Hi, I would like to get opinions and suggestions about the best approach to set a load-balance solution. At first I have a lot of ideas but I am not sure if someone know another tips. My goal is to have a setup prepared to manage hundreds of requests between tens of NAS appliances (Redback, Cisco, Alcatel, ...) and also being a proxy between some partners (external home servers) My idea is: 1) Two servers positioned in the board exposed to the internet. +----------------------+ +---------------------+ | Board-Radius A | & | Board-Radius B | +----------------------+ +---------------------+ |_____________________| | +-----------------------------------------------------------+ | LAN (Cluster Zone) | +-----------------------------------------------------------+ | RadiusNode_1 | | RadiusNode_2 | | ........ | | RadiusNode_N | +-----------------------------------------------------------+ My approach is: In the "board zone" would have less of possible configuration, only related to load-balance like. e.g: Board-Radius A & B: <snip> # AUTH+ACCT home_server auth_node_1 { type = auth+acct ipaddr = 10.1.2.1 port = 1812 secret = secret require_message_authenticator = no response_window = 20 zombie_period = 5 revive_interval = 10 status_check = status-server check_interval = 10 num_answers_to_alive = 3 } home_server auth_node_N { type = auth+acct ipaddr = 10.1.2.N port = 1812 secret = secret # other options as last "auth_node_1" } home_server_pool auth_loadbalance { type = load-balance home_server = auth_node_1 home_server = auth_node_N virtual_server = handle-node-auth } ... server handle-node-auth { pre-proxy { if (&Packet-Type == Accounting-Request) { # keep a local copy of all acct packets detail } ... } post-proxy { .... } } # COA home_server coa_node_1 { type = coa ipaddr = 10.1.2.1 port = 3799 secret = secret # other options as last "auth_node_1" } home_server coa_node_N { type = coa ipaddr = 10.1.2.N port = 3799 secret = secret # other options as last "auth_node_1" } home_server_pool coa_loadbalance { type = load-balance virtual_server = handle-node-coa home_server = coa_node_1 home_server = coa_node_N } ... server handle-node-coa { pre-proxy { ... } post-proxy { .... } } .................. # Partner settings (external) home_server auth_partner1 { ..... } home_server_pool pool_auth_partner1 { home_server = auth_partner1 ..... } home_server coa_partner1 { ..... } home_server_pool pool_coa_partner1 { home_server = coa_partner1 ..... } realm partner1.com { auth_pool = pool_auth_partner1 coa_pool = pool_coa_partner1 } # default behavior for local realms. realm NULL { type = radius auth_pool = auth_loadbalance coa_pool = coa_loadbalance secret = secret } realm DEFAULT { type = radius auth_pool = auth_loadbalance coa_pool = coa_loadbalance secret = secret } realm mylocaldomain1.com { type = radius auth_pool = auth_loadbalance coa_pool = coa_loadbalance secret = secret } </snip> Doubts: What the best approach based in the "type" of the pool? Maybe the "keyed-balance" sounds better? I really appreciate all suggestions and tips about my approach. Best regards, ---- Jorge Pereira