Security

Hi,

 Just about to try load balancing RADIUS auths over multiple clearpass servers using the "Server Group"  Load Balance button (Aruba OS 6.4.2.4)

So what goes on in the background?

Any health checking state of radius servers in the group?

Is it just a round robin algorithm when it comes to load balancing auth requests?

Will we eventually be able to / can we apply any form of bias towards individual servers in a server group?

Rgds

Alex

The controller keeps a running average of response times for each authentication server.   Two main parameters are used to compute the expected authentication time (response time) for an authentication server.

1) Number of outstanding requests for that authentication server

2) Moving average of the authentication time per client for that authentication server.

The expected authentication time value is calculated after each client authentication/reauthentication.   If the times are similar then the load will be more or less evenly distributed.   If a server has a quicker average response time, it will get more requests.   A server is "sticky" when it comes to a specific client; meaning whenever possible the same server is used for reauths.

Alterations or prioritizing one over another is not supported at this time.

There is a specifc mathematical algorithm that determines the exptected time taken to authenticate.  If you need those specifics, please contact your local Aruba team.