Decoupling RADIUS Auth/Acct and Moving Toward SQL-less Accounting
Erdal Emlik
erdalemlik at icloud.com
Tue Jan 13 12:27:15 UTC 2026
Hi,
I would like to get your input on a structural change we are planning.
In our current setup, we have 8 RADIUS instances handling both Authentication (Auth) and Accounting (Acct) on the same server, utilizing PostgreSQL as the storage backend. We are planning to migrate to a scenario where we decouple these responsibilities into dedicated RADIUS instances for Auth and Acct.
Currently, we store only the latest sessions in RadAcct to support functions like simultaneous-use. The rest of the accounting data is generally forwarded through RADIUS to a Kafka server.
My goal is to eliminate SQL from the accounting process entirely. Ideally, I want to forward incoming accounting packets directly to Kafka and immediately return a response. I can find a workaround for maintaining session states without writing them to SQL, but I am stuck on how to manage IP pool (ippool) operations efficiently.
It seems there might be no way to avoid using a database for IP management, and it might not even be logical to do so, but I wanted to hear your perspective on this.
Looking forward to your thoughts.
Best regards,
More information about the Freeradius-Users
mailing list