Radius Load Balancing
We use Radius authentication for our corporate wireless users. I'm looking at load balancing our radius servers for our wireless controllers. We had an issue recently where one of the radius servers went down, all clients connected on that wireless controller to that radius server, lost their authentication. Hence, about 400 people dropped off the network. The server was physically up, but the service was hung. The controllers have both IP addresses of the Radius servers in their configuration. But have no way of knowing if the service is up or not. Only if the server was completely down. My idea is to use the BigiP, use one VIP the controllers point to, and do the health checks. That way the controllers can send to one IP, and the BigIP manages the traffic. Does anyone have experience with load balancing radius. I have already created a VIP, a UDP profile specifying the Datagram LB option. I also created a health monitor which checks radius the port. I would really like to build a good health monitor to actually check authentication and make sure the radius server is online. Any input is appreciated... Thanks....
DNS Query - reply from unexpected source
Hi Guys, I'm new to F5, and something annoy me i can't find why it happen. My topology: Network (Public IP - Pretend its 100.100.100.0/24) --> Switch Stack --> LAG --> Viprion LTM --> Cisco CRS --> WWW I have Viprion 4800 and for now i just wanna allow traffic to go outside, here are my questions : 1. I've added virtual-server with 0.0.0.0/0.0.0.0 as Forwarding (IP) to allow the LAN to have connectivity. but unless i open virtual server back inside (100.100.100.0/255.255.255.0) i have no connectivity. Isn't it statefull ? 2. After i open the rule I talked about in (1). i have this message when i try simple resolving from server behind the F5. [ip@qa-env ~]$ host google.com 8.8.4.4 ;; reply from unexpected source: 8.8.4.425965, expected 8.8.4.453 tcpdump show this 22:45:39.033309 IP 100.100.100.40.39945 > 8.8.4.4.53: 8917+ A? google.com. (27) 22:45:39.033315 IP 100.100.100.40.39945 > 8.8.4.4.53: 8917+ A? google.com. (27) 22:45:39.123868 IP 8.8.4.4.53 > 100.100.100.40.39945: 8917 1/0/0 A 173.194.41.69 (43) 22:45:39.123884 IP 8.8.4.4.25965 > 100.100.100.40.39945: UDP, length 43 So the packets goes all good until the return packet back to the F5 and then he alter the port! What am i missing ? *remember, i have public ip on the server. i just changed it to 100.100.100.40 for the example. my Virtuals ltm virtual MNG_ALLOW_ALL_OUT { description "Management Rule - Allow All Traffic Outside" destination 0.0.0.0:any ip-forward mask any profiles { fastL4 { } } translate-address disabled translate-port disabled vlans { DNS_LAN LDAP_LAN RADIUS_LAN } vlans-enabled } ltm virtual MNG_QA_ENV_IN { description "Management Rule - Allow Radius traffic in" destination 100.100.100.0:any ip-forward mask 255.255.255.0 profiles { fastL4 { } } translate-address disabled translate-port disabled vlans { CRS1.WAN CRS2.WAN } vlans-enabled }
F5 LTM creating VLANs etc
I have a VLAN SVI (VLAN5) on our cores. I created another VLAN (VLAN6) in the database which will be the virtual servers for VLAN5. So basically users can hit the IP from VLAN6 which then will load balance to the servers in VLAN5. I also created the VLAN5 on the F5 LTM. Now every time I try to create floating and no floating IP's on it for the VLAN5 I'm getting errors: 01070712:3: Caught configuration exception (0), Cannot get device index for VLAN5 in rd2 - ioctl failed: No such device - net/validation/routing.cpp, line 353. What am I doing wrong here? I am assuming that the floating self IP on VLAN5 will be the default gateway for the servers that I want to load balance? Users from different VLAN's access the IP on VLAN6 for example 10.1.6.11 and that will have two servers from VLAN5 10.1.5.20 and 10.1.5.30 in the pool.
