Re: Problem load-balancing Radius (UDP)

To:	Francois Baligant <francois@xxxxxxxxxxx>
Subject:	Re: Problem load-balancing Radius (UDP)
Cc:	lvs-users@xxxxxxxxxxxxxxxxxxxxxx
From:	Julian Anastasov <uli@xxxxxxxxxxxxxxxxxxxxxx>
Date:	Wed, 10 May 2000 16:54:23 +0300 (EEST)

        Hello,

On Wed, 10 May 2000, Francois Baligant wrote:

> 
> 14:06:36.277177 195.74.193.40.60774 > 195.74.212.31.1645: udp 244 (DF)
> 14:06:36.277205 195.74.193.40.60774 > 195.74.212.31.1645: udp 244 (DF)
> 14:06:36.430549 195.74.193.40.60774 > 195.74.212.31.1645: udp 244 (DF)
> 14:06:36.430575 195.74.193.40.60774 > 195.74.212.31.1645: udp 244 (DF)
> 14:06:36.639869 195.74.193.40.60774 > 195.74.212.31.1645: udp 244 (DF)
> 14:06:36.639894 195.74.193.40.60774 > 195.74.212.31.1645: udp 244 (DF)
> 14:06:38.040246 195.74.193.40.60774 > 195.74.212.31.1645: udp 246 (DF)
> 14:06:38.040276 195.74.193.40.60774 > 195.74.212.31.1645: udp 246 (DF)
> 14:06:38.117694 195.74.193.40.60774 > 195.74.212.31.1645: udp 243 (DF)
> 
> 14:06:49.899222 195.74.193.40.40190 > 195.74.212.31.1646: udp 349 (DF)
> 14:06:49.899256 195.74.193.40.40190 > 195.74.212.31.1646: udp 349 (DF)
> 14:06:50.358085 195.74.193.40.40223 > 195.74.212.31.1646: udp 349 (DF)
> 14:06:50.358114 195.74.193.40.40223 > 195.74.212.31.1646: udp 349 (DF)
> 14:06:51.494628 195.74.193.40.40346 > 195.74.212.31.1646: udp 349 (DF)
> 14:06:51.494656 195.74.193.40.40346 > 195.74.212.31.1646: udp 349 (DF)
> 14:06:51.810022 195.74.193.40.40381 > 195.74.212.31.1646: udp 349 (DF)
> 14:06:51.810051 195.74.193.40.40381 > 195.74.212.31.1646: udp 349 (DF)
> 14:06:52.351541 195.74.193.40.40485 > 195.74.212.31.1646: udp 199 (DF)
> 
>       I think you just helped me to understand what was
>       the problem. I will patch the radius to increate port
>       number for accounting request too.

        Very good. Because the tcpdump shows 60774 as the only
client to service 1645.

> 
>       BIG BIG thanks.
> 
>       regards,
>       Francois
> 
> Francois Baligant            * *       EuroNet Internet NV/SA
> Network Operation Center   *     *     a subsidiary of France Telecom
>                           *            Lozenberg 22 - B-1932 Zaventem
> FB1-6BONE                *             tel: +32 2 717 17 17
> francois@xxxxxxxxxxx                   fax: +32 2 717 17 77
> 
> 
> On Wed, 10 May 2000, Julian Anastasov wrote:
> 
> > 
> >     Hello,
> > 
> > On Wed, 10 May 2000, Francois Baligant wrote:
> > 
> > > 
> > >   Hi!
> > > 
> > >   We have a very weird problem load-balancing UDP-based
> > >   RADIUS packets.
> > > 
> > > UDP 195.74.212.37:16450 rr 
> > >       -> 195.74.212.26:16450   Route   1      0          0         
> > >       -> 195.74.212.34:16450   Route   1      0          0         
> > > UDP 195.74.212.31:1646 wlc 
> > >       -> 195.74.212.26:1646    Route   1      0          106       
> > >       -> 195.74.212.10:1646    Route   1      0          106       
> > > UDP 195.74.212.31:1645 wlc 
> > >       -> 195.74.212.26:1645    Route   1      0          1         
> > >       -> 195.74.212.10:1645    Route   1      0          0     
> > > 
> > >   We try to load-balance 3 ports. 1645 (authentication),
> > >   1646 (accounting) and 16450 (authentication for another
> > >   kind of service).
> > > 
> > >   What's weird is that 1645 works really fine but the 2
> > >   others rules just do not load-balance. Packets are always
> > >   sent to the same host. (in fact the first that was added
> > >   to the VS IP)
> > > 
> > >   We have tried with newest version of the patch. We tried to
> > >   put the port on different VIP. Nothing changed. I tried
> > >   to take a look at the kernel source but I have to admit
> > >   I don't have the time nor the knowledge to really track
> > >   something down there.
> > > 
> > >   We have been trying for one full month now to get this
> > >   to works without success. It's getting critical for us
> > >   to be able to load-balance that radius load on several
> > >   servers. However we are stuck.
> > > 
> > >   If anyone got any idea, please tell us
> > > 
> > >   OS: Linux vishnou 2.2.12 #1 Thu Sep 9 11:27:30 CEST
> > >   1999 i686 unknown
> > >   (tried with Redhat 6.2 2.2.14 patched kernel too)
> > > 
> > >   Real Server OS: Solaris 2.6
> > > 
> > >   Radius send single UDP packet at a high rate of 
> > >   sometime 5 packets/sec. UDP packets come from a single
> > >   server (our central proxy radius).
> > 
> >     Single server? Is that mean single IP:port too?
> > 
> >     You must show us a tcpdump session. Don't forget that
> > for UDP the autobind ports are not rotated. For TCP you have
> > ports selected in the 1024..4999 range but it is possible
> > all your client UDP packets to come from the same client's
> > port. This can be a good reason they to be redirected to
> > the same real server if the UDP entry is not expired. Show
> > a tcpdump session or try to set UDP timeout to a small value:
> > 
> > ipchains -M -S 0 0 2
> > 
> > Any difference? How many clients (UDP sockets) you have?
> > One client can't be balanced!!! There is a persistency
> > according to the default UDP timeout value.
> > 


Regards

--
Julian Anastasov <uli@xxxxxxxxxxxxxxxxxxxxxx>

<Prev in Thread]	Current Thread	[Next in Thread>
Problem load-balancing Radius (UDP), Francois Baligant Re: Problem load-balancing Radius (UDP), Joseph Mack Re: Problem load-balancing Radius (UDP), Francois Baligant Re: Problem load-balancing Radius (UDP), Julian Anastasov Re: Problem load-balancing Radius (UDP), Francois Baligant Re: Problem load-balancing Radius (UDP), Julian Anastasov <=

Previous by Date:	Re: client source IP based redirection, Julian Anastasov
Next by Date:	RE: NT behind LVS, Peter Martin
Previous by Thread:	Re: Problem load-balancing Radius (UDP), Francois Baligant
Next by Thread:	client source IP based redirection, S Ashok Kumar
Indexes:	[Date] [Thread] [Top] [All Lists]