[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: The RADIUS attribute space: an assessment

To: radiusext@ops.ietf.org
Subject: Re: The RADIUS attribute space: an assessment
From: "Alan DeKok" <aland@nitros9.org>
Date: Tue, 27 Jun 2006 17:18:51 -0400
In-reply-to: Your message of "Tue, 27 Jun 2006 16:33:52 EDT." <3CFB564E055A594B82C4FE89D2156560219302@MABOSEVS2.ets.enterasys.com>

"Nelson, David" <dnelson@enterasys.com> wrote:
> Let me ask if this is different for RADIUS?  I can't imagine all of the
> enhancements to RADIUS you've mentioned -- those that mitigate the need
> to migrate to Diameter -- are included in those 5-year old versions of
> system FW?

  Nope.  But that doesn't matter.  See below.

> Why is it more attractive to add new features to, and ship new versions
> of, RADIUS client and server software, than it is to ship a Diameter
> implementation?

  It's not.  The choice for a site admin is usually one of the following:

  a) upgrade the AAA server to Diameter, and learn a whole new way to
     configure & administer things (assuming that it includes a RADIUS
     to Diameter gateway for legacy devices), and assuming it has the
     feature set you've come to rely on.

  b) upgrade the RADIUS AAA server to version X + 1, which just
     happens to include whiz-bang new features.  He doesn't have to
     learn any new configuration, unless he uses those new features,
     in which case it's a simple delta over what he has today.

  Not much of problem making that decision, is it?  And where is the
incentive for NAS vendors to implement Diameter clients when existing
customers won't use them?  And why do you need all of the extended
features (Diameter or not), in the NAS, when you've got a RADIUS
server whitebox sitting near it in the network?

  On the NAS manufacturer's side, where are the customers demanding
Diameter?  90% of the customers aren't asking for it, so engineering
resources aren't devoted to implementing Diameter clients.  The
customers who *are* asking for it have enough mony to buy whatever
feature they want, so they get it.

  After that, it might trickle down to everyone else.  Maybe.

  I see RADIUS becoming mostly a NAS to local server protocol.  If the
local network is down, reliable transport off the NAS doesn't matter.
And since there will be 1/20 as many local servers as NASes, upgrading
that box to RADIUS++ or Diameter is less of a cost problem than a
management one.  And the previously mentioned management
considerations mean that RADIUS will almost always win in existing
deployments.

  Alan DeKok.

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

References:
- RE: The RADIUS attribute space: an assessment
  - From: "Nelson, David" <dnelson@enterasys.com>

Prev by Date: RE: The RADIUS attribute space: an assessment
Next by Date: RE: The RADIUS attribute space: an assessment
Previous by thread: RE: The RADIUS attribute space: an assessment
Next by thread: RE: The RADIUS attribute space: an assessment
Index(es):
- Date
- Thread