Update on v4

Alan DeKok aland at deployingradius.com
Tue Aug 29 14:24:59 CEST 2017 

On Aug 29, 2017, at 8:14 AM, Alan Buxey <alan.buxey at gmail.com> wrote:
> what about dealing with EAP - ie so that the request goes back to the
> the same home_server instance? how is EAP load-balanced backends or
> remote proxies dealt with ?

  The "load-balance" keyword now takes an option:

	load-balance "%{Calling-Station-Id}" {
		home_server_1
		home_server_2
		...
	}

  This is the same as the v3 proxying "keyed" load-balance .  The difference is that it also works for SQL databases!

	load-balance "%{User-Name}" {
		sql1
		sql2
		...
	}

  Which gets you pretty simple sharding...

  See raddb/README.md in the latest v4.0.x for more on proxying and the "Radius" module.

>>  Or catch proxy failures:
>> 
>>        home_server_1
>>        if (fail) {
>>                linelog
>>        }
> 
> handy - but what about the logic that marks that server as
> dead/zombie?  can that call to home_server_1 be
> avoided already if the state of that server is already known?

  Mostly, yes... the difference in v4 is that the radius module deals with connections.  i.e. home server state is per connection, not global.

  Right now, it tries hard to proxy requests.  Which means sitting on them until either there's a timeout, or until the home server becomes alive again.

  But yes, it would be good to have an "early fail" configuration.  "if down, don't add more requests, and just skip this home server"

>>        parallel {
>>                home_server_1
>>                home_server_2
>>                home_server_3
>>        }
>> 
>>  i.e. it sends packets t home_server_1, then 2, then 3.  It waits until it receives responses (or timeouts) from all of them.  It then continues with processing the request.
> 
> can it not carry on as soon as one reply gets back?

  That's reasonable, but requires some minor code changes.

> PS 'trivial to do' if you know the language and the tool. please
> ensure you avoid the curse of knowledge ;-)

  Well, it will all be well documented before v4 is released.

  The "trivial to do" means that in v3, it was impossible.  In v4, it's 5 lines of configuration "parallel ...", followed by configuring 4 "radius" modules. 

  Alan DeKok.

More information about the Freeradius-Users mailing list