1

I’m working on some web service having it’s AAA implemented by FreeRADIUS + MySQL on Debian.

The problem I’m working right now is HA & scalability of RADIUS. If the FreeRADIUS machine or MySQL machine goes down it takes down entire service.

I have checked out following whitepapers:

http://www.mysql.com/why-mysql/white-papers/mysql_wp_ha_auth_account.php

http://www.mysql.com/why-mysql/white-papers/mysql_wp_scaling_web_databases.php

Now I have following set of questions:

  1. As far as I can understand two FreeRADIUS servers can use same MySQL database without “breaking” its integrity, is it right? If so, what are performance drawbacks of such a setup?
  2. What should be redundant to archive HA? Is it FreeRADIUS server itself or just its MySQL data store or both? What should be redundant to archive scalability?
  3. If RADIUS server multiplied, how the load balancing can be implemented for webserver distributed over internet?
  4. How can I distribut MySQL cluster over internet? (Should I use replication & leave both cluster members in the same local network?
coredump
  • 12,713
  • 2
  • 36
  • 56
Aleksa
  • 11
  • 1
  • 2

2 Answers2

2
  1. It is indeed possible to connect multiple FreeRadius servers to a MySQL Cluster, which will give you HA on both sides (Radius and SQL)
  2. As for nr2 question. You will need to create a MySQL cluster of a minimum of 2 machines, also you will need to have a minimum of 2 machines with FreeRadius installed. obviously you could install 2 machines with both MySQL and FreeRadius on each machine, this depends on the size of your install vs the number of clients.
  3. This very much depends on the way your Radius client is implemented, does it support multiple servers? does it support weights, or priorities?
  4. MySQL has a number of options to build a Cluster, for this I suggest the MySQL Cluster whitepapers and pick the option that suits your needs best.
Flash
  • 1,310
  • 7
  • 13
2
  1. Using radius servers should not break the integrity of data. Only the radius server which receives a request will execute the appropriate authentication / accounting queries. Also, locking at the level of DB can be used if needed.
  2. To provide redundancy, it will be necessary to replicate both radius server and mysql DB.
  3. You need to have some load balancer before radius servers. This has to be UDP-based load balancer. Another option you can consider is to load balance the requests manually from your service (for exmaple, you can randomly pick one of multiple IPs and use that as radius server). This depends on your service implementaton.
Khaled
  • 36,533
  • 8
  • 72
  • 99