Thanks Shaun. This is good reading. Barry
On Wed, Jul 27, 2016 at 11:38 AM, shaun gibson <xcor...@gmail.com> wrote: > On 27/07/2016 18:14, Barry Ard wrote: > > > We are running into some challenges configuring a new environment for > > Eduroam. > > > > Recently we have moved away from 2 servers running multiple radiator > > processes to a multiple VMs behind an F5 load balancer. This has been > > working well for our wireless infrastructure but has been posing > > challenges as we are trying to include our Eduroam config. > > > > The F5 is NATing to the VMs. The VMs have 2 interfaces: eth0 is a > > private address facing the F5, eth1 is a public address and is the > > default gateway. > > > > I have created a test enviroment with an external radius server to > > simulate Eduroam. > > Initially proxied requests would transit the VMs default gateway which > > I think is undesriable so I created a static route for the external > > radius server to force it out the load balancer facing interface. Now > > proxied requests have a private address which of course will not work. > > > > I think the desirable scenario would be for proxied requests to exit > > through the F5 and be NAT’d to source from the F5 external address. My > > colleague who admins the load balancer is hesitant to NAT externally > > using an address that is currently listening on a service. He thinks > > this is getting too complicated. > > > > I am sure others are using a load balancer in this scenario so please > > tell me what you are doing. > > > i've used direct server return for radius and it seemed to work well : > > > http://blog.haproxy.com/2011/07/29/layer-4-load-balancing-direct-server-return-mode/ > > https://devcentral.f5.com/articles/the-disadvantages-of-dsr-direct-server-return > > using the f5 for inbound and outbound traffic nat will also work, just > depends what your requirements are ... > > > _______________________________________________ > radiator mailing list > radiator@open.com.au > http://www.open.com.au/mailman/listinfo/radiator > -- Barry Ard barry....@ualberta.ca IST University of Alberta Edmonton, Alberta Canada
_______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator