Introduction: The Challenge of Managing Large Subscriber Bases

As your ISP business grows, so does the complexity of managing your subscriber base. When you cross the 10,000 subscriber mark, traditional approaches to authentication, authorization, and accounting (AAA) simply break down. Slow login times, billing discrepancies, network bottlenecks, and support overload become daily headaches.

This is exactly where a robust RADIUS (Remote Authentication Dial-In User Service) server becomes your most critical infrastructure investment. In this guide, we will walk you through everything you need to know about setting up, configuring, and scaling a RADIUS server to comfortably handle 10,000 or more subscribers — with real-world tips tailored specifically for Indian ISPs.

💡 OneRADIUS by ARCR Technologies is purpose-built for ISPs in India managing large subscriber bases. It supports high-concurrency authentication, real-time billing, and seamless NAS integration out of the box.

---

What Is a RADIUS Server and Why Does It Matter at Scale?

A RADIUS server is the backbone of subscriber management in any ISP network. It handles three core functions:

  • **Authentication** — Verifying who the subscriber is (username/password, MAC address, etc.)
  • **Authorization** — Determining what services the subscriber is allowed to use (bandwidth plan, time limits, etc.)
  • **Accounting** — Tracking usage data for billing and reporting purposes

At 10,000 subscribers, even a minor inefficiency in any of these three functions can cascade into serious operational problems. A poorly configured RADIUS server may struggle with concurrent authentication requests during peak hours, leading to login failures and subscriber complaints.

Why Standard Open-Source RADIUS Tools Fall Short

Many ISPs start with FreeRADIUS or similar open-source tools. While excellent for small deployments, these tools require extensive manual configuration, lack a friendly GUI, and demand deep technical expertise to scale. For ISPs serving thousands of subscribers across multiple cities or zones in India, a purpose-built RADIUS solution like OneRADIUS offers significant advantages in manageability, support, and performance.

---

Key Components of a Scalable RADIUS Infrastructure

Before diving into configuration, understand the core components you need to handle 10,000 subscribers effectively:

1. High-Performance RADIUS Server Software

Your RADIUS software must support:

  • **High concurrent authentication requests** — At least 500–1,000 simultaneous authentications per second
  • **Database-backed user profiles** — MySQL, PostgreSQL, or similar for storing subscriber data
  • **Real-time accounting** — Immediate write of session data to prevent billing loss
  • **Fail-over and redundancy** — Primary and secondary RADIUS server configuration

2. Robust Database Backend

The database is the heart of your RADIUS deployment. At 10,000 subscribers, you need:

  • Optimised indexing on username, MAC address, and NAS IP fields
  • Partitioned tables for accounting data (monthly or quarterly)
  • Regular archiving of old session records to keep query performance fast
  • Replication setup for high availability

3. Network Access Servers (NAS) Compatibility

Your RADIUS server must integrate cleanly with your NAS devices — whether those are MikroTik routers, Cisco devices, Huawei OLTs, or GPON equipment commonly used by Indian ISPs. Proper NAS registration with shared secrets is fundamental.

4. Billing and Plan Management System

For 10,000 subscribers, manual billing is impossible. Your RADIUS server should connect to an automated billing platform that:

  • Creates and deactivates accounts based on payment status
  • Applies the correct bandwidth plans automatically
  • Sends usage alerts and renewal reminders
💡 OneRADIUS comes with a built-in billing module designed for Indian ISPs, supporting prepaid and postpaid plans, data quotas, time-based plans, and automated account expiry.

---

Step-by-Step: Setting Up RADIUS for 10,000 Subscribers

Step 1: Plan Your Server Hardware

Do not underestimate hardware requirements. For 10,000 active subscribers, a recommended server specification is:

  • **CPU** — 8-core processor minimum (Intel Xeon or equivalent)
  • **RAM** — 32 GB minimum; 64 GB recommended for high accounting loads
  • **Storage** — SSD-based RAID array for database; at least 500 GB
  • **Network** — Gigabit NIC with bonding for redundancy
⚠️ Avoid running your RADIUS server and billing database on the same physical machine if you have more than 5,000 active sessions. Separate them to avoid I/O contention.

Step 2: Organise Your Subscriber Data

Before you migrate or onboard 10,000 subscribers, ensure your data is clean:

  • Standardise username formats (e.g., mobile number or customer ID)
  • Assign unique static IPs or use IP pools per zone
  • Map each subscriber to their correct plan and NAS device
  • Remove duplicate or inactive accounts

Step 3: Configure IP Address Pools Efficiently

Managing IPs for 10,000 subscribers requires careful planning:

  • Use **per-NAS IP pools** to avoid address conflicts across zones
  • Implement **CGNAT (Carrier-Grade NAT)** if public IPv4 addresses are limited
  • Plan for IPv6 adoption if serving tech-forward customers
  • Document all IP ranges in your billing system to avoid overlaps

Step 4: Define and Standardise Bandwidth Plans

With thousands of subscribers on multiple plans, consistency is critical:

  • Create **named service profiles** in RADIUS (e.g., '10Mbps-Unlimited', '50Mbps-50GB', etc.)
  • Use **RADIUS attributes** like WISPr-Bandwidth-Max-Up and WISPr-Bandwidth-Max-Down
  • For MikroTik users, configure proper Mikrotik-Rate-Limit attributes
  • Ensure plan changes take effect immediately upon next session reconnect
💡 OneRADIUS allows you to define unlimited plan templates and assign them to subscribers in bulk, saving hours of manual work during plan migrations.

Step 5: Set Up Concurrent Login Controls

Preventing session abuse is critical at scale:

  • Set **Simultaneous-Use = 1** for standard residential plans
  • Use **NAS-Port tracking** to detect and terminate duplicate sessions
  • Configure automatic session timeout for idle connections
  • Enable **MAC address binding** to prevent credential sharing
⚠️ Ignoring concurrent session controls at 10,000 subscribers can lead to significant revenue leakage through credential sharing and ghost sessions consuming your bandwidth.

Step 6: Configure Accounting Intervals Carefully

Interim accounting updates are crucial for accurate billing and real-time monitoring:

  • Set **Acct-Interim-Interval** to 60–300 seconds depending on your plan type
  • For data-quota plans, use shorter intervals (60 seconds) to prevent over-usage
  • For unlimited time-based plans, 300 seconds is acceptable to reduce database load
  • Always log session start, stop, and interim records to separate accounting tables

Step 7: Implement Redundancy and Failover

For 10,000 subscribers, downtime is unacceptable:

  • Deploy a **primary and secondary RADIUS server** with shared database replication
  • Configure your NAS devices to try secondary RADIUS on timeout
  • Use **keepalived or heartbeat** for automatic failover at the OS level
  • Test failover quarterly — do not assume it works without testing
⚠️ Many ISPs set up a backup RADIUS server but never test it. A failover that has never been tested is as good as no failover at all.

---

Performance Tuning for High-Scale RADIUS Deployments

Database Optimisation Tips

  • Index the **username** and **acctsessionid** columns in your radacct table
  • Archive accounting records older than 90 days to a separate table
  • Use **database connection pooling** to reduce connection overhead
  • Schedule database maintenance (ANALYZE, OPTIMIZE) during off-peak hours

RADIUS Server Tuning

  • Increase the **max_requests** parameter to handle peak-hour bursts
  • Use **worker threads** matching your CPU core count
  • Enable **request caching** for frequently authenticated users
  • Monitor RADIUS response times — anything above 500ms under load indicates a problem

Network-Level Optimisation

  • Ensure low-latency connectivity between RADIUS server and NAS devices
  • Keep RADIUS server and NAS on the same data centre or low-latency private link
  • Use **UDP optimisation** at the OS level (larger socket buffers)

---

Monitoring and Alerting for 10,000 Subscribers

At this scale, you cannot manage what you cannot see. Implement:

Real-Time Dashboard

  • Active session count by NAS and zone
  • Authentication success vs failure rate
  • Current bandwidth utilisation per plan type
  • Accounting write latency

Alerting Rules

  • Alert if authentication failure rate exceeds 5% in any 5-minute window
  • Alert if RADIUS response time exceeds 300ms average
  • Alert if database replication lag exceeds 30 seconds
  • Alert if any NAS stops sending accounting packets
💡 OneRADIUS includes a real-time monitoring dashboard with built-in alerts, giving your NOC team instant visibility into network health and subscriber activity.

Audit Logs and Compliance

For Indian ISPs, maintaining proper logs is also a DOT (Department of Telecommunications) compliance requirement:

  • Store all authentication logs for at least 1 year
  • Maintain subscriber session records with timestamps and IP mappings
  • Ensure logs are tamper-evident and backed up offsite

---

Common Mistakes ISPs Make When Scaling to 10,000 Subscribers

  • **Under-provisioning the database server** — The RADIUS database takes the heaviest load. Always over-provision it.
  • **Not archiving old accounting data** — Tables with millions of rows slow down everything.
  • **Ignoring NAS timeouts** — If NAS timeout settings are too aggressive, subscribers get disconnected unnecessarily.
  • **No billing-RADIUS synchronisation** — Expired accounts that remain active in RADIUS cause revenue loss.
  • **Single point of failure** — Running only one RADIUS server with no backup is a disaster waiting to happen.
  • **No change management** — Making live changes to RADIUS configuration without testing causes mass disconnects.

---

Why OneRADIUS Is the Right Choice for Indian ISPs at Scale

OneRADIUS by ARCR Technologies, Hyderabad, is specifically engineered for the challenges Indian ISPs face:

  • **Supports 10,000+ concurrent sessions** with optimised architecture
  • **Built-in billing integration** for prepaid, postpaid, and combo plans
  • **MikroTik, Cisco, Huawei, and GPON NAS support** out of the box
  • **Web-based GUI** — No command-line expertise required for daily operations
  • **24/7 support** from a team that understands the Indian ISP landscape
  • **DOT compliance features** built into logging and reporting
  • **Affordable pricing** designed for India's competitive ISP market
💡 OneRADIUS offers a free demo for ISPs. Visit oneradius.com to schedule a walkthrough and see how it handles your specific subscriber management challenges.

---

Conclusion

Managing 10,000 subscribers with a RADIUS server is absolutely achievable — but only when you combine the right software, proper hardware sizing, database optimisation, redundancy planning, and real-time monitoring. The ISPs that scale successfully are those that invest in a proper RADIUS infrastructure early, rather than trying to retrofit scalability when problems are already causing subscriber churn.

With OneRADIUS, you get a battle-tested, India-specific RADIUS solution that takes the complexity out of large-scale subscriber management, so you can focus on growing your business rather than firefighting technical issues.

Ready to scale your ISP to the next level? Visit [oneradius.com](https://oneradius.com) and get started today.