Timeout problem behind load balancer

Simon Morley simon at polkaspots.com
Fri Jul 25 01:11:32 CEST 2014 

I've got a few working freeradius servers that we've spread the load with
some basic round robin dns shizzle.

Today I found out that Google's Compute Engine network load balancers
support UDP traffic so I thought I'd try them out.

Firstly I thought everything had gone smoothly as I could see Access-Accept
appearing in the debug logs. However on further inspection, whilst I always
get this message (when using a valid account), my client doesn't actually
receive the response and therefore fails.

I've tried with a simulator (jradius) and a coova client - all the same.

There's no errors in the logs - the last few lines are as so:

Thu Jul 24 23:51:23 2014 : Debug: rlm_sql (sql_primary): Reserving sql
socket id: 3
Thu Jul 24 23:51:23 2014 : Info: row[0] returned NULL
Thu Jul 24 23:51:23 2014 : Debug: rlm_sql (sql_primary): Released sql
socket id: 3
Thu Jul 24 23:51:23 2014 : Info: expand: %{sql_primary:select location_id
from nas where calledstationid='%{Called-Station-Id-Clean}'} ->
Thu Jul 24 23:51:23 2014 : Info: ++} # update request = noop
Thu Jul 24 23:51:23 2014 : Info: ++? if ("%{Tmp-String-4}")
Thu Jul 24 23:51:23 2014 : Info: expand: %{Tmp-String-4} ->
Thu Jul 24 23:51:23 2014 : Info: ? Evaluating ("%{Tmp-String-4}") -> FALSE
Thu Jul 24 23:51:23 2014 : Info: ++? if ("%{Tmp-String-4}") -> FALSE
Thu Jul 24 23:51:23 2014 : Info: [sql_cache] expand: %{User-Name} -> test
Thu Jul 24 23:51:23 2014 : Info: [sql_cache] sql_set_user escaped user -->
'test'
Thu Jul 24 23:51:23 2014 : Info: [sql_cache] expand: %{User-Password} ->
account
Thu Jul 24 23:51:23 2014 : Info: [sql_cache] expand: INSERT INTO
radpostauth_cache                 (username, pass, reply, authdate)
        VALUES (                 '%{User-Name}',
'%{%{User-Password}:-%{Chap-Password}}',
'%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth_cache
    (username, pass, reply, authdate)                 VALUES (
    'test',                 'account',                 'Access-Accept',
'2014-07-24 23:51:23')
Thu Jul 24 23:51:23 2014 : Debug: rlm_sql (sql_cache) in sql_postauth:
query is INSERT INTO radpostauth_cache                 (username, pass,
reply, authdate)                 VALUES (                 'test',
      'account',                 'Access-Accept', '2014-07-24 23:51:23')
Thu Jul 24 23:51:23 2014 : Debug: rlm_sql (sql_cache): Reserving sql socket
id: 2
Thu Jul 24 23:51:23 2014 : Debug: rlm_sql (sql_cache): Released sql socket
id: 2
Thu Jul 24 23:51:23 2014 : Info: ++[sql_cache] = ok
Thu Jul 24 23:51:23 2014 : Info: ++[exec] = noop
Thu Jul 24 23:51:23 2014 : Info: +} # group post-auth = ok
Sending Access-Accept of id 8 to 213.205.230.210 port 49080
Thu Jul 24 23:51:23 2014 : Info: Finished request 7.
Thu Jul 24 23:51:23 2014 : Debug: Going to the next request
Thu Jul 24 23:51:23 2014 : Debug: Waking up in 1.9 seconds.
Thu Jul 24 23:51:25 2014 : Info: Cleaning up request 7 ID 8 with timestamp
+177
Thu Jul 24 23:51:25 2014 : Info: Ready to process requests.

I've discussed with Google and they're saying the connection isn't closed
and the load-balancer therefore puts the instance in 'unhealthy' mode.

This doesn't sound right to me. I think the traffic is being blocked.

The only reference I can find to a similar issue was a user years ago who
had network issues..

Has anyone tried this successfully - either on GCE or other UDP load
balancer? Does anyone have any thoughts about how I could solve?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140725/199b94d3/attachment.html>

More information about the Freeradius-Users mailing list