Method and system for load balancing over a cluster of authentication, authorization and accounting (AAA) servers
First Claim
1. A method for load balancing over a cluster of authentication, authorization and accounting (AAA) servers that is performed by a load balancer located between an AAA client and the AAA servers, comprising:
- receiving an AAA connection establishment request from the AAA client;
forwarding the AAA connection establishment request, received from the AAA client, to more than one AAA server in the cluster of AAA servers, wherein the AAA servers are any of LDAP servers and Diameter servers;
receiving an AAA connection establishment answer from two or more of the AAA servers, wherein each received AAA connection establishment answer indicates that an active AAA connection has been established with the respective answering AAA server on behalf of the AAA client;
responding to the AAA client with a received AAA connection establishment answer;
forwarding an AAA request received from the AAA client to one of the AAA servers, having an active AAA connection with the AAA client, over the active AAA connection, wherein forwarding the AAA request further comprises;
identifying a session identifier (ID) included in the received AAA request, wherein the AAA request uniquely identifies a session between the AAA client and an AAA server at an AAA protocol layer; and
forwarding the AAA request to an AAA server associated with the session ID.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system for load balancing over a cluster of authentication, authorization and accounting (AAA) servers. The method performs a distribution of AAA requests among AAA servers having an active AAA connection with an AAA client. The method includes establishing TCP connections with a plurality of AAA servers, using a TCP connection request received from at least one AAA client; opening AAA connections with a plurality of AAA servers, using an AAA connection request received from at least one AAA client, and distributing AAA requests to AAA servers with an active AAA connection according to a predefined load balancing algorithm. The invention is further capable of multiplexing outbound messages and requests received from a plurality of AAA servers. The AAA protocol supported by the invention includes, but is not limited to, a Diameter protocol, a lightweight directory access protocol (LDAP), and the likes.
7 Citations
14 Claims
-
1. A method for load balancing over a cluster of authentication, authorization and accounting (AAA) servers that is performed by a load balancer located between an AAA client and the AAA servers, comprising:
-
receiving an AAA connection establishment request from the AAA client; forwarding the AAA connection establishment request, received from the AAA client, to more than one AAA server in the cluster of AAA servers, wherein the AAA servers are any of LDAP servers and Diameter servers; receiving an AAA connection establishment answer from two or more of the AAA servers, wherein each received AAA connection establishment answer indicates that an active AAA connection has been established with the respective answering AAA server on behalf of the AAA client; responding to the AAA client with a received AAA connection establishment answer; forwarding an AAA request received from the AAA client to one of the AAA servers, having an active AAA connection with the AAA client, over the active AAA connection, wherein forwarding the AAA request further comprises; identifying a session identifier (ID) included in the received AAA request, wherein the AAA request uniquely identifies a session between the AAA client and an AAA server at an AAA protocol layer; and forwarding the AAA request to an AAA server associated with the session ID. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A non-transitory computer-readable medium having stored thereon computer executable instructions operable to enable, when executed, a computer to perform a method for load balancing over a cluster of authentication, authorization and accounting (AAA) servers, the method being performed by a load balancer located between an AAA client and the AAA servers, comprising:
-
receiving an AAA connection establishment request from the AAA client; forwarding the AAA connection establishment request, received from the AAA client, to more than one AAA server in the cluster of AAA servers, wherein the AAA servers are any of LDAP servers and Diameter servers; receiving an AAA connection establishment answer from two or more of the AAA servers, wherein each received AAA connection establishment answer indicates that an active AAA connection has been established with the respective AAA server on behalf of the AAA client; responding to the AAA client with a received AAA connection establishment answer; and forwarding an AAA request received from the AAA client to one of the AAA servers, having an active established AAA connection with the AAA client, over the AAA connection, wherein forwarding the AAA request further comprises; identifying a session identifier (ID) included in the received AAA request, wherein the AAA request uniquely identifies a session between the AAA client and an AAA server at an AAA protocol layer; and forwarding the AAA request to an AAA server associated with the session ID.
-
-
12. An authentication, authorization and accounting (AAA) system, comprises:
-
a cluster of AAA servers, wherein each AAA server includes a processor and is capable of performing authentication, authorization and accounting functions according to the AAA requests wherein the AAA servers are any of LDAP servers and Diameter servers; and a load balancer located between an AAA client and the AAA servers for distributing AAA requests among a plurality of AAA servers in the cluster of AAA servers and being configured to; receive an AAA connection establishment request from the AAA client; forward the AAA connection establishment request, received from the AAA client, to more than one AAA server in the cluster of AAA servers, wherein the AAA servers are any of LDAP servers and Diameter servers; receive an AAA connection establishment answer from two or more of the AAA servers, wherein each received AAA connection establishment answer indicates that an active AAA connection has been established with the respective AAA server on behalf of the AAA client; respond to the AAA client with a received AAA connection establishment answer; and forward an AAA request received from the AAA client to one of the AAA servers, having an active AAA connection with the AAA client, over the active AAA connection, wherein the load balancer is further configured to identify a session identifier (ID) included in the received AAA request, wherein the AAA request uniquely identifies a session between the AAA client and an AAA server at an AAA protocol layer; and forward the AAA request to an AAA server associated with the session ID. - View Dependent Claims (13, 14)
-
Specification