Wireless Access

Reply
MVP
Posts: 498
Registered: ‎04-03-2007

load-balance radius server-group featre

Does anyone have any production experience with the "aaa server-group <group> load-balance" feature? I'm very interested in this if it's successful in balancing well. I appreciate any other admins' insights!

==========
Ryan Holland, ACDX #1 ACMX #1
The Ohio State University
Frequent Contributor I
Posts: 70
Registered: ‎08-16-2011

Re: load-balance radius server-group featre

Hi Ryan, 

 

I just turned on this feature last week (9/17/2015) & i'm still trying to get stats off of our CPPM servers.  Thus far, it looks to be doing a pretty decent job of balancing just about all authentication requests (those that are properly configured) across 3 of our CPPM servers; however, it could definately be better - but in all honesty I really need to take a close look into how I have my aaa configs split up at the moment.  

 

Running CPPM 6.4.6.72714 & AOS 6.4.3.2 

--Raf
Guru Elite
Posts: 20,816
Registered: ‎03-29-2007

Re: load-balance radius server-group featre

I will leave others to discuss their experience with radius load balancing.  I will instead offer some tips.  The best command to see the effect of radius load balancing is "show aaa authentication-server radius statistics".  

 

"In general,  the controller keeps a running average of response times for each server.  If response times are relatively similar, the load will be evenly distributed.  A server with a quicker average response will get more requests (based on moving average response times).  If a server has a lengthy delay on one auth, that may skew its being used again, so if a server has not been used for a period of 5 minutes, it’s moving average gets reset to the default so it will get back into the round robin.  The server used for a given client will be “sticky” whenever possible to facilitate shorter reauthentications instead of full on auths."

 

You should use the "clear aaa authentication-server radius statistics" to reset your statistics to get the latest information.

 

Radius Server load balancing only works for radius and LDAP.  6.4.3.x introduces radius load balancing support for server groups used for Airgroup authentication.  Previous to that, only the first radius server in a server group is used for airgroup authentication.

 

 

 

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 1,412
Registered: ‎11-30-2011

Re: load-balance radius server-group featre

had this one on my list to answer for a while now. turned this on a couple of months ago and checked recently. it isn't fully 50/50, but quite close. for me it has worked well.

MVP
Posts: 498
Registered: ‎04-03-2007

Re: load-balance radius server-group featre

Yup I implemented it and am pleased with results. Except it doesn't load balance accounting. 👎🏻
==========
Ryan Holland, ACDX #1 ACMX #1
The Ohio State University
Search Airheads
Showing results for 
Search instead for 
Did you mean: