(RADIATOR) Need Help with Radius Load Balance

Andy Saykao andy.saykao at staff.netspace.net.au
Wed Sep 26 02:07:37 CDT 2007

Hi Forum, 

I've been trying to investigate various radius load balance solutions
for our current network. 

Basically the way our network is set up is as follows: 

[user's PC] -> [adsl modem] -> [telco cloud] -> [ ISP cloud (LNS ->
core-router -> radius server farm) ] -> [Internet] 

1. Cisco IOS SLB 

We've tried to implement Cisco's IOS SLB on our core-router but found
out that this was not an effective solution because the sticky database
used to ensure that auth and accounting information goto the same radius
server did not work the way we expected. The sticky database only maps
LNS IP to a radius server and not the user's framed-ip address or
username. This meant that all new users who landed on a LNS where there
was already an existing sticky entry for that LNS on the core-router
would just goto the same radius server as per the sticky entry.
Therefore, it wasn't really performing any load balancing. 

2. load-balance method least-outstanding  

Next we tried implementing load balancing on the LNS with another Cisco
IOS solution using the command "load-balance method least-outstanding".
This way looked promising at first but after further testing we found
several IOS bugs in the IOS train with this feature set and this
solution was scrapped. 

3. Radiator Load Balance Solution 

I am also aware that radiator itself can provide a load balancing
solution and this is my next port of call. I've read the literature at
http://www.open.com.au/radiator/ref.html#pgfId=415205 and just wanted to
clarify a few things. 

Based on our current network set up, would we need to have another
server running radiator sit in between our core-router and radius server
farm to do the radius proxying OR can something be done with the
existing radius servers in the server farm where somehow they can be set
up to talk amongst each other and spread the load? 

Are there any other load balancing alternatives that anyone can see
based on our current network set up? 

Thank you for everyone's help. 



P.s: This might be a repeat post, so apologies in advance.

This email and any files transmitted with it are confidential and intended solely for the 
use of the individual or entity to whom they are addressed. Please notify the sender 
immediately by email if you have received this email by mistake and delete this email 
from your system. Please note that any views or opinions presented in this email are solely
 those of the author and do not necessarily represent those of the organisation. 
Finally, the recipient should check this email and any attachments for the presence of 
viruses. The organisation accepts no liability for any damage caused by any virus 
transmitted by this email. 

Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list