free radius behind a load balancer?

[Nathan Ward]

> On 15/01/2021, at 4:43 AM, Alan DeKok <aland at deployingradius.com> wrote:
> 
> On Jan 14, 2021, at 10:39 AM, Coy Hile <coy.hile at coyhile.com> wrote:
>> 
>> Has anyone tried putting the FreeRADIUS server behind a load balancer? I see dynamic-clients does queries based on the Packet-Src-IP-Address, but can one reasonably do similar based on NAS-IP-Address (assuming that the client sends that attribute?
> 
>  Lots of people put it behind a load balancer.  The only real caveat is that if you're doing EAP, the load balancer has to be aware of that.  And then load balance on things like the User-Name, instead of randomly spamming packets across the back-ends.
> 
>  IIRC things like the F5 load balancers don't do that.  But FreeRADIUS as a load balancer will do that. :)

F5 can do that sort of stuff with iRules, which lets you parse packets in their DSL - so if you know the protocol and want to muck about with some code you can do most things. They have sample code to parse RADIUS online.
However, modern (last.. I dunno 10 years?) F5 has better RADIUS awareness, and you can specify an attribute to be used for stickiness to a particular backend. "Persist Attribute” is the parameter.

Of course - I would just use FreeRADIUS, but some places it fits their model to use F5 so that’s an option too.

--
Nathan Ward