(Optional) Configuring the Algorithm for Selecting the RADIUS Server

If the radius-server algorithm master-backup command is run or the default master/backup mode is used, the RADIUS authentication server or accounting server configured first is the master server, and the others are backup servers. A backup server is selected only after the master server goes Down.

• When packets are sent for the first time, the master server that is Up is selected. If no server is in the Up state, the first configured server is selected.

• When packets are retransmitted due to a timeout:

  • If a server has already been selected and the number of retransmission times has not reached the limit, packets are still retransmitted to this server.

  • If the number of retransmission times has reached the upper limit and the master server times out, packets are retransmitted to the server that has most recently received packets. If no such a server is available or packets have already been sent to this server, the polling mechanism is used to select another backup server in the Up state. If no backup server is in the Up state, the next configured backup server is selected.
  • If the number of retransmission times has reached the limit and the backup server times out, the polling mechanism is used to select another backup server in the Up state. If no backup server is in the Up state, the next configured backup server is selected.

If the radius-server algorithm loading-share command has been configured to specify the load balancing mode, traffic is load-balanced based on the weights of servers.

• If the sum of weights of RADIUS servers is 0, each RADIUS server is considered to have the same weight. Then a server in the Up state is selected at random.

  For example, if a RADIUS server group contains six servers, in which four are Up, one is selected from the four servers in the Up state at random. These four servers have the same chance of being selected. If no server is Up, one is selected from the six servers at random. These six servers have the same chance of being selected.

• If the sum of weights of RADIUS servers is greater than 0, all RADIUS servers that are in the Up state and have not been used are selected at random based on the proportion by weight. If no RADIUS server is in the Up state, servers are selected at random based on the proportion by weight.

  For example, if a RADIUS server group contains four servers, at a weight of 10, 20, 30, and 40, respectively. If the four servers are all Up or Down, they will be selected at a probability of 10%, 20%, 30%, and 40%, respectively. If the first server is Down, but the other three servers are Up, a server is selected from the three servers in the Up state at a probability of 20/(20 + 30 + 40), 30/(20 + 30 + 40), and 40/(20 + 30 + 40).

Each time a RADIUS server is selected, the selection result is independent of previous selection results. For example, two servers have the selection probability of 50% each. If 100 consecutive users select the first server, the 101th user still has a 50% probability to select the first server. It is similar to flipping a coin. The probability for getting a head or tail is 50% each. If you only flip a coin a few times, the probability for each is not necessarily 50%. However, if you flip the coin multiple times, the probability for getting a head or tail is 50% eventually.

By default, a RADIUS accounting server is the same as the selected authentication server. This RADIUS server is also selected to perform accounting. If the radius-server algorithm master-backup [ strict ] command is run, an accounting server is selected based on the configured algorithm. The master accounting server is preferentially selected, irrelevant to the authentication server.