I'm glad that this will be possible in V3. Transparent mode in UDP would
greatly help with RADIUS.
I will be checking the planning page now eagerly :]
Thank you for this excellent project!
-Andy
From: Emilio Campos [mailto:[email protected]]
Sent: Tuesday, April 17, 2012 8:33 AM
To: [email protected]
Subject: Re: [Zenloadbalancer-support] UDPP Load balancing (#2) - RADIUS
I reply down in your lines.
2012/4/16 Andreas M. Iwanowski <[email protected]<mailto:[email protected]>>
Dear Zen folks.
I have to follow up with another question about UDP load balancing.
I'm trying to balance 3 RADIUS backends.
However, in UDP mode, Zen NATs the package and sends it off with its own IP to
the RADIUS server (which then doesn't respond since it's not a client that it
knows).
This problem goes away if I add the Zen load balancer as a RADIUS client.
However, then all clients using the load balanced solution will need to use the
same shared secret (less optimal).
E.g.:
Zen primary IP: 10.0.0.10
Zen Farm IP (Carped): 10.0.0.11
Radius Client: 10.0.0.1
Radius Server: 10.0.0.50
Essentially, an exchange goes like this:
10.0.0.1 -> 10.0.0.11 Radius Request
10.0.0.10 -> 10.0.0.50 Radius Request
*** nothing if zen primary IP is not a RADIUS client on 10.0.0.50
*** or if it is:
10.0.0.50 -> 10.0.0.10 Radius Accept
10.0.0.11 -> 10.0.0.1 Radius Accept
Ideally, is there a way to disable the NATing and just forward the packet to a
backend?
No, There isn't, This is named sNAT method, Zen LB works only in this way at
the moment
Is there any other way around this or do I have a fundamental misunderstanding
here?
There is not misunderstanding, all is fine, We are working now in v3, we are
going to add other methods to work that allow Zen to work in transparent mode,
but now, the only one solution is your own workaround defined in this email.
Otherwise I have to add both Zen cluster members as RADIUS clients and then
configure each "real client" to use the same shared secret.
-Andy
------------------------------------------------------------------------------
For Developers, A Lot Can Happen In A Second.
Boundary is the first to Know...and Tell You.
Monitor Your Applications in Ultra-Fine Resolution. Try it FREE!
http://p.sf.net/sfu/Boundary-d2dvs2
_______________________________________________
Zenloadbalancer-support mailing list
[email protected]<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
--
Load balancer distribution - Open Source Project
http://www.zenloadbalancer.com
Distribution list (subscribe):
[email protected]<mailto:[email protected]>
------------------------------------------------------------------------------
Better than sec? Nothing is better than sec when it comes to
monitoring Big Data applications. Try Boundary one-second
resolution app monitoring today. Free.
http://p.sf.net/sfu/Boundary-dev2dev
_______________________________________________
Zenloadbalancer-support mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
