Technical Announcement about iMC_EIA_V9 mac-portal authentication failure due to abnormal Kafka communication, indicating that the radius server cannot be connected

H3C_ iMC_EIA V9

Versions before iMC_EIA_V9 E0215H04 (not included)

When the EIA_V9 product performs mac-portal authentication, when the EIA pod status is normal, the terminal page will report an error prompting "Unable to connect to the RADIUS server, please contact the administrator". The specific error is as follows:

If you encounter the above problems, if you collect kafka.log through the background of any node, the collection method is as follows：

If there is a similar error prompt in the log content:

[2021-11-08 20:56:48,249] WARN [SocketServer brokerId=0] Unexpected error from /177.177.50.33; closing connection (org.apache.kafka.common.network.Selector)

org.apache.kafka.common.network.InvalidReceiveException: Invalid receive (size = xxxxxxxx  larger than 104857600)

         at org.apache.kafka.common.network.NetworkReceive.readFrom(NetworkReceive.java:104)

         at org.apache.kafka.common.network.KafkaChannel.receive(KafkaChannel.java:424)

         at org.apache.kafka.common.network.KafkaChannel.read(KafkaChannel.java:385)

         at org.apache.kafka.common.network.Selector.attemptRead(Selector.java:651)

         at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:572)

         at org.apache.kafka.common.network.Selector.poll(Selector.java:483)

         at kafka.network.Processor.poll(SocketServer.scala:890)

         at kafka.network.Processor.run(SocketServer.scala:789)

         at java.lang.Thread.run(Thread.java:748)

It indicates that the mac-portal authentication failed due to an abnormal Kafka communication. The cause of the problem is that when Kafka receives an abnormal packet with a source address of eia-uam-dm and the packet size exceeds the Kafka processing limit (104857600 bytes), it triggers Kafka's own protection mechanism, which causes Kafka to actively disconnect from EIA Cause the authentication to fail.

Workaround:

After the problem occurs, if the authentication failure caused by the abnormal Kafka communication is confirmed according to the above analysis, the following operations can be used to circumvent it:

Log in to any node, query the pod names of all eia-uam-dm, restart all pods named by eia-uam-dm, and establish the connection between kafka and eia-uam-dm again. Methods as below:

1. Log in to any node of the server and query all pod names of eia through kubectl get pod -A| grep eia-uam-dm

2. Use kubectl delete pod [pod name] -n service-software to restart all pods starting with eia-uam-dm name, multiple pods are separated by spaces.

Solution:

Upgrade to EIA_V9 E0215H04 version to solve.