looking for advise on RFC-2618 and 2620

["Carl Kalbfleisch" <carlk@netrake.com>]

Hi,

I am a new subscriber to this group. I have implemented RFC-2618 and RFC-2620 in our security gateway. We allow the user to configure two accounting and two authentication servers. These show up as instances 1 and 2 in the associated tables in these MIBs. Now an issue arises if the user changes the IP or port of the radius servers. The system is now pointing to a different server. However, the counters are still whatever they are. I have a request to clear the counters, but this could cause spikes in the NMS to think the counter wrapped. What is needed is some discontinuity time value. I was thinking of overloading the IP and port attributes for our implementation and telling end users that if those values change then the counters should be treated as a discontinuity event. I realize that this would be non-standard so wanted to get some feedback on best practices. I realize that these MIBs are being updated, so perhaps we can add a discontinuity timer in a future revision. if so, I would suggest adding it per radius entry so that each server can have its own value.

One other point to note. We have found that radius servers respond faster than 100th of a second. I'd suggest an update to the MIB where the response time is stored in micro-seconds. In addition, having the minimum, maximum and average are also helpful. We are adding such values to our enterprise MIB, but would opt for standard attributes if they existed.

Thoughts and comments appreciated.

Carl


--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>