Forum Discussion
CirrusRADIUS Health Check timeout
Hi,
Is there a way to increase timeout for RADIUS heath-check monitor? Current value seems to be ~5sec, and I cannot find where to increase it. The 'Timeout' value on configuration page of the Monitor is not it (at least it doesn't seem to work).
RADIUS health monitor marks a node down when auth timeout reaches over 5sec, regardless how monitor's configured. I've enabled monitor logging and checked log files. Once I increase 'response delay' on radius node to above 5 secs, health-check monitor fails the node. When I point radtest client directly to the node, I get OK after the set delay (the radtest follows timeout settings and only fails when auth request rejected or timeout reached).
I'm monitoring radius servers pool, where radius servers need to forward auth request to an another system, it may take up-to 15 sec to get reply. I would like to F5's Radius monitor to fail only when I get Rejected or 'Timeout' (in monitor configuration) reached.
Thank you.
5 Replies
Dmitri_Ch__1425BIG-IP 11.6.0 Build 5.0.429 Hotfix HF5- Kevin_Davies_40
Nacreous
I just created a RADIUS health check monitor and the default is 10 seconds with a 31 second timeout. Where is this response delay? I am unable to find that in the F5 configuration.
So you know the recommended timeout is always interval x 3 + 1 second. This assumes you will get a response from the target within one second. You will need to adjust that accordingly if that is not the case.
Your interval should always be larger than the expected response time by a factor of two or three to prevent the F5 sending a second request before the first has completed under normal conditions. The timeout should then be three times the interval + the response time to prevent false negatives.
"I would like to F5's Radius monitor to fail only when I get Rejected or 'Timeout' (in monitor configuration) reached."
There is no way to configure this in a RADIUS monitor. It fails to auth, for whatever reason, it will be considered offline.
- Dmitri_Ch__1425
It looks like timeout settings in monitor configuration are ignored. RADIUS Monitor times-out in ~5sec, regardless of the timeout value set in configuration...
- Dmitri_Ch__1425
Here is more info:
I've enabled Monitor Logging and watching monitor's log file. Monitor runs every 30 sec (the 'Interval' value in the settings), looks good:
tail -f /var/log/monitors/'monitor'.log|egrep "Debugging session beginning at|response" 2015-10-26 10:40:57.344956: ID 330 :(_response_success): node was up and is still up [ addr=::ffff:node_ip_address:node_port srcaddr=none mon= snd_cnt=9 rcv_cnt=8 ] ********** Debugging session beginning at: Mon Oct 26 10:41:26 2015 2015-10-26 10:41:27.363458: ID 330 :(_response_success): node was up and is still up [ addr=::ffff:node_ip_address:node_port srcaddr=none mon= snd_cnt=10 rcv_cnt=9 ] ********** Debugging session beginning at: Mon Oct 26 10:41:56 2015 2015-10-26 10:41:57.267989: ID 330 :(_response_success): node was up and is still up [ addr=::ffff:node_ip_address:node_port srcaddr=none mon= snd_cnt=11 rcv_cnt=10 ]now, I stopped service on the monitored server. Monitor runs every 30 sec, as it should, but timeout is only ~5sec. (log does not show timestamp in event when 'failed')
********** Debugging session beginning at: Mon Oct 26 10:42:26 2015 Failed to get a response in the time required <- Failed response only takes ~5 sec> ********** Debugging session beginning at: Mon Oct 26 10:42:56 2015 Failed to get a response in the time required <- same, only takes ~5 sec>Where do I set the time required value?
- Kevin_Davies_40Open a case with F5 support
