Robust/feature-rich RADIUS server

Rubens_Kuhl_Jr2 · December 10, 2001, 9:53pm

Any suggestions on RADIUS servers that are robust (i.e, scale to
hundreds/thousand of NAS, high number of auths/s), feature-rich (proxy,
L2TP, broadband and aggregated dial typical parameters), that can be
taylored to business rules and overall environment ?

NavisRadius and Interlink(formerly Merit AAA) are natural competitors, I
was looking for other forces on the xSP market.

Rubens Kuhl Jr.

Chris_Parker · December 10, 2001, 10:01pm

http://www.freeradius.org

-Chris

Christopher_J_Wolff · December 10, 2001, 10:03pm

There is always good old vopradius

http://www.vircom.com

Hugh_Irvine · December 10, 2001, 10:29pm

Hello Rubens -

Jared_Mauch · December 10, 2001, 10:48pm

i used this at one of my previous jobs and it works quite well
and allows easy integration with numerous backend systems of various
types.

it's in perl so you have to have perl on your
*nix/windows box and despite my inital concerns the performance hit
as compared to a compiled binary it works quite well.

- Jared

Andy_Dills · December 11, 2001, 7:49pm

Hugh is officially associated with radiator (not sure in what capacity, if
nothing else he does a fantastic job of giving free support on the
radiator maling list), so I'll give a quick opinion from somebody who just
uses it and is NOT affiliated.

It's simply fantastic. There are built-in hooks for nearly every possible
way you can think of authenticating a user (and if nothing else you can
call external scripts). It's written in easy-to-read perl (yes, virginia,
there is such a thing) and is therefore very easy to extend should you
discover some obscure functionality you want that isn't implemented. The
config is so powerful that it's extremely simple for straightfoward
configurations, yet extremely adaptable for complex configurations. It
seems to try to follow the perl motto: TMTOWTDI. (There's more than one
way to do it.)

For instance, we use Platypus as our billing package, which runs on
Windows, with a SQL 7 backend, where we store our accounting data. Our
authentication is done via mysql (hosted on the same FreeBSD server as
radiator)...we have three different ISPs we own/run, each with different
customer databases, NASes in several different states/networks, and a
multiple providers of out-sourced modem ports which send us multiple
distinct realms. We had to use a third-party package (from openlink) to
get ODBC connectivity from our FreeBSD box to the Windows box, but that
was a breeze. It can do anything you can do with Radius, as far as I've
been able to determine.

If you're concerned about scalability, one of my colocation customers is a
large aggregator of out-sourced modem companies. He authenticates from
several different networks, accepting requests from proxy radius servers,
authenticating many locally, and proxying the other requests to customer
radius servers. He authenticates aboutt 80,000 users. (Yeah, it's
ridiculous.) He uses radiator and it's smooth as butter, even though his
config files are thousands of lines long. If it's going to be big like
this, use lots of memory.

Andy

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Andy Dills 301-682-9972
Xecunet, LLC www.xecu.net
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Dialup * Webhosting * E-Commerce * High-Speed Access

Tim2 · December 11, 2001, 8:26pm

You may also want to consider OpenRADIUS, available at:

http://www.xs4all.nl/~evbergen/openradius-index.html

I believe it is in its infancy, but it provides similar functionality.

Thanks,
Tim