[RADIATOR] Radiator and Load Balancer
Heikki Vatiainen
hvn at open.com.au
Fri Jul 29 05:17:37 CDT 2016
On 27.07.2016 21:32, Robert Blayzor wrote:
> The problem with this I think is that Radiator responds with a source
> address of where the packet leaves. (at least that’s been my
> experience).
Yes, this happens by default when BindAddress is not configured.
The default is to bind the RADIUS listen ports with the wildcard address
0.0.0.0. When the replies are sent, they are from the socket that
received the request. When the socket has been bound with the wildcard
address, kernel will pick a source address for the reply.
When BindAddress is configured, a socket is created and bound for each
address defined by BindAddress. In this case the source address of a
reply is the specific non-wildcard address the socket was bound to.
In short: BindAddress can be useful on multi homed hosts. However, if IP
addresses are added and removed dynamically, this can cause problems
because the addresses are now part of the Radiator configuration too.
> Most clients will probably ignore the response as it’s
> coming from a different address.
Yes, they will probably log the replies as unknown messages or something
similar.
> With Radiator being Perl, I don’t think you can force Radiator to
> answer from a specific source address on the server.
With wildcard bind address things can get complicated. There are socket
functions that allow querying the address the request was sent to, but
these are OS specific and may require additional modules for accessing,
for example sendmsg() and other functions.
The easiest way to handle problems with reply addresses on multi homed
hosts is to use BindAddress, if possible.
Thanks,
Heikki
--
Heikki Vatiainen
Open System Consultants
More information about the radiator
mailing list