From: Hugh Irvine (no email)
Date: Mon May 08 2006 - 03:13:24 EDT
Hello Joe -
Can you indicate in more detail what the problems were with the L4
switch?
If the loadbalancing is done by source/destination IP address pairs,
then you can have problems when a target goes down, as all of the
source/destination IP address pairs will get switched to another
target which then gets into difficulty and you end up with a
cascading failure. It is generally preferable to have the
loadbalancing done on a weighted per-packet basis, ideally
distributed according to round-trip times.
Also note that you can only do per-packet loadbalancing with simple
RADIUS, things like EAP that require multiple exchanges of RADIUS
requests typically require state to be maintained in the single
RADIUS server that is processing the entire EAP sequence.
regards
Hugh
On 8 May 2006, at 14:07, Joe Shen wrote:
>
> Hi,
>
>
> we have a radius server farm. there is a L4 switch
> installed behind all servers. Incoming AAA packets are
> switched by L4 switch to different servers.
>
> In previous days we met a couple of problems with L4
> switch which degraded our service a lot. Could it be
> possible to implement IPv4 Anycast architecture for
> radius server farm? Could it be any problem with AAA
> procedure?
>
> Any advice will be highly appreciated
>
> Joe
>
>
>
> __________________________________
> Do you Yahoo!?
> Yahoo! Movies - Search movie info and celeb profiles and photos.
> http://sg.movies.yahoo.com/
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
-- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. - CATool: Private Certificate Authority for Unix and Unix-like systems.
|
|
|