RADIUS Load Balancing with iRules

What is RADIUS? “Remote Authentication Dial In User Service” or RADIUS is a very mature and widely implemented protocol for exchanging ”Triple A” or “Authentication, Authorization and Accounting” ...
Published Apr 04, 2008
Version 1.0
adn
application delivery
automation
BIG-IP
dev
devops
industry
iRules
management
monitoring
dave_seddon_201's avatar
dave_seddon_201
Icon for Nimbostratus rankNimbostratus
Jan 14, 2010
The above document while sounding wonderful is not very useful. Using Version 10.0.1 on a 3400, we found that under reasonably heavy load (~200 messages per second), with 'datagram lb' enabled, the F5 would modify the source port of the packets hitting the target radius server. This obviously meant returning traffic would be dropped by the radius client. (Source-port 'preserve' was set, and changing to 'preserve strict' caused the VIP to totally fail.) Changing the VIP to 'performance (layer 4)' solved the source port NAT issue.

 

Kind regards,

 

Dave Seddon (dave at seddon ca)