Radius load balancing not balancing

Martin- I think I have both an explanation and a solution. First, the explanation:

...excerpt from the post... however when I turned Datagram LB off the 'idle' server got a proportion (about a third) of the traffic. This stayed like that for a couple of days until I had to restart the Radius services on that server and now I'm back to one getting all the traffic and the other getting none.

In connection-based UDP load balancing (means no datagram LB and no MBLB), if traffic comes from same src port, it always hits same connection entry, so it goes to same server.

...excerpt from the post... I set Idle Timeout to indefinite and turned on Datagram LB. Both servers stopped authenticating, which makes sense as I guess that the challenge-response got broken

When datagram LB is turned on, now BIG-IP pick new pool member per every message. it may breaks the “challenge-response” kind of radius traffic because, it may separate pair of request which should go to the same server. typical persistence is not enough as we need to extract persistence key from server’s response. This situation can be addressed by iRule. the idea is we read “challenge-response” from server and set as persistence key. When access-request comes from client, we check if it contains “state” attribute or not, if it does, we use it as a persistence key.