Discussion:
Deploying Freeradius in a HA environment
Pete Kay
2008-06-14 08:15:41 UTC
Permalink
Hi,

I am working on deploying 2 load balancing freeradius in a HA environment.
Could someone suggest the best way to do it? I am comfortable with using
ldirector as the load balancer, but I am not sure how to do the
"check-alive" for freeradius within ldirector.

Any suggestion will be greatly appreciated.

Regards,
Pete
Ivan Kalik
2008-06-14 10:44:49 UTC
Permalink
Don't you think that you are asking this on a wrong list. All you need
to know about radius is which ports it is using.

Ivan Kalik
Kalik Informatika ISP
Post by Pete Kay
Hi,
I am working on deploying 2 load balancing freeradius in a HA environment.
Could someone suggest the best way to do it? I am comfortable with using
ldirector as the load balancer, but I am not sure how to do the
"check-alive" for freeradius within ldirector.
Any suggestion will be greatly appreciated.
Regards,
Pete
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Richard Siddall
2008-06-14 14:12:20 UTC
Permalink
Post by Pete Kay
I am working on deploying 2 load balancing freeradius in a HA environment.
Could someone suggest the best way to do it? I am comfortable with using
ldirector as the load balancer, but I am not sure how to do the
"check-alive" for freeradius within ldirector.
Any suggestion will be greatly appreciated.
Pete,

My recollection is that when this has been discussed in the past the
consensus was that there's no advantage to running FreeRADIUS in an HA
environment since RADIUS already supports redundant servers.

Regards,

Richard Siddall

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Phil Mayers
2008-06-15 17:57:09 UTC
Permalink
Post by Richard Siddall
Post by Pete Kay
I am working on deploying 2 load balancing freeradius in a HA environment.
Could someone suggest the best way to do it? I am comfortable with using
ldirector as the load balancer, but I am not sure how to do the
"check-alive" for freeradius within ldirector.
Any suggestion will be greatly appreciated.
Pete,
My recollection is that when this has been discussed in the past the
consensus was that there's no advantage to running FreeRADIUS in an HA
environment since RADIUS already supports redundant servers.
I would have to dispute that. We've seen NASes across the range (Cisco,
3Com, Extreme) fail to move to the backup/secondary radius server
they've got configured.

Sad, but true.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
A***@lboro.ac.uk
2008-06-16 07:53:03 UTC
Permalink
Hi,
Post by Phil Mayers
I would have to dispute that. We've seen NASes across the range (Cisco,
3Com, Extreme) fail to move to the backup/secondary radius server they've
got configured.
report such bugs to the manufacturers of the NAS devices and double
check your device configs - several of them have quirky ways of failing
over. if you do want to point to a single IP etc then just standard
L4 balancing will work - but ensure that the FR boxes are sharing
the same information if you rely on accounting records for decisions
(eg simultaneous usage)

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Arran Cudbard-Bell
2008-06-16 08:09:46 UTC
Permalink
Post by A***@lboro.ac.uk
Hi,
Post by Phil Mayers
I would have to dispute that. We've seen NASes across the range (Cisco,
3Com, Extreme) fail to move to the backup/secondary radius server they've
got configured.
report such bugs to the manufacturers of the NAS devices and double
check your device configs -
several of them have quirky ways of failing
over. if you do want to point to a single IP etc then just standard
L4 balancing will work
Yes, though if you're using EAP make sure that requests from a NAS
aren't spread over multiple servers.
Post by A***@lboro.ac.uk
- but ensure that the FR boxes are sharing
the same information if you rely on accounting records for decisions
(eg simultaneous usage)
If you're look for a generic solution, layer 7 load balancers are the
answer; We are considering them because NAS based fail-over schemes are
never perfect, you always have to have a few missing responses before
the NAS realises something is up and does something about it.
--
Arran Cudbard-Bell (A.Cudbard-***@sussex.ac.uk),
Authentication, Authorisation and Accounting Officer,
Infrastructure Services (IT Services),
E1-1-08, Engineering 1, University Of Sussex, Brighton, BN1 9QT
DDI+FAX: +44 1273 873900 | INT: 3900

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Michael Schwartzkopff
2008-06-16 08:20:30 UTC
Permalink
Post by A***@lboro.ac.uk
Hi,
Post by Phil Mayers
I would have to dispute that. We've seen NASes across the range (Cisco,
3Com, Extreme) fail to move to the backup/secondary radius server
they've got configured.
report such bugs to the manufacturers of the NAS devices and double
check your device configs -
several of them have quirky ways of failing
over. if you do want to point to a single IP etc then just standard
L4 balancing will work
Load balancing and high availability can be easily accieved by using Linux
Virtual Server (LVS) and Linux-HA (heartbeat). If you use the localhost
feature of LVS this will even work with two machines.
--
Dr. Michael Schwartzkopff
MultiNET Services GmbH
Addresse: Bretonischer Ring 7; 85630 Grasbrunn; Germany
Tel: +49 - 89 - 45 69 11 0
Fax: +49 - 89 - 45 69 11 21
mob: +49 - 174 - 343 28 75

mail: ***@multinet.de
web: www.multinet.de

Sitz der Gesellschaft: 85630 Grasbrunn
Registergericht: Amtsgericht München HRB 114375
Geschäftsführer: Günter Jurgeneit, Hubert Martens

---

PGP Fingerprint: F919 3919 FF12 ED5A 2801 DEA6 AA77 57A4 EDD8 979B
Skype: misch42

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Loading...