News Column

Patent Issued for Clustered AAA Redundancy Support within a Radius Server

August 26, 2014



By a News Reporter-Staff News Editor at Information Technology Newsweekly -- A patent by the inventors Tirupachur Comerica, Subash (Sunnyvale, CA); Ballal, Dhiraj D. (Santa Clara, CA), filed on January 18, 2012, was published online on August 12, 2014, according to news reporting originating from Alexandria, Virginia, by VerticalNews correspondents.

Patent number 8806580 is assigned to Juniper Networks, Inc. (Sunnyvale, CA).

The following quote was obtained by the news editors from the background information supplied by the inventors: "Network service providers typically deploy one or more servers to manage authentication, authorization, and accounting (AAA) functionality for networks that over services to one or more subscribers. The protocol most commonly used by the servers to communicate with clients is the Remote Authentication Dial In User Service (RADIUS) protocol. The RADIUS protocol is described in Carl Rigney et al., 'Remote Authentication Dial In User Server (RADIUS),' Network Working Group of the Internet Engineering Task Force (IETF), Request for Comments 2865, June 2000, which is incorporated by reference herein in its entirety (referred to hereinafter as 'RFC 2865').

"To request access to a service, a subscriber connects to a network access server (NAS) that acts as a gateway to the service as provided by a service provider network (or the Internet). If the NAS is a RADIUS client configured to communicate with a RADIUS server for the service provider network using the RADIUS protocol, the NAS confirms that the subscriber is authentic and is authorized to access the service by requesting the RADIUS server to validate the access request from the subscriber. Upon validating an access request, the RADIUS server responds to the NAS with a RADIUS protocol message directing the NAS to accept the access request and establish a session enabling connectivity between the subscriber and the service provider network for the requested service.

"The NAS may thereafter monitor and record statistics describing service usage by the subscriber. If configured to use RADIUS accounting, the NAS periodically communicates the statistics to a RADIUS accounting server using the RADIUS protocol. RADIUS accounting is described in Carl Rigney, 'RADIUS Accounting,' Network Working Group of the IETF, Request for Comments 2866, June 2000, which is incorporated by reference herein in its entirety (referred to hereinafter as 'RFC 2866')."

In addition to the background information obtained for this patent, VerticalNews journalists also obtained the inventors' summary information for this patent: "In general, techniques are described for supporting interchassis redundancy (ICR) by a plurality of network access servers (NASes) that are members of an ICR cluster. For example, techniques may be used to associate, within a RADIUS server, multiple NAS identifiers for the NASes with a single NAS identifier alias. The RADIUS server is configured to handle RADIUS protocol messages from any member of the ICR cluster as though the RADIUS protocol messages issued from a single NAS having the NAS identifier alias.

"In one example, an administrator configures a RADIUS server to recognize NASes that are members of an ICR cluster as RADIUS clients. In addition, the administrator configures the RADIUS server to associate NAS identifiers for each of the NASes with a single NAS identifier alias for the group. The corresponding NAS identifier for each of the NASes may be a respective network address or a NAS-IDentifier value, either of which may uniquely identify the NAS within the RADIUS server domain. When an active one of the NASes for a subscriber establishes a session enabling connectivity between the subscriber and the service provider network for a requested service, the RADIUS server may receive session information relating to the connection in a RADIUS start accounting request from the NAS that includes the NAS identifier. The RADIUS server determines whether a NAS identifier alias is configured for the NAS identifier included in the RADIUS start accounting request and, if so, stores the session information to a session data structure that is uniquely identifiable within the RADIUS by a combination of the NAS identifier alias and an accounting session identifier also included in the RADIUS start accounting request. The RADIUS server handles subsequent requests or other messages associated with the session from any of the NASes that are members of the ICR cluster by similarly aliasing the NAS identifiers included in the messages to the NAS identifier alias configured for the ICR cluster.

"In the event the active NAS for the session fails, a standby one of the clustered NASes for the session assumes responsibility for maintaining service connectivity for the session in accordance with interchassis redundancy techniques. In this case, the RADIUS server receives subsequent requests or other messages associated with the session from the newly-active NAS that has a NAS identifier that is distinct from the previous active NAS for the session. By aliasing the set of unique NAS identifiers for the clustered NASes to the common NAS identifier alias, the RADIUS server may use the combination of the NAS identifier alias and the accounting session identifier of the currently received request to look up the data structure for the session to access session information therein. That is, the RADIUS server maps the unique NAS identifier within the current request to the common NAS identifier alias, and uses the combination of the NAS identifier alias and any accounting session identifier as an index to select the appropriate data structure of session information for this particular session with the clustered NASes. In this way, the RADIUS server may avoid creating a new session data structure keyed to a combination of the NAS identifier for the newly-active NAS and the accounting session identifier and instead maintain continuity for the session.

"The techniques may provide one or more advantages. For example, whereas en t-side aliasing each of the NASes to a single network address may require configuring multiple different boxes and executing a process, such as Virtual Router Redundancy Protocol (VRRP), on each of the NASes to cluster the NASes as a single network address for network communication with the RADIUS server, aliasing the NASes of an ICR cluster according to the described techniques may be accomplished by configuring only the RADIUS server. In addition, unlike client-side aliasing as described above, the techniques of this disclosure may in some examples enable tunneling between the RADIUS server and any of the NASes of an ICR group. Still further, the techniques may enable the RADIUS server to associate all subscribers that attach to any NASes of the ICR cluster with a single interface (the NAS identifier alias) white maintaining conformity to the RADIUS protocol described in RFC 2865.

"In one example, a method comprises storing, with a Remote Authentication Dial-In User Service (RADIUS) server for a service provider network, aliasing information that associates a plurality of redundant network access servers with a common network access server identifier alias. The method also comprises receiving, with the RADIUS server, a RADIUS protocol request message from a first network access server of the plurality of redundant network access servers for a session that enables connectivity between a subscriber and the service provider network. The method further comprises associating, with the RADIUS server, the RADIUS protocol request message with the network access server identifier alias based at least on the aliasing information. The method also comprises accessing, with the RADIUS server, a session record for the session using the network access server identifier alias.

"In another example, a server that provides authentication, authorization, and accounting services for a service provider network comprises a control unit having one or more processors. An alias table of the control unit stores aliasing information that associates a plurality of redundant network access servers with a common network access server identifier alias. A network interface of the control unit receives a Remote Authentication Dial-In User Service (RADIUS) protocol request message from a first network access server of the plurality of redundant network access servers for a session that enables connectivity between a subscriber and the service provider network. An alias module of the control unit associates the RADIUS protocol request message with the network access server identifier alias based at least on the aliasing information, wherein the control unit accesses a session record for the session using the network access server identifier alias.

"In another example, a non-transitory computer-readable medium contains instructions. The instructions cause one or more programmable processors to store, with a Remote Authentication Dial-In User Service (RADIUS) server for a service provider network, aliasing information that associates a plurality of redundant network access servers with a common network access server identifier alias. The instructions also cause the programmable processors to receive, with the RADIUS server, a RADIUS protocol request message from a first network access server of the plurality of redundant network access servers for a session that enables connectivity between a subscriber and the service provider network. The instructions also cause the programmable processors to associate, with the RADIUS server, the RADIUS protocol request message with the network access server identifier alias based at least on the aliasing information. The instructions also cause the programmable processors to access, with the RADIUS server, a session record for the session using the network access server identifier alias.

"The details of one or more embodiments of the invention are set forth in the accompanying drawings and the description below. Other features, objects, and advantages of the invention will be apparent from the description and drawings, and from the claims."

URL and more information on this patent, see: Tirupachur Comerica, Subash; Ballal, Dhiraj D.. Clustered AAA Redundancy Support within a Radius Server. U.S. Patent Number 8806580, filed January 18, 2012, and published online on August 12, 2014. Patent URL: http://patft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PALL&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.htm&r=1&f=G&l=50&s1=8806580.PN.&OS=PN/8806580RS=PN/8806580

Keywords for this news article include: Juniper Networks Inc, Information Technology, Information and Data Architecture.

Our reports deliver fact-based news of research and discoveries from around the world. Copyright 2014, NewsRx LLC


For more stories covering the world of technology, please see HispanicBusiness' Tech Channel



Source: Information Technology Newsweekly


Story Tools






HispanicBusiness.com Facebook Linkedin Twitter RSS Feed Email Alerts & Newsletters