Radius Accounting Authentication Redundancy
From TBwiki
(Redirected from Radius Acct Auth Redundancy)
With version 2.7, Toolpack fully supports redundancy on Radius authentication and accounting. Short for AUTH/ACCT in the below description.
Contents |
Multiple Radius Servers
Toolpack Radius AUTH/ACCT can be provisioned with several Radius servers (not only two). Each Radius client processing AUTH and ACCT are flexibly configurable by:
- Use polling (Status-Server)
- Requests timeout and number of retries
Current(Primary) Radius AUTH/ACCT server selection
- If polling is enabled, the selected "Current" server will be the first that responds to the polling requests.
All other servers in the list will be flagged as "online" or "offline" depending whether it responses to the polling.
- If polling is disabled, the server is selected in a round robin order, the first being tested successfully is the "Current".
All other servers in the list will be flagged as "online" or "offline" depending whether it responses to requests within the timeout and retries.
Radius AUTH/ACCT switch-over
Let's take this scenario to explain the Radius AUTH/ACCT switchover feature:
- We have servers A and B, both 'online', and server A is 'Current'.
- Request W is sent to server A.
- Request X,R,Z are in the queue sent to server A.
- Server A doesn't respond to Request W. In consequence, server A is qualified as 'offline' and server B is elected as 'Current'.
- Request W is then sent to server B.
- All new requests M,Y,Q will be sent to server B.
- The Request X which is in queue to A, will be sent to A. If A is still qualified as 'offline'. It will be then sent to B.
- If server A is back qualified as "online". It will process the request X.
- The requests R,Z in queue will be processed same as X.