Re: Problem load-balancing Radius (UDP)

To:	Francois Baligant <francois@xxxxxxxxxxx>
Subject:	Re: Problem load-balancing Radius (UDP)
Cc:	lvs-users@xxxxxxxxxxxxxxxxxxxxxx
From:	Julian Anastasov <uli@xxxxxxxxxxxxxxxxxxxxxx>
Date:	Wed, 10 May 2000 15:32:55 +0300 (EEST)

        Hello,

On Wed, 10 May 2000, Francois Baligant wrote:

> 
>       Hi!
> 
>       We have a very weird problem load-balancing UDP-based
>       RADIUS packets.
> 
> UDP 195.74.212.37:16450 rr 
>       -> 195.74.212.26:16450   Route   1      0          0         
>       -> 195.74.212.34:16450   Route   1      0          0         
> UDP 195.74.212.31:1646 wlc 
>       -> 195.74.212.26:1646    Route   1      0          106       
>       -> 195.74.212.10:1646    Route   1      0          106       
> UDP 195.74.212.31:1645 wlc 
>       -> 195.74.212.26:1645    Route   1      0          1         
>       -> 195.74.212.10:1645    Route   1      0          0     
> 
>       We try to load-balance 3 ports. 1645 (authentication),
>       1646 (accounting) and 16450 (authentication for another
>       kind of service).
> 
>       What's weird is that 1645 works really fine but the 2
>       others rules just do not load-balance. Packets are always
>       sent to the same host. (in fact the first that was added
>       to the VS IP)
> 
>       We have tried with newest version of the patch. We tried to
>       put the port on different VIP. Nothing changed. I tried
>       to take a look at the kernel source but I have to admit
>       I don't have the time nor the knowledge to really track
>       something down there.
> 
>       We have been trying for one full month now to get this
>       to works without success. It's getting critical for us
>       to be able to load-balance that radius load on several
>       servers. However we are stuck.
> 
>       If anyone got any idea, please tell us
> 
>       OS: Linux vishnou 2.2.12 #1 Thu Sep 9 11:27:30 CEST
>       1999 i686 unknown
>       (tried with Redhat 6.2 2.2.14 patched kernel too)
> 
>       Real Server OS: Solaris 2.6
> 
>       Radius send single UDP packet at a high rate of 
>       sometime 5 packets/sec. UDP packets come from a single
>       server (our central proxy radius).

        Single server? Is that mean single IP:port too?

        You must show us a tcpdump session. Don't forget that
for UDP the autobind ports are not rotated. For TCP you have
ports selected in the 1024..4999 range but it is possible
all your client UDP packets to come from the same client's
port. This can be a good reason they to be redirected to
the same real server if the UDP entry is not expired. Show
a tcpdump session or try to set UDP timeout to a small value:

ipchains -M -S 0 0 2

Any difference? How many clients (UDP sockets) you have?
One client can't be balanced!!! There is a persistency
according to the default UDP timeout value.


Regards

--
Julian Anastasov <uli@xxxxxxxxxxxxxxxxxxxxxx>

<Prev in Thread]	Current Thread	[Next in Thread>
Problem load-balancing Radius (UDP), Francois Baligant Re: Problem load-balancing Radius (UDP), Joseph Mack Re: Problem load-balancing Radius (UDP), Francois Baligant Re: Problem load-balancing Radius (UDP), Julian Anastasov <= Re: Problem load-balancing Radius (UDP), Francois Baligant Re: Problem load-balancing Radius (UDP), Julian Anastasov

Previous by Date:	Re: Problem load-balancing Radius (UDP), Francois Baligant
Next by Date:	client source IP based redirection, S Ashok Kumar
Previous by Thread:	Re: Problem load-balancing Radius (UDP), Francois Baligant
Next by Thread:	Re: Problem load-balancing Radius (UDP), Francois Baligant
Indexes:	[Date] [Thread] [Top] [All Lists]