Am Mittwoch, 9. Oktober 2013, 09:41:19 schrieb Alex Sharaz: > Hi, > > Is anyone out there load balancing RADIUS with an F5 load balancer? We're > doing it here, but I can't help thinking that the actual load balancing > algorithm need some tweaking. > > As far as I'm aware ( systems section support the F5 boxes) > > 1). We're using round robin to spread the load over 2 back end radius > servers. 2). There is some "general" sticky persistence so that once a RAS > device starts talking to a particular back end server it continues to talk > to that server for a predetermined length of time ( might be an hour, not > sure). This ensures that an eap dialogue will always talk to the same back > end server for the duration of the "stuck" time. Not sure what happens when > you get to the end of the time interval though. > > According to the F5 statistics, overall radius traffic seems to be shared > evenly over the 2 back end servers. However, our most heavily loaded RAS > client is our wireless network. While we have 900 switches doing mac and > 802.1x based auth, we can have 6000+ users on our wireless network all > authenticating to RADIUS via 3 RAS clients. Looking at the back end server > log files, it does look as if, in general, all wireless RADIUS auths head > for the same back end server. > > I was wondering if there's a way off having a bit more granularity in terms > of how the f5 load balances incoming RADIUS requests.
You would need to use application layer load balancing on the BigIPs. But I don't think that you can configure this on the BigIPs. The RADIUS protocol is stateless, so there is no criteria in the application that a load balancer could use to balance inside the application. Greetings, -- Mit freundlichen Grüßen, Michael Schwartzkopff -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64, +49 (162) 165 0044 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
signature.asc
Description: This is a digitally signed message part.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html