[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Issues & Fixes: Duplicate Detection and Simultaneous Session Limits

To: radiusext@ops.ietf.org
Subject: Issues & Fixes: Duplicate Detection and Simultaneous Session Limits
From: "Bernard Aboba" <bernard_aboba@hotmail.com>
Date: Sun, 11 Mar 2007 09:02:11 -0800
Bcc:

As noted in a previous message from Jouni, there appears to be amis-understanding that a tradeoff exists between duplicate detection andsimultaneous session limits. Issues & Fixes Section 2.1.2 describes analgorithm that provides each EAP session with its own unique Identifierspace, thereby removing any per-NAS Identifier limitations.

However, I think we might want to explicitly state in Section 2.1.2 thatthere is no need for per-NAS Identifier restrictions, using appropriatenormative language (SHOULD?).

Also, in the section on duplicate detection, we should make it clear thatthis should be handled at the per-EAP session level, not the NAS level,potentially using the algorithm described in Section 2.1.2. The concern isthat if a RADIUS server implements clumsy Identifier restrictions, then theability to support duplicate detection may be also limited. For example,Jouni mentions a product that, when duplicate detection is enabled, imposessimultaneous session restrictions (not clear if this was per-NAS or(shudder) per server).



--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Follow-Ups:
- Conflicting RADIUS && EAP retransmits (was re: Issues & Fixes..)
  - From: Alan DeKok <aland@nitros9.org>

Prev by Date: Re: Simultaneous session limits and duplicate detection
Next by Date: RE: [eap] Ordered delivery of EAP messages
Previous by thread: Re: Simultaneous session limits and duplicate detection
Next by thread: Conflicting RADIUS && EAP retransmits (was re: Issues & Fixes..)
Index(es):
- Date
- Thread