Re: FW: Load balancing over two freeRADIUS Server

Mon, 03 Feb 2003 07:13:34 -0800 

Most load balancers (ex:  foundry and extreme switches) have various 
methods of hashing whether a connection goes to machine A or B (or C or D 
or ...).  I was originally going to suggest changing the default hashing 
algorithm to something other than the default.  Many load balancers' 
(except Cisco) by default run a hash on [Orig IP + Orig Socket + Dest IP + 
Dest Socket].  In order to ensure that (for example) your authentication 
requests and accounting go to the same server, you'd have to change the 
hashing method to be just [Orig IP].

However, that's a bad fit since typically the IP address of your NAS 
doesn't change, and/or the number of NASes is (relatively) low.  Each 
individual NAS would always be going to the same server all the time.

If I were you, I'd save the money on a load balancer and hand configure 
NAS A to go to radius server A, NAS B to go to server B, NAS C to go to A, 
NAS D to go to B, etc.  (Of course, you'd want NAS A to contact server B 
as a secondary, in case either one of your radius servers dies.  But it 
should "prefer" A.)

Vincent Giovannone
Network Infrastructure Group
Information Services Division
Rush - Presbyterian St. Luke's Medical Center

"So for the IT Manager Role, you want someone who's absolute crap, looks 
reasonable on paper, and won't cause too much trouble. ...  Well I don't 
have any MCSEs on my books at the moment, but I could call around."    -- 
Simon Travaglia





"Chesi Maurizio" <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]
02/03/2003 02:06 AM
Please respond to freeradius-users

 
        To:     <[EMAIL PROTECTED]>
        cc:     "Continanza Biagio" <[EMAIL PROTECTED]>, "Beligni Davide" 
<[EMAIL PROTECTED]>
        Subject:        FW: Load balancing over two freeRADIUS Server


We have been asked to put a load balancer to distribuite the 
load between two radius servers. The architecture will 
encompasses a hardware load balancer in front of 2 freeRADIUS servers.
We are wondering if this may cause a problem being the 
possibility that, for example an access-request may be 
managed by a server and, in case of challenge,
the response access-request containing the response to the 
challenge may be managed by the other radius server.
Thank you for any suggestion.


Maurizio Chesi
NETikos


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to