In a previous discussion regarding Loadbalancing radius requests, we instituted
the <AuthBy EAPBALANCE> method to proxy requests to departmental radius
servers. We have been running this method for close to 6 months and have been
pretty satisfied with the result. Of late, however, the client traffic has
increased, and the time for an authentication to complete is a tad longer than
the users are willing to accept. My reading of the documentation provided by
OSC, suggests the use of CachePasswords; CacheOnNoReply; and
CachePasswordExpiry would assist in the performance.
I understand that the trade-off of implementing these features is memory. So
to that end, first, is anyone using these parameters?. What is the number of
clients supported and related memory usage? I anticipate approx. 3-4K
simultaneous users for the particular AuthBy clause. What would be the
recommended Password expiry timer be?
Any info would be appreciated. Below is the current config snippet of the
AuthBy we are using. User connections are retried after a 45 min. period.
#IVEY
# Proxies auth requests to the IVEY IAS radius servers using a loadbalance
algorithm.
<AuthBy EAPBALANCE>
Identifier IVEY
Retries 3
RetryTimeout 5
FailureBackoffTime 20
AuthPort 1645
AcctPort 1646
Secret xxxxx
LocalAddress xxxxxxxxxx
#
<Host xxxxxxx>
</Host>
#
<Host yyyyyyyy>
</Host>
#
<Host zzzzzzzz>
</Host>
</AuthBy>
The last server is the slower of the 3 hosts available which I believe is the
bottleneck.
Thanks
Michael Hulko
Network Analyst
Western University Canada
Network Operations Centre
Information Technology Services
1393 Western Road, SSB 3300CC
London, Ontario N6G 1G9
tel: 519-661-2111 x81390
e-mail: mihu...@uwo.ca <mailto:mihu...@uwo.ca>
_______________________________________________
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
