Re: Problem load-balancing Radius (UDP)

To:	Julian Anastasov <uli@xxxxxxxxxxxxxxxxxxxxxx>
Subject:	Re: Problem load-balancing Radius (UDP)
Cc:	lvs-users@xxxxxxxxxxxxxxxxxxxxxx
From:	Francois Baligant <francois@xxxxxxxxxxx>
Date:	Wed, 10 May 2000 15:00:30 +0200 (MET DST)

14:06:36.277177 195.74.193.40.60774 > 195.74.212.31.1645: udp 244 (DF)
14:06:36.277205 195.74.193.40.60774 > 195.74.212.31.1645: udp 244 (DF)
14:06:36.430549 195.74.193.40.60774 > 195.74.212.31.1645: udp 244 (DF)
14:06:36.430575 195.74.193.40.60774 > 195.74.212.31.1645: udp 244 (DF)
14:06:36.639869 195.74.193.40.60774 > 195.74.212.31.1645: udp 244 (DF)
14:06:36.639894 195.74.193.40.60774 > 195.74.212.31.1645: udp 244 (DF)
14:06:38.040246 195.74.193.40.60774 > 195.74.212.31.1645: udp 246 (DF)
14:06:38.040276 195.74.193.40.60774 > 195.74.212.31.1645: udp 246 (DF)
14:06:38.117694 195.74.193.40.60774 > 195.74.212.31.1645: udp 243 (DF)

14:06:49.899222 195.74.193.40.40190 > 195.74.212.31.1646: udp 349 (DF)
14:06:49.899256 195.74.193.40.40190 > 195.74.212.31.1646: udp 349 (DF)
14:06:50.358085 195.74.193.40.40223 > 195.74.212.31.1646: udp 349 (DF)
14:06:50.358114 195.74.193.40.40223 > 195.74.212.31.1646: udp 349 (DF)
14:06:51.494628 195.74.193.40.40346 > 195.74.212.31.1646: udp 349 (DF)
14:06:51.494656 195.74.193.40.40346 > 195.74.212.31.1646: udp 349 (DF)
14:06:51.810022 195.74.193.40.40381 > 195.74.212.31.1646: udp 349 (DF)
14:06:51.810051 195.74.193.40.40381 > 195.74.212.31.1646: udp 349 (DF)
14:06:52.351541 195.74.193.40.40485 > 195.74.212.31.1646: udp 199 (DF)

        I think you just helped me to understand what was
        the problem. I will patch the radius to increate port
        number for accounting request too.

        BIG BIG thanks.

        regards,
        Francois

Francois Baligant            * *       EuroNet Internet NV/SA
Network Operation Center   *     *     a subsidiary of France Telecom
                          *            Lozenberg 22 - B-1932 Zaventem
FB1-6BONE                *             tel: +32 2 717 17 17
francois@xxxxxxxxxxx                   fax: +32 2 717 17 77


On Wed, 10 May 2000, Julian Anastasov wrote:

> 
>       Hello,
> 
> On Wed, 10 May 2000, Francois Baligant wrote:
> 
> > 
> >     Hi!
> > 
> >     We have a very weird problem load-balancing UDP-based
> >     RADIUS packets.
> > 
> > UDP 195.74.212.37:16450 rr 
> >       -> 195.74.212.26:16450   Route   1      0          0         
> >       -> 195.74.212.34:16450   Route   1      0          0         
> > UDP 195.74.212.31:1646 wlc 
> >       -> 195.74.212.26:1646    Route   1      0          106       
> >       -> 195.74.212.10:1646    Route   1      0          106       
> > UDP 195.74.212.31:1645 wlc 
> >       -> 195.74.212.26:1645    Route   1      0          1         
> >       -> 195.74.212.10:1645    Route   1      0          0     
> > 
> >     We try to load-balance 3 ports. 1645 (authentication),
> >     1646 (accounting) and 16450 (authentication for another
> >     kind of service).
> > 
> >     What's weird is that 1645 works really fine but the 2
> >     others rules just do not load-balance. Packets are always
> >     sent to the same host. (in fact the first that was added
> >     to the VS IP)
> > 
> >     We have tried with newest version of the patch. We tried to
> >     put the port on different VIP. Nothing changed. I tried
> >     to take a look at the kernel source but I have to admit
> >     I don't have the time nor the knowledge to really track
> >     something down there.
> > 
> >     We have been trying for one full month now to get this
> >     to works without success. It's getting critical for us
> >     to be able to load-balance that radius load on several
> >     servers. However we are stuck.
> > 
> >     If anyone got any idea, please tell us
> > 
> >     OS: Linux vishnou 2.2.12 #1 Thu Sep 9 11:27:30 CEST
> >     1999 i686 unknown
> >     (tried with Redhat 6.2 2.2.14 patched kernel too)
> > 
> >     Real Server OS: Solaris 2.6
> > 
> >     Radius send single UDP packet at a high rate of 
> >     sometime 5 packets/sec. UDP packets come from a single
> >     server (our central proxy radius).
> 
>       Single server? Is that mean single IP:port too?
> 
>       You must show us a tcpdump session. Don't forget that
> for UDP the autobind ports are not rotated. For TCP you have
> ports selected in the 1024..4999 range but it is possible
> all your client UDP packets to come from the same client's
> port. This can be a good reason they to be redirected to
> the same real server if the UDP entry is not expired. Show
> a tcpdump session or try to set UDP timeout to a small value:
> 
> ipchains -M -S 0 0 2
> 
> Any difference? How many clients (UDP sockets) you have?
> One client can't be balanced!!! There is a persistency
> according to the default UDP timeout value.
> 
> 
> Regards
> 
> --
> Julian Anastasov <uli@xxxxxxxxxxxxxxxxxxxxxx>
> 
> 
>

<Prev in Thread]	Current Thread	[Next in Thread>
Problem load-balancing Radius (UDP), Francois Baligant Re: Problem load-balancing Radius (UDP), Joseph Mack Re: Problem load-balancing Radius (UDP), Francois Baligant Re: Problem load-balancing Radius (UDP), Julian Anastasov Re: Problem load-balancing Radius (UDP), Francois Baligant <= Re: Problem load-balancing Radius (UDP), Julian Anastasov

Previous by Date:	client source IP based redirection, S Ashok Kumar
Next by Date:	Re: client source IP based redirection, Julian Anastasov
Previous by Thread:	Re: Problem load-balancing Radius (UDP), Julian Anastasov
Next by Thread:	Re: Problem load-balancing Radius (UDP), Julian Anastasov
Indexes:	[Date] [Thread] [Top] [All Lists]