We have multiple POP’s pointing to a single FreeRadius server for PPPoE auth/accounting. The Winbox for ROS seems to allow for one Radius server IP to be specified only and does not seem to accept DNS name.
The problem to solve is that Radius becomes a single point of failure for all pops. To begin to address this, a second FreeRadius daemon is running on another internal private routed network and all data is replicated bi-directionally between the two with MySQL. Now, the failover needs to be worked out.
Radius 1: 10.5.2.11 (primary radius server)
Radius 2: 10.6.2.11 (hot standby radius server with MySQL replication to primary)
One idea I had was to create a “virtual” Radius IP, say 10.2.2.11, that forwards to the primary Radius server first and standby Radius server if primary is not responding to Ping or other test.
I started to consider perhaps NAT/Mangle as an approach. Not sure that I am on the right track. I’m hoping to find a best practice of sorts that addresses the challenge. Has anyone seen any good examples/references that might apply?
Any advice much appreciated!!