(RADIATOR) Need Help with Radius Load Balance
Hugh Irvine
hugh at open.com.au
Wed Sep 26 03:08:54 CDT 2007
Hello Andy -
Load balancing can be tricky as you have discovered.
Ideally you want to do forwarding on the basis of minimum response time.
We have used both Alteon and F5 load balancers in the past, as well
as the Radiator modules.
The F5's are very good, but they are also the most expensive - you
can do all sorts of amazing things with them though!
The Alteons are getting rather old these days, but they still work.
And as you say, you can simply use the AuthBy LOADBALANCE module in
Radiator.
The usual setup is two load balancers (primary and secondary RADIUS
targets for the NAS devices) in front of two groups of RADIUS servers.
The Radiator hosts doing the loadbalancing don't have to be anything
special, as all they are doing is fairly simple proxying of RADIUS
requests.
BTW - we are available on a contract basis for design, implementation
and training as required.
regards
Hugh
On 26 Sep 2007, at 17:07, Andy Saykao wrote:
> Hi Forum,
>
> I've been trying to investigate various radius load balance solutions
> for our current network.
>
> Basically the way our network is set up is as follows:
>
> [user's PC] -> [adsl modem] -> [telco cloud] -> [ ISP cloud (LNS ->
> core-router -> radius server farm) ] -> [Internet]
>
> 1. Cisco IOS SLB
>
> We've tried to implement Cisco's IOS SLB on our core-router but found
> out that this was not an effective solution because the sticky
> database
> used to ensure that auth and accounting information goto the same
> radius
> server did not work the way we expected. The sticky database only maps
> LNS IP to a radius server and not the user's framed-ip address or
> username. This meant that all new users who landed on a LNS where
> there
> was already an existing sticky entry for that LNS on the core-router
> would just goto the same radius server as per the sticky entry.
> Therefore, it wasn't really performing any load balancing.
>
> 2. load-balance method least-outstanding
>
> Next we tried implementing load balancing on the LNS with another
> Cisco
> IOS solution using the command "load-balance method least-
> outstanding".
> This way looked promising at first but after further testing we found
> several IOS bugs in the IOS train with this feature set and this
> solution was scrapped.
>
> 3. Radiator Load Balance Solution
>
> I am also aware that radiator itself can provide a load balancing
> solution and this is my next port of call. I've read the literature at
> http://www.open.com.au/radiator/ref.html#pgfId=415205 and just
> wanted to
> clarify a few things.
>
> Based on our current network set up, would we need to have another
> server running radiator sit in between our core-router and radius
> server
> farm to do the radius proxying OR can something be done with the
> existing radius servers in the server farm where somehow they can
> be set
> up to talk amongst each other and spread the load?
>
> Are there any other load balancing alternatives that anyone can see
> based on our current network set up?
>
> Thank you for everyone's help.
>
> Cheers.
>
> Andy
>
> P.s: This might be a repeat post, so apologies in advance.
>
> This email and any files transmitted with it are confidential and
> intended solely for the
> use of the individual or entity to whom they are addressed. Please
> notify the sender
> immediately by email if you have received this email by mistake and
> delete this email
> from your system. Please note that any views or opinions presented
> in this email are solely
> those of the author and do not necessarily represent those of the
> organisation.
> Finally, the recipient should check this email and any attachments
> for the presence of
> viruses. The organisation accepts no liability for any damage
> caused by any virus
> transmitted by this email.
>
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list