[cisco-nas] IOS SLB Load Balance Questions

Andy Saykao andy.saykao at staff.netspace.net.au
Wed Sep 12 22:01:22 EDT 2007 

Hi There...
 
I work for a service proivder and I'm trying to load balance four of our
radius servers using IOS SLB. The config works well and the radius
servers are accepting requests fine. 
 
We are implementing IOS SLB on our CISCO 7606 running IOS 12.2(17r)S2.
Our LNS servers at the moment directly talk to the radius servers but
eventually they'll just make a request to the virtual server IP set up
on the 7606 and the IOS SLB will work out which radius server to forward
the request to.
 
I followed this article on how to set up the IOS SLB config but have a
few questions about some of the settings.

http://www.cisco.com/application/pdf/en/us/guest/netsol/ns377/c649/cdcco
nt_0900aecd800eb95f.pdf
<javascript:newWin('http://www.cisco.com/application/pdf/en/us/guest/net
sol/ns377/c649/cdccont_0900aecd800eb95f.pdf')>  

My two questions are: 

1. Sticky Option 

I understand it's use to make sure the client's accounting information
goes to the correct real server, but I'm not sure how it really works
and what's the best time to set it to.

Eg:

ip slb vserver RAD-UDP-1646 
virtual 210.x.x.224 udp 1646 
serverfarm RADFARM 
sticky 86400 group 10 
inservice 

a/ The documentation says "This configuraion causes the sticky database
to store its entries for 86,400 seconds of inactivity". What do they
mean by "inactivity" - no radius packets coming through? inactivity from
the user's end????

b/ It also says "the client's IP address is added to the IOS SLB
database..." - I presume this is the LNS IP as seen below?
 
core1-router#sh ip slb sticky | inc 203.x.x.74
ip/netmask       id              conns   server real     firewall real
------------------------------------------------------------------------
------
 203.x.x.204/32    10              2       203.x.x.74
 
Because there is a sticky in place for the LNS IP, wouldn't this mean
that all new connections coming from users yet to log on, who happen to
land on this LNS (203.x.x.204) - the new radius requests would simply be
forwarded the real server IP (203.x.x.74) as defined in the sticky
database??? This doesn't seem to be a good way to load balance in which
the LNS keeps sending radius requests (new and old) to the same real
server based on it's sticky database entry.

c/ And what would be the optimum time to set the sticky timer to be? 

2. SLB connection statistics 

My testing shows that when I disconnect my adsl connection, the slb
stats still show a connection to the real server on both udp ports which
isn't very accurate. I know that there is a default "delay" time which
handles TCP disconnections and after being disconnected for 10 sec, the
SLB stats are updated to reflect this (I've verified this works) - but
there is no mention about how it handles UDP disconnections??? This
would skew the stats and give us a very bad misrepresentation of the
number of current and valid connections. Is there anyway to correct this
??? 
 
Below is what my slb stats show while my ADSL connection is connection
(I'm ok with this) and it shows exactly the same thing after I've
disconnected.
 
core1-router#sh ip slb reals
real                  farm name        weight  state          conns
-------------------------------------------------------------------
203.x.x.74         RADFARM          2       OPERATIONAL    2
203.x.x.78         RADFARM          2       OPERATIONAL    0
203.x.x.79         RADFARM          2       OPERATIONAL    0
203.x.x.80         RADFARM          2       OPERATIONAL    0
 
 
core1-router#sh ip slb vservers
slb vserver      prot  virtual                  state         conns
interface(s)
------------------------------------------------------------------------
--------------
RAD-UDP-1645     UDP   210.x.x.224/32:1645   OPERATIONAL   1
<any>
RAD-UDP-1646     UDP   210.x.x.224/32:1646   OPERATIONAL   1
<any>

core1-router#sh ip slb sticky | inc 203.x.x.74
ip/netmask       id              conns   server real     firewall real
------------------------------------------------------------------------
------
 203.x.x.204/32    10              2       203.x.x.74

Thanks. 

Andy

This email and any files transmitted with it are confidential and intended solely for the 
use of the individual or entity to whom they are addressed. Please notify the sender 
immediately by email if you have received this email by mistake and delete this email 
from your system. Please note that any views or opinions presented in this email are solely
 those of the author and do not necessarily represent those of the organisation. 
Finally, the recipient should check this email and any attachments for the presence of 
viruses. The organisation accepts no liability for any damage caused by any virus 
transmitted by this email. 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://puck.nether.net/pipermail/cisco-nas/attachments/20070913/21995fce/attachment.html

More information about the cisco-nas mailing list