[RADIATOR] Loadbalancing requests from Proxy

2013-05-09 Thread Michael Hulko 
We have been requested to try and loadbalance requests to a Campus department 
with their own Radius (IAS) server for their wireless users.  We currently 
proxy to them from our Radiator server(s) for their users, however, their 
current server cannot handle to load.  They have added 2 new servers to their 
environment and we have configured a test server to test the AuthBy 
VOLUMEBALANCE, ROUNDROBIN features of Radiator.  We are experiencing, what 
appears to be excessive delays in responses from their servers in this 
configuration.  We have tested each server individually while configured as 
AuthBy Radius with multiple host clauses, and although, the response times 
are immediate, there is no guarantee, that I can find from the documentation 
that a failed/timedout request will go to the next host listed in the AuthBy 
clause.  Attached is the trace 4 log of the AuthBy VOLUMEBALANCE attempt.  
Any assistance or recommendations is greatly appreciated.

here is the portion of the config used:

# Dept identifier
Client 129.100.160.133
IdenticalClients 129.100.160.144
IdenticalClients 129.100.160.97
Secret 
DupInterval 0
IgnoreAcctSignature
Identifier ONCAMPUS
/Client

# Proxies auth requests to the IVEY IAS radius servers using a loadbalance 
algorithm (BogoMips)
AuthBy VOLUMEBALANCE
Log errorLogger
Log western_syslog
Identifier Dept
Retries 3
RetryTimeout 5
FailureBackoffTime 20 
AuthPort 1645
AcctPort 1646
Secret xx
LocalAddress 172.18.58.210
 # biz-core1
Host 129.100.160.144
BogoMips 2  
/Host
 # biz-core2
Host 129.100.160.197
BogoMips 2
/Host
 # biz-support
Host 129.100.160.133
BogoMips 1
/Host
 /AuthBy

Thanks for any assistance.

Michael Hulko
Network Analyst

Western University Canada
Network Operations Centre
Information Technology Services
1393 Western Road, SSB 3300CC
London, Ontario  N6G 1G9

tel: 519-661-2111 x81390
e-mail: mihu...@uwo.ca mailto:mihu...@uwo.ca





___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator

[RADIATOR] Unexpected behavior with UseStatusServerForFailureDetect in AuthBy LOADBALANCE

2013-05-09 Thread Todor Genov 
Hi,

I have found an issue where the Retries clause is ignored when using 
UseStatusServerForFailureDetect with AuthBy LOADBALANCE.
In a scenario where a downstream proxy becomes unresponsive requests enter a 
re-transmit loop until the next Status-Server keepalive detects the host has 
failed and only then requests are ignored.

To replicate use the following config:

Realm DEFAULT
AuthBy LOADBALANCE
Retries 3
RetryTimeout 1
UseStatusServerForFailureDetect
KeealiveTimeout 300
NoreplyTimeout 1
Host localhost
AuthPort 1822
AcctPort 1823
/Host
/AuthBy
/Realm

A single Access-Request is re-transmitted 300 ( KeepaliveTimeout/RetryTimeout ) 
times instead of 3. Once the request is eventually ignored the following can be 
seen in the logs: 

Fri May 10 01:19:33 2013: INFO: AuthRADIUS : Could not find a working host to 
forward a (76) after 301 seconds. Ignoring
Fri May 10 01:19:33 2013: INFO: AuthRADIUS : No reply after 301 seconds and 3 
retransmissions to 127.0.0.1:1822 for a (227)

When using the same config with AuthBy RADIUS the behavior is as expected and 
the request is re-transmitted only three times then ignored:

Fri May 10 01:08:41 2013: INFO: AuthRADIUS : Could not find a working host to 
forward a (1) after 4 seconds. Ignoring
Fri May 10 01:08:41 2013: INFO: AuthRADIUS : No reply after 4 seconds and 3 
retransmissions to 127.0.0.1:1822 for a (129)

Thanks.

--
todor
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator