Stable IPs in Azure for local RADIUS/TACACS+ container instances

In this topic, you will learn how to deploy local RADIUS and TACACS+ container instances in Microsoft Azure while ensuring stable IP addresses for NAS device configuration.

Deploying local RADIUS and TACACS+ in Azure using container instances is straightforward, but dynamic IP assignment can cause issues. When a container restarts, it may receive a new IP address, forcing reconfiguration of NAS devices.

Our guides suggest creating internal DNS zones and assigning IPs to DNS entries, but this may not be a suitable solution for all customers, as it still requires manual updates after container restarts. To avoid this, a workaround involves creating a small subnet and multiple container instances to cover all available IPs.

  1. Create a Virtual Network in Azure for your container instances.

    Instead of a /24 subnet, create a /29 subnet. This provides 8 IP addresses, 3 of which can be assigned to containers, while 5 are reserved by Azure infrastructure.

  2. Create the first container instance in the /29 subnet.

    Attach the container to the subnet you created, following the standard RADIUS/TACACS+ container deployment guide.

  3. Create two additional container instances in the same subnet.

    By deploying three containers, you ensure that all available IP addresses in the /29 subnet are used. This prevents new dynamic IPs from being assigned if a container restarts.

  4. Configure NAS devices to use the IP addresses of the container instances.

    You can configure NAS devices with individual IPs or create DNS entries as needed. This ensures that the devices always connect to a local RADIUS instance, even after container restarts.

  5. Optionally, add a load balancer to distribute traffic between the container instances.

    This improves redundancy and ensures even distribution of authentication requests across the three local RADIUS servers.

After completing these steps, your local RADIUS and TACACS+ container instances will have stable IP addresses in Azure, preventing the need to reconfigure NAS devices after container restarts. Optional load balancing ensures high availability and traffic distribution.