On 05/10/2013 02:33 AM, Todor Genov wrote: > I have found an issue where the "Retries" clause is ignored when using > UseStatusServerForFailureDetect with "AuthBy LOADBALANCE".
Hello Todor, We have recently received reports about Status-Server probing and there appears to be some issues that require a further look from us. However, before doing anything else, please check the reference manual for 'FailureBackoffTime' and especially this note: Caution: with most types of load balancing modules, the default of 0 will mean endless retransmission of each request until a reply is received. Since you have not specified FailureBackoffTime it defaults to 0 and might be the cause of the problem you see. Thanks, Heikki > In a scenario where a downstream proxy becomes unresponsive requests enter a > re-transmit loop until the next Status-Server keepalive detects the host has > failed and only then requests are ignored. > > To replicate use the following config: > > <Realm DEFAULT> > <AuthBy LOADBALANCE> > Retries 3 > RetryTimeout 1 > UseStatusServerForFailureDetect > KeealiveTimeout 300 > NoreplyTimeout 1 > <Host localhost> > AuthPort 1822 > AcctPort 1823 > </Host> > </AuthBy> > </Realm> > > A single Access-Request is re-transmitted 300 ( KeepaliveTimeout/RetryTimeout > ) times instead of 3. Once the request is eventually ignored the following > can be seen in the logs: > > Fri May 10 01:19:33 2013: INFO: AuthRADIUS : Could not find a working host to > forward a (76) after 301 seconds. Ignoring > Fri May 10 01:19:33 2013: INFO: AuthRADIUS : No reply after 301 seconds and 3 > retransmissions to 127.0.0.1:1822 for a (227) > > When using the same config with "AuthBy RADIUS" the behavior is as expected > and the request is re-transmitted only three times then ignored: > > Fri May 10 01:08:41 2013: INFO: AuthRADIUS : Could not find a working host to > forward a (1) after 4 seconds. Ignoring > Fri May 10 01:08:41 2013: INFO: AuthRADIUS : No reply after 4 seconds and 3 > retransmissions to 127.0.0.1:1822 for a (129) > > Thanks. > > -- > todor > _______________________________________________ > radiator mailing list > [email protected] > http://www.open.com.au/mailman/listinfo/radiator > -- Heikki Vatiainen <[email protected]> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
