[RADIATOR] AuthRADIUS : Could not find a working host to forward messages

[Bjoern A. Zeeb]

On 05 Sep 2014, at 06:39 , Ullfig, Roberto <rullfig at uic.edu> wrote:

> Hello,
> 
> with the semester just beginning we find that our Radius services (using UDP) can't keep up. The servers themselves are pretty much idle. We're using 3 load balancers and AuthBy HASHBALANCE - connecting to 7 radius instances on 5 different servers (RHEL 6). We've been running like this for a few years. At peak we're authenticating ~15 users a second but we're now seeing tons of these messages (128231 on Thursday) on the load balancers and lots of users can't connect:
> 
> AuthRADIUS : Could not find a working host to forward messages
> 
> We're having a hard time determining the bottleneck. Should we just add a whole bunch of new instances on these idle servers? 

Well a first good thing would be to determine why your load balancers and your “backend” Radius servers have trouble talking to each other or why the backends are not replying.  With a well-tune backend you should easily be able to get up to more than thousands of requests / s to handle on a single decent servers running Radiator these days.

Ideally start debugging from the back:  check what your 7/5 different servers and your backend think.  Turn debugging on for a few minutes on one of your servers, read the log files;  run tcpdump along at the same time.  If these servers and your backend perform check the same between the load balancers and radius backend servers.

My bet usually is on the backend having trouble for some reason, in which case more Radiators won’t do you any good.   What’s the backend your are using to lookup your users?


— 
Bjoern A. Zeeb             "Come on. Learn, goddamn it.", WarGames, 1983