[RADIATOR] Radiator and Load Balancer

Barry Ard bard at ualberta.ca
Wed Jul 27 13:11:30 CDT 2016 

Thanks Shaun. This is good reading.

Barry

On Wed, Jul 27, 2016 at 11:38 AM, shaun gibson <xcorpse at gmail.com> wrote:

> On 27/07/2016 18:14, Barry Ard wrote:
>
> > We are running into some challenges configuring a new environment for
> > Eduroam.
> >
> > Recently we have moved away from 2 servers running multiple radiator
> > processes to a multiple VMs behind an F5 load balancer. This has been
> > working well for our wireless infrastructure but has been posing
> > challenges as we are trying to include our Eduroam config.
> >
> > The F5 is NATing to the VMs. The VMs have 2 interfaces: eth0 is a
> > private address facing the F5, eth1 is a public address and is the
> > default gateway.
> >
> > I have created a test enviroment with an external radius server to
> > simulate Eduroam.
> > Initially proxied requests would transit the VMs default gateway which
> > I think is undesriable so I created a static route for the external
> > radius server to force it out the load balancer facing interface. Now
> > proxied requests have a private address which of course will not work.
> >
> > I think the desirable scenario would be for proxied requests to exit
> > through the F5 and be NAT’d to source from the F5 external address. My
> > colleague who admins the load balancer is hesitant to NAT externally
> > using an address that is currently listening on a service. He thinks
> > this is getting too complicated.
> >
> > I am sure others are using a load balancer in this scenario so please
> > tell me what you are doing.
> >
> i've used direct server return for radius and it seemed to work well :
>
>
> http://blog.haproxy.com/2011/07/29/layer-4-load-balancing-direct-server-return-mode/
>
> https://devcentral.f5.com/articles/the-disadvantages-of-dsr-direct-server-return
>
> using the f5 for inbound and outbound traffic nat will also work, just
> depends what your requirements are ...
>
>
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
>



-- 

Barry Ard                                   barry.ard at ualberta.ca
IST
University of Alberta
Edmonton, Alberta   Canada
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20160727/d8771f5f/attachment.html

More information about the radiator mailing list