[RADIATOR] AuthRADIUS : Could not find a working host to forward messages

Ullfig, Roberto rullfig at uic.edu
Fri Sep 5 08:37:01 CDT 2014 

Also getting these:

WARNING: ProxyAlgorithm HASHBALANCE declines to break up an EAP stream after failover

Which is odd since we're using PEAP not EAP.

---
Roberto Ullfig - ACCC Research Programmer
rullfig at uic.edu

________________________________________
From: radiator-bounces at open.com.au [radiator-bounces at open.com.au] on behalf of Ullfig, Roberto [rullfig at uic.edu]
Sent: Friday, September 05, 2014 8:08 AM
To: Bjoern A. Zeeb
Cc: radiator at open.com.au
Subject: Re: [RADIATOR] AuthRADIUS : Could not find a working host to forward messages

OK, well we're also seeing lots of these messages on the backend:

INFO: Duplicate request id 147 received from 128.248.155.31(41004): retransmit reply

What exactly do these signify? Could the UDP network queues be filling up on the backend servers? How much memory should be allocated to them?

Thanks for any help!

---
Roberto Ullfig - ACCC Research Programmer
rullfig at uic.edu

________________________________________
From: Bjoern A. Zeeb [bzeeb-lists at lists.zabbadoz.net]
Sent: Friday, September 05, 2014 4:16 AM
To: Ullfig, Roberto
Cc: radiator at open.com.au
Subject: Re: [RADIATOR] AuthRADIUS : Could not find a working host to forward messages

On 05 Sep 2014, at 06:39 , Ullfig, Roberto <rullfig at uic.edu> wrote:

> Hello,
>
> with the semester just beginning we find that our Radius services (using UDP) can't keep up. The servers themselves are pretty much idle. We're using 3 load balancers and AuthBy HASHBALANCE - connecting to 7 radius instances on 5 different servers (RHEL 6). We've been running like this for a few years. At peak we're authenticating ~15 users a second but we're now seeing tons of these messages (128231 on Thursday) on the load balancers and lots of users can't connect:
>
> AuthRADIUS : Could not find a working host to forward messages
>
> We're having a hard time determining the bottleneck. Should we just add a whole bunch of new instances on these idle servers?

Well a first good thing would be to determine why your load balancers and your “backend” Radius servers have trouble talking to each other or why the backends are not replying.  With a well-tune backend you should easily be able to get up to more than thousands of requests / s to handle on a single decent servers running Radiator these days.

Ideally start debugging from the back:  check what your 7/5 different servers and your backend think.  Turn debugging on for a few minutes on one of your servers, read the log files;  run tcpdump along at the same time.  If these servers and your backend perform check the same between the load balancers and radius backend servers.

My bet usually is on the backend having trouble for some reason, in which case more Radiators won’t do you any good.   What’s the backend your are using to lookup your users?


—
Bjoern A. Zeeb             "Come on. Learn, goddamn it.", WarGames, 1983

_______________________________________________
radiator mailing list
radiator at open.com.au
http://www.open.com.au/mailman/listinfo/radiator

More information about the radiator mailing list