I have only received a couple queries on using Radware over past few years. Maybe customers have deployed, but not much discussion and expect overall penetration low in comparison to other solutions. Although F5 guide has prescriptive configuration for F5, most of guide is dedicated to concepts and requirements for load balancing. Some key elements include:
- ability to persist RADIUS Auth (1645/1812) and Accounting (1646/1813) based on Calling-Station-ID. Source IP may work for many NADs with few clients, but often not suitable with larger access switches and wireless controllers.
- ability to maintain persistence for specific flows. In other words, per-packet UDP load balancing will cause RADIUS to fail.
- support for fragmentation and reassembly of RADIUS packets and option to set max/min fragment values.
- ability to check health based on RADIUS service checks
- Not required, but helpful if LB can NAT CoA packets from PSN to LB VIP address.
- Not require direct server return (DSR) to ensure traffic can be funneled back through LB and have PSN address translated back to RADIUS VIP.
- Optionally support LB for http and profiler traffic.
- passthru for some flows without requiring LB processing (like F5 IP forwarding).