EAP proxing with client-balance

Wed Oct 7 22:20:36 CEST 2009

Alan Buxey <A.L.M.Buxey at lboro.ac.uk> wrote:
> 
>> 'currently_outstanding' or 'fr_rand()' when there is EAP traffic; I 
>> decided to add the clause !HOME_POOL_LOAD_BALANCE; things now work.
> 
> ouch. that should already be inherent within the EAP balance?
> 
Looking at the code, it's the sort of thing I would have overlooked

>> What do you think of the following patch, I think there is sound 
>> reasoning behind it, however of course I am just a network monkey?
> 
> doesnt this patch just make the 'balance' system become exactly
> the same as the fail-over system? ie, find a live one and stick with it
> for all times...
> 
Look in the top half of that function (honkingly large switch(){} 
statement), you will see the hashing algorithm (the 'start'ing hint) 
depends on what load balancing algorithm you want.

As a offtopic note, for FreeRADIUS 'eduroam' users we might want to 
start touting the following to be dropped into 'authorize[}':
----
if (Realm == "DEFAULT") {
  # workaround crappy load-balancing, thanks to Cisco's static src port
  update control {
    Load-Balance-Key := "%{NAS-IP-Address} %{NAS-Port} %{User-Name} %{Calling-Station-ID}"
  }

  handled
}
----

The FreeRADIUS document probably could have it's "EAP clause" suggestion 
recommending against using User-Name to amended to say "using 
Calling-Station-ID is probably a good idea though".

Cheers

-- 
Alexander Clouter
.sigmonster says: Love is being stupid together.
                  		-- Paul Valery