<div dir="ltr">That's the frustrating part. Despite being able to balance UDP connections, you need to use an http check. There's not even a tcp option. <div><br>We've resorted to running nginx on the servers and if we decide to production it, maybe we'll build something into monit to kill nginx if radius dies. Hacky.</div>
<div><br></div><div>Essentially it's just checking if the server's up in our case. Which is better than the round-robin stuff we have tried previously. Actually, previously we used Amazon's route 53 to route the traffic but this also needed a tcp / http check.</div>
<div><br></div><div>They claim they're not blocking outbound traffic other than the obvious (smtp etc.) but I don't believe that currently.</div><div><br></div><div>If radius works when we hit the server without the load-balancer and then mysteriously stops sending out, it would appear it is being blocked.</div>
<div><br></div><div><br></div><div class="gmail_extra">
<br><br><div class="gmail_quote">On 25 July 2014 14:06, Fajar A. Nugraha <span dir="ltr"><<a href="mailto:list@fajar.net" target="_blank">list@fajar.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
On Fri, Jul 25, 2014 at 7:48 PM, Simon Morley <<a href="mailto:simon@polkaspots.com">simon@polkaspots.com</a>> wrote:<br>
> Agreed. So it would seem there is an issue getting the traffic back out<br>
> again as suspected.<br>
><br>
> We don't have a million users so I shan't bother looking at the F5s. Will<br>
> hassle Google again.<br>
><br>
> I suspect their health check is randomly removing the machines from the load<br>
> balancers.<br>
<br>
I'm curious what they use for udp health check. Do they even have any?<br>
Is it something that aware of radius packets? Or is it just basic ping<br>
check?<br>
<br>
--<br>
Fajar<br>
<br>
<br>
><br>
> Thanks<br>
><br>
><br>
><br>
> On 25 July 2014 13:24, Alan DeKok <<a href="mailto:aland@deployingradius.com">aland@deployingradius.com</a>> wrote:<br>
>><br>
>> Simon Morley wrote:<br>
>> > I've discussed with Google and they're saying the connection isn't<br>
>> > closed and the load-balancer therefore puts the instance in 'unhealthy'<br>
>> > mode.<br>
>><br>
>> UDP sessions aren't "closed". The google support guys don't seem to<br>
>> be competent.<br>
>><br>
>> > Has anyone tried this successfully - either on GCE or other UDP load<br>
>> > balancer? Does anyone have any thoughts about how I could solve?<br>
>><br>
>> F5 load balancers seem to work. But they are useful only when you're<br>
>> at Telco scale. i.e. 1M+ users. For pretty much everyone else, it<br>
>> doesn't matter.<br>
>><br>
>> Alan DeKok.<br>
>> -<br>
>> List info/subscribe/unsubscribe? See<br>
>> <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br>
><br>
><br>
><br>
> -<br>
> List info/subscribe/unsubscribe? See<br>
> <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br>
-<br>
List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br>
</blockquote></div><br></div></div>