Robust/feature-rich RADIUS server
Any suggestions on RADIUS servers that are robust (i.e, scale to hundreds/thousand of NAS, high number of auths/s), feature-rich (proxy, L2TP, broadband and aggregated dial typical parameters), that can be taylored to business rules and overall environment ? NavisRadius and Interlink(formerly Merit AAA) are natural competitors, I was looking for other forces on the xSP market. Rubens Kuhl Jr.
At 07:53 PM 12/10/2001 -0200, Rubens Kuhl Jr. wrote:
Any suggestions on RADIUS servers that are robust (i.e, scale to hundreds/thousand of NAS, high number of auths/s), feature-rich (proxy, L2TP, broadband and aggregated dial typical parameters), that can be taylored to business rules and overall environment ?
NavisRadius and Interlink(formerly Merit AAA) are natural competitors, I was looking for other forces on the xSP market.
http://www.freeradius.org -Chris -- \\\|||/// \ Chris Parker - Manager, Development Engineering \ ~ ~ / \ WX *is* Wireless! \ cparker@starnetusa.net | @ @ | \ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\------------------------------------------------------ \ Without C we would have 'obol', 'basi', and 'pasal'
There is always good old vopradius http://www.vircom.com -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Chris Parker Sent: Monday, December 10, 2001 3:02 PM To: rkuhljr@uol.com.br; Nanog@merit.edu Subject: Re: Robust/feature-rich RADIUS server At 07:53 PM 12/10/2001 -0200, Rubens Kuhl Jr. wrote:
Any suggestions on RADIUS servers that are robust (i.e, scale to hundreds/thousand of NAS, high number of auths/s), feature-rich (proxy, L2TP, broadband and aggregated dial typical parameters), that can be taylored to business rules and overall environment ?
NavisRadius and Interlink(formerly Merit AAA) are natural competitors, I was looking for other forces on the xSP market.
http://www.freeradius.org -Chris -- \\\|||/// \ Chris Parker - Manager, Development Engineering \ ~ ~ / \ WX *is* Wireless! \ cparker@starnetusa.net | @ @ | \ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\------------------------------------------------------ \ Without C we would have 'obol', 'basi', and 'pasal'
Hello Rubens - On Tue, 11 Dec 2001 08:53, Rubens Kuhl Jr. wrote:
Any suggestions on RADIUS servers that are robust (i.e, scale to hundreds/thousand of NAS, high number of auths/s), feature-rich (proxy, L2TP, broadband and aggregated dial typical parameters), that can be taylored to business rules and overall environment ?
NavisRadius and Interlink(formerly Merit AAA) are natural competitors, I was looking for other forces on the xSP market.
Many people on this list use Radiator (commercial source code product). http://www.open.com.au/radiator regards Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence.
i used this at one of my previous jobs and it works quite well and allows easy integration with numerous backend systems of various types. it's in perl so you have to have perl on your *nix/windows box and despite my inital concerns the performance hit as compared to a compiled binary it works quite well. - Jared On Tue, Dec 11, 2001 at 09:29:57AM +1100, Hugh Irvine wrote:
Hello Rubens -
On Tue, 11 Dec 2001 08:53, Rubens Kuhl Jr. wrote:
Any suggestions on RADIUS servers that are robust (i.e, scale to hundreds/thousand of NAS, high number of auths/s), feature-rich (proxy, L2TP, broadband and aggregated dial typical parameters), that can be taylored to business rules and overall environment ?
NavisRadius and Interlink(formerly Merit AAA) are natural competitors, I was looking for other forces on the xSP market.
Many people on this list use Radiator (commercial source code product).
http://www.open.com.au/radiator
regards
Hugh
-- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence.
-- Jared Mauch | pgp key available via finger from jared@puck.nether.net clue++; | http://puck.nether.net/~jared/ My statements are only mine.
On Tue, 11 Dec 2001, Hugh Irvine wrote:
Many people on this list use Radiator (commercial source code product).
Hugh is officially associated with radiator (not sure in what capacity, if nothing else he does a fantastic job of giving free support on the radiator maling list), so I'll give a quick opinion from somebody who just uses it and is NOT affiliated. It's simply fantastic. There are built-in hooks for nearly every possible way you can think of authenticating a user (and if nothing else you can call external scripts). It's written in easy-to-read perl (yes, virginia, there is such a thing) and is therefore very easy to extend should you discover some obscure functionality you want that isn't implemented. The config is so powerful that it's extremely simple for straightfoward configurations, yet extremely adaptable for complex configurations. It seems to try to follow the perl motto: TMTOWTDI. (There's more than one way to do it.) For instance, we use Platypus as our billing package, which runs on Windows, with a SQL 7 backend, where we store our accounting data. Our authentication is done via mysql (hosted on the same FreeBSD server as radiator)...we have three different ISPs we own/run, each with different customer databases, NASes in several different states/networks, and a multiple providers of out-sourced modem ports which send us multiple distinct realms. We had to use a third-party package (from openlink) to get ODBC connectivity from our FreeBSD box to the Windows box, but that was a breeze. It can do anything you can do with Radius, as far as I've been able to determine. If you're concerned about scalability, one of my colocation customers is a large aggregator of out-sourced modem companies. He authenticates from several different networks, accepting requests from proxy radius servers, authenticating many locally, and proxying the other requests to customer radius servers. He authenticates aboutt 80,000 users. (Yeah, it's ridiculous.) He uses radiator and it's smooth as butter, even though his config files are thousands of lines long. If it's going to be big like this, use lots of memory. Andy xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Andy Dills 301-682-9972 Xecunet, LLC www.xecu.net xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Dialup * Webhosting * E-Commerce * High-Speed Access
You may also want to consider OpenRADIUS, available at: http://www.xs4all.nl/~evbergen/openradius-index.html I believe it is in its infancy, but it provides similar functionality. Thanks, Tim -- Timothy C. Brown timothy dot brown at pobox dot com tim at tux dot org On Tue, Dec 11, 2001 at 02:49:25PM -0500, Andy Dills wrote:
On Tue, 11 Dec 2001, Hugh Irvine wrote:
Many people on this list use Radiator (commercial source code product).
Hugh is officially associated with radiator (not sure in what capacity, if nothing else he does a fantastic job of giving free support on the radiator maling list), so I'll give a quick opinion from somebody who just uses it and is NOT affiliated.
It's simply fantastic. There are built-in hooks for nearly every possible way you can think of authenticating a user (and if nothing else you can call external scripts). It's written in easy-to-read perl (yes, virginia, there is such a thing) and is therefore very easy to extend should you discover some obscure functionality you want that isn't implemented. The config is so powerful that it's extremely simple for straightfoward configurations, yet extremely adaptable for complex configurations. It seems to try to follow the perl motto: TMTOWTDI. (There's more than one way to do it.)
For instance, we use Platypus as our billing package, which runs on Windows, with a SQL 7 backend, where we store our accounting data. Our authentication is done via mysql (hosted on the same FreeBSD server as radiator)...we have three different ISPs we own/run, each with different customer databases, NASes in several different states/networks, and a multiple providers of out-sourced modem ports which send us multiple distinct realms. We had to use a third-party package (from openlink) to get ODBC connectivity from our FreeBSD box to the Windows box, but that was a breeze. It can do anything you can do with Radius, as far as I've been able to determine.
If you're concerned about scalability, one of my colocation customers is a large aggregator of out-sourced modem companies. He authenticates from several different networks, accepting requests from proxy radius servers, authenticating many locally, and proxying the other requests to customer radius servers. He authenticates aboutt 80,000 users. (Yeah, it's ridiculous.) He uses radiator and it's smooth as butter, even though his config files are thousands of lines long. If it's going to be big like this, use lots of memory.
Andy
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Andy Dills 301-682-9972 Xecunet, LLC www.xecu.net xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Dialup * Webhosting * E-Commerce * High-Speed Access
--
participants (7)
-
Andy Dills
-
Chris Parker
-
Christopher J. Wolff
-
Hugh Irvine
-
Jared Mauch
-
Rubens Kuhl Jr.
-
Timothy Brown