Re: Radius experience... was Re: [Serusers] "Best practice" document

Hi Klaus, Just a quick response to what you describe below: We have a different scenario based on three facts: - We have complete control and monitoring of all participating RADIUS servers - Each ser has a RADIUS server on the local LAN where the server center is managed as a whole (i.e. individual components should not be unavailable) - We do not tolerate RADIUS downtime at all. Our 24x7 operations center will immediately respond and correct the situation Thus, we have never experienced the scenario below. However, if something happens, it is actually more likely that we start to NAK all requests as a default. This of course causes the clients to re-register, but ser does not slow down. As you proxy the requests, you probably have a re-send from the RADIUS proxy to the other servers as well, in addition to ser's resend. This adds up as ser will send a new request before the proxy has finished it resends. You could probably turn off the re-send on your RADIUS proxy completely and only rely on ser's resend. It depends on the network between and the level of monitoring you have on all the servers. If you have complete control and tight monitoring, you can probably turn off resend and set very low time-outs. Thus, when a server is down, ser will nak and the client will retry later (which is probably as good as anything, because something is probably seriously wrong and retrying every 4 seconds won't help...) Hope this made sense. g-) Klaus Darilion wrote: