FreeRadius Load balancing AWS Network Load Balancer

Emile Swarts emile.swarts123 at gmail.com
Fri May 21 13:55:42 CEST 2021


Hi,

We're implementing containerised Freeradius servers on AWS which we intend
to scale horizontally to accommodate current load. We use ECS Fargate and
currently have 6 servers running behind a Network Load balancer. Each of
these servers have exactly the same configuration and connect to a
centralised RDS database.

We've tested this setup and it's all looking successful. Ran performance
tests using eapol_test pointed at the load balancer. The fear was that
authentication requests could be broken up and fail when distributed
incorrectly to the containers. This seems to not be an issue because of a
concept known as the "UDP Flow" (
https://aws.amazon.com/blogs/containers/aws-fargate-now-supports-udp-load-balancing-with-network-load-balancer/)
with AWS Network load balancers.

For extra assurance on this proof of concept, I wanted to check if anyone
is aware any potential pitfalls with this design that I might be missing?
It looks like the Radius servers don't keep much state in memory (beyond
eap sessions), which would be a problem. Beyond that, does this
architecture design sound feasible?

Thanks,
Emile


More information about the Freeradius-Users mailing list