Authentication Server Load Balancing

Load balancing of authentication servers ensures that the authentication load is split across multiple authentication servers, thus avoiding any one particular authentication server from being overloaded. Authentication Server Load Balancing functionality enables Mobility Master to perform load balancing of authentication requests destined for external authentication servers (RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  or LDAP Lightweight Directory Access Protocol. LDAP is a communication protocol that provides the ability to access and maintain distributed directory information services over a network.). This prevents any one authentication server from having to handle the full load during heavy authentication periods, such as at the start of the business day.

Previously, the controller used the first authentication server in the server group list. The remaining servers in that group would be used in sequential order only when an authentication server was down. Thus, the controllers performed fail-over instead of load balancing of authentication servers.

The load balancing algorithm computes the expected time taken to authenticate a new client for each authentication server and chooses that authentication server with the shortest expected authentication time. The load balancing algorithm maintains re-authentication stickiness, meaning that at the time of re-authentication, the request is forwarded to the same server where it was originally authenticated.

Enabling Authentication Server Load Balancing Functionality

The following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. command enables authentication server load balancing functionality:

(host) [mynode] (config) #aaa server-group <group>

load-balance

auth-server s1

auth-server s2

The following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. command disables load balancing:

(host) [mynode] (config) #aaa server-group <group>

no load-balance

If you configure an internal server in the server group, load balancing is not applicable to the internal server. The Internal server will be used as a fall-back when all other servers in the group are down.