cancel
Showing results for 
Search instead for 
Did you mean: 

Load Balancing for Pulse Policy Secure based on Calling-Station-Id Radius Attribute

Pulse Policy Secure (PPS), is a next-gen Network Access Control (NAC) solution which provides role-based access and endpoint security for users and devices. PPS includes an embedded, enterprise-class RADIUS server, providing centralized authentication, authorization, and accounting (known as AAA) management - and for large-scale projects, it  is useful to provide load-balancing between PPS instances to ensure enterprise-wide performance and reliability.

Two of our solutions architects, Olivier Frelastre and Nick Bond, created this example, which shows how to use Pulse vTM to load-balance an active-active pair of PPS instances, providing full redundancy and failover for your RADIUS authentication service.

It is important to set up session persistence, to ensure that users and devices are associated with the same PPS appliance for continuity, and it is common to do this with the IP address - however, it is more effective to use the Calling-Station-Id from the Radius Attribute (eg, device MAC address).

In this example, they use the radius.getCallingStationId() TrafficScript function to manage session persistence across the PPS cluster:

 

################################################################################
 # Radius Access-Request Persistency based on Calling-Station-Id Radius Attribute
 # Calling-Station-Id = Device MAC Address
 # Copyright©: Olivier & Nick
 ################################################################################
 
 # Calling-Station-Id Radius Attribute
 $csid = radius.getCallingStationId(); 
 # If not Access-Request then generate warning log  if( $csid == -1 ) {     log.warn( "No calling station id: " . $1 );  }  # If Access-Request then set Session Persistence Class and generate info log  else {     # Set Connection Persistence Key based on Calling-Station-Id Radius Attribute     connection.setPersistenceKey( $csid );
    # Set Connection Session Persistence Class     connection.setPersistence( "INT-RADIUS-PPS-SPC" );
    # Get Connection Session Persistence Class     $spc = connection.getPersistence();
    # Generate info log     log.info ("Radius Access-Request for Calling-Station-Id " . $csid . " affected to Session Persistence Class " . $spc);  }
 
In Pulse vTM, you will also need to set "Universal session persistence" in the PPS resource pool:

 

cm-pps-persistence.png


Pulse vTM can also create custom health monitors for PPS - contact your technical sales team for more information on how to set up load-balancing for PPS.

 

Version history
Revision #:
2 of 2
Last update:
‎07-23-2020 04:32:AM
Updated by:
 
Labels (2)
Contributors