[EMAIL PROTECTED] wrote:
Most load balancers (ex: foundry and extreme switches) have various methods of hashing whether a connection goes to machine A or B (or C or D or ...). I was originally going to suggest changing the default hashing algorithm to something other than the default. Many load balancers' (except Cisco) by default run a hash on [Orig IP + Orig Socket + Dest IP + Dest Socket]. In order to ensure that (for example) your authentication requests and accounting go to the same server, you'd have to change the hashing method to be just [Orig IP].------ ------ ------ ------ ------ ------
However, that's a bad fit since typically the IP address of your NAS doesn't change, and/or the number of NASes is (relatively) low. Each individual NAS would always be going to the same server all the time.
If I were you, I'd save the money on a load balancer and hand configure NAS A to go to radius server A, NAS B to go to server B, NAS C to go to A, NAS D to go to B, etc. (Of course, you'd want NAS A to contact server B as a secondary, in case either one of your radius servers dies. But it should "prefer" A.)
Vincent Giovannone
Network Infrastructure Group
Information Services Division
Rush - Presbyterian St. Luke's Medical Center
| | | | | | | | | | | |
| AS | | AS | | AS | | AS | | AS | | AS |
| G1 | | G1 | | G1 | | G2 | | G2 | | G2 |
------ ------ ------ ------ ------ ------
| | | | | |
| | | | | |
| | | | | |
| | | | | |
----------------- -----------------
| Radius A | | Radius B |
----------------- -----------------
| |
| |
| |
|------------ --------------|
| |
| |
--------------------
| Session Mngt. |
| Mysql/Postgresql |
| or radrelay |
--------------------
Ok let me help
Configure Group 1 of the access servers to have Radius A as primary radius and Radius B as secondary radius
Configure Group 2 of the access servers to have Radius B as primary radius and Radius A as secondary radius
You have fallback and backup and single session management. The solution with the load balancer will knock
your session management off its rockers.
If the ascii art does not show play with your fonts
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
