[Chilli] Multiple chilli instances on the same network

David Bird david at coova.com
Thu Jan 24 17:28:06 UTC 2013 

On Thu, 2013-01-24 at 11:52 +0100, Petr Štetiar wrote:
> David Bird <david at coova.com> [2013-01-21 10:37:41]:
> 
> > You could also have roaming between APs where the same chilli session is
> > maintained where the APs bridge into the same network.
> 
> Can you please tell me, how could I setup the chilli to have a same session
> shared/maintained?
> 

By running a single instance of chilli. I wouldn't run it on an AP,
rather on a PC (appliance) where you have all your APs bridge into. This
way, you can use unmodified standard AP hardware/firmware and
subscribers will even maintain their same IP across APs. 

> Ok, my scenario: 5 APs in the area, connected to the same LAN, remote AAA,
> chilli running on every AP. Now if the client gets authenticated via UAM on
> say AP1 and roams(losts coverage from AP1) to the AP2, then coova-chilli
> instance running on AP2 doesn't have this user amongst authenticated users, so
> user has to authenticate in UAM again.  Which is quite cumbersome.
> 

Using MAC authentication, with the appropriate logic in your RADIUS
server, you can have subscribers automatically logged into chilli when
they move to a new chilli instance. 

> One of the solutions(also proposed by the Emanuele) is to have only one chilli
> instance, which would be common for the rest of the APs in the network, but
> this has the drawback, that it's a single point of failure. So if this AP with
> coova-chilli instance running goes down, whole network is inaccessible.
> 
> As I see the "cluster" feature in my use case, if the user gets authenticated
> via UAM on AP1, AP1 would broadcast this event, say by NEW_AUTH_USER command
> to other coova-chilli instances running on the network (with same shared
> secret + session information) and if the user then roams(moves away from
> coverage of AP1) to say AP2 in the network, then AP2 would already have this
> user's session information and would just allow him to use the network. So in
> this scenario, there's no single point of failure. It's kind of the
> poor-mans's failover.
> 

The problem there is that if each AP is running chilli, they are not
really on the same broadcast network -- each chilli has it's own local
network. 

> Thanks.
> 
> -- ynezz

-- 
--
David Bird
http://www.linkedin.com/in/dwbird
https://twitter.com/wlanmac

More information about the Chilli mailing list