We are running RADIATOR on Windows Boxes (long story). The boxes are configured with 6 "child" processes and 1 "parent" process.
The "parent" process uses <AuthBy EAPBALANCE> to distribute the EAP authentications across the "child" processes. Using EAPBALANCE insures that each EAP conversation makes it to the same "child" process. It seems to work pretty well. We could probably handle more "child" processes on the dedicated boxes we use. The heavy lifting is done in the "child" processes. They share the same single configuration file. The only drawback is that, on windows, you have to manually restart all 7 processes when you change your RADIUS configuration. Here is what the Handler section for the "parent" process looks like: <Handler> <AuthBy EAPBALANCE> # Pass Client-Indentfier as a RADIUS attribute to child processes # So that the child process knows what NAS client the request came from # Useful for selecting a Handler based on NAD client AddToRequest OSC-Client-Identifier=%{Client:Identifier} FailureBackoffTime 15 <Host 127.0.0.1> Secret Secret AuthPort 11812 AcctPort 11813 </Host> <Host 127.0.0.1> Secret Secret AuthPort 21812 AcctPort 21813 </Host> <Host 127.0.0.1> Secret Secret AuthPort 31812 AcctPort 31813 </Host> <Host 127.0.0.1> Secret Secret AuthPort 41812 AcctPort 41813 </Host> <Host 127.0.0.1> Secret Secret AuthPort 51812 AcctPort 51813 </Host> <Host 127.0.0.1> Secret Secret AuthPort 61812 AcctPort 61813 </Host> </AuthBy> </Handler> -- Neil Johnson Network Engineer The University of Iowa Phone: +1 319 384-0938<tel:+13193840938> Fax: +1 319 335-2951<tel:+13193352951> E-Mail: neil-john...@uiowa.edu<mailto:neil-john...@uiowa.edu> Lync: neil-john...@uiowa.edu<sip:neil-john...@uiowa.edu> From: Kees Pronk <cl.pr...@avans.nl<mailto:cl.pr...@avans.nl>> Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> Date: Friday, November 22, 2013 1:46 AM To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>" <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> Subject: [WIRELESS-LAN] loadbalacing WPA2 802.1X traffic between controller and radius servers Hello, Any WLAN colleagues are using a loadbalacer to scale-out the auth (EAP) traffic? Currently we use Radiator with frontend and multiple backend processes which works fine. Wondering if loadbalancers can keep track of the state of an EAP authentication At peek times we have 12K concurrent Wi-Fi devices online. Best regards, Kees --------------------------------------------------------------------------- Op deze e-mail zijn de volgende voorwaarden van toepassing: The following conditions apply to this e-mail: http://emaildisclaimer.avans.nl ---------------------------------------------------------------------------********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.