[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Issue: Diameter-RADIUS gateway behavior not completely specified
- To: "Bernard Aboba" <bernard_aboba@hotmail.com>, <barney@databus.com>
- Subject: RE: Issue: Diameter-RADIUS gateway behavior not completely specified
- From: "Glen Zorn \(gwz\)" <gwz@cisco.com>
- Date: Sat, 26 Aug 2006 13:38:32 -0700
- Authentication-results: sj-dkim-2.cisco.com; header.From=gwz@cisco.com; dkim=pass ( sig from cisco.com verified; );
- Cc: <radiusext@ops.ietf.org>
- Dkim-signature: a=rsa-sha1; q=dns; l=1151; t=1156624714; x=1157488714; c=relaxed/simple; s=sjdkim2002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=gwz@cisco.com; z=From:=22Glen=20Zorn=20\(gwz\)=22=20<gwz@cisco.com> |Subject:RE=3A=20Issue=3A=20Diameter-RADIUS=20gateway=20behavior=20not=20complete ly=20specified; X=v=3Dcisco.com=3B=20h=3Dm7E3Pmh6ma+lb09sBcSrQ2HAMMo=3D; b=AkWPu32SP1cotH1xM5yWWOh7pJcE2JOY7r/XP6+sdfjn6rfrLOi7g+zZ9Wr0zUB/0BESHmL+ V3TFhvlGBU6L1y/GxhQuiOHKUnx/7lG1FNZATOsSXFMOqYNCF0nGHHkJ;
Bernard Aboba <mailto:bernard_aboba@hotmail.com> scribbled on Saturday,
August 26, 2006 12:48 PM:
>> I agree that the behavior should be specified. It would seem that
>> this is an opportunity to take advantage of Diameter's M-bit in
>> governing the gateway's behavior.
>
> In theory the Diameter/RADIUS gateway could discard Diameter AVPs
> without the 'M' bit set in order to fit within the RADIUS packet size
> limit.
> However if there are multiple attributes of a given type, it might
> not be appropriate to discard some but not all of them. So in
> practice, the rules might get quite complex. If we believe that this
> is a problem which is only likely to occur due to mis-configuraiton,
> then it might be better for the gateway just to indicate that a
> problem has occurred to the source and destination and leave it at
> that.
In this case, I think the problem would likely stem from
misconfiguration, but in general I don't believe that that is a good
assumption. I'm seeing requests to send truly huge objects via Diameter
(& therefore, potentially through RADIUS)
Hope this helps,
~gwz
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>