[cisco-nas] IOS SLB Load Balance Questions
Andy Saykao
andy.saykao at staff.netspace.net.au
Wed Sep 12 22:01:22 EDT 2007
Hi There...
I work for a service proivder and I'm trying to load balance four of our
radius servers using IOS SLB. The config works well and the radius
servers are accepting requests fine.
We are implementing IOS SLB on our CISCO 7606 running IOS 12.2(17r)S2.
Our LNS servers at the moment directly talk to the radius servers but
eventually they'll just make a request to the virtual server IP set up
on the 7606 and the IOS SLB will work out which radius server to forward
the request to.
I followed this article on how to set up the IOS SLB config but have a
few questions about some of the settings.
http://www.cisco.com/application/pdf/en/us/guest/netsol/ns377/c649/cdcco
nt_0900aecd800eb95f.pdf
<javascript:newWin('http://www.cisco.com/application/pdf/en/us/guest/net
sol/ns377/c649/cdccont_0900aecd800eb95f.pdf')>
My two questions are:
1. Sticky Option
I understand it's use to make sure the client's accounting information
goes to the correct real server, but I'm not sure how it really works
and what's the best time to set it to.
Eg:
ip slb vserver RAD-UDP-1646
virtual 210.x.x.224 udp 1646
serverfarm RADFARM
sticky 86400 group 10
inservice
a/ The documentation says "This configuraion causes the sticky database
to store its entries for 86,400 seconds of inactivity". What do they
mean by "inactivity" - no radius packets coming through? inactivity from
the user's end????
b/ It also says "the client's IP address is added to the IOS SLB
database..." - I presume this is the LNS IP as seen below?
core1-router#sh ip slb sticky | inc 203.x.x.74
ip/netmask id conns server real firewall real
------------------------------------------------------------------------
------
203.x.x.204/32 10 2 203.x.x.74
Because there is a sticky in place for the LNS IP, wouldn't this mean
that all new connections coming from users yet to log on, who happen to
land on this LNS (203.x.x.204) - the new radius requests would simply be
forwarded the real server IP (203.x.x.74) as defined in the sticky
database??? This doesn't seem to be a good way to load balance in which
the LNS keeps sending radius requests (new and old) to the same real
server based on it's sticky database entry.
c/ And what would be the optimum time to set the sticky timer to be?
2. SLB connection statistics
My testing shows that when I disconnect my adsl connection, the slb
stats still show a connection to the real server on both udp ports which
isn't very accurate. I know that there is a default "delay" time which
handles TCP disconnections and after being disconnected for 10 sec, the
SLB stats are updated to reflect this (I've verified this works) - but
there is no mention about how it handles UDP disconnections??? This
would skew the stats and give us a very bad misrepresentation of the
number of current and valid connections. Is there anyway to correct this
???
Below is what my slb stats show while my ADSL connection is connection
(I'm ok with this) and it shows exactly the same thing after I've
disconnected.
core1-router#sh ip slb reals
real farm name weight state conns
-------------------------------------------------------------------
203.x.x.74 RADFARM 2 OPERATIONAL 2
203.x.x.78 RADFARM 2 OPERATIONAL 0
203.x.x.79 RADFARM 2 OPERATIONAL 0
203.x.x.80 RADFARM 2 OPERATIONAL 0
core1-router#sh ip slb vservers
slb vserver prot virtual state conns
interface(s)
------------------------------------------------------------------------
--------------
RAD-UDP-1645 UDP 210.x.x.224/32:1645 OPERATIONAL 1
<any>
RAD-UDP-1646 UDP 210.x.x.224/32:1646 OPERATIONAL 1
<any>
core1-router#sh ip slb sticky | inc 203.x.x.74
ip/netmask id conns server real firewall real
------------------------------------------------------------------------
------
203.x.x.204/32 10 2 203.x.x.74
Thanks.
Andy
This email and any files transmitted with it are confidential and intended solely for the
use of the individual or entity to whom they are addressed. Please notify the sender
immediately by email if you have received this email by mistake and delete this email
from your system. Please note that any views or opinions presented in this email are solely
those of the author and do not necessarily represent those of the organisation.
Finally, the recipient should check this email and any attachments for the presence of
viruses. The organisation accepts no liability for any damage caused by any virus
transmitted by this email.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://puck.nether.net/pipermail/cisco-nas/attachments/20070913/21995fce/attachment.html
More information about the cisco-nas
mailing list