failover and load balancing

Kanwar Ranbir Sandhu m3freak at thesandhufamily.ca
Fri Apr 17 22:52:25 CEST 2009 

On Fri, 2009-04-17 at 20:44 +0100, Ivan Kalik wrote:
> Two. One active and other as "hot" standby. 

Ok.

> >But, what if I don't want to proxy and only want two freeradius servers
> >that do auth, and two separate servers for accounting?
> 
> No need for extra accounting servers. Each server can do both authentication
> and handle accounting failover. 

I was thinking that if the accounting servers were separate, I would be
better able to manage growth/load, etc. since the DB would be the
primary bottleneck.  But, I can see the benefit of keeping the DB local.

> It's not done that way. Your NAS should have primary and backup radius
> servers defined. Almost any NAS should be able to handle that. It will send
> requests to primary server until it stops responding; then it will switch to
> secondary. This is all handled on NAS side - no freeradius involvement (it
> is hard for a dead server to get involved). You can use single IP on the NAS
> and configure a cluster/hartbeat/etc. but it is a bit over the top.

I thought I read a post in the list archive where someone stated not to
depend on the NAS to handle the fail over efficiently.  Perhaps I
misunderstood it.  Letting the NAS do it obviously makes things easier
and what I would prefer to do.

> Yes. Two identical configurations using buffered-sql or
> ronust-proxy-accounting to send accounting to the database (or it's backups)
> on top of default stuff. Even if you use load balancing (EAP can't work that
> way - all EAP exchanges need to go to the same server) you don't need to
> proxy accounting from one server to the other - both will read/write to the
> same database(s).

So, you're saying if the primary server's local database (e.g. mysql)
goes down, freeradius will switch to the mysql database on the secondary
server.  If the primary freeradius server stops responding, the NAS will
switch over to the secondary freeradius machine.  Either way, auth and
accounting stay up.  Is this correct?

I also believe you're saying that I could load balance, too. In this
case, auth and accounting could be done on both machines, and I would
still have one freeradius server in use (primary), from the NAS' point
of view.

In this scenario, don't the mysql databases on each machine have to be
kept in sync?  I've assumed that I would have to present one logical
database to the freeradius server, even if the database itself is
running on multiple mysql servers.  That's why I mentioned "database
cluster".  I don't know if my assumption is correct.

Regards,

Ranbir

-- 
Kanwar Ranbir Sandhu
Linux 2.6.27.21-170.2.56.fc10.x86_64 x86_64 GNU/Linux 
16:26:57 up 3 days, 16:23, 3 users, load average: 1.39, 1.30, 1.34

More information about the Freeradius-Users mailing list