Method and system for load balancing over a cluster of authentication, authorization and accounting (AAA) servers

US 9,749,404 B2
Filed: 04/17/2008
Issued: 08/29/2017
Est. Priority Date: 04/17/2008
Status: Active Grant

First Claim

Patent Images

1. A method for load balancing over a cluster of authentication, authorization and accounting (AAA) servers that is performed by a load balancer located between an AAA client and the AAA servers, comprising:

receiving an AAA connection establishment request from the AAA client;

forwarding the AAA connection establishment request, received from the AAA client, to more than one AAA server in the cluster of AAA servers, wherein the AAA servers are any of LDAP servers and Diameter servers;

receiving an AAA connection establishment answer from two or more of the AAA servers, wherein each received AAA connection establishment answer indicates that an active AAA connection has been established with the respective answering AAA server on behalf of the AAA client;

responding to the AAA client with a received AAA connection establishment answer;

forwarding an AAA request received from the AAA client to one of the AAA servers, having an active AAA connection with the AAA client, over the active AAA connection, wherein forwarding the AAA request further comprises;

identifying a session identifier (ID) included in the received AAA request, wherein the AAA request uniquely identifies a session between the AAA client and an AAA server at an AAA protocol layer; and

forwarding the AAA request to an AAA server associated with the session ID.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for load balancing over a cluster of authentication, authorization and accounting (AAA) servers. The method performs a distribution of AAA requests among AAA servers having an active AAA connection with an AAA client. The method includes establishing TCP connections with a plurality of AAA servers, using a TCP connection request received from at least one AAA client; opening AAA connections with a plurality of AAA servers, using an AAA connection request received from at least one AAA client, and distributing AAA requests to AAA servers with an active AAA connection according to a predefined load balancing algorithm. The invention is further capable of multiplexing outbound messages and requests received from a plurality of AAA servers. The AAA protocol supported by the invention includes, but is not limited to, a Diameter protocol, a lightweight directory access protocol (LDAP), and the likes.

7 Citations

14 Claims

1. A method for load balancing over a cluster of authentication, authorization and accounting (AAA) servers that is performed by a load balancer located between an AAA client and the AAA servers, comprising:
- receiving an AAA connection establishment request from the AAA client;
  
  forwarding the AAA connection establishment request, received from the AAA client, to more than one AAA server in the cluster of AAA servers, wherein the AAA servers are any of LDAP servers and Diameter servers;
  
  receiving an AAA connection establishment answer from two or more of the AAA servers, wherein each received AAA connection establishment answer indicates that an active AAA connection has been established with the respective answering AAA server on behalf of the AAA client;
  
  responding to the AAA client with a received AAA connection establishment answer;
  
  forwarding an AAA request received from the AAA client to one of the AAA servers, having an active AAA connection with the AAA client, over the active AAA connection, wherein forwarding the AAA request further comprises;
  
  identifying a session identifier (ID) included in the received AAA request, wherein the AAA request uniquely identifies a session between the AAA client and an AAA server at an AAA protocol layer; and
  
  forwarding the AAA request to an AAA server associated with the session ID.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein establishing the AAA connection further comprises:
    - saving in a connection table for the AAA client an identifier of each AAA server having an active AAA connection with the AAA client.
  - 3. The method of claim 2, wherein forwarding the AAA request further comprises:
    - forwarding the AAA request to one of the AAA servers having an identifier in the connection table.
  - 4. The method of claim 2, wherein forwarding the AAA request further comprises:
    - searching for the session ID in a session-tracking table;
      
      forwarding the request to an AAA server associated with the session ID in the session-tracking table;
      
      when the session ID is not found in the session-tracking table selecting one of the AAA servers designated in the connection table;
      
      updating the session-tracking table to include the session ID and the selected AAA server; and
      
      forwarding the request to the selected AAA server.
  - 5. The method of claim 1, wherein the one of the AAA servers to which the AAA request is forwarded is being selected according to a load balancing algorithm, wherein the load balancing algorithm comprises at least one of:
    - a round robin, a weighted round robin, weighted sessions, and weighted requests.
  - 6. The method of claim 1, wherein the AAA servers are Diameter servers and the AAA requests are Diameter requests.
  - 7. The method of claim 6, wherein the AAA connection establishment request is at least a Diameter CER message.
  - 8. The method of claim 1, wherein the AAA servers are lightweight directory access protocol (LDAP) servers and the AAA requests are LDAP requests.
  - 9. The method of claim 8, wherein the AAA connection establishment request is at least a LDAP BIND message.
  - 10. The method of claim 1, wherein the AAA request is sent over the AAA connection using a transport protocol, wherein the transport protocol includes at least one of:
    - a transmission control protocol (TCP) and a stream control transmission protocol (SCTP).

11. A non-transitory computer-readable medium having stored thereon computer executable instructions operable to enable, when executed, a computer to perform a method for load balancing over a cluster of authentication, authorization and accounting (AAA) servers, the method being performed by a load balancer located between an AAA client and the AAA servers, comprising:
- receiving an AAA connection establishment request from the AAA client;
  
  forwarding the AAA connection establishment request, received from the AAA client, to more than one AAA server in the cluster of AAA servers, wherein the AAA servers are any of LDAP servers and Diameter servers;
  
  receiving an AAA connection establishment answer from two or more of the AAA servers, wherein each received AAA connection establishment answer indicates that an active AAA connection has been established with the respective AAA server on behalf of the AAA client;
  
  responding to the AAA client with a received AAA connection establishment answer; and
  
  forwarding an AAA request received from the AAA client to one of the AAA servers, having an active established AAA connection with the AAA client, over the AAA connection, wherein forwarding the AAA request further comprises;
  
  identifying a session identifier (ID) included in the received AAA request, wherein the AAA request uniquely identifies a session between the AAA client and an AAA server at an AAA protocol layer; and
  
  forwarding the AAA request to an AAA server associated with the session ID.

12. An authentication, authorization and accounting (AAA) system, comprises:
- a cluster of AAA servers, wherein each AAA server includes a processor and is capable of performing authentication, authorization and accounting functions according to the AAA requests wherein the AAA servers are any of LDAP servers and Diameter servers; and
  
  a load balancer located between an AAA client and the AAA servers for distributing AAA requests among a plurality of AAA servers in the cluster of AAA servers and being configured to;
  
  receive an AAA connection establishment request from the AAA client;
  
  forward the AAA connection establishment request, received from the AAA client, to more than one AAA server in the cluster of AAA servers, wherein the AAA servers are any of LDAP servers and Diameter servers;
  
  receive an AAA connection establishment answer from two or more of the AAA servers, wherein each received AAA connection establishment answer indicates that an active AAA connection has been established with the respective AAA server on behalf of the AAA client;
  
  respond to the AAA client with a received AAA connection establishment answer; and
  
  forward an AAA request received from the AAA client to one of the AAA servers, having an active AAA connection with the AAA client, over the active AAA connection, wherein the load balancer is further configured toidentify a session identifier (ID) included in the received AAA request, wherein the AAA request uniquely identifies a session between the AAA client and an AAA server at an AAA protocol layer; and
  
  forward the AAA request to an AAA server associated with the session ID.
- View Dependent Claims (13, 14)
- - 13. The system of claim 12, wherein is further configured to:
    - save in a connection table for the AAA client an identifier of each AAA server having an active AAA connection with the AAA client.
  - 14. The system of claim 13, the load balancer is further configured to:
    - select one of the AAA servers designated in the connection table when the session ID is not found in the session-tracking table;
      
      update the session-tracking table to include the session ID and the selected AAA server; and
      
      forward the request to the selected AAA server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Radware Limited
Original Assignee
Radware Limited
Inventors
Peles, Amir
Primary Examiner(s)
MACILWINEN, JOHN MOORE JAIN

Application Number

US12/104,820
Publication Number

US 20090265467A1
Time in Patent Office

3,421 Days
Field of Search

709200, 709226-227
US Class Current
CPC Class Codes

H04L 47/10   Flow control; Congestion co...

H04L 63/0892   by using authentication-aut...

H04L 67/1001   for accessing one among a p...

H04L 67/1017   based on a round robin mech...

H04L 67/1023   based on a hash applied to ...

H04L 67/1036   Load balancing of requests ...

Method and system for load balancing over a cluster of authentication, authorization and accounting (AAA) servers

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

7 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for load balancing over a cluster of authentication, authorization and accounting (AAA) servers

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

7 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links