suggestions about load-balance/cluster
Jorge Pereira
jpereiran at gmail.com
Wed Oct 21 19:48:53 CEST 2015
Hi,
I would like to get opinions and suggestions about the best
approach to set a load-balance solution. At first I have a lot of
ideas but I am not sure if someone know another tips.
My goal is to have a setup prepared to manage hundreds of requests
between tens of NAS appliances (Redback, Cisco, Alcatel, ...) and also
being a proxy between some partners (external home servers)
My idea is:
1) Two servers positioned in the board exposed to the internet.
+----------------------+ +---------------------+
| Board-Radius A | & | Board-Radius B |
+----------------------+ +---------------------+
|_____________________|
|
+-----------------------------------------------------------+
| LAN (Cluster Zone) |
+-----------------------------------------------------------+
| RadiusNode_1 |
| RadiusNode_2 |
| ........ |
| RadiusNode_N |
+-----------------------------------------------------------+
My approach is: In the "board zone" would have less of possible
configuration, only related to load-balance like.
e.g: Board-Radius A & B:
<snip>
# AUTH+ACCT
home_server auth_node_1 {
type = auth+acct
ipaddr = 10.1.2.1
port = 1812
secret = secret
require_message_authenticator = no
response_window = 20
zombie_period = 5
revive_interval = 10
status_check = status-server
check_interval = 10
num_answers_to_alive = 3
}
home_server auth_node_N {
type = auth+acct
ipaddr = 10.1.2.N
port = 1812
secret = secret
# other options as last "auth_node_1"
}
home_server_pool auth_loadbalance {
type = load-balance
home_server = auth_node_1
home_server = auth_node_N
virtual_server = handle-node-auth
}
...
server handle-node-auth {
pre-proxy {
if (&Packet-Type == Accounting-Request) {
# keep a local copy of all acct packets
detail
}
...
}
post-proxy {
....
}
}
# COA
home_server coa_node_1 {
type = coa
ipaddr = 10.1.2.1
port = 3799
secret = secret
# other options as last "auth_node_1"
}
home_server coa_node_N {
type = coa
ipaddr = 10.1.2.N
port = 3799
secret = secret
# other options as last "auth_node_1"
}
home_server_pool coa_loadbalance {
type = load-balance
virtual_server = handle-node-coa
home_server = coa_node_1
home_server = coa_node_N
}
...
server handle-node-coa {
pre-proxy {
...
}
post-proxy {
....
}
}
..................
# Partner settings (external)
home_server auth_partner1 {
.....
}
home_server_pool pool_auth_partner1 {
home_server = auth_partner1
.....
}
home_server coa_partner1 {
.....
}
home_server_pool pool_coa_partner1 {
home_server = coa_partner1
.....
}
realm partner1.com {
auth_pool = pool_auth_partner1
coa_pool = pool_coa_partner1
}
# default behavior for local realms.
realm NULL {
type = radius
auth_pool = auth_loadbalance
coa_pool = coa_loadbalance
secret = secret
}
realm DEFAULT {
type = radius
auth_pool = auth_loadbalance
coa_pool = coa_loadbalance
secret = secret
}
realm mylocaldomain1.com {
type = radius
auth_pool = auth_loadbalance
coa_pool = coa_loadbalance
secret = secret
}
</snip>
Doubts: What the best approach based in the "type" of the pool? Maybe
the "keyed-balance" sounds better? I really appreciate
all suggestions and tips about my approach.
Best regards,
----
Jorge Pereira
More information about the Freeradius-Users
mailing list