In two previous articles, we discussed why interest in BNG and RADIUS-based provisioning is growing and what makes COS’s solution unique. In this article, we will take a deeper look at the key factors to consider when selecting a RADIUS solution.
When implementing a BNG in your network, you will need to decide on a RADIUS solution and how to set up the database. This decision is far from straightforward and can be complex, which is why we want to provide guidance here.
At COS, we have encountered several different methods for implementing RADIUS provisioning. Since this solution plays a crucial role in network reliability, it is well worth investing time in making an informed decision. Naturally, your specific circumstances will determine which solution best fits your network, but below are our general recommendations.
The following solutions are based on FreeRADIUS and PostgreSQL but are similar for MariaDB/MySQL.
Three RADIUS Authentication & Authorization Solutions with FreeRADIUS
Option 1: The Simplest Setup – No Redundancy
- 1 VM (Virtual Machine) with FreeRADIUS
- 1 VM with the database, with automatic backup/export
Since virtual servers are used, it is easy to perform backup/restore/replication, create snapshots before updates, and similar tasks. In this scenario, the underlying virtualization platform (e.g., VMware) minimizes downtime compared to physical machines. This setup is straightforward and works well for less critical implementations and lab environments.
Option 2: Redundancy via Replication
- 2 VMs with FreeRADIUS
- 2 VMs for the database (1 primary, 1 secondary/standby)
FreeRADIUS must be configured to recognize both databases (primary and secondary) so that it automatically switches to the secondary if the primary stops responding. To promote the secondary database to primary automatically, additional configuration and usually an extra VM (quorum) are required. Otherwise, this must be done manually. This setup is a good balance between complexity and reliability.
Option 3: Redundancy via Clustering
- 2 VMs with FreeRADIUS
- 2 VMs with the database in cluster mode, either active-passive (the passive takes over if the active fails) or active-active (both share the load)
The clustering setup is significantly more advanced than the replication approach in Option 2 but enables even higher uptime. The two RADIUS servers connect to an IP address representing the cluster. In active-active mode, both database VMs are operational simultaneously, sharing the load. Failover occurs automatically without manual intervention. However, this is the most complex setup and requires advanced database expertise for monitoring and maintenance. It is best suited for large operators with the highest availability requirements and in-house expertise to manage this setup.
RADIUS Accounting
Collecting RADIUS Accounting data—detailed statistics and usage information—can be demanding and should be handled by a separate RADIUS server with its own database. The redundancy options described above focus on managing Authentication and Authorization functions.
COS Systems: Helping You Choose the Right RADIUS Solution
At COS, we have built expertise in collaboration with our partners and are happy to guide you in selecting the right RADIUS and BNG solution. Our philosophy is pragmatic: “Don’t let the perfect be the enemy of the good.” The most complex solution is not always the best choice; instead, the ability to manage the solution over time should be the deciding factor. At the same time, technology is constantly evolving, and it is essential to take advantage of innovations and advancements. We stay up to date with these developments and are happy to help you make the right decision.
More from COS Systems
In our next article, we will take a broader perspective and present COS Business Engine – our complete solution for municipal network operations.
Stay tuned and read more about our solutions here!