failover and load balancing

Ivan Kalik tnt at kalik.net
Fri Apr 17 21:44:45 CEST 2009


>Anyway, I've been wondering how many servers are required to have a proper
(i.e. no single point of failure) on the freeradius side of things.

Two. One active and other as "hot" standby. 
 
>I know that I can have one freeradius server proxying requests to any
number of authorization and/or accounting servers - great.

But you want to avoid single point of failure - so that is out.

>But, what if I don't want to proxy and only want two freeradius servers
that do auth, and two separate servers for accounting?

No need for extra accounting servers. Each server can do both authentication
and handle accounting failover. 

>I can conceptualize a cluster or even simple fail over using heartbeat for
the database bit.

No need.

>What I don't understand is how the failover and load balancing is done on
the freeradius level (i.e. for auth) and still enter a single IP for
freeradius on the NAS.

It's not done that way. Your NAS should have primary and backup radius
servers defined. Almost any NAS should be able to handle that. It will send
requests to primary server until it stops responding; then it will switch to
secondary. This is all handled on NAS side - no freeradius involvement (it
is hard for a dead server to get involved). You can use single IP on the NAS
and configure a cluster/hartbeat/etc. but it is a bit over the top.

>Am I supposed to configure a virtual server on the first freeradius server,
copy the config to the second machine,

Yes. Two identical configurations using buffered-sql or
ronust-proxy-accounting to send accounting to the database (or it's backups)
on top of default stuff. Even if you use load balancing (EAP can't work that
way - all EAP exchanges need to go to the same server) you don't need to
proxy accounting from one server to the other - both will read/write to the
same database(s).

Ivan Kalik
Kalik Informatika ISP





More information about the Freeradius-Users mailing list