Sort of uncurious about your implementation, but very curious regarding your trauma. I have found a lot of the OSS options for RADIUS suck in specific ways. Never had to scale it however.
replyThe two are linked. Need to change the configuration of a fleet? That's going to be restarting every instance of the process. Update an extension model? Same. Load balance? You'll need one that understand RADIUS or clients will suffer because of incorrect session affinity. Client with dramatically different loads? Better put them on different clusters. Somebody had a power outage? Better have 10x capacity on hot standby for the load.
replyAnd on and on.
A stateless compute model with separation between the packet handling and the authentication logic solves pretty-much all of it.
So you are looking to offer a managed RADIUS server once you've finished building the software?
replyMaybe. I'm thinking about options but haven't decided on anything yet.
reply