Flood Control Settings
When all the threads for a packet type are in use simultaneously and flood queues are enabled, packets received are placed in a queue to be processed on a best-effort basis, in a defined order.
This section provides information about the following flood control settings in the [Configuration] section of the radius.ini file:
Set the Max-Auth-Floods, Max-Acct-Floods, and Max-Proxy-Floods, which is the maximum number of packets retained by the flood queue. The default is 10,000 times the number of threads.
The value for Max-Auth-Threads-In-Flood, Max-Acct-Threads-In-Flood, and Max-Proxy-Threads-In-Flood by default is half the total threads for the type. The minimum value is 1 and the maximum value is the number of threads configured. This is the maximum number of threads that are allowed to process packets in the flood queue, rather than taking new work.
The value for Auth-Flood-Queue-Shape, Acct-Flood-Queue-Shape, and Proxy-Flood-Queue-Shape is FIFO, LIFO, or RAND. This is the order in which the queue is drained, as well as the order in which packets are dropped if the flood queue is filled.
FIFO (First-In-First-Out)–Drops the new packet if the queue is full. This is recommended for most instances.
LIFO (Last-In-First-Out)–Drops the oldest packet in the queue when the queue is full, always puts the new packet at the start of the queue, and always gets the last packet in the queue first. This is recommended when you know you have to throw packets away, in certain cases, to keep up with the workload.
RAND (Random-in-Random-Out)–If the queue is full, drops either the first packet in the queue or the packet being received in order to get an item of work out of the queue. Drops random packets in the queue while the queue is full. This is rarely recommended, but approximates random delays. In some cases of network flooding, it may be desirable to randomly distribute responses.
See the Juniper Networks Steel-Belted Radius Carrier Reference Guide for more information.