1. Field of the Invention
The present invention relates to communications, and more particularly, to authentication and authorization.
2. Background of the Invention
Authentication, Authorization, and Accounting (AAA) protocols such as Remote Authentication Dial-In User Service (RADIUS) and Diameter provide dial-up, point to point protocol (PPP), and terminal server access. As the Internet has grown and new network access technologies such as wireless, DSL, Mobile Internet Protocol (Mobile IP), and Ethernet have been introduced, network access servers (NAS) and routers have become increasingly complex. Increasing NAS complexity and density combined with large scale network deployments has placed new demands on AAA protocols such as RADIUS and other AAA protocols.
Future reference architectures such as 3rd Generation Partnership Project Systems Architecture Evolution (3GPP SAE) and other large scale reference architectures require thousands of NAS clients which in turn are assigned to access control servers such as Diameter servers. Managing the large numbers of client-server associations increases the cost and complexity of managing these network architectures. Additionally, the number of servers needed to support such large scale wireless and wireline networks also increases. Because protocols such as Diameter use a connection-based TCP protocol, a load balancer in front the Diameter servers only balances TCP connections. Accordingly, such a connection-based load balancing algorithm may lead to overload since differences between independent client capacities and loads are not considered (i.e. an urban client node may generate many times the load of a rural node but would be treated equally by the load balancer). Similarly, a high-capacity server that has a relatively high number of existing TCP connections may be better-able to handle additional connections than other lower-capacity servers that have a relatively low number of TCP connections. Improved load balancing methods and systems are needed that do not merely balance connections and take client and server capacities into account when assigning clients to servers.
Current load balancers for access control servers generally consist of dedicated computer hardware or machines for load balancing in front of the access control servers. As Diameter uses TCP with relatively long-lived connections, dedicated load balancer computers or machines in front of Diameter servers are limited to balancing TCP connections between servers and clients. Thus, most load balancing solutions for Diameter servers can currently only balance server loads on a per-connection basis. This is in contrast to load balancers for RADIUS servers because RADIUS uses UDP and not TCP. UDP-based network architectures such as RADIUS can be load-balanced on a per-request basis whereby messages and not connections are load balanced across available RADIUS servers. Load balancers for RADIUS servers are generally dedicated computers in front of RADIUS servers and do not take server capacity into account when assigning clients to servers. Load balancers for RADIUS servers also do not dynamically re-assign clients based upon changes to server load over time.
As large scale networks with thousands of clients and access control servers are deployed, the inherent limitations of connection-based load balancers will be compounded. Even ‘smart’ load balancers that probe or query server load based upon servers' current central processing unit (CPU) utilization, input output (I/O) throughput, memory utilization, et al cannot optimally balance server loads. This is because servers typically use off-node resources such as databases which may make server nodes appear to be ‘idle’ when they are actually operating at or near capacity.
What is needed are cost effective systems and methods to manage client-server assignments in wireless and wireline communications networks.
What is further needed is a cost effective and scalable server load balancing in large-scale server systems over time.