FreeRadius Load balancing AWS Network Load Balancer
Alan DeKok
aland at deployingradius.com
Fri May 21 14:34:32 CEST 2021
On May 21, 2021, at 7:55 AM, Emile Swarts <emile.swarts123 at gmail.com> wrote:
> We've tested this setup and it's all looking successful. Ran performance
> tests using eapol_test pointed at the load balancer. The fear was that
> authentication requests could be broken up and fail when distributed
> incorrectly to the containers. This seems to not be an issue because of a
> concept known as the "UDP Flow" (
> https://aws.amazon.com/blogs/containers/aws-fargate-now-supports-udp-load-balancing-with-network-load-balancer/)
> with AWS Network load balancers.
That's new, then. Last I looked (a while ago), it didn't do that.
> For extra assurance on this proof of concept, I wanted to check if anyone
> is aware any potential pitfalls with this design that I might be missing?
> It looks like the Radius servers don't keep much state in memory (beyond
> eap sessions), which would be a problem. Beyond that, does this
> architecture design sound feasible?
Yes.
If the NAS is sending packets directly to the load balancer, it's fine.
When there are proxies involved, the EAP packets from the NAS *might* take different paths through the network. But it's likely not a huge issue.
Alan DeKok.
More information about the Freeradius-Users
mailing list