#
server_pool my_auth_failover {
#
- # The type of this pool is either "fail-over" or "load-balance".
- #
- # With "fail-over", the request is sent to the first live
- # home server in the list.
- #
- # With "load-balance", the request is load-balanced (randomly)
- # between the live home servers. This is equivalent to the
- # old per-realm configuration "round_robin".
+ # The type of this pool controls how home servers are chosen.
+ #
+ # fail-over - the request is sent to the first live
+ # home server in the list. i.e. If the first home server
+ # is marked "dead", the second one is chosen, etc.
+ #
+ # load-balance - the least busy home server is chosen,
+ # where "least busy" is counted by taking the number of
+ # requests sent to that home server, and subtracting the
+ # number of responses received from that home server.
+ #
+ # If there are two or more servers with the same low
+ # load, then one of those servers is chosen at random.
+ # This configuration is most similar to the old
+ # "round-robin" method, though it is not exactly the same.
+ #
+ # Note that load balancing does not work well with EAP,
+ # as EAP requires packets for an EAP conversation to be
+ # sent to the same home server. The load balancing method
+ # does not keep state in between packets, meaning that
+ # EAP packets for the same conversation may be sent to
+ # different home servers. This will prevent EAP from
+ # working.
+ #
+ # For non-EAP authentication methods, and for accounting
+ # packets, we recommend using "load-balance". It will
+ # ensure the highest availability for your network.
+ #
+ # client-balance - the home server is chosen by hashing the
+ # source IP address of the packet. If that home server
+ # is down, the next one in the list is used, just as
+ # with "fail-over".
+ #
+ # There is no way of predicting which source IP will map
+ # to which home server.
+ #
+ # This configuration is most useful to do simple load
+ # balancing for EAP sessions, as the EAP session will
+ # always be sent to the same home server.
+ #
+ # client-port-balance - the home server is chosen by hashing
+ # the source IP address and source port of the packet.
+ # If that home server is down, the next one in the list
+ # is used, just as with "fail-over".
+ #
+ # This method provides slightly better load balancing
+ # for EAP sessions than "client-balance". However, it
+ # also means that authentication and accounting packets
+ # for the same session MAY go to different home servers.
#
type = fail-over
{ "round_robin", HOME_POOL_LOAD_BALANCE },
{ "fail_over", HOME_POOL_FAIL_OVER },
{ "client-balance", HOME_POOL_CLIENT_BALANCE },
+ { "client-port-balance", HOME_POOL_CLIENT_PORT_BALANCE },
{ NULL, 0 }
};
start = hash % pool->num_home_servers;
break;
+ case HOME_POOL_CLIENT_PORT_BALANCE:
+ switch (request->packet->src_ipaddr.af) {
+ case AF_INET:
+ hash = lrad_hash(&request->packet->src_ipaddr.ipaddr.ip4addr,
+ sizeof(request->packet->src_ipaddr.ipaddr.ip4addr));
+ break;
+ case AF_INET6:
+ hash = lrad_hash(&request->packet->src_ipaddr.ipaddr.ip6addr,
+ sizeof(request->packet->src_ipaddr.ipaddr.ip6addr));
+ break;
+ default:
+ hash = 0;
+ break;
+ }
+ lrad_hash_update(&request->packet->src_port,
+ sizeof(request->packet->src_port), hash);
+ start = hash % pool->num_home_servers;
+ break;
+
case HOME_POOL_LOAD_BALANCE:
found = pool->servers[0];
projects / freeradius.git / commitdiff