[RADIATOR] Radiator LoadBalancing Optimization
Michael Hulko
mihulko at uwo.ca
Thu Sep 12 09:37:23 CDT 2013
In a previous discussion regarding Loadbalancing radius requests, we instituted the <AuthBy EAPBALANCE> method to proxy requests to departmental radius servers. We have been running this method for close to 6 months and have been pretty satisfied with the result. Of late, however, the client traffic has increased, and the time for an authentication to complete is a tad longer than the users are willing to accept. My reading of the documentation provided by OSC, suggests the use of CachePasswords; CacheOnNoReply; and CachePasswordExpiry would assist in the performance.
I understand that the trade-off of implementing these features is memory. So to that end, first, is anyone using these parameters?. What is the number of clients supported and related memory usage? I anticipate approx. 3-4K simultaneous users for the particular AuthBy clause. What would be the recommended Password expiry timer be?
Any info would be appreciated. Below is the current config snippet of the AuthBy we are using. User connections are retried after a 45 min. period.
#IVEY
# Proxies auth requests to the IVEY IAS radius servers using a loadbalance algorithm.
<AuthBy EAPBALANCE>
Identifier IVEY
Retries 3
RetryTimeout 5
FailureBackoffTime 20
AuthPort 1645
AcctPort 1646
Secret xxxxx
LocalAddress xxxxxxxxxx
#
<Host xxxxxxx>
</Host>
#
<Host yyyyyyyy>
</Host>
#
<Host zzzzzzzz>
</Host>
</AuthBy>
The last server is the slower of the 3 hosts available which I believe is the bottleneck.
Thanks
Michael Hulko
Network Analyst
Western University Canada
Network Operations Centre
Information Technology Services
1393 Western Road, SSB 3300CC
London, Ontario N6G 1G9
tel: 519-661-2111 x81390
e-mail: mihulko at uwo.ca <mailto:mihulko at uwo.ca>
More information about the radiator
mailing list