FreeRadius Load balancing AWS Network Load Balancer

Alan DeKok aland at
Fri May 21 14:34:32 CEST 2021

On May 21, 2021, at 7:55 AM, Emile Swarts <emile.swarts123 at> wrote:
> We've tested this setup and it's all looking successful. Ran performance
> tests using eapol_test pointed at the load balancer. The fear was that
> authentication requests could be broken up and fail when distributed
> incorrectly to the containers. This seems to not be an issue because of a
> concept known as the "UDP Flow" (
> with AWS Network load balancers.

  That's new, then.  Last I looked (a while ago), it didn't do that.

> For extra assurance on this proof of concept, I wanted to check if anyone
> is aware any potential pitfalls with this design that I might be missing?
> It looks like the Radius servers don't keep much state in memory (beyond
> eap sessions), which would be a problem. Beyond that, does this
> architecture design sound feasible?


  If the NAS is sending packets directly to the load balancer, it's fine.

  When there are proxies involved, the EAP packets from the NAS *might* take different paths through the network.  But it's likely not a huge issue.

  Alan DeKok.

More information about the Freeradius-Users mailing list