Today’s complex networking environment often requires coordinating a high-volume, high-capacity load balancing configuration with robust authentication and authorization. Application users may connect to a VPN through mobile access points such as consumer-grade DSL or Cable connections, WiFi or even dial-up nodes. Those connections usually use dynamic IPs, which can change during the connection. If you configure RADIUS load balancing on the NetScaler appliance to support persistent client connections to RADIUS authentication servers, the appliance uses the user logon or the specified RADIUS attribute instead of the client IP as the session ID, directing all connections and records associated with that user session to the same RADIUS server. Users are therefore able to log on to your VPN from mobile access locations without experiencing disconnections when the client IP or WiFi access point changes.

To configure RADIUS load balancing with persistence, you must first configure RADIUS authentication for your VPN. For information and instructions, see the Citrix NetScaler Application Security Guide, Authentication Authorization Auditing (AAA) chapter. You must also choose either the Load Balancing or Content Switching feature as the basis for your configuration, and make sure that the feature you chose is enabled. The configuration process with either feature is almost the same.

Then, you configure either two load balancing, or two content switching, virtual servers, one to handle RADIUS authentication traffic and the other to handle RADIUS accounting traffic. Next, you configure two services, one for each load balancing virtual server, and bind each load balancing virtual server to its service. Finally, you create a load balancing persistency group, and set the persistency type to RULE.

The steps that follow assume familiarity with NetScaler load balancing or content switching configuration. If you are not familiar with configuring the NetScaler appliance, you should review the appropriate chapter of the Citrix NetScaler Traffic Management Guide before attempting to configure RADIUS load balancing with persistence.

Configuring RADIUS Load Balancing with Persistence

  • Enable the Load Balancing or Content Switching Feature
  • Configure Virtual Servers
  • Configure Services
  • Bind Virtual Servers to Services
  • Configure Load Balancing Persistency Groups

Detailed instructions can be found in the NetScaler Traffic Management Guide

NetScaler Documentation can be found here

Download Citrix NetScaler Load Balancer

The Citrix Community is powerful!