10-04-2012 03:46 AM
Hello
I have an environment in which one host, from the same src ip address and src port, is sending a lot of UDP (Radius) traffic to the VIP:1812.
When the rserver for this VIP does not reply to the particular UDP session (for example, the application on the server is busy for more then 10-12 seconds) the ACE saves such session as inactive in the connection table, but it does not clear it after 2 minutes (default UDP timeout).
During this time the radius probes send to the rservers are being processed without any problems.
Does anybody encounter the same problem ? I would like to know if this behaviour is connected with a bug or I just need to configure some additional feature to fix it.
Thank you in advance for any answers
PS
I am running A2(3.5) version.
Regars
Lukas
10-04-2012 03:51 PM
Hey Lukas,
Do you have any parameter type connection applied?
Is there any other application which reuse Radius traffic or something like that?
Jorge
10-04-2012 11:10 PM
Hello Jorge
We do not have any parameter_map aplied to this vip. There should be no other app that reuse this connection.
During the problem with this flow, other sources does not have problems with contacting the same vip on port 1812.
Lukas
10-10-2012 01:32 PM
Hi Lukas,
Try to add this command to the class-map inside the policy-map multi-match:
loadbalance vip udp-fast-age
---------------------
Cesar R
ANS Team
10-10-2012 11:48 PM
Hello
Thank you. Righ now we implemented an ACL which blocks the UDP packet sourced by the rserver to prevent late radius replies.
It seems to work fine.
Regards
Lukas
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide