free radius behind a load balancer?

Joseph Nordone joenordone at aol.com
Thu Jan 14 16:59:08 CET 2021


Within the load-balancer you can setup session stickiness so that requests from clients stick with the same back-end server. Only if the health-check fails will it move those clients away. Same thing with accounting, you should bind both port 1812 and 1813 to the same stickiness profile.

—Joe


> On Jan 14, 2021, at 10:51 AM, Coy Hile <coy.hile at coyhile.com> wrote:
> 
> 
> 
>> On Jan 14, 2021, at 10:43 AM, Alan DeKok <aland at deployingradius.com> wrote:
>> 
>> On Jan 14, 2021, at 10:39 AM, Coy Hile <coy.hile at coyhile.com> wrote:
>>> 
>>> Has anyone tried putting the FreeRADIUS server behind a load balancer? I see dynamic-clients does queries based on the Packet-Src-IP-Address, but can one reasonably do similar based on NAS-IP-Address (assuming that the client sends that attribute?
>> 
>> Lots of people put it behind a load balancer.  The only real caveat is that if you're doing EAP, the load balancer has to be aware of that.  And then load balance on things like the User-Name, instead of randomly spamming packets across the back-ends.
>> 
>> IIRC things like the F5 load balancers don't do that.  But FreeRADIUS as a load balancer will do that. :)
> 
> Work isn’t doing that, at all. We’re simply using RADIUS to authenticate and authorize administrative access to network devices. Nothing cute.
> 
> 
> --
> Coy Hile
> coy.hile at coyhile.com <mailto:coy.hile at coyhile.com>
> 
> 
> 
> 
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html <http://www.freeradius.org/list/users.html>


More information about the Freeradius-Users mailing list