On Jan 22, 2016, at 11:23 AM, Ruslan Kalakutsky <r.kalakutsky@gmail.com> wrote:
It's a question of simplicity and reliability if there are no possible deadlocks or race conditions.
Databases can have multiple clients reading and writing at the same time. This is what databases do.
Automate deployment of radius service on each IPSEC server easier than having another single point of failure.
You'll still have a single point of failure in the database. If the IPSec servers are physically close to the database, this will work. It's not a good idea, but it will work. If the IPSec servers are scattered around the net, this won't work. You're almost always better off centralizing RADIUS, and having a database close to the central RADIUS server. But if you think you know better, it's your network. Alan DeKok.