[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

DISCUSS: draft-ietf-radext-filter

To: radiusext@ops.ietf.org
Subject: DISCUSS: draft-ietf-radext-filter
From: "Bernard Aboba" <bernard_aboba@hotmail.com>
Date: Wed, 10 Jan 2007 10:14:28 -0800
Bcc:
In-reply-to: <E1H4gBx-0007zc-J7@ietf.org>

Here is a proposed resolution to the IESG DISCUSS comment provided below:

In Section 4, change:

"   Note that a translated Diameter message can be larger than the
  maximum RADIUS packet size (4096).  Where a Diameter/RADIUS gateway
  receives a Diameter message containing a NAS-Filter-Rule AVP that is
  too large to fit into a RADIUS packet, the Diameter/RADIUS gateway
  will respond to the originating Diameter peer with the
  DIAMETER_INVALID_AVP_LENGTH error (5014), and with a Failed-AVP AVP
  containing the NAS-Filter-Rule AVP.  Since repairing the error will
  probably require re-working the filter rules, the originating peer
  should treat the combination of a DIAMETER_INVALID_AVP_LENGTH error
  and a Failed-AVP AVP containing a NAS-Filter-Rule AVP as a terminal
  error."

To:

"  Note that a translated Diameter message can be larger than the
  maximum RADIUS packet size (4096).  Where a Diameter/RADIUS gateway
  receives a Diameter message containing a NAS-Filter-Rule AVP that is
  too large to fit into a RADIUS packet, the Diameter/RADIUS gateway

will respond to the originating Diameter peer with a Result-Code AVP withthe value

  DIAMETER_RADIUS_AVP_UNTRANSLATABLE (TBD), and with a Failed-AVP AVP
  containing the NAS-Filter-Rule AVP.  Since repairing the error will
  probably require re-working the filter rules, the originating peer
  should treat the combination of a Result-Code AVP with value
  DIAMETER_RADIUS_AVP_UNTRANSLATABLE
  and a Failed-AVP AVP containing a NAS-Filter-Rule AVP as a terminal
  error."

In Section 5, add the following paragraph:

"This document also utilizes the Diameter [RFC3588] namespace.

Allocation of a Diameter Result-Code AVP value fortheDIAMETER_RADIUS_AVP_UNTRANSLATABLE error is requested. Since this is apermanent failure, an allocation should

be provided in the 5xxx range. "

=====================================================

Discuss:
Review comment from Glen Zorn:

The use of DIAMETER_INVALID_AVP_LENGTH as an indication that
the Diameter NAS-Filter-Rule AVP could not be translated into a RADIUS
NAS-Filter-Rule Attribute is questionable at best.  The semantics of the
Diameter error code are that the AVP length is invalid _in Diameter_,
but this is not the case here.  A new error code indicating the actual
error encountered (e.g., DIAMETER_RADIUS_AVP_UNTRANSLATABLE or some such
would be far preferable.




--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Follow-Ups:
- RE: DISCUSS: draft-ietf-radext-filter
  - From: "Nelson, David" <dnelson@enterasys.com>

Prev by Date: Protocol Action: 'RADIUS Delegated-IPv6-Prefix Attribute' to Proposed Standard
Next by Date: RE: DISCUSS: draft-ietf-radext-filter
Previous by thread: Protocol Action: 'RADIUS Delegated-IPv6-Prefix Attribute' to Proposed Standard
Next by thread: RE: DISCUSS: draft-ietf-radext-filter
Index(es):
- Date
- Thread