Loadbalancing and failover using different servers
Alexander Clouter
alex at digriz.org.uk
Fri Jan 14 14:58:33 CET 2011
Alan DeKok <aland at deployingradius.com> wrote:
>
>> I want to implement a RADIUS load-balancing and failover scenario using
>> FreeRadius and Cisco ACS. The idea I have in mind is to have these two
>> servers answering to RADIUS requests in a round-robin fashion and should
>> one of them for some reason go down, the other one would take care of
>> answering to the RADIUS requests.
>
> You will need a load balancer in front of the two servers.
>
Round robin can be problematic as EAP sessions cannot be round-robined
without some due care and attention spent in the load-balancer. The
load-balancer also ironically provides a single point of failure :)
>> Have any of you implemented such an scenario, using FreeRadius together
>> with another RADIUS server from a different vendor? If so, what are the
>> main problems you found doing this (incompatibility, high-maintenance
>> costs, effort, etc)?
>>
>> I'd be very glad to hear from you as to why such an scenario
>> make/doesn't make sense.
>
> I don't see why you would put two different servers into one
> load-balance pool. And even worse, pairing a horrible server with a
> great one!
>
Probably because you have to edit the FreeRADIUS sourcecode and
recompile it to say 'Cisco' on it to appease manglement :)
Resilience we provision onsite here by anycast'ing our two FreeRADIUS
boxes (http://www.open-rd.org/ [1]):
http://www.digriz.org.uk/ha-ospf-anycast
Cheers
[1] ARM based box running Debian[2], for $150 that uses 7W of power,
suitable for our needs, a university with 4000 students and 600
staff (mac-auth for all the workstations, LDAP backed and 802.1X
for the students)
[2] http://www.digriz.org.uk/kirkwood
--
Alexander Clouter
.sigmonster says: Stamp out organized crime!! Abolish the IRS.
More information about the Freeradius-Users
mailing list