Freeradius Clustering for HA
Alan DeKok
aland at deployingradius.com
Tue Jun 2 21:32:31 CEST 2015
On Jun 2, 2015, at 3:14 PM, Michael Schwartzkopff <ms at sys4.de> wrote:
> Basically building a HA cluster of RADIUS servers is a bad idea. The protocol
> supports the use of multiple RADIUS servers. So there is no need for HA. HA
> causes a lot of pain if you want to do it really right.
Many RADIUS clients are *very* bad at fail-over. They might take 2 RADIUS servers in "fail-over" mode, and fail over from one to the other. BUT they will often never fail back. Even if the second RADIUS server goes down.
An HA system can be better. Though HA is complicated, too.
> Set up two (or more) radius servers and configure both IP addresses in your
> RADIUS clients.
If the RADIUS clients are sane. Which is not always the case.
> If you really need a load balancer, it still is no HA cluster. Just set up two
> (or more) RADIUS servers and hode them behind a virtual IP address of the load
> balancer.
Or, set up a VM with FreeRADIUS as a proxy. It can be tiny, because it has nearly no configuration. It shouldn't go down, because it's not doing anything. If it does go down, you can reboot the entire VM in less than a second/
Alan DeKok.
More information about the Freeradius-Users
mailing list