NPS Remote Accounting Server Test
Network Policy Server (NPS) supports Remote Authentication Dial-In User Service (RADIUS) accounting, which you can use to track network usage for auditing and billing purposes. Accounting data can also be queried to assist with network access troubleshooting.
When a RADIUS client is configured to use RADIUS accounting, at the start of service delivery it generates an Accounting-Start message describing the type of service being delivered and the user it is being delivered to. The message is then sent to the RADIUS Accounting server, which sends back an acknowledgment to the RADIUS client. At the end of service delivery, the client generates an Accounting-Stop message describing the type of service that was delivered and optional statistics, such as elapsed time, input and output octets, or input and output packets. It then sends that data to the RADIUS accounting server, which sends back an acknowledgment to the RADIUS client.
The Accounting-Request message (whether for the Start or Stop message) is submitted to the RADIUS accounting server through the network. If the quality of this network connection is poor, then many request packets may be malformed, forcing the server to drop them. This in turn can delay or deny responses to accounting servers and acknowledgments to clients.
Also, if the accounting server is overloaded with requests, the server can choke slowing down accounting in the bargain.
To avoid such delays, administrators must track accounting requests and responses, proactively detect potential slowdowns, accurately isolate what is causing it, and promptly fix it. This is where the NPS Remote Accounting Server test helps.
This test tracks the requests to and responses from each accounting server and reveals whether/not the servers are responding as quickly as the requests come in. You can also use this test to monitor the time each server takes to process requests, and thus identify the server that is experiencing a processing bottleneck. In addition, the test also captures the rate at which packets are dropped by the server and malformed/erroneous packets are received by the server, thus pointing to issues with the client or in the network connection between the server and the client. The load on each server is also revealed by monitoring the packets received by and the pending requests on the server from time to time. This way, the test pinpoints irregularities in load-balancing between servers, which in time can bottleneck request processing by the servers, resulting in slowdowns.
Target of the test : An NPS server
Agent deploying the test : An internal agent
Outputs of the test : One set of results for every access server that is configured to use NPS for authentication
Parameters | Description |
---|---|
Test period |
This indicates how often should the test be executed. |
Host |
The host for which the test is to be configured. |
Port |
The port at which the NPS server listens. The default is NULL. |
Measurement | Description | Measurement Unit | Interpretation |
---|---|---|---|
Accounting-Requests |
Indicates the rate at which this server receives accounting requests. |
Reqs/Sec |
This is a good indicator of the workload on the server. Compare the value of this measure across servers to know which server is overloaded. If a single server appears to be handling a vast majority of the requests, you may want to consider sprucing up your load-balancing algorithm, so that the request load is uniformly balanced across servers. If required, you can even consider adding more servers. |
Accounting - Responses |
Indicates the rate at which this server is responding to requests. |
Reqs/Sec |
If the value of this measure is much lower than the value of the Accounting-Requests measure, it could indicate that the server is not responding to requests quickly. You may want to investigate the reasons for the same. |
Bad authenticators |
Indicates the rate at which this server received requests containing an invalid Message Authenticator attribute. |
Reqs/Sec |
Ideally, the value of this measure should be 0. |
Packets dropped |
Indicates the rate at which this server were silently discarded the request packets it received for a reason other than "malformed," "invalid Message Authenticator," or "unknown type". |
Packets/Sec |
Ideally, the value of this measure should be 0. |
Malformed packets |
Indicates the rate at which this server received malformed packets. |
Packets/Sec |
Ideally, the value of this measure should be 0. |
Packets received |
Indicates the rate at which requests packets were received by his server. |
Packets/Sec |
|
Request timeouts |
Indicates the rate at which requests to this server timed out. |
Reqs/Sec |
A high value indicates frequent timeouts. Under such circumstances, you may want to consider changing the timeout setting for requests, so that timeouts are kept at a minimum. |
Retransmissions |
Indicates the rate at which requests were retransmitted to this server. |
Reqs/Sec |
Retransmits can increase the number of requests to the server, thus overloading it. It is hence good practice to keep the rate of retransmissions minimal. One of the reasons for a high rate of retransmissions is a low Timeout setting on the server. If the value of this measure is very high, you may want to change the timeout setting to reduce retransmits. |
Unknown type |
Indicates the average number of unknown type (non-RADIUS) packets received by this server per second. |
Packets/Sec |
|
Last round-trip time |
Indicates the interval (in hundredths of a second) between the most recent request to this server and its response. |
Secs |
Ideally, the value of this measure should be very low. A high value indicates that that the accounting server is taking too long to perform accounting.
|
Pending requests |
Indicates the rate of requests destined for this server that have not yet timed out or received a response. |
Reqs/Sec |
A high value could either indicate a processing bottleneck on the server or a high timeout setting (which could be causing many requests to be retransmitted to the server). In the case of the latter, you may want to consider modifying the timeout setting to minimize the number of pending requests. |