Authentication for Big Wi-Fi

The growth of demand for Wi-Fi on campus has been nothing short of explosive. In the space of 8 years York University has expanded its Wi-Fi coverage footprint by a factor of 10. Peak concurrent Wi-Fi device counts are now... [ view full abstract ]

The growth of demand for Wi-Fi on campus has been nothing short of explosive. In the space of 8 years York University has expanded its Wi-Fi coverage footprint by a factor of 10. Peak concurrent Wi-Fi device counts are now around 27,000. Wi-Fi traffic accounts for the majority of all Internet transit traffic at the University. But the challenges of Big Wi-Fi extend beyond RF design, speeds and feeds of the campus network and the Internet plumbing. Tens of thousands of concurrently active Wi-Fi devices also require fast and and reliable authentication and authorization systems. The best RF plan and the fastest network are of no use if the users cannot get past the authentication system to access the network.

York University UIT has been on a steep learning curve in the past 18 months about what it takes to support 1000’s of RADIUS authentication requests per second. We have dealt with server capacity, software reliability, fail-over designs that trigger failure cascades resulting in congestive collapse of the authentication service, monthly patch events of AD which cause RADIUS to fail.

The talk will cover: capacity planning and scale-out of RADIUS service, load balancing of RADIUS servers, redundancy and fail-over models, using
Active Directory as the backend database.

Transaction rate scaling considerations for RADIUS authentication for Wi-Fi service. Recommended deployment architecture for a scaleable, resilient RADIUS service. Resiliency considerations for integration of RAIDUS with Active Directory. Avoid all the things that we did wrong.