Re: Using ippool with two radius servers?
Echo FreeRadius [EMAIL PROTECTED] wrote: For example we are in the process of putting in 4 Nortel CVX 1800's with 1288 lines each all in one large roll over (5152 lines) in the GTA (Greater Toronto Area) From those 4 CVX's we are going to provide wholesale dialup port for 4 - 10 different ISP's ... Anyway we wouldn't want each ISP to have to assign 1288 IP's to each NAS as this would be a large waste of IP addresses. If we can have radius assign IP's then this greatly reduces the number of IP's allocated. This means that a particular IP address can be assigned on the fly to any one of 4 NAS boxes. In order to route the packet to the correct NAS, you've got to add a new route for that IP. This means (as Miquel said) thousands of routes, and hundreds of route flaps. I'm not sure how else to do it. Bridging and a smart switch may help, but then you've got to forcibly expire arp entries in the switch, and add new ones, when an IP address moves from NAS to NAS. That may be hard. Again for redundancy and performance we will likely have 2-4 radius servers per company depending on the redundancy level they require. The sharing of IP's between radius server IPpools is a great asset. It's also hard. You get into consistency issues, where the sharing may only done every so often, but customers may switch IP's and re-dial more often than that. I would think about the issues VERY carefully before implementing such a large and complicated network. Be very sure that you can do everything needed to make it work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Using ippool with two radius servers?
In article 00a101c1fd56$61050be0$b800a8c0@kelvindell, Echo FreeRadius [EMAIL PROTECTED] wrote: For example we are in the process of putting in 4 Nortel CVX 1800's with 1288 lines each all in one large roll over (5152 lines) in the GTA (Greater Toronto Area) From those 4 CVX's we are going to provide wholesale dialup port for 4 - 10 different ISP's Each ISP wants their customers to receive an address form their IP block so it resolves back to their company. This is done for several reasons controlling access to SMTP servers and other resources as well as just for appearance so that their customers can't see that we use the same dial-up ports. So you create 1 pool for each ISP on each CVX. The CVX supports multiple pools, and you can tell it which pool to use using a radius attribute. If you have 4 CVXes, just make each pool 25% of the max. number of dialin lines an ISP may use. Well maybe a bit larger to allow for not-perfect distribution of clients over the 4 CVXes. Mike. -- Insanity -- a perfectly rational adjustment to an insane world. - R.D. Lang - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Using ippool with two radius servers?
Ah, you only have one terminal server with 30.000 ports on it? In that case, route the /17 to that NAS and be done with it. But you likely have tens or hundreds of NASes. Either you're way ahead of me, or you really need to think this over. I think I'm ahead of you :-) Believe me, routing is not an issue here, I do have a /17 block with summarized pools in a way that I only need one static route per NAS (there are 20 of them). No need to use dinamic routing. Okay, you have a fixed pool assigned to each NAS. I still fail to see why you don't want the NAS to each handle the assignment of their own pools? But then what the heck do I know about building a big network... I have the same requirment (ippool over multiple radius servers). SOmetimes allocating IPs from the NAS will just not work. For example say we have 4000 dialin ports. We allocate the IPs from the NAS for those users. All good. But we have a different bunch of users. Eg Sat routed users. They need a different IP Pool. There are not enough customers to warrent putting another pool on each NAS box. This is where IPpool works nicley. Most bighish ISP's need more than 1 radius server. We have 6 load balanced behind a layer 4 switch. Simon Allard (Senior Tool Monkey) IHUG Ph (09) 358-5067 Email: [EMAIL PROTECTED] I'm out of my mind right now, but feel free to leave a message. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Using ippool with two radius servers?
At 03:51 PM 5/15/2002 -0300, Gelson Dias Santos wrote: Is there a way to syncronize the ip databases between two (or more) radius servers when using module ippool? If not, how do we avoid giving the same ip to two users at the same time if the primay and secondary radius does not share infop about the ips already in use? Yes, I kown I can have 'N' different ip pools configured, one for each NAS , but I'm talking about 30.000 dial ports, so I can't allocate 30.000 * N ips available. Why would you not want the NAS to handle their own ip pools? -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Using ippool with two radius servers?
In article [EMAIL PROTECTED], Gelson Dias Santos [EMAIL PROTECTED] wrote: Is there a way to syncronize the ip databases between two (or more) radius servers when using module ippool? If not, how do we avoid giving the same ip to two users at the same time if the primay and secondary radius does not share infop about the ips already in use? Yes, I kown I can have 'N' different ip pools configured, one for each NAS , but I'm talking about 30.000 dial ports, so I can't allocate 30.000 * N ips available. In that case you are also talking about 30.000 routes in your internal routing protocol - and with that many dialup ports, hundreds of route-flaps per second. It won't work. Your network and routers will fall over and die screaming. Mike. -- Insanity -- a perfectly rational adjustment to an insane world. - R.D. Lang - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Using ippool with two radius servers?
At 05:28 PM 5/15/2002 -0300, Gelson Dias Santos wrote: -Original Message- From: Miquel van Smoorenburg [mailto:[EMAIL PROTECTED]mailto:[EMAIL PROTECTED]] Yes, I kown I can have 'N' different ip pools configured, one for each NAS , but I'm talking about 30.000 dial ports, so I can't allocate 30.000 * N ips available. In that case you are also talking about 30.000 routes in your internal routing protocol - and with that many dialup ports, hundreds of route-flaps per second. It won't work. Your network and routers will fall over and die screaming. Why should I have 30.000 host routes All I have is one /17 summarized route. All those IP's are on the same CIDR block. Uhm. Unless you have only one NAS, you'll have major issues. Each user will get a /32 ip. If you have many NAS and the /32's are handed out by the radius server, then you need to have all the NAS telling each other about which /32's they have connected. If that is not clear, you need to study routing, route summarization, and ip subnetting some more. Back to the original question; can I have two Radius server managing the same IP address pool? No. ( And you really really really don't want to for 30,000 ips ). -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Using ippool with two radius servers?
Gelson Dias Santos [EMAIL PROTECTED] wrote: Back to the original question; can I have two Radius server managing the same IP address pool? It's difficult. Both RADIUS servers have to be kep in PERFECT synchronization, otherwise duplicate IP's are assigned. Your best bet may be to come up with some other solution... Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
