[cisco-bba] Rate Limiting / Load Balancing Radius Requests

Paul Raj Khangure cisco-bba at digitaljunkie.net
Sun Mar 13 02:42:20 EST 2005


We have a number of 7200G and G1s which are being used as LNSes and
BRASes.

We also have an electricity company which can't keep a steady supply of
electricity going for more than a week or two.

When there's a brownout, several thousand (sometimes a few thousand,
sometimes over ten thousand) clients drop off suddenly, and then their
modems / routers try to reconnect suddenly.

This causes the BRAS / LNS to send a flood of radius requests to the
radius servers. Various bad things happen, including there being more
than 256 requests at a time causing the radius-id to overflow, along
with load issues on the radius servers, and clients who get auth
timeouts.

Anyone know if there's an effective way of rate-limiting the number of
radius authentication requests sent on the LNS / BRAS - eg to a max of
50 or 100 per second - or getting the LNS / BRAS to load balance radius
requests to multiple servers, rather than waiting for the first one to
die / timeout?

prk.


More information about the cisco-bba mailing list