[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
ISSUE 146: proposed resolution text.
- To: radext mailing list <radiusext@ops.ietf.org>
- Subject: ISSUE 146: proposed resolution text.
- From: Alan DeKok <aland@nitros9.org>
- Date: Fri, 02 Feb 2007 07:31:34 +0100
- User-agent: Thunderbird 1.5.0.9 (Windows/20061207)
The following is proposed text to resolve ISSUE 146. If there are no
comments, the text will be included in the next revision of the document.
---
2.3.6. Counter values in the RADIUS MIBs
The RADIUS Authentication and Authorization Client MIB module
[RFC2618], [RFC4668] includes counters of packet statistics. In the
descriptive text of the MIB module, formulas are given to relative
the values of certain counter objects. Several commenters have noted
that there appear to be inconsistencies in the formulas, as under
certain circumstances negative values would seem to result.
Discussion of these issues in the RADIUS Extensions Working Group did
not bring about a consensus as to whether or not changes to the MIB
module were warranted, and thus the formulas were included unmodified
in the revised MIB module [RFC4668]. The original MIB module
[RFC2618] has been widely implemented.
The issues raised can be summarized as follows:
Issue (1):
-- TotalIncomingPackets = Accepts + Rejects + Challenges +
UnknownTypes
--
-- TotalIncomingPackets - MalformedResponses - BadAuthenticators -
-- UnknownTypes - PacketsDropped = Successfully received
--
-- AccessRequests + PendingRequests + ClientTimeouts =
-- Successfully Received
It appears that the value of "Successfully Received" could be
negative, since various counters are subtracted from
TotalIncomingPackets that are not included in the calculation of
TotalIncomingPackets.
It also appears that "AccessRequests + PendingRequests +
ClientTimeouts = Successfully Received" should read "AccessRequests +
PendingRequests + ClientTimeouts = Successfully Transmitted".
"TotalIncomingPackets" and "Successfully Received" are temporary
variables, i.e. not objects within the MIB module. The comment text
in the MIB modules is intended, therefore, to aid in understanding.
What's of consequence is the consistency of values of the objects in
the MIB module, and that does not appear to be impacted by the
inconsistencies noted above. It does appear, however, that the
"Successfully Received" variable should be labeled "Successfully
Transmitted".
In addition, the definition of Accept, Reject or Challenge counters
indicates that they MUST be incremented before the message is
validated. If the message is invalid, one of MalformedResponses,
BadAuthenticators or PacketsDropped counters will be additionally
incremented. In that case the first two equations are consistent,
i.e. "Successfully Received" could not be negative.
Issue (2):
It appears that the radiusAuthClientPendingRequests counter is
decremented upon retransmission. That would mean a retransmitted
packet is not considered as being as pending, although such
retransmissions can still be considered as being pending requests.
The definition of this MIB object in [RFC2618] is as follows:
The number of RADIUS Access-Request packets destined for this
server that have not yet timed out or received a response. This
variable is incremented when an Access-Request is sent and
decremented due to receipt of an Access-Accept, Access-Reject or
Access-Challenge, a timeout or retransmission.
This object purports to count the number of pending request packets.
It is open to interpretation whether or not retransmissions of a
request are to be counted as additional pending packets. In either
event, it seems appropriate to treat retransmissions consistently
with respect to incrementing and decrementing this counter.
In summary, this document provides guidance for implementers,
regarding the interpretation of the textual descriptions and comments
for certain MIB objects, but does not recommend revisions to the MIB
modules.
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>