[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Proxies and dead home servers



Glen Zorn (gwz) wrote:
> Please define "does not respond".  Unless I'm horribly mistaken, the
> only way for a client to determine the unresponsiveness of a server in
> RADIUS is via the time-out & retry method.  Unfortunately, while the
> proxy's timer is running, so is the NAS's.  Are all RADIUS timers
> synchronized in some extremely complex fashion?

  No.  They can all run the same algorithm.

  RADIUS has corner cases where some requests never get response, or
receive responses "too late" (which amounts to the same thing).  If all
implementations run a similar algorithm for timeouts, then the
continuous flow of packets will ensure that they will all settle on the
same view of the network.

  Since the timers are not synchronized, they will not settle on the
same view at the same time.  That is less of a problem than it might
first appear.

> Please explain how & why a NAS knows that a given entry in its server
> table is a proxy & not a home server. 

  It doesn't.  There's no need to.

> By that logic, responding to the NAS should not be necessary;  the proxy
> does not implement its own retransmission logic, it mimics that of the
> NAS and handles failover.

  Once again, what does the proxy do if it runs out of servers in it's
failover list?  Does it drop the request on the floor, or does it
respond to the NAS saying "I'm alive, but the request should be rejected"?

> How does it know what the retransmission logic of the NAS is?

  The proxy doesn't, and doesn't need to.

  Alan DeKok.

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>