We have 10 back-end FreeRADIUS VM's (5 in each data center) and two front-end FreeRADIUS Load balancers (1 in each DC). We've used this config successfully for about 6 years. FreeRADIUS natively load balances quite well and we do it based on calling-station-id so it is sticky and balanced very evenly. In fact, we tried at one point to use Netscalers and found that FreeRADIUS handled the health-checking aspects a little better and provided better visibility with graphs using graphite/tessera , radsniff, etc. We normally do about 300 requests/sec as well, but I've seen it as high as 1,000 the first two weeks of school.
We get commercial support from PacketFence/Inverse on this configuration. Thanks, -- Curtis K. Larsen Senior Network Engineer University of Utah IT/CIS On Wed, July 6, 2016 9:07 am, Joe Rogers wrote: > > We're running a cluster of 8 FreeRADIUS servers behind two pairs of > Citrix Netscaler's in different data centers which inject two anycast-IP > VIPs into our backbone routing tables. This has worked very well in our > environment for many years. If a Netscaler fails or the member servers > behind it fail, the route is simply withdrawn and traffic switches over > to the other data center's Netscalers. We made sure to keep sessions > 'sticky' to a given server as long as everything is operating normally. > We use the NAS IP addr for persistence. It doesn't provide perfectly > even load-balancing over the servers (some NAS' are busier than > others). But, it worked well enough for us. The servers generally see > around 300 requests/sec (auth and acct combined) during a normal semester. > > *Joe Rogers* > Associate Director, Network Engineering > > University of South Florida – Information Technology > 4202 E. Fowler Avenue, SVC4010, Tampa, FL, 33620 > j...@usf.edu | Tel: (813) 974-7369 > www.usf.edu/it | Facebook: /USF Information Technology | Twitter: @ USF_IT > > On 07/06/2016 09:16 AM, Dennis Xu wrote: >> Hello, >> Has anyone had success stories about deploying RADIUS servers behind >> load balancers to support large number of concurrent 802.1X users? We >> just deployed 5 FreeRADIUS servers behind Cisco ACE and observed >> packets drop issues at ACE. By far, I suspect the issue was caused by >> the RADIUS stickiness(by calling-station-ID). Has anyone deployed >> RADIUS load balancing without using stickiness? >> >> Thanks. >> >> >> Dennis Xu, MASc, CCIE #13056 >> Analyst 3, Network Infrastructure >> Computing and Communications Services(CCS) >> University of Guelph >> >> 519-824-4120 Ext 56217 >> d...@uoguelph.ca >> www.uoguelph.ca/ccs >> >> ********** Participation and subscription information for this >> EDUCAUSE Constituent Group discussion list can be found at >> http://www.educause.edu/groups/. >> > > > ********** > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can > be found at http://www.educause.edu/groups/. > > ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
