[Chilli] Best Coova - Radius centralized setup (at least what you think)

David Harrold david at dkxl.co.uk
Tue May 6 09:03:48 UTC 2014


Distributing the Chilli boxes so they are close to your subscribers is fine.

I would centralise your RADIUS servers and keep them close to your SQL DB. Usually people put them on the same subnet in their data centre.

The RADIUS protocol between Chilli and the RADIUS server will in general be able to handle any transient network outages and be more robust than the SQL protocols between RADIUS and the SQL DB.  

If you are able to use DiffServ QoS across the network links between the Chilli boxes and the RADIUS servers, then I would prioritise the RADIUS messages above the subscriber traffic. 

BR
-David



> 
> ----------------------------------------------------------------------
> 
> Message: 1
> Date: Mon, 5 May 2014 09:36:03 -0100
> From: "Luis Ferreira" <lferreira at cabocom.cv>
> To: <chilli at coova.org>
> Subject: [Chilli] Best Coova - Radius centralized setup (at least what
> 	you	think)
> Message-ID: <000601cf684d$d205a6f0$7610f4d0$@cabocom.cv>
> Content-Type: text/plain; charset="iso-8859-1"
> 
> Hi everyone,
> 
> 
> 
> I would like to have your opinion on the smartest setup that in your opinion
> is the best chilli ? radius connectivity for centralized NAS.
> 
> 
> 
> Imagin a scenario where you have several hotspots spread, and you want to
> interconnect them.
> 
> 
> 
> For instance, I?ve tried the following:
> 
> 
> 
>               +------------------+
> +---------------------------+
> 
>               |   Location 1     |             | Remote Centralized Server
> |
> 
>               +------------------+
> +---------------------------+
> 
>               |                  |             |
> |
> 
> Subscribers <> | CoovaChilli box  |  <=======>  |  Free Radius + MySQL DB
> |
> 
>               |                  |             |
> |
> 
>               +------------------+
> +---------------------------+
> 
> 
> 
> 
> 
> 
> 
> Pros:     Fast Radius response
> 
> Easy configuration in case of Radius changes (centralized)
> 
> 
> 
> Cons:    Some ?stalled? accounts, where the radius sends a disconnect packet
> to Location, but due to network problems it does not arrive on chilli CoA
> port, for instance. 
> 
> Due to radius server communication that might fail some time, due to line
> blackouts, it enter in a state where users cannot make login and then, when
> they can, radius or chilli does not allow
> 
> 
> 
> 
> 
>               +--------------------------------+
> +---------------------------+
> 
>               |   Location 1                   |             | Remote
> Centralized Server |
> 
>               +--------------------------------+
> +---------------------------+
> 
>               |                                |             |
> |
> 
> Subscribers <> | CoovaChilli box + Free Radius  |  <=======>  |
> MySQL DB          |
> 
>               |                                |             |
> |
> 
>               +--------------------------------+
> +---------------------------+
> 
> 
> 
> Pros:     When losing connection to MySQL DB, radius fails to authenticate,
> and so does chilli, preventing creating those communication issues between
> Chilli and Radius
> 
>                When loosing connectivity, system still works, and when it
> returns, it is able to resume it?s normal process, not leaving ?Stalled?
> Accounts
> 
> In the event of potential ?Stalled? Accounts, it would be easy to wipe them
> out, since radius and chilli would always be in sync
> 
> 
> 
> Cons:    Slow in getting a response from MySQL DB, due to connection speed
> (creating a socket or waiting for timeout to create a new one).
> 
>                Hard configuration changes (have to change in all locations
> radius config file.
> 
> 
> 
> 
> 
> What other setup?s do you know or what in your opinion are the better ones
> (if possible, telling good things and bad things).
> 
> 
> 
> 
> 
> Atentamente,
> 
> 
> Descri??o: Descri??o: Descri??o: C:\CABOCOM\CABOCOM WORK\logo-e-mail.gif
> 
> Luis Ferreira
> 
> CTO
> 
> Cabocom S.A.
> 
> 
> 
> 
> 
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://lists.coova.org/pipermail/chilli/attachments/20140505/69e7ac89/attachment-0001.html>
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: image001.png
> Type: image/png
> Size: 3526 bytes
> Desc: not available
> URL: <http://lists.coova.org/pipermail/chilli/attachments/20140505/69e7ac89/attachment-0001.png>
> 
> ------------------------------
> 
> _______________________________________________
> Chilli mailing list
> Chilli at coova.org
> http://lists.coova.org/cgi-bin/mailman/listinfo/chilli
> 
> 
> End of Chilli Digest, Vol 54, Issue 4
> *************************************



More information about the Chilli mailing list