Source IP address for proxy requests
Alan DeKok
aland at deployingradius.com
Mon Sep 25 17:43:18 CEST 2006
"Angel L. Mateo" <amateo at um.es> wrote:
> > I note RADIUS packets are using UDP, which means they're connectionless.
> > I think you don't want a machine from the cluster send a proxy request,
> > and a different machine get the proxy reply. This wouldn't work.
> >
> This is an impossible situation, because I have an active/standby
> configuration of the cluster. Just one node is running the IP and the
> server. The other node is just a backup one (in a normal environment).
It's not impossible. It will happen EVERY TIME the active & standby
switch roles.
I've built clusters like this before. The clustered IP should be
used ONLY for incoming traffic, and replies to that traffic. Any
traffic originating from the cluster MUST use the machine-specific IP.
This goes for every protocol, not just RADIUS.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
More information about the Freeradius-Users
mailing list