Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

load-balance radius server-group featre

This thread has been viewed 3 times

  • 1.  load-balance radius server-group featre

    Posted Sep 20, 2015 01:52 AM

    Does anyone have any production experience with the "aaa server-group <group> load-balance" feature? I'm very interested in this if it's successful in balancing well. I appreciate any other admins' insights!



  • 2.  RE: load-balance radius server-group featre

    Posted Sep 20, 2015 04:33 PM

    Hi Ryan, 

     

    I just turned on this feature last week (9/17/2015) & i'm still trying to get stats off of our CPPM servers.  Thus far, it looks to be doing a pretty decent job of balancing just about all authentication requests (those that are properly configured) across 3 of our CPPM servers; however, it could definately be better - but in all honesty I really need to take a close look into how I have my aaa configs split up at the moment.  

     

    Running CPPM 6.4.6.72714 & AOS 6.4.3.2 



  • 3.  RE: load-balance radius server-group featre

    EMPLOYEE
    Posted Sep 20, 2015 06:05 PM

    I will leave others to discuss their experience with radius load balancing.  I will instead offer some tips.  The best command to see the effect of radius load balancing is "show aaa authentication-server radius statistics".  

     

    "In general,  the controller keeps a running average of response times for each server.  If response times are relatively similar, the load will be evenly distributed.  A server with a quicker average response will get more requests (based on moving average response times).  If a server has a lengthy delay on one auth, that may skew its being used again, so if a server has not been used for a period of 5 minutes, it’s moving average gets reset to the default so it will get back into the round robin.  The server used for a given client will be “sticky” whenever possible to facilitate shorter reauthentications instead of full on auths."

     

    You should use the "clear aaa authentication-server radius statistics" to reset your statistics to get the latest information.

     

    Radius Server load balancing only works for radius and LDAP.  6.4.3.x introduces radius load balancing support for server groups used for Airgroup authentication.  Previous to that, only the first radius server in a server group is used for airgroup authentication.

     

     

     

     



  • 4.  RE: load-balance radius server-group featre

    Posted Dec 20, 2015 07:25 AM

    had this one on my list to answer for a while now. turned this on a couple of months ago and checked recently. it isn't fully 50/50, but quite close. for me it has worked well.



  • 5.  RE: load-balance radius server-group featre

    Posted Dec 20, 2015 12:09 PM
    Yup I implemented it and am pleased with results. Except it doesn't load balance accounting. 👎🏻