Update on v4

Alan DeKok aland at deployingradius.com
Tue Aug 29 13:52:11 CEST 2017


  Version 4 has been under heavy development for the past year.  The goal is to enable new features and new capabilities.

  Well, we're making progress.  :)

  As background, in v4 proxying has been replaced by a "radius" module.  The "radius" module sends RADIUS packets and waits (asynchronously) for a response.  You can create one "radius" module for each home_server.  e.g.

radius home_server_1 {
	... ip, port, secret, etc.
}

  This also means that proxy.conf goes away (sorry), and that home_server_pools get replaced with "unlang":

  Home server pool *type = load-balance` gets replaced with 'unlang'

    load-balance {
        home_server_1
	home_server_2
	home_server_3
    }

  Even better, you can now add proxying *anywhere*:

	if (User-Name == "bob") {
		home_server_1
	}
	else if (User-Name == "doug") {
		home_server_2
	}

  Or you can proxy multiple times:

	if (User-Name == "bob") {
		home_server_1
		home_server_2
	}

  Or catch proxy failures:

	home_server_1
	if (fail) {
		linelog
	}

  Or (even more magically), proxy to multiple destinations at the same time:

	parallel {
		home_server_1
		home_server_2
		home_server_3
	}

  i.e. it sends packets t home_server_1, then 2, then 3.  It waits until it receives responses (or timeouts) from all of them.  It then continues with processing the request.

  We're still not recommending average people install v4.  There are some caveats which means it's best suited for people who know those caveats.

  But, the long wait has been worth it, I think.  Things which used to be impossible in previous versions of the server are now *trivial* to do.

  The next step is to finalize the functionality which creates child requests.  e.g. originate-coa, but more standardized.  Once that's done, you should be able to do something like:

	if (... bandwidth exceeded...) {
		create child Disconnect-Request
		send to NAS
	}

  Which mimics the "originate-coa" functionality, but in 3 unlang statements.

  You can also take an Access-Request, and create one (or more) Accounting-Requests which are sent to home servers.

  The "radius" module also supports a "fire and forget" method, so that you can send packets to home servers, and continue without waiting for a response.

  We hope to release an alpha of version 4 this fall.

  Alan DeKok.




More information about the Freeradius-Users mailing list