Avi Lior wrote:
Accounting Session ID only identifies an accounting session Start/Stop and its interims, if any. A given "session" (IP Session or Access-Session) may contain a number of parallel accounting sessions, or a sequence of accounting sessions.
I see what you're saying, but I'm not sure I agree. The Acct-Session-Id defines a session that the Acct-Session-Id refers to. It's a circular reference, but not much else is true.
The problem at hand, I think, is less Acct-Session-Id than in figuring out what the CoA packet refers to. My proposal is to key the CoA to a session Id (whatever it's called), which now allows the CoA to request changes to other portions of the session.
If we key off of IP/port, then as Bernard pointed out, we can't send Framed-IP-Address as both a session key and as an indication to "use this new value".
When it comes to 3576 and DM or even COA: We need to be able to terminate or modify the Session WRT to A. That is, sending a DM with an NAI or some other user identification, we terminate all of the users IP sessions. We need to be able to terminate or modify any of the users IP sessions. Therefore sending a DM which includes a user identification and an IP address will only terminate that users IP session.
Using IP's as a key to terminate a session is fine. Using them as a key *and* as a "new value" in a change request is not.
Alan DeKok. -- to unsubscribe send a message to radiusext-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://psg.com/lists/radiusext/>