RADIUS, anycast, and high availability
Alan DeKok
aland at deployingradius.com
Thu Jun 26 14:23:47 CEST 2014
Jason Healy wrote:
> We’re looking into using anycast and a group of servers for some of our stateless services (like DNS and NTP) to increase availability, as anycast “automatically” routes traffic to one machine in a group. I’m wondering if RADIUS is a good candidate for this as well. Being UDP-based is a good start, but I don’t know if the servers will get annoyed if (say) multiple packets in an EAP conversation don’t go to the same server. DNS is much simpler as its usually single-shot (request -> reply).
Anycast will work for RADIUS under the following conditions:
- only PAP, CHAP, or MS-CHAP is used
- all RADIUS servers share the same list of clients
- including the same shared secret for each client <-> IP pair
> Basically: has anyone else tried it? Or is this a Bad Idea and I just stick to regular multi-server with failover on the NAS?
It will work. NAS failover is generally horrible.
Alan DeKok.
More information about the Freeradius-Users
mailing list