Deploying Freeradius in a HA environment
Arran Cudbard-Bell
A.Cudbard-Bell at sussex.ac.uk
Mon Jun 16 10:09:46 CEST 2008
A.L.M.Buxey at lboro.ac.uk wrote:
> Hi,
>
>
>> I would have to dispute that. We've seen NASes across the range (Cisco,
>> 3Com, Extreme) fail to move to the backup/secondary radius server they've
>> got configured.
>>
>
> report such bugs to the manufacturers of the NAS devices and double
> check your device configs -
> several of them have quirky ways of failing
> over. if you do want to point to a single IP etc then just standard
> L4 balancing will work
Yes, though if you're using EAP make sure that requests from a NAS
aren't spread over multiple servers.
> - but ensure that the FR boxes are sharing
> the same information if you rely on accounting records for decisions
> (eg simultaneous usage)
>
If you're look for a generic solution, layer 7 load balancers are the
answer; We are considering them because NAS based fail-over schemes are
never perfect, you always have to have a few missing responses before
the NAS realises something is up and does something about it.
--
Arran Cudbard-Bell (A.Cudbard-Bell at sussex.ac.uk),
Authentication, Authorisation and Accounting Officer,
Infrastructure Services (IT Services),
E1-1-08, Engineering 1, University Of Sussex, Brighton, BN1 9QT
DDI+FAX: +44 1273 873900 | INT: 3900
More information about the Freeradius-Users
mailing list