[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: RFC3576bis and Session State

See inline... 

-----Original Message-----
From: owner-radiusext@ops.ietf.org [mailto:owner-radiusext@ops.ietf.org]
On Behalf Of Alan DeKok
Sent: Saturday, May 26, 2007 10:16 AM
To: David B. Nelson
Cc: radiusext@ops.ietf.org
Subject: RFC3576bis and Session State

David B. Nelson wrote:
> It is entirely possible that RADIUS client implementations that do not

> include RADIUS Accounting may not have implemented the Acct-Session-Id

> attribute. They would have no need to.

   I suggest we can request that they implement it now, *if* they also
support CoA or Disconnect request.

[Avi] I strongly disagree.  Requiring that a RADIUS server that will
issue a COA or DM receive accounting messages is inappropriate.  A
typical session could have 10s of accounting events and now the RADIUS
server will be flooded with messages that it really does not need.  In
many implmentation the RADIUS server does need to get notification that
the session has started and ended.  Therefore it typically needs the
first accounting message and the last accounting message. The other
accounting messages do not provide it with useful information.  Thus
Glen and I wrote the Logoff draft which allows the accounting message to
be routed to the accounting subsystem and only deliver the information
required by the RADIUS server -- so that it can maintain state and use
DM and COA.


> OTOH, I don't think we need to get too hung up about the nomenclature 
> of the attribute.  The fact at the prefix is Acct should not be 
> sufficient to disqualify its usage as a session identifier for the 
> authentication server as well as the accounting server.  A session ID
is a session ID.

   I agree.  Hence my suggestion to use Acct-Session-Id.

[Avi] A session id for what? Accounting Session ID identifies a An
accounting session delineated by a Start Record and a Stop Record.
Including Acct-Session-Id in a DM or COA means you want to effect that
session that is being represented by that Accounting Session.  That
session could be:
1) The entire session;
2) An IP session;
3) An IP flow;
4) Something else that generates an Accounting Record.

So I am okay with including Accounting Session Id.  But we need some
clarification text. Something like:

"If Acct-Session-Id is included in the COA or DM, then that message
SHALL effect the session that is identified by the Acct-Session-Id
only."

   Alan DeKok.


--

to unsubscribe send a message to radiusext-request@ops.ietf.org with the
word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>