I too am looking into HA setups, please post back to the list of you find a
good solution.
As for server sizing, you can have a surprisingly large number of devices on
rather modest hardware. For example, my setup is running on 2 servers, both
identical, with 8GB RAM, 320 RAID 1 7200 RPM SATA, 1 x 4 Core Xenon @ 2.6GHz.
One runs only the DB and the other runs all the other PF services.
Currently I have 15K nodes and everything is running fine.
The answer to your last question depends on your environment and your security
goals. If you are using Cisco switches you can specify a vlan to place the
client into if the AAA server is not reachable, HP has the same functionality
if I remember correctly.
I do not have any experience with setting up multiple AAA servers but I know it
can be done.
Inverse has experience setting up HA PF deployments. They can also provide
professional services for you . Well worth the investment if you are going to
be using PF in any mission critical environment.
Jake Sallee
Godfather of Bandwidth
System Engineer
University of Mary Hardin-Baylor
900 College St.
Belton TX. 76513
Fone: 254-295-4658
Phax: 254-295-4221
HTTP://WWW.UMHB.EDU
From: Fletcher Haynes [mailto:[email protected]]
Sent: Tuesday, June 25, 2013 6:54 PM
To: [email protected]
Subject: [PacketFence-users] Redundancy and reliability in a medium-scale
deployment
Hello,
We are designing a solution utilizing PacketFence for an environment consisting
of around ~5000 devices, wired and wireless, utilizing 802.1x, guest
self-registration, and gaming device registration. PacketFence will run as a VM.
I have experimented with the Linux HA configuration recommendation in the
Administrator's guide, and at this point, I would prefer to find a different
solution for load balancing and failover. I am hoping some of you might be able
to answer a few questions...
1) Has anyone put PacketFence behind a Cisco IP SLB? Specifically, would there
be any issues configuring a virtual IP for both the FreeRadius aspect, and the
captive portal part on the registration VLAN? It seems like it should work fine
to me, but I could be missing something...
2) Are there any sizing/scaling guidelines for PacketFence? I haven't been able
to find any other than the minimums in the administrator's guide.
3) Are there any quirks or bugs I should be aware of when scaling up to that
number of devices?
4) Does anyone have any suggestions on a way to implement a "let everyone
authorize" failover option? In our particular environment, if PacketFence were
to go down for some reason, my preference would be that everyone automatically
get put on the access vlan configured on the switch. I was thinking of a
separate FreeRadius server configured to just authorize everyone set as a
secondary or tertiary aaa server in the various switches.
I intend to have a separate DB server, possibly with MySQL clustering, to
handle that aspect.
Any advice would be greatly appreciated!
Regards,
--
Fletcher Haynes <[email protected]<mailto:[email protected]>>
Systems Administrator/Network Services Consultant
------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:
Build for Windows Store.
http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
