Re: Recent Radius Meltdowns

Thu, 10 Mar 2016 06:16:33 -0800 

Date:    Wed, 9 Mar 2016 14:05:07 -0700
From:    Jake Snyder <jsnyde...@gmail.com>
Subject: Recent Radius Meltdowns

Just wanted to throw this out to the educause community to see if others
are seeing this.  Although this is not ultimately a problem with Higher Ed,
the large scale RADIUS deployments in higher ed resulting in more impact

Several weeks ago we had a higher ed customer who's Radius environment
started periodically melting down.  The customer was running Cisco
Infrastructure and ACS 5.x on the back end.



I'm curious whether this customer was running WLC 8.1 code or something
older?

Although slightly different environment, we had horrible horrible
radius problems under WLC 8.0 code that were improved tremendously when
we upgraded to 8.1 and enabled the multiple radius queues (Cisco speak
for multiple UDP source ports).


If anything (radius server, users, Active Directory, etc) slows down
the auth process, then you're going to have more auth sessions in
progress simultaneously.
There is an 8-bit field in the radius auth packlet called radius_id that the controller and radius server use to keep straight which auth 
session is which.  If you exceed 255 radius auth sessions in progress
per queue, then meltdown is inevitable.  More queues allows more auth
sessions.



(Hotel-WLC) >show radius queue summary

Max Radius Queues Per Server..................... 8
 Source Port numbers used........................ 32769 32770 32771 32772 32773 
32774 32775 32776

Max Radius Buffers Available..................... 4064
 Currently number of Buffers consumed............ 11

Radius Authentication Messages Stats
 Total Auth Req sent(allocated).................. 13588897
 Total Auth Resp rcvd(freed)..................... 13588897
 Total Auth Req Pkts Dropped(no buffer).......... 0

Radius Accounting Messages Stats
 Total Acct Req sent(allocated).................. 0
 Total Acct Resp rcvd(freed)..................... 0
 Total Acct Req Pkts Dropped(no buffer).......... 0




--
Earl Barfield -- Academic & Research Tech / Information Technology
Georgia Institute of Technology, Atlanta Georgia, 30332
Internet: earl.barfi...@oit.gatech.edu    e...@gatech.edu

**********
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Reply via email to