are actually losing data.

Happy to send more logs if necessary, there is so much data its hard to sanitize it, so i would prefer to send it by PM rather than post.
mvangent
Posts: 27
Joined: 11 Aug 2017, 22:06

Re: Radius Accounting 0 Bytes

Post by mvangent »

Okay, found the culprit, now i need some help to work around it?

At 02:45 we fire off a backup of the radius database, for the next 2-5 min the database is unavailable and therefore does not respond to radius, and at the same time accel-ppp drops all sessions without sending final session stops, what can i do to work around this? Can I set # of retries or something?
dimka88
Posts: 866
Joined: 13 Oct 2014, 05:51
Contact:

Re: Radius Accounting 0 Bytes

Post by dimka88 »

hi, use in accel-ppp.conf section [radius] acct-timeout = 300
acct-timeout=n
Specifies timeout to wait reply for Interim-Update packets.
If n is greater than zero then session will be terminated after timeout exceeds. If n is zero then don't retransmit Interim-Update packets and don't terminate session.
Post Reply