FreeRADIUS question

Douglas Lane dougsterlster at gmail.com
Sun Aug 19 17:07:40 CEST 2007


Hi All,

I have a little project for a small ISP that I would like to execute,
however, am just wondering about the infrastructure.

Currently, the core radius server is hosted in a secure datacenter that has
ample bandwidth available.

Now the issue I have is the "cells" where the Cisco Concentrators are have
slow links to the core radius server (these would be around 64 - 512kb). Now
I know that radius packets are small, however, the other issue is these
links will be used for internet access aswell. Currently each router
controlling the cell links have a VPN link over the internet to the core
radius server.

Now steps have been taken to enable QoS on these links so the VPN traffic
gets highest priority, however, what I wanna ask is the following:

I'd like to "cache" the usernames and password (effectively radcheck and
radgroupcheck) on each cell network (each cell has a local RADIUS server
that proxies the realm to the core radius server). This way, avoiding the
possibility that the link may be to slow to auth the user and hence cause a
timeout, as well as in case the VPN link itself is down.

The other question I'd like to get your opinion on is I'd like to have
accounting local to the cell's RADIUS server (for lookups from the Cisco),
but also have a way to replicate the accounting data to the core-radius
server.

I've looked at use MySQL replication, but i feel its not sufficient for my
requirements. Perhaps I'm wrong?

Obviously, for this particular situation, I'd like to only "cache" the
radcheck and radgroupcheck information for valid accounts in the that cell.
I don't really want to have every cell's users part of the the other cell's.
Obviously the idea is if the local RADIUS can't auth the use on itself, it
must peer to the next available RADIUS server (core radius).

Hope I've been as descriptive as possible.

I appreciate the help.

Thanks
Doug
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070819/34b52b97/attachment.html>


More information about the Freeradius-Users mailing list