[load balancing] UDP/Radius on 10.0.30.7

From: Livings, Stuart, Tech Ops, VF UK (Stuart.LivingsIZZATgb.vodafone.co.uk)
Date: Tue Apr 13 2004 - 09:15:15 EDT


I've had something of a plough through the list archives, you all appear to be able to do Radius load balancing over UDP so I might be missing something. I consider myself to be acceptably experienced on Alteons but I am by no means a guru and have not have any formal training.

We have a whole bunch of AD4s, two of which have port 9 connected to our ethernet core. One of the services of these load balancers is to balance Radius authentication. They also balance a bunch of web servers and database servers. All of these services use proxy load balancing and the load balancers have PIP addresses configured on ports 1-8. The actual web servers, database servers and radius servers are elsewhere in the network.

When I initially implemented the UDP load balancing I hit a problem where the challenge/response process wasn't working properly. I fixed this by using an SLB filter and implementing WAP radius. I'm not sure if this was the right thing to do but it works.

This was all configured on 10.0.28.5. Now I've upgraded to 10.0.30.7 to solve a different problem we hit an interesting error message when attempting to apply changes. The load balancer runs the saved configuration fine, but complains about config changes:

--- 8< ---

>> Layer 4# /cf/sl/re 14/rip 10.33.81.3
Current real server IP address: 0.0.0.0
New pending real server IP address: 10.33.81.3

>> Real server 14 # apply
UDP is configured on virtual server 35 with PIPs.
        Enable DAM or disable PIPs to use UDP.
UDP is configured on virtual server 35 with PIPs.
        Enable DAM or disable PIPs to use UDP.
UDP is configured on virtual server 36 with PIPs.
        Enable DAM or disable PIPs to use UDP.
UDP is configured on virtual server 36 with PIPs.
        Enable DAM or disable PIPs to use UDP.
Error: Apply not done. Use "diff" to see pending changes,
       then use configuration menus to correct errors.

--- 8< ---

DAM is disabled because it has to be for the SLB filters, and I need PIP addresses because I need source NAT so that the return packets go through the load balancer.

So, starting with a quick question, how do you lot configure RADIUS auth/acct load balancing so that challenge/response works?

Thanks in advance,
Stuart

____________________
The Load Balancing Mailing List
Unsubscribe: mailto:majordomoIZZATvegan.net?body=unsubscribe%20lb-l
Archive: http://vegan.net/lb/archive
LBDigest: http://lbdigest.com
MRTG with SLB: http://vegan.net/MRTG
Hosted by: http://www.tokkisystems.com



This archive was generated by hypermail 2.1.4 : Wed Jun 16 2004 - 17:28:58 EDT