cache_eap

Alan DeKok aland at deployingradius.com
Mon Mar 28 21:30:07 UTC 2022


On Mar 28, 2022, at 3:46 PM, Rouzier, James via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> Our use case is to be able to run FreeRADIUS behind a “dumb” UDP load balancer that would load balance the RADIUS packets without having to look at the EAP state.

  Don't do that.  It won't work.

  If you want to load-balance RADIUS with EAP, then you need a RADIUS-aware load balancer.  What *might* work, *sometimes* is a UDP load balancer which hashes the source IP/port, and load balances based on that.  It will work for most situations, but not all.

  A "dumb" UDP load balancer is one which just sprays input packets randomly across the back-end RADIUS servers.  This will not work with EAP.  Ever.  It's impossible.

> We were hoping to leverage the eap cache for that purpose.

  It won't help.  I have no idea why *caching* EAP will help fix a broken UDP load balancer.  It won't.

> What limited use cases can caching EAP packets be used for?

  It doesn't matter.  I've removed the cache_eap module because it doesn't do anything useful.

  There's no point in explaining why a deleted module won't work for your use-case.

  Alan DeKok.



More information about the Freeradius-Users mailing list