(RADIATOR) RadSec Loadbalancing

Jose Borges Ferreira underspell at gmail.com
Mon Apr 14 22:17:25 CDT 2008


Humm ... I actually call it flexibility and that's one of the things i like
more in Radiator. Anyway, according to the comments on the code itself this
way( ok not using this method exactly)  is the way of implementing other
methods of using more than one host.

#####################################################################
# chooseHost selects which host to send a packet to.
# Default implementation is to initially choose the first Host named,
# and if that fails, choose the next host in the list
# of Hosts. Returns a pointer to a Host object if one can be found
# Override this to implement your own host selection algorithm

AuthROUNDROBIN, AuthLOADBALANCE and AuthVOLUMEBALANCE already does that for
RADIUS. We use another custom algorithm for balancing request.

Anyway, I'll  make a  AuthRADSECROUNDROBIN as i suggested and replace the
transport between my internal servers. I'll send the patch/code in a one
week or so.

NOTES:
 * Theoretically AuthRADSEC should have less impact on firewalls and that
itself is a reason to change from RADIUS to RADSEC.
 * I think for RADSEC it doesn't apply the "loadbalancer in front" because:
      1) If it's a layer 4 one the it can't rebalance connections since
RADSEC  only makes  one connection per peer.
      2) Because of 1) then should be a Layer 7. If you use TLS with
encription then it can't inspect the content. If you don't the the balancer
must "know" how to handle RADSEC packets. Since there aren't that many
server implementations, i doubt there is any balancer that do that.

José Borges Ferreira

PS: I forgot to mention in my hack that you must also change all references
of Radius::AuthRADIUS to Radius::AuthRADSEC

On Mon, Apr 14, 2008 at 4:20 PM, Robert Blayzor <rblayzor.bulk at inoc.net>
wrote:

> On Apr 11, 2008, at 12:05 PM, Jose Borges Ferreira wrote:
>
> > Rename AuthROUNDROBIN.pm to AuthRADSECRR.pm
> > Edit AuthRADSECRR.pm and replace AuthROUNDROBIN by AuthRADSECRR
> > Edit your configuration file replace RADSEC by RADSECRR and add ,at
> > least, 2 hosts
> > Restart and test it.
> >
>
>
>
> Sounds ugly.  I was hoping that it was simply something supported and not
> hacked up.  If RadSec isn't currently supported via RR, that's fine, I just
> need to know that, and if it's planned in the future (or not).
>
> --
> Robert Blayzor, BOFH
> INOC, LLC
> rblayzor at inoc.net
> http://www.inoc.net/~rblayzor/ <http://www.inoc.net/%7Erblayzor/>
>
> Mac OS X. Because making Unix user-friendly is easier than debugging
> Windows.
>
>
>
>
>
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20080415/3bdd2fc1/attachment.html>


More information about the radiator mailing list