Most load balancers (ex: foundry and extreme switches) have various methods of hashing whether a connection goes to machine A or B (or C or D or ...). I was originally going to suggest changing the default hashing algorithm to something other than the default. Many load balancers' (except Cisco) by default run a hash on [Orig IP + Orig Socket + Dest IP + Dest Socket]. In order to ensure that (for example) your authentication requests and accounting go to the same server, you'd have to change the hashing method to be just [Orig IP].
However, that's a bad fit since typically the IP address of your NAS doesn't change, and/or the number of NASes is (relatively) low. Each individual NAS would always be going to the same server all the time. If I were you, I'd save the money on a load balancer and hand configure NAS A to go to radius server A, NAS B to go to server B, NAS C to go to A, NAS D to go to B, etc. (Of course, you'd want NAS A to contact server B as a secondary, in case either one of your radius servers dies. But it should "prefer" A.) Vincent Giovannone Network Infrastructure Group Information Services Division Rush - Presbyterian St. Luke's Medical Center "So for the IT Manager Role, you want someone who's absolute crap, looks reasonable on paper, and won't cause too much trouble. ... Well I don't have any MCSEs on my books at the moment, but I could call around." -- Simon Travaglia "Chesi Maurizio" <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 02/03/2003 02:06 AM Please respond to freeradius-users To: <[EMAIL PROTECTED]> cc: "Continanza Biagio" <[EMAIL PROTECTED]>, "Beligni Davide" <[EMAIL PROTECTED]> Subject: FW: Load balancing over two freeRADIUS Server We have been asked to put a load balancer to distribuite the load between two radius servers. The architecture will encompasses a hardware load balancer in front of 2 freeRADIUS servers. We are wondering if this may cause a problem being the possibility that, for example an access-request may be managed by a server and, in case of challenge, the response access-request containing the response to the challenge may be managed by the other radius server. Thank you for any suggestion. Maurizio Chesi NETikos - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html