Loadbalancing and failover using different servers

Jason Hodges jhodges at pocket.com
Fri Jan 14 16:08:15 CET 2011


> Let's suppose that there is also an attacker
> (a disglunted employee maybe?), who knows about this bug and decides
to
> attack my FreeRadius servers, so he starts sending these
> specially crafted packets to each server and since the two servers
have
> the same bug, both of them would die upon receiving these packets.

I suggest using network-based firewall or even a kernel-based firewall
to limit what IP addresses are allowed to talk to your radius server.
While it's not 100% perfect, it should at least limit your exposure to
hosts you know about and hopefully trust.

Managing two platforms is very tough especially given the flexibility
FreeRadius gives you.  Not all platforms will offer this.  You'd be
begging to put yourself in a situation where both platforms can't
perform the same tasks the same way. (in my opinion)



Regards,
Jason P Hodges
Senior Network and Systems Architect







More information about the Freeradius-Users mailing list