RADIUS Server Selection

Server Status Control Policy

• By default, a device considers the RADIUS server to be abnormal and sets its status to Down if the following conditions apply:
  • The device consecutively sends 10 packets to which a RADIUS server does not respond.
  • The interval between the first ignored packet and the tenth ignored packet exceeds 5 seconds.

  The maximum number of consecutively sent packets to which a RADIUS server does not respond can be set using the radius-server dead-count count command. The interval between the first ignored packet and the packet ignored for the specified times can be set using the radius-server dead-interval interval-value command.

• If a RADIUS server responds only to a few packets due to a server malfunction or bad connection, the RADIUS server becomes undesirable and should be set to Down. However, the default Down condition of consecutive n timeout packets cannot be met. To resolve this issue, run the radius-server dead-count count fail-rate fail-rate command to enable the device to set the RADIUS server to Down based on the failure rate of packets sent. By default, this function is disabled. After it is enabled, it takes effect along with dead-count, causing a RADIUS server to be set to Down if either the fail-rate or dead-count condition is met.
• By default, after a RADIUS server is set to Down, it recovers immediately if its connected device receives response packets from it. If the device does not receive any response packets within a specified period, the device sets the RADIUS server to Up. The period is set to 3 minutes by default and can be configured using the radius-server dead-time time-value command.
• If a RADIUS server responds only to a few packets due to a server malfunction or bad connection or a RADIUS server frequently goes Up and Down, the network becomes unstable. To suppress the unstable status of the RADIUS server, run the radius-server dead-time time-value [ recover-count invalid ] command to enable slow recovery of the RADIUS server. By default, this function is disabled. After it is enabled, a device does not set the RADIUS server to Up upon receipt of response packets until dead-time elapses.
• After a RADIUS server is set to Down, users who have already selected the server to send packets continue to use this server if packet sending times out but the number of packet retransmission times is not reached.
• The retransmission time configured for a RADIUS group is valid for all the servers in the group. If the number of times that a RADIUS server sends packets to a device reaches the limit, the device selects the next server. For example, if the number of retransmission times is set to n for a server group and the number of servers is 3, the maximum number of retransmission times of a user packet is 3 x n.

Master/Backup Server Selection Policy

• Master/backup server selection policy when a packet is sent for the first time:

  The master server (which has an internal index of 0) that is Up is selected. If the master server is Down, the server that most recently received packets is selected. If there is no such server, the one that first went Up is searched for based on the server configuration sequence in the server group. If no server is found, the one first configured in the server group is selected.

• Master/backup server selection policy in retransmission timeout conditions:

  • If a server is already selected and the number of retransmission times has not reached the limit, the server can continually be used for packet transmission.
  • If the number of retransmission times from the master server reaches the limit, the server that received packets most recently is selected. If there is no such a server or such as a server has sent packets, the next Up backup server is selected using the polling mode. If there is no such server, the next configured backup server is searched for.
  • If the number of retransmission times from a backup server reaches the limit, the next Up backup server is selected using the polling mode. If there is no such server, the next configured backup server is searched for.

Load-Balancing Server Selection Policy

1. When users go online, the sum of weights of all the RADIUS servers that are in the Up state and have not been used is calculated. If there is no RADIUS server in the Up state, the sum of weights of all the configured RADIUS servers that have not been used is calculated.

2. If the sum of weights of the RADIUS servers is greater than 0, a random seed is generated with a value smaller than the sum of weights of the RADIUS servers. A server is then selected among the collection of RADIUS servers to send packets based on the value of the random seed and the weights of the RADIUS servers. To be specific, the first RADIUS server that meets the following requirement is selected:

   Sum of weights of all the RADIUS servers before this server ≤ Value of the random seed < (Weight of this server + Sum of weights of all the RADIUS servers before this server)

   For example, there are four servers with the weights 1, 2, 3, and 4, respectively. The sum of weights is 10. The value of the random seed generated ranges from 0 to 9. If the value of the generated random seed is 0, the server with weight 1 is selected. If the value of the seed is 1 or 2, the server with weight 2 is selected. If the value of the seed is 3, 4, or 5, the server with weight 3 is selected. If the value of the seed is 6, 7, 8, or 9, the server with weight 4 is selected.

3. If the sum of weights of RADIUS servers is 0, a random seed is generated with a value no greater than the number of RADIUS servers. This seed is used for selecting a packet sending server from the collection of RADIUS servers. For example, four servers do not have weights configured. The value of the random seed then ranges from 0 to 3. If the value of the generated random seed is 0, server 1 is selected. If the value of the seed is 1, server 2 is selected. If the value of the seed is 2, server 3 is selected. If the value of the seed is 3, server 4 is selected.