RADIUS Load Balancing with iRules

What is RADIUS? “Remote Authentication Dial In User Service” or RADIUS is a very mature and widely implemented protocol for exchanging ”Triple A” or “Authentication, Authorization and Accounting” ...

Published Apr 04, 2008

Version 1.0

Historic F5 Account

Joined May 12, 2005

View Profile

dave_seddon_201

Nimbostratus

Jan 14, 2010

The above document while sounding wonderful is not very useful. Using Version 10.0.1 on a 3400, we found that under reasonably heavy load (~200 messages per second), with 'datagram lb' enabled, the F5 would modify the source port of the packets hitting the target radius server. This obviously meant returning traffic would be dropped by the radius client. (Source-port 'preserve' was set, and changing to 'preserve strict' caused the VIP to totally fail.) Changing the VIP to 'performance (layer 4)' solved the source port NAT issue.

Kind regards,

Dave Seddon (dave at seddon ca)

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

RADIUS Load Balancing with iRules

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS