UDP Load Balancing for Radius traffic.

Question

Hi all,&nbsp;
&nbsp;I am wanting to setup a UDP Virtual Server (10.1.0 code LTM 6900) to load balance between my AAA servers and some servers. Right now I have all traffic (TCP and UDP) on the F5 going through the default IPv4 Forwarding VS. I want to setup a separate VS that can load balance the TCP and UDP traffic to the servers. The traffic UDP using the Radius protocol. I have read F5's White Paper and looked at the manuals but noting is straight forward in either of those docs.&nbsp;
&nbsp;My 1st pass on this is setup the VS with it's own IP from the range assigned to the subnet on the egress VLAN of the F5's and just pass all traffic coming from the AAA servers to one pool member until I have the time to fully test the LB solution in my lab. This way I can get the AAA's to switch over to the new IP and I can get the traffic ready for the LB solution.&nbsp;
&nbsp;The question I have is it better to just setup another IPv4 Forwarding VS using the new IP and have it look for the source IP's of the AAA's as the valid IP's to forward? That way any other traffic coming in bound for the servers behind the F5's would not be effected. I have other traffic that needs to remain going through the original default IPv4 Forwarding VS. &nbsp;
&nbsp;Second question is how do I handle originating traffic coming back from the servers in the pool to the AAA's? Do I use SNAT so they get translated into the new IP of the new VS?&nbsp;
&nbsp;Thanks&nbsp;
&nbsp;Gary&nbsp;

chris_miller · Answer

Any chance you have a diagram? 
&nbsp;  
&nbsp; I'm a bit confused around "load balancing between AAA servers and some servers."

gary_34668 · Answer

I do but will have to see if I can use it here (legal issues). But for now I will try to explain it better. &nbsp;
&nbsp;AAA Service Controllers, using Radius protocol via UDP, make a request to our prepaid system servers, servers with database of subs and which prepaid server has the information, and they in turn query the end systems to see if the sub is authorized on the prepaid system and what balance is left. The gateway servers in turn reply back to the AAA's with an okay or rejection. The servers behind the F5's are a form of "gateway" that takes the Radius protocol tarffic and converts it to Diameter protocol which is used in the communication with the back end prepaid units. The F5's are between the AAA's and the gateways. I need to add in additional gateways for capacity and the AAA's do not have the code to be able to talk with more than 1 gateway at a site. Hence the need to load balance to a pool of gateways behind the F5's and have the AAA's think they are just talking to 1 gateway. &nbsp;
&nbsp;Thanks for helping. &nbsp;
&nbsp;Gary

Forum Discussion

UDP Load Balancing for Radius traffic.

2 Replies

Recent Discussions

F5Access | MacOS Sonoma

enable tls1.2 on management interface on F5 ltm running version 10.x

[ASM] - what is "Browser Challenge file" ?

SMS server with BIGIP

F5 terminal - help to run commands - disk space full

Related Content

Using F5 for load balancing internal traffic

Active/Active load balancing examples with F5 BIG-IP and Azure load balancer

RADIUS Load Balancing

iRule based RADIUS Client Stack

RADIUS Load Balancing with iRules