Azure Container Instance - Freeradius

Mark Dayton 0 Reputation points
2024-07-26T09:02:39.5233333+00:00

I have a container instance running Freeradius, this is intermittently authorizing clients for network connections. In the logs im seeing the below, I beleive what is happening EAP packets are being received via a load balancer in front of the Azure Container Instances? Packets are not always coming from the same IP which is fragmenting the authorization request and therefor intermittently failing.

Does anyone know a workaround for this?

Thu Jun 20 20:58:38 2024 : Warning: EAP packets for one session are arriving from two different upstreamservers (10.92.0.9/32 and 10.92.0.11/32).  Has there been a proxy fail-over?

Thu Jun 20 20:58:41 2024 : Warning: EAP packets for one session are arriving from two different upstreamservers (10.92.0.9/32 and 10.92.0.11/32).  Has there been a proxy fail-over?

Azure Container Instances
Azure Container Instances
An Azure service that provides customers with a serverless container experience.
711 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Prrudram-MSFT 24,916 Reputation points
    2024-08-07T17:23:14.1633333+00:00

    Hello @Mark Dayton

    I think the issue is due to the load balancer distributing EAP packets across multiple upstream servers, causing fragmentation of the authorization requests. I am making some suggestions here that might I am hoping will guide you further.

    One workaround for this issue is to configure the load balancer to use a consistent hashing algorithm for session affinity. This will ensure that all packets for a given session are sent to the same backend instance.

    To configure session affinity in Azure Load Balancer, you can use the "hash-based" distribution mode. This mode uses a hashing algorithm to map each client IP address to a specific backend instance. You can follow the instructions in the "Configure session affinity" document to learn how to configure session affinity in Azure Load Balancer.

    https://video2.skills-academy.com/en-us/azure/load-balancer/distribution-mode-concepts

    Another workaround is to use a different load balancing solution that supports session affinity. For example, Azure Application Gateway supports session affinity using cookie-based or source IP-based affinity. You can follow the instructions from document https://video2.skills-academy.com/en-us/azure/application-gateway/configuration-http-settings to learn how to configure session affinity in Azure Application Gateway.

    I am also thinking if this can be an option -Using a Single Backend Server?

    If feasible, you could configure your load balancer to use a single backend server for handling EAP packets. This would eliminate the issue of packets being fragmented across multiple servers.

    I hope this helps you resolve the issue you are facing with intermittent authorization requests.

    If I have answered your query, please click "Accept as answer" as a token of appreciation

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.