IPv4 *and* IPv6 addresses for home_servers and failover

Alan DeKok aland at deployingradius.com
Wed Jun 13 15:11:56 CEST 2012 

Bob Franklin wrote:
> I'd just just to check FreeRADIUS operates as I'm expecting (and have
> observed, in the limited amount of testing I've been able to do, before
> plugging things into the real world).  I'm trying to get our FreeRADIUS
> 2.1.12 servers ready to handle IPv4 and IPv6 and, in particular,
> IPv6-accessible home_servers (e.g. the UK JANET Roaming NRPS ones).

  It supports IPv6...

> If I do:
> 
>   home_server ja-net-roaming0_server {
> 
> ... I have to put ONE of:
> 
>     ipaddr = roaming0.ja.net
>     ipv6addr = roaming0.ja.net
> 
> ... which one I put will control whether IPv4 or IPv6 is used to contact
> that host.

  Yes.  That's how it works.

> If so, does this mean that, if I want to allow the possibility of
> talking to the servers over IPv6 as well as IPv4 (and failing between
> one and other, if either are unavailable), I have to configure two
> distinct servers and set them up in the pool?  e.g.

  Yes.

>   server_pool ja-net_pool {
>     type = client-balance
>     home_server = ja-net-roaming0_server
>     home_server = ja-net-roaming0_server6
>     home_server = ja-net-roaming1_server
>     home_server = ja-net-roaming1_server6
>     ...
>   }
> 
> This will mean that, when everything in the pool is up, some clients
> will always get an IPv4 home_server and some an IPv6 one.

  That's a limitation of the current design.  There are no "tiered" pools.

> I just want to confirm there's no way to configure a single home server
> that can use both IPv4 and IPv6, or have ones that use IPv6 unless it's
> available, then fail back to IPv4, and that what I'm proposing above is
> the recommended way of doing this.

  There's really not many ways of doing this simply.

> [I realise that, if I configure them separately like this, I have to
> manually manage whether individual home servers have IPv4 or IPv6
> registrations.]

  That has to be managed manually.  Home servers in RADIUS are tied to
IP addresses.

  It *may* be possible to automatically create multiple home servers
when the hostname resolves to multiple IPs.  But that would require code
changes.

  Alan DeKok.

More information about the Freeradius-Users mailing list