Is anyone out there load balancing RADIUS with an F5 load balancer? We're doing 
it here, but I can't help thinking that the actual load balancing algorithm 
need some tweaking. 

As far as I'm aware ( systems section support the F5 boxes)

1). We're using round robin to spread the load over 2 back end radius servers.
2). There is some "general" sticky persistence so that once a RAS device starts 
talking to a particular back end server it continues to talk to that server for 
a predetermined length of time ( might be an hour, not sure). This ensures that 
an eap dialogue will always talk to the same back end server for the duration 
of the "stuck" time. Not sure what happens when you get to the end of the time 
interval though.

According to the F5 statistics, overall radius traffic seems to be shared 
evenly over the 2 back end servers.  However, our most heavily loaded RAS 
client is our wireless network. While we have 900 switches doing mac and 802.1x 
based auth, we can have 6000+ users on our wireless network all authenticating 
to RADIUS via 3 RAS clients. Looking at the back end server log files, it does 
look as if, in general,  all wireless RADIUS auths head for the same back end 

I was wondering if there's a way off having a bit more granularity in terms of 
how the f5 load balances incoming RADIUS requests.


List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to