UDP session table aging - slb server forward packet reporting

I have two questions outlined below. But first the relevant config: When deploying / testing a RADIUS config with the following excerpt:

slb template udp udp-fast-age 

 idle-timeout 120

 aging immediate 


slb virtual-server pa-rad-e2e x.x.x.x 

 disable-when-any-port-down 

 port 1812 udp 

  service-group radius-public 

  template udp udp-fast-age

 port 1813 udp 

  service-group acct-public 

  template udp udp-fast-age


The problem with this config is the aging immediate. Although it probably is closing the session pretty quick the RADIUS clients presenting the traffic (from the BNGs) typically reuse their source ports and therefore it would effectively *seem* to the ADC that there is yet more traffic inbound from the same session that was just closed. The result is that not all traffic hitting the VIP is actually getting forwarded to the real servers.

I've removed aging immediate for which the UDP session is now just using idle-timeout which will likely not go idle because of the traffic type and volume present.

Here's my two questions:

1) Why does the Fwd-pkt statistics of "show slb server" incorrectly report that it is forwarding traffic to the real server when in fact (confirmed by packet captures) it does not?

2) I'm certain its not forwarding these packets because of the aforementioned session aging immediate's interaction with the UDP session. The question is how can one demonstrate that from the command line "show ..."? I found an output in show SLB L4 detail; "L4 UDP rsps > reqs" which seems to track semi-closely to the amount of packets being dropped. But the description for that output is not consistent with what I'm observing. "Show session" does not have any detail about the disposition of anything but current/active sessions.

Lastly, this is a conscious decision to NOT use L7 / application load balancing for RADIUS, ie:

slb virtual-server pa-rad-e2e x.x.x.x

 port 1812 radius

for reasons outside this discussion.


Thanks anyone for your thoughts.


Todd

Tagged:
Sign In or Register to comment.