Mailing List Archive

Raj Panchal <> wrote on Friday, January 27, 2006 6:17 AM:


> Hello,
> Has any one tried failover and loadbalancing between 3com hiper LAC
> and Cisco LNS using Merit Radius.
> If yes then can you help me with radius config for the same ?

The Cisco LNS just accepts the sessions thrown at it, so no config
there, the load-balancing obviously happens at the LAC:
If 3com implemented RFC2868, just send multiple tunnel endpoints with
the same preference, i.e.

domain.com Password="....", Service-Type=Outbound-User
Service-Type = Outbound-User,
Tunnel-Type = :1:L2TP,
Tunnel-Medium-Type = :1:IP,
Tunnel-Server-Endpoint = :1:"10.1.1.1",
Tunnel-Preference = :1:"10",
Tunnel-Type = :2:L2TP,
Tunnel-Medium-Type = :2:IP,
Tunnel-Server-Endpoint = :2:"10.1.1.2",
Tunnel-Preference = :2:"10",
Tunnel-Type = :3:L2TP,
Tunnel-Medium-Type = :3:IP,
Tunnel-Server-Endpoint = :3:"10.1.1.3",
Tunnel-Preference = :3:"10"

I think sending several endpoints with the same tag works as well, i.e.

Tunnel-Type = :1:L2TP,
Tunnel-Medium-Type = :1:IP,
Tunnel-Preference = :1:"10",
Tunnel-Server-Endpoint = :1:"10.1.1.1",
Tunnel-Server-Endpoint = :1:"10.1.1.2",
Tunnel-Server-Endpoint = :1:"10.1.1.3"

Hope it helps,

oli

cc'ing c-nsp as you sent the Q to both aliases..

_______________________________________________
cisco-bba mailing list
cisco-bba@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba

Dear Oliver,
Thanks for the response.

In your example, you mentioned
Tunnel-Preference = :1:"10",

What I understand is that this attribute will allow preference of tunnel and
its attributes when multiple reply items are being sent as grouped items to
user as part of his access-requests

As per RFC the order of preference is higher for lower value of
Tunnel- Preference, but I can see in your example value is constant "10"
across all the 3 groups tagged with 1,2,3

So precisely will your configuration help me load balancing or failover for
Tunnel-Server-Endpoint

Thanks and Regards
Raj



-----Original Message-----
From: Oliver Boehmer (oboehmer) [mailto:oboehmer@cisco.com]
Sent: Friday, January 27, 2006 11:59 AM
To: Raj Panchal; cisco-bba@puck.nether.net
Cc: cisco-nsp@puck.nether.net
Subject: RE: [cisco-bba] l2tp failover and loadbalancing

Raj Panchal <> wrote on Friday, January 27, 2006 6:17 AM:


> Hello,
> Has any one tried failover and loadbalancing between 3com hiper LAC
> and Cisco LNS using Merit Radius.
> If yes then can you help me with radius config for the same ?

The Cisco LNS just accepts the sessions thrown at it, so no config
there, the load-balancing obviously happens at the LAC:
If 3com implemented RFC2868, just send multiple tunnel endpoints with
the same preference, i.e.

domain.com Password="....", Service-Type=Outbound-User
Service-Type = Outbound-User,
Tunnel-Type = :1:L2TP,
Tunnel-Medium-Type = :1:IP,
Tunnel-Server-Endpoint = :1:"10.1.1.1",
Tunnel-Preference = :1:"10",
Tunnel-Type = :2:L2TP,
Tunnel-Medium-Type = :2:IP,
Tunnel-Server-Endpoint = :2:"10.1.1.2",
Tunnel-Preference = :2:"10",
Tunnel-Type = :3:L2TP,
Tunnel-Medium-Type = :3:IP,
Tunnel-Server-Endpoint = :3:"10.1.1.3",
Tunnel-Preference = :3:"10"

I think sending several endpoints with the same tag works as well, i.e.

Tunnel-Type = :1:L2TP,
Tunnel-Medium-Type = :1:IP,
Tunnel-Preference = :1:"10",
Tunnel-Server-Endpoint = :1:"10.1.1.1",
Tunnel-Server-Endpoint = :1:"10.1.1.2",
Tunnel-Server-Endpoint = :1:"10.1.1.3"

Hope it helps,

oli

cc'ing c-nsp as you sent the Q to both aliases..



Disclaimer note on content of this message including enclosure(s) and attachments(s): The contents of this e-mail are the privileged and confidential material of VSNL. The information is solely intended for the individual/entity it is addressed to. If you are not the intended recipient of this message, please be aware that you are not authorized in any which way whatsoever to read, forward, print, retain, copy or disseminate this message or any part of it. We apologize if you have received this e-mail in error and would request you to please notify the sender immediately by return e-mail and delete it from your computer. The views expressed in this e-mail message are those of the individual sender, except where the sender expressly, and with authority, states them to be the views of VSNL. This e-mail message including attachment(s), if any, is believed to be free of any virus and VSNL is not responsible for any loss or damage arising in any way from its use
_______________________________________________
cisco-bba mailing list
cisco-bba@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba

Raj Panchal <mailto:raj.panchal@vsnl.co.in> wrote on Friday, January 27,
2006 7:40 AM:

> Dear Oliver,
> Thanks for the response.
>
> In your example, you mentioned
> Tunnel-Preference = :1:"10",
>
> What I understand is that this attribute will allow preference of
> tunnel and its attributes when multiple reply items are being sent as
grouped
> items to user as part of his access-requests
>
> As per RFC the order of preference is higher for lower value of
> Tunnel- Preference, but I can see in your example value is constant
> "10" across all the 3 groups tagged with 1,2,3
>
> So precisely will your configuration help me load balancing or
> failover for Tunnel-Server-Endpoint

Yes, setting the preference to the same value for multiple tagged groups
does load-sharing among this group, so it does what you want.

I have never tried it, but with a config like

Tunnel-Medium-Type = :1:IP,
Tunnel-Server-Endpoint = :1:"10.1.1.1",
Tunnel-Preference = :1:"10",
Tunnel-Type = :2:L2TP,
Tunnel-Medium-Type = :2:IP,
Tunnel-Server-Endpoint = :2:"10.1.1.2",
Tunnel-Preference = :2:"10",
Tunnel-Type = :3:L2TP,
Tunnel-Medium-Type = :3:IP,
Tunnel-Server-Endpoint = :3:"10.1.1.3",
Tunnel-Preference = :3:"10",
Tunnel-Type = :4:L2TP,
Tunnel-Medium-Type = :4:IP,
Tunnel-Server-Endpoint = :4:"10.1.1.4",
Tunnel-Preference = :4:"20",
Tunnel-Type = :5:L2TP,
Tunnel-Medium-Type = :5:IP,
Tunnel-Server-Endpoint = :5:"10.1.1.5",
Tunnel-Preference = :5:"20",
Tunnel-Type = :6:L2TP,
Tunnel-Medium-Type = :6:IP,
Tunnel-Server-Endpoint = :6:"10.1.1.6",
Tunnel-Preference = :6:"20"

we would load-share across 10.1.1.1, .2 and .3 (all pref=10), and
fail-over and load-share across .4, .5 and .6 (all pref=20) once all the
first three endpoints are unavailable..

oli

_______________________________________________
cisco-bba mailing list
cisco-bba@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba

Thanks Oliver ...

Last question !!

What would be ideal situation as per RFC for triggering load balancing or
failover across the multiple end points.

This would help me designing my test case.


Thanks and Regards
Raj panchal

-----Original Message-----
From: Oliver Boehmer (oboehmer) [mailto:oboehmer@cisco.com]
Sent: Friday, January 27, 2006 12:20 PM
To: Raj Panchal; cisco-bba@puck.nether.net
Cc: cisco-nsp@puck.nether.net
Subject: RE: [cisco-bba] l2tp failover and loadbalancing

Raj Panchal <mailto:raj.panchal@vsnl.co.in> wrote on Friday, January 27,
2006 7:40 AM:

> Dear Oliver,
> Thanks for the response.
>
> In your example, you mentioned
> Tunnel-Preference = :1:"10",
>
> What I understand is that this attribute will allow preference of
> tunnel and its attributes when multiple reply items are being sent as
grouped
> items to user as part of his access-requests
>
> As per RFC the order of preference is higher for lower value of
> Tunnel- Preference, but I can see in your example value is constant
> "10" across all the 3 groups tagged with 1,2,3
>
> So precisely will your configuration help me load balancing or
> failover for Tunnel-Server-Endpoint

Yes, setting the preference to the same value for multiple tagged groups
does load-sharing among this group, so it does what you want.

I have never tried it, but with a config like

Tunnel-Medium-Type = :1:IP,
Tunnel-Server-Endpoint = :1:"10.1.1.1",
Tunnel-Preference = :1:"10",
Tunnel-Type = :2:L2TP,
Tunnel-Medium-Type = :2:IP,
Tunnel-Server-Endpoint = :2:"10.1.1.2",
Tunnel-Preference = :2:"10",
Tunnel-Type = :3:L2TP,
Tunnel-Medium-Type = :3:IP,
Tunnel-Server-Endpoint = :3:"10.1.1.3",
Tunnel-Preference = :3:"10",
Tunnel-Type = :4:L2TP,
Tunnel-Medium-Type = :4:IP,
Tunnel-Server-Endpoint = :4:"10.1.1.4",
Tunnel-Preference = :4:"20",
Tunnel-Type = :5:L2TP,
Tunnel-Medium-Type = :5:IP,
Tunnel-Server-Endpoint = :5:"10.1.1.5",
Tunnel-Preference = :5:"20",
Tunnel-Type = :6:L2TP,
Tunnel-Medium-Type = :6:IP,
Tunnel-Server-Endpoint = :6:"10.1.1.6",
Tunnel-Preference = :6:"20"

we would load-share across 10.1.1.1, .2 and .3 (all pref=10), and
fail-over and load-share across .4, .5 and .6 (all pref=20) once all the
first three endpoints are unavailable..

oli



Disclaimer note on content of this message including enclosure(s) and attachments(s): The contents of this e-mail are the privileged and confidential material of VSNL. The information is solely intended for the individual/entity it is addressed to. If you are not the intended recipient of this message, please be aware that you are not authorized in any which way whatsoever to read, forward, print, retain, copy or disseminate this message or any part of it. We apologize if you have received this e-mail in error and would request you to please notify the sender immediately by return e-mail and delete it from your computer. The views expressed in this e-mail message are those of the individual sender, except where the sender expressly, and with authority, states them to be the views of VSNL. This e-mail message including attachment(s), if any, is believed to be free of any virus and VSNL is not responsible for any loss or damage arising in any way from its use
_______________________________________________
cisco-bba mailing list
cisco-bba@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba

Raj Panchal <mailto:raj.panchal@vsnl.co.in> wrote on Friday, January 27,
2006 7:57 AM:

> Thanks Oliver ...
>
> Last question !!
>
> What would be ideal situation as per RFC for triggering load
> balancing or failover across the multiple end points.
>
> This would help me designing my test case.

I don't understand the question, can you please elaborate?

I think it boils down to your environment. what do you want to achieve?
In a simple case, just load-share across all your LNS, and you'll be
happy. You can use a vpdn session-limit on the LNS to limit the # of
sessions in case they are not all of the same capacity to prevent some
LNS from being overloaded..

oli

_______________________________________________
cisco-bba mailing list
cisco-bba@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba

Hi Oliver


My first requirement is to redirect the user tunnel to secondary LNS if
primary is not available.

Second requirement is if both of the LNS are available then do load
balancing in term of terminating users across LNS

What I meant in my previous question was, what would be the condition
resulting in Failover or Load balancing i.e

If LAC find that Primary LNS is not available then what are the conditions
when LNS is flagged as not available by LAC

If LAC wants to do load balance the between the user tunnel setups , what
are the condition when both the LNS are alive but still user sessions will
be load balanced between different LNS by LAC ( how it finds that one LNS is
loaded and second is free to take up the load )


Thanks and Regards
Raj


-----Original Message-----
From: Oliver Boehmer (oboehmer) [mailto:oboehmer@cisco.com]
Sent: Friday, January 27, 2006 3:18 PM
To: Raj Panchal; cisco-bba@puck.nether.net
Cc: cisco-nsp@puck.nether.net
Subject: RE: [cisco-bba] l2tp failover and loadbalancing



Raj Panchal <mailto:raj.panchal@vsnl.co.in> wrote on Friday, January 27,
2006 7:57 AM:

> Thanks Oliver ...
>
> Last question !!
>
> What would be ideal situation as per RFC for triggering load
> balancing or failover across the multiple end points.
>
> This would help me designing my test case.

I don't understand the question, can you please elaborate?

I think it boils down to your environment. what do you want to achieve?
In a simple case, just load-share across all your LNS, and you'll be
happy. You can use a vpdn session-limit on the LNS to limit the # of
sessions in case they are not all of the same capacity to prevent some
LNS from being overloaded..

oli



Disclaimer note on content of this message including enclosure(s) and attachments(s): The contents of this e-mail are the privileged and confidential material of VSNL. The information is solely intended for the individual/entity it is addressed to. If you are not the intended recipient of this message, please be aware that you are not authorized in any which way whatsoever to read, forward, print, retain, copy or disseminate this message or any part of it. We apologize if you have received this e-mail in error and would request you to please notify the sender immediately by return e-mail and delete it from your computer. The views expressed in this e-mail message are those of the individual sender, except where the sender expressly, and with authority, states them to be the views of VSNL. This e-mail message including attachment(s), if any, is believed to be free of any virus and VSNL is not responsible for any loss or damage arising in any way from its use
_______________________________________________
cisco-bba mailing list
cisco-bba@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba

Raj Panchal <mailto:raj.panchal@vsnl.co.in> wrote on Friday, January 27,
2006 11:19 AM:

> Hi Oliver
>
>
> My first requirement is to redirect the user tunnel to secondary LNS
> if primary is not available.
>
> Second requirement is if both of the LNS are available then do load
> balancing in term of terminating users across LNS

well, then

Tunnel-Medium-Type = :1:IP,
Tunnel-Server-Endpoint = :1:"10.1.1.1",
Tunnel-Preference = :1:"10",
Tunnel-Type = :2:L2TP,
Tunnel-Medium-Type = :2:IP,
Tunnel-Server-Endpoint = :2:"10.1.1.2",
Tunnel-Preference = :2:"10",

would work for you.

> What I meant in my previous question was, what would be the condition
> resulting in Failover or Load balancing i.e
>
> If LAC find that Primary LNS is not available then what are the
> conditions when LNS is flagged as not available by LAC

Don't have time to go into details right now, but there are several ways
a LAC can detect the failure. Not getting a reply for its SCCRQ/ICRQ is
one of them (i.e. no connectivity or LNS died), but there are also other
failure codes like resource shortage causing a LAC to switch over to
alternate destinations..

>
> If LAC wants to do load balance the between the user tunnel setups ,
> what are the condition when both the LNS are alive but still user
sessions
> will be load balanced between different LNS by LAC ( how it finds that
one
> LNS is loaded and second is free to take up the load )

The LNS has ways (see above) to signal resource shortage, but I don't
know how the 3com balances the load under "normal" circumstances, i.e.
if it keeps track of the number of sessions within the tunnel or just
blindly does round-robin, this needs to be checked with 3com..

oli

_______________________________________________
cisco-bba mailing list
cisco-bba@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba