RE: failover and load balancing
Postgres does supposedly have a version in beta for full master-master replication, but every time we've tried to get it running it's crashed on us as soon as we tried to actually write any data. Postgres in general seemed much slower than MySQL for reading the data we needed as well. I use a PostgreSQL DB form my three AAA server and the DB is enough quick for serveral request per second. However, I am looking for a (free) master-master DB, and the replication in postgres crashes. And the problem in MySQL it was told before. I admit suggestions for a BETTER free DB. _ ¿Quieres crear tus propios emoticonos gratis? Descubre cómo hacerlo en el Club Oficial de Messenger http://vivelive.com/ilovemessenger/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: failover and load balancing
snip I use a PostgreSQL DB form my three AAA server and the DB is enough quick for serveral request per second. Aah. We were wanting to handle 100 or so requests a second. Postgres might well have done this, but we wanted room for expansion and our tests with 10'000 requests at ~100 a second showed Postgres being noticeably slower than MySQL. As long as it's good enough for your purposes there's no reason to switch though. However, I am looking for a (free) master-master DB, and the replication in postgres crashes. And the problem in MySQL it was told before. I admit suggestions for a BETTER free DB. We had a good look and were unfortunately unable to find anything for free. If you can deal with master-slave, MySQL seems to be the best bet. If you must have master-master, you're out of luck until Postgres gets it working or someone else implements it. It seems that to get something like this you'll have to end up paying Oracle or someone similar a fat pile of money. I could be wrong, there might be one we've missed. If so, i'd love to know as well, as master-master replication would make our lives easier too :) -- Dan Meyers Network Specialist, Lancaster University E-Mail: d.mey...@lancaster.ac.uk - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: failover and load balancing
Hi, Meyers, Dan schrieb: snip I use a PostgreSQL DB form my three AAA server and the DB is enough quick for serveral request per second. I could be wrong, there might be one we've missed. If so, i'd love to know as well, as master-master replication would make our lives easier too :) What is your need? More Read than write? Mabye think about mysql proxy or some free cluster option. BR Uwe -- kiste lat: 54.322684, lon: 10.13586 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: failover and load balancing
Uwe Kastens wrote: Hi, Meyers, Dan schrieb: snip I use a PostgreSQL DB form my three AAA server and the DB is enough quick for serveral request per second. I could be wrong, there might be one we've missed. If so, i'd love to know as well, as master-master replication would make our lives easier too :) What is your need? More Read than write? Mabye think about mysql proxy or some free cluster option. BR Uwe First the disclaimer: I have not used this only read about it! What about pgpoolII? supposedly a PostgreSQL master-master replication package -- JohnM - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: failover and load balancing
On Wed, Apr 22, 2009 at 2:58 PM, Santiago Balaguer García santiago...@hotmail.com wrote: However, I am looking for a (free) master-master DB, and the replication in postgres crashes. And the problem in MySQL it was told before. I admit suggestions for a BETTER free DB. MySQL can do master-master replication just fine, when configured correctly. Then there's MySQL cluster, which requires more powerful hardware and more complex setup, but it should be pretty ideal to hold user login information (not so ideal for acct though). If that's not enough, you can always combine both to have master-master replicated MySQL cluster, but that would be overkill for radius needs. Regards, Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: failover and load balancing
Am Mittwoch, 22. April 2009 11:54:00 schrieb Meyers, Dan: snip I use a PostgreSQL DB form my three AAA server and the DB is enough quick for serveral request per second. Aah. We were wanting to handle 100 or so requests a second. Postgres might well have done this, but we wanted room for expansion and our tests with 10'000 requests at ~100 a second showed Postgres being noticeably slower than MySQL. As long as it's good enough for your purposes there's no reason to switch though. However, I am looking for a (free) master-master DB, and the replication in postgres crashes. And the problem in MySQL it was told before. I admit suggestions for a BETTER free DB. We had a good look and were unfortunately unable to find anything for free. If you can deal with master-slave, MySQL seems to be the best bet. If you must have master-master, you're out of luck until Postgres gets it working or someone else implements it. It seems that to get something like this you'll have to end up paying Oracle or someone similar a fat pile of money. I could be wrong, there might be one we've missed. If so, i'd love to know as well, as master-master replication would make our lives easier too :) -- Dan Meyers Hi, I never tried it myself, but I know the author. He is quite good. so my advise would be cybercluster. See: http://www.postgresql.at/english/pr_cybercluster_e.html -- Dr. Michael Schwartzkopff MultiNET Services GmbH Addresse: Bretonischer Ring 7; 85630 Grasbrunn; Germany Tel: +49 - 89 - 45 69 11 0 Fax: +49 - 89 - 45 69 11 21 mob: +49 - 174 - 343 28 75 mail: mi...@multinet.de web: www.multinet.de Sitz der Gesellschaft: 85630 Grasbrunn Registergericht: Amtsgericht München HRB 114375 Geschäftsführer: Günter Jurgeneit, Hubert Martens --- PGP Fingerprint: F919 3919 FF12 ED5A 2801 DEA6 AA77 57A4 EDD8 979B Skype: misch42 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: failover and load balancing
Hello, I could be wrong, there might be one we've missed. If so, i'd love to know as well, as master-master replication would make our lives easier too :) What is your need? More Read than write? Mabye think about mysql proxy or some free cluster option. First the disclaimer: I have not used this only read about it! What about pgpoolII? supposedly a PostgreSQL master-master replication package I think there might be much more read access then write access by using a DB backend for RADIUS. If so it might be enough to have one master to write and many slaves to read from. Or many master with a kind of sql proxy like Sequoia or mysql-proxy. The problem with master master for mysql is, that you have to resync each time you are dropping a table, a view etc.pp. BR uwe -- kiste lat: 54.322684, lon: 10.13586 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: failover and load balancing
Michael, supposedly a PostgreSQL master-master replication package I think there might be much more read access then write access by using a DB backend for RADIUS. If so it might be enough to have one master to write and many slaves to read from. Or many master with a kind of sql proxy like Sequoia or mysql-proxy. The problem with master master for mysql is, that you have to resync each time you are dropping a table, a view etc.pp. BR uwe It depends on what you are doing. If you want to read out you user database for authentication you are right. But If you want to write accouting you have a lot of writes. I have seen up to 300 writes/sec for a small national provider. Ok. That is true. In that case you are talking about loosing money if the database is offline. But that is not an application issue, therefore you will need a real database cluster. And I am not talking about oracle RAC :-) I would prefer to have some fallback solution to write data to a flat file if the database is offline (which should be a question of minutes or an hour) and import it later on. Or try to find out, how much performance sqltrace option in freeradius will cost. BR Uwe -- kiste lat: 54.322684, lon: 10.13586 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: failover and load balancing POSTGRESQL
Yes, man. We know the PostgreSQL solution does not work. ORACLE is expensive. MySQL is one master and serveral slaves. Do you know another master-master database management system which is cheap? Santiago Ok. That is true. In that case you are talking about loosing money if the database is offline. But that is not an application issue, therefore you will need a real database cluster. And I am not talking about oracle RAC :-) I would prefer to have some fallback solution to write data to a flat file if the database is offline (which should be a question of minutes or an hour) and import it later on. Or try to find out, how much performance sqltrace option in freeradius will cost. BR Uwe -- kiste lat: 54.322684, lon: 10.13586 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _ Más rápido, sencillo y seguro. Descárgate ya el nuevo Internet Explorer 8 ¡Es gratis! http://www.vivelive.com/ie8 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: failover and load balancing POSTGRESQL
Santiago, Yes, man. We know the PostgreSQL solution does not work. ORACLE is expensive. MySQL is one master and serveral slaves. I don't think that the price of oracle is the problem. Without 3rd party there is no way to have a real cluster solution. Do you know another master-master database management system which is cheap? 1) Try to use a sql proxy which cares about replication for you. For example http://community.continuent.com/community/sequoia . 2) Try to split your database for different tasks. 3) Ask a good database consultant for a solution. BR Uwe -- kiste lat: 54.322684, lon: 10.13586 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: failover and load balancing POSTGRESQL
Yes, man. We know the PostgreSQL solution does not work. ORACLE is expensive. MySQL is one master and serveral slaves. You can set up MySQL as master1-slave2 == slave1-master2. That works sort of like master-master replication. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: failover and load balancing POSTGRESQL
If you require synchronous replication and your queries are conducive to it there is MySQL Cluster. You might get some of the functionality you want with DRBD (but write performance hits) and MySQL, which is supported officially by MySQL, or through the use of circular replication with a pair of masters in MySQL as Ivan mentioned. This type of configuration can also be managed using the Multi master master ( http://code.google.com/p/mysql-master-master/) project. If you require support Percona will provide support for that project as well. On Wed, Apr 22, 2009 at 1:54 PM, t...@kalik.net wrote: Yes, man. We know the PostgreSQL solution does not work. ORACLE is expensive. MySQL is one master and serveral slaves. You can set up MySQL as master1-slave2 == slave1-master2. That works sort of like master-master replication. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: failover and load balancing
On Wed, Apr 22, 2009 at 8:43 PM, Uwe Kastens ki...@kiste.org wrote: The problem with master master for mysql is, that you have to resync each time you are dropping a table, a view etc.pp. No you don't. When setup correctly, all SQL statement on one node will be executed on the other node as well. That includes DDL like creating/dropping table, or adding/removing users. An exception is if you EXPLICITLY don't replicate changes to mysql schema. In that case what you say might be true. It depends on what you are doing. If you want to read out you user database for authentication you are right. But If you want to write accouting you have a lot of writes. I have seen up to 300 writes/sec for a small national provider. If you have enough memory then with Innodb engine on MySQL you can easily serve all reads from Innodb buffer pool (a.k.a. memory cache). That way only writes will be disk-bound. My db currently handles over 100k reads/s, mostly served from buufer pool. That way I only need to scale the disk enough to handle writes (currently around several hundred writes/s) I would prefer to have some fallback solution to write data to a flat file if the database is offline (which should be a question of minutes or an hour) and import it later on. which is what buffered-sql does for acct. Regards, Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: failover and load balancing
-Original Message- From: freeradius-users- bounces+d.meyers=lancaster.ac...@lists.freeradius.org [mailto:freeradius-users- bounces+d.meyers=lancaster.ac...@lists.freeradius.org] On Behalf Of Kanwar Ranbir Sandhu Sent: 17 April 2009 21:52 To: freeradius-users@lists.freeradius.org Subject: RE: failover and load balancing snip I also believe you're saying that I could load balance, too. In this case, auth and accounting could be done on both machines, and I would still have one freeradius server in use (primary), from the NAS' point of view. There are probably many better ways of doing it, but the simplest way to load balance across multiple FreeRADIUS servers is just to set each server as 'primary' on an equal number of NASes, i.e. 2 servers = half your NASes with server A as primary, half with server B as primary. A NAS will always talk to its primary server if it can possibly manage it. If all NASes have the same IP for their primary server then you'll have to start doing funky things external to both the NAS and FreeRADIUS to load balance nicely. I guess you could proxy from one server to the other for some requests using unlang rules or similar, but by that point you might as well just handle it on the server it's already hit. In this scenario, don't the mysql databases on each machine have to be kept in sync? I've assumed that I would have to present one logical database to the freeradius server, even if the database itself is running on multiple mysql servers. That's why I mentioned database cluster. I don't know if my assumption is correct. MySQL has replication inbuilt. You can run one server as the master and as many others as you want as slaves. Slaves can't be written to, but can be read from. We're actually using this setup for redundancy in a system we're currently developing. 2 databases within a single MySQL process per server (each of which also runs FreeRADIUS). 1 database is replicated across all the servers, with one server acting as the master. The other database is unique to each server, not replicated. We have a script that runs on the master server every 5 seconds, pulls data from all the 'writable' (i.e. non-replicated) dbs on all the slaves, and writes it to the master replicated db. All systems read data from their local copy of the replicated DB, and write to their local non-replicated DB. It means we can have data that is up to 5 seconds out of date, but at any one point all FreeRADIUS servers have exactly the same view as they read, so it isn't too much of a problem (for us). Please note that we're doing this using rlm_perl and having 2 database handles per perl thread, one for reads and one for writes. I'm not sure if you can separate out the read and write databases like this if you're just using rlm_sql or similar. If you do far more reads that writes (we're writing a lot of logging data back, but if we weren't reads would far outnumber writes) then you might want to consider the simpler system of reading from the local database and just always writing back to the master. You do then run into the issue of the master being a single point of failure for writes, whereas with our system no data is lost, it's just buffered until the master comes back online and the script runs again. Postgres does supposedly have a version in beta for full master-master replication, but every time we've tried to get it running it's crashed on us as soon as we tried to actually write any data. Postgres in general seemed much slower than MySQL for reading the data we needed as well. -- Dan Meyers Network Specialist, Lancaster University E-Mail: d.mey...@lancaster.ac.uk - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: failover and load balancing
Anyway, I've been wondering how many servers are required to have a proper (i.e. no single point of failure) on the freeradius side of things. Two. One active and other as hot standby. I know that I can have one freeradius server proxying requests to any number of authorization and/or accounting servers - great. But you want to avoid single point of failure - so that is out. But, what if I don't want to proxy and only want two freeradius servers that do auth, and two separate servers for accounting? No need for extra accounting servers. Each server can do both authentication and handle accounting failover. I can conceptualize a cluster or even simple fail over using heartbeat for the database bit. No need. What I don't understand is how the failover and load balancing is done on the freeradius level (i.e. for auth) and still enter a single IP for freeradius on the NAS. It's not done that way. Your NAS should have primary and backup radius servers defined. Almost any NAS should be able to handle that. It will send requests to primary server until it stops responding; then it will switch to secondary. This is all handled on NAS side - no freeradius involvement (it is hard for a dead server to get involved). You can use single IP on the NAS and configure a cluster/hartbeat/etc. but it is a bit over the top. Am I supposed to configure a virtual server on the first freeradius server, copy the config to the second machine, Yes. Two identical configurations using buffered-sql or ronust-proxy-accounting to send accounting to the database (or it's backups) on top of default stuff. Even if you use load balancing (EAP can't work that way - all EAP exchanges need to go to the same server) you don't need to proxy accounting from one server to the other - both will read/write to the same database(s). Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: failover and load balancing
Hi, Kalik's advices are very good - just to add some words: Certainly such a failover is achieved on the client side. NAS's have options to do that. On Cisco VoIP routers e.g.you can do it with the RADIUS groups. You can have broadcast groups to achieve redundancy - send the requests to multiple RADIUS servers and normal failover groups. There are examples in the FreeRADIUS docs but check the NASs manuals too. You can usually configure also parameters like timeouts, retransmits etc On 17.04.2009, at 22:44, Ivan Kalik t...@kalik.net wrote: Anyway, I've been wondering how many servers are required to have a proper (i.e. no single point of failure) on the freeradius side of things. Two. One active and other as hot standby. I know that I can have one freeradius server proxying requests to any number of authorization and/or accounting servers - great. But you want to avoid single point of failure - so that is out. But, what if I don't want to proxy and only want two freeradius servers that do auth, and two separate servers for accounting? No need for extra accounting servers. Each server can do both authentication and handle accounting failover. I can conceptualize a cluster or even simple fail over using heartbeat for the database bit. No need. What I don't understand is how the failover and load balancing is done on the freeradius level (i.e. for auth) and still enter a single IP for freeradius on the NAS. It's not done that way. Your NAS should have primary and backup radius servers defined. Almost any NAS should be able to handle that. It will send requests to primary server until it stops responding; then it will switch to secondary. This is all handled on NAS side - no freeradius involvement (it is hard for a dead server to get involved). You can use single IP on the NAS and configure a cluster/hartbeat/etc. but it is a bit over the top. Am I supposed to configure a virtual server on the first freeradius server, copy the config to the second machine, Yes. Two identical configurations using buffered-sql or ronust-proxy-accounting to send accounting to the database (or it's backups) on top of default stuff. Even if you use load balancing (EAP can't work that way - all EAP exchanges need to go to the same server) you don't need to proxy accounting from one server to the other - both will read/write to the same database(s). Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: failover and load balancing
On Fri, 2009-04-17 at 20:44 +0100, Ivan Kalik wrote: Two. One active and other as hot standby. Ok. But, what if I don't want to proxy and only want two freeradius servers that do auth, and two separate servers for accounting? No need for extra accounting servers. Each server can do both authentication and handle accounting failover. I was thinking that if the accounting servers were separate, I would be better able to manage growth/load, etc. since the DB would be the primary bottleneck. But, I can see the benefit of keeping the DB local. It's not done that way. Your NAS should have primary and backup radius servers defined. Almost any NAS should be able to handle that. It will send requests to primary server until it stops responding; then it will switch to secondary. This is all handled on NAS side - no freeradius involvement (it is hard for a dead server to get involved). You can use single IP on the NAS and configure a cluster/hartbeat/etc. but it is a bit over the top. I thought I read a post in the list archive where someone stated not to depend on the NAS to handle the fail over efficiently. Perhaps I misunderstood it. Letting the NAS do it obviously makes things easier and what I would prefer to do. Yes. Two identical configurations using buffered-sql or ronust-proxy-accounting to send accounting to the database (or it's backups) on top of default stuff. Even if you use load balancing (EAP can't work that way - all EAP exchanges need to go to the same server) you don't need to proxy accounting from one server to the other - both will read/write to the same database(s). So, you're saying if the primary server's local database (e.g. mysql) goes down, freeradius will switch to the mysql database on the secondary server. If the primary freeradius server stops responding, the NAS will switch over to the secondary freeradius machine. Either way, auth and accounting stay up. Is this correct? I also believe you're saying that I could load balance, too. In this case, auth and accounting could be done on both machines, and I would still have one freeradius server in use (primary), from the NAS' point of view. In this scenario, don't the mysql databases on each machine have to be kept in sync? I've assumed that I would have to present one logical database to the freeradius server, even if the database itself is running on multiple mysql servers. That's why I mentioned database cluster. I don't know if my assumption is correct. Regards, Ranbir -- Kanwar Ranbir Sandhu Linux 2.6.27.21-170.2.56.fc10.x86_64 x86_64 GNU/Linux 16:26:57 up 3 days, 16:23, 3 users, load average: 1.39, 1.30, 1.34 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html