[Chilli] Multiple chilli instances on the same network

Petr Štetiar ynezz at true.cz
Thu Jan 24 10:52:33 UTC 2013

David Bird <david at coova.com> [2013-01-21 10:37:41]:

> You could also have roaming between APs where the same chilli session is
> maintained where the APs bridge into the same network.

Can you please tell me, how could I setup the chilli to have a same session

Ok, my scenario: 5 APs in the area, connected to the same LAN, remote AAA,
chilli running on every AP. Now if the client gets authenticated via UAM on
say AP1 and roams(losts coverage from AP1) to the AP2, then coova-chilli
instance running on AP2 doesn't have this user amongst authenticated users, so
user has to authenticate in UAM again.  Which is quite cumbersome.

One of the solutions(also proposed by the Emanuele) is to have only one chilli
instance, which would be common for the rest of the APs in the network, but
this has the drawback, that it's a single point of failure. So if this AP with
coova-chilli instance running goes down, whole network is inaccessible.

As I see the "cluster" feature in my use case, if the user gets authenticated
via UAM on AP1, AP1 would broadcast this event, say by NEW_AUTH_USER command
to other coova-chilli instances running on the network (with same shared
secret + session information) and if the user then roams(moves away from
coverage of AP1) to say AP2 in the network, then AP2 would already have this
user's session information and would just allow him to use the network. So in
this scenario, there's no single point of failure. It's kind of the
poor-mans's failover.


-- ynezz

More information about the Chilli mailing list