Radius Accounting Authentication Redundancy

From TBwiki
Revision as of 14:41, 5 February 2014 by Nicole Tan (Talk | contribs)
Jump to: navigation, search

With version 2.7, Toolpack fully supports redundancy on Radius authentication and accounting. Short for AUTH/ACCT in the below description.

Contents

Multiple Radius Servers

Toolpack Radius AUTH/ACCT can be provisioned with several Radius servers (not only two). Each Radius client processing AUTH and ACCT are flexibly configurable by:

Use polling (Status-Server)
Requests timeout and number of retries

This list of Radius servers can be configured here: Configuring Radius

Current(Primary) Radius AUTH/ACCT server

If polling is enabled, the selected "Current" server will be the first that responds to the polling requests. All other servers in the list will be flagged as "online" or "offline" depending whether it responses to the polling.

If polling is disabled, the server is selected in a round robin order, the first being tested successfully is the "Current". All other servers in the list will be flagged as "online" or "offline" depending whether it responses to requests within the timeout and retries.

Radius AUTH/ACCT switch-over

Let's take this scenario to explain the Radius AUTH/ACCT switchover feature:

We have servers A and B, both 'online', and server A is 'Current'.

Request W is sent to server A.

Request X,R,Z are in the queue sent to server A.

Server A doesn't respond to Request W. In consequence, server A is qualified as 'offline' and server B is elected as 'Current'.

Request W is then sent to server B.

All new requests M,Y,Q will be sent to server B.

The Request X which is in queue to A, will be sent to A. If A is still qualified as 'offline'. It will be then sent to B.

If server A is back qualified as "online". It will process the request X.

The requests R,Z in queue will be processed same as X.

Personal tools