Radius Accounting Authentication Redundancy
From TBwiki
(Difference between revisions)
Nicole Tan (Talk | contribs) (Removed display title and "applies to rel2.7") |
Nicole Tan (Talk | contribs) (NT with CB: Improved the description to make it clearer) |
||
| Line 6: | Line 6: | ||
Each Radius client processing AUTH and ACCT are flexibly configurable by: | Each Radius client processing AUTH and ACCT are flexibly configurable by: | ||
| − | + | *Use polling (Status-Server) | |
| − | + | *Requests timeout and number of retries | |
| − | + | == Current(Primary) Radius AUTH/ACCT server selection == | |
| − | + | *If polling is enabled, the selected "Current" server will be the first that responds to the polling requests. | |
| − | == Current(Primary) Radius AUTH/ACCT server == | + | |
| − | If polling is enabled, the selected "Current" server will be the first that responds to the polling requests. | + | |
All other servers in the list will be flagged as "online" or "offline" depending whether it responses to the polling. | All other servers in the list will be flagged as "online" or "offline" depending whether it responses to the polling. | ||
| − | If polling is disabled, the server is selected in a round robin order, the first being tested successfully is the "Current". | + | *If polling is disabled, the server is selected in a round robin order, the first being tested successfully is the "Current". |
All other servers in the list will be flagged as "online" or "offline" depending whether it responses to requests within the timeout and retries. | All other servers in the list will be flagged as "online" or "offline" depending whether it responses to requests within the timeout and retries. | ||
| Line 22: | Line 20: | ||
Let's take this scenario to explain the Radius AUTH/ACCT switchover feature: | Let's take this scenario to explain the Radius AUTH/ACCT switchover feature: | ||
| − | We have servers '''A''' and '''B''', both 'online', and server '''A''' is 'Current'. | + | *We have servers '''A''' and '''B''', both 'online', and server '''A''' is 'Current'. |
| − | + | *Request W is sent to server '''A'''. | |
| − | Request W is sent to server '''A'''. | + | *Request X,R,Z are in the queue sent to server '''A'''. |
| − | + | *Server '''A''' doesn't respond to Request W. In consequence, server '''A''' is qualified as 'offline' and server B is elected as 'Current'. | |
| − | Request X,R,Z are in the queue sent to server '''A'''. | + | *Request W is then sent to server '''B'''. |
| − | + | *All new requests M,Y,Q will be sent to server '''B'''. | |
| − | Server '''A''' doesn't respond to Request W. In consequence, server '''A''' is qualified as 'offline' and server B is elected as 'Current'. | + | *The Request X which is in queue to '''A''', will be sent to '''A'''. If A is still qualified as 'offline'. It will be then sent to '''B'''. |
| − | + | *If server '''A''' is back qualified as "online". It will process the request X. | |
| − | Request W is then sent to server '''B'''. | + | *The requests R,Z in queue will be processed same as X. |
| − | + | ||
| − | All new requests M,Y,Q will be sent to server '''B'''. | + | |
| − | + | ||
| − | The Request X which is in queue to '''A''', will be sent to '''A'''. If A is still qualified as 'offline'. It will be then sent to '''B'''. | + | |
| − | + | ||
| − | If server '''A''' is back qualified as "online". It will process the request X. | + | |
| − | + | == Configuration == | |
| + | *[[Web_Portal_Tutorial_Guide_v2.7#CDR|Web Portal v2.7: RADIUS configuration]] | ||
Revision as of 14:57, 5 February 2014
With version 2.7, Toolpack fully supports redundancy on Radius authentication and accounting. Short for AUTH/ACCT in the below description.
Contents |
Multiple Radius Servers
Toolpack Radius AUTH/ACCT can be provisioned with several Radius servers (not only two). Each Radius client processing AUTH and ACCT are flexibly configurable by:
- Use polling (Status-Server)
- Requests timeout and number of retries
Current(Primary) Radius AUTH/ACCT server selection
- If polling is enabled, the selected "Current" server will be the first that responds to the polling requests.
All other servers in the list will be flagged as "online" or "offline" depending whether it responses to the polling.
- If polling is disabled, the server is selected in a round robin order, the first being tested successfully is the "Current".
All other servers in the list will be flagged as "online" or "offline" depending whether it responses to requests within the timeout and retries.
Radius AUTH/ACCT switch-over
Let's take this scenario to explain the Radius AUTH/ACCT switchover feature:
- We have servers A and B, both 'online', and server A is 'Current'.
- Request W is sent to server A.
- Request X,R,Z are in the queue sent to server A.
- Server A doesn't respond to Request W. In consequence, server A is qualified as 'offline' and server B is elected as 'Current'.
- Request W is then sent to server B.
- All new requests M,Y,Q will be sent to server B.
- The Request X which is in queue to A, will be sent to A. If A is still qualified as 'offline'. It will be then sent to B.
- If server A is back qualified as "online". It will process the request X.
- The requests R,Z in queue will be processed same as X.
