On 27/07/2016 18:14, Barry Ard wrote: > We are running into some challenges configuring a new environment for > Eduroam. > > Recently we have moved away from 2 servers running multiple radiator > processes to a multiple VMs behind an F5 load balancer. This has been > working well for our wireless infrastructure but has been posing > challenges as we are trying to include our Eduroam config. > > The F5 is NATing to the VMs. The VMs have 2 interfaces: eth0 is a > private address facing the F5, eth1 is a public address and is the > default gateway. > > I have created a test enviroment with an external radius server to > simulate Eduroam. > Initially proxied requests would transit the VMs default gateway which > I think is undesriable so I created a static route for the external > radius server to force it out the load balancer facing interface. Now > proxied requests have a private address which of course will not work. > > I think the desirable scenario would be for proxied requests to exit > through the F5 and be NAT’d to source from the F5 external address. My > colleague who admins the load balancer is hesitant to NAT externally > using an address that is currently listening on a service. He thinks > this is getting too complicated. > > I am sure others are using a load balancer in this scenario so please > tell me what you are doing. > i've used direct server return for radius and it seemed to work well :
http://blog.haproxy.com/2011/07/29/layer-4-load-balancing-direct-server-return-mode/ https://devcentral.f5.com/articles/the-disadvantages-of-dsr-direct-server-return using the f5 for inbound and outbound traffic nat will also work, just depends what your requirements are ...
signature.asc
Description: OpenPGP digital signature
_______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
