Most load balancers (ex: foundry and extreme switches) have various
methods of hashing whether a connection goes to machine A or B (or C or D
or ...). I was originally going to suggest changing the default hashing
algorithm to something other than the default. Many load balancers'
(except Cisco) by default run a hash on [Orig IP + Orig Socket + Dest IP +
Dest Socket]. In order to ensure that (for example) your authentication
requests and accounting go to the same server, you'd have to change the
hashing method to be just [Orig IP].
However, that's a bad fit since typically the IP address of your NAS
doesn't change, and/or the number of NASes is (relatively) low. Each
individual NAS would always be going to the same server all the time.
If I were you, I'd save the money on a load balancer and hand configure
NAS A to go to radius server A, NAS B to go to server B, NAS C to go to A,
NAS D to go to B, etc. (Of course, you'd want NAS A to contact server B
as a secondary, in case either one of your radius servers dies. But it
should "prefer" A.)
Vincent Giovannone
Network Infrastructure Group
Information Services Division
Rush - Presbyterian St. Luke's Medical Center
"So for the IT Manager Role, you want someone who's absolute crap, looks
reasonable on paper, and won't cause too much trouble. ... Well I don't
have any MCSEs on my books at the moment, but I could call around." --
Simon Travaglia
"Chesi Maurizio" <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]
02/03/2003 02:06 AM
Please respond to freeradius-users
To: <[EMAIL PROTECTED]>
cc: "Continanza Biagio" <[EMAIL PROTECTED]>, "Beligni Davide"
<[EMAIL PROTECTED]>
Subject: FW: Load balancing over two freeRADIUS Server
We have been asked to put a load balancer to distribuite the
load between two radius servers. The architecture will
encompasses a hardware load balancer in front of 2 freeRADIUS servers.
We are wondering if this may cause a problem being the
possibility that, for example an access-request may be
managed by a server and, in case of challenge,
the response access-request containing the response to the
challenge may be managed by the other radius server.
Thank you for any suggestion.
Maurizio Chesi
NETikos
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
