[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Request for Review: Status Server Document

To: Glen Zorn <glenzorn@comcast.net>
Subject: Re: Request for Review: Status Server Document
From: Alan DeKok <aland@deployingradius.com>
Date: Sun, 15 Jun 2008 09:47:11 +0200
Cc: radiusext@ops.ietf.org, "'David B. Nelson'" <dnelson@elbrysnetworks.com>
In-reply-to: <001501c8ceba$db05d2d0$91117870$@net>
References: <BLU137-W49A97D285F49C9211D758593BA0@phx.gbl> <F660C647399C4EBA8235C8B4B8B87F3F@xpsuperdvd2> <485380D3.9060900@deployingradius.com> <4853CE18.30108@elbrysnetworks.com> <4853E422.9090305@deployingradius.com> <4853E8AE.4030609@elbrysnetworks.com> <4853FEB7.3060305@deployingradius.com> <001501c8ceba$db05d2d0$91117870$@net>
User-agent: Thunderbird 2.0.0.14 (X11/20080502)

Glen Zorn wrote:
> Existing implementations or not, RADIUS "ping" is just as wasteful of
> processing power & bandwidth as it was 10 years ago.

  It's not a "keep-alive".  That's bad.  It is the watchdog timer
recommended in RFC 3539.  The draft discusses why using existing RADIUS
codes such as Access-Request is not a good idea.  It also discusses why
it's useful, and why it's not a "keep-alive".

>  A far better idea IMHO
> is to have the server tell its clients when it recovers from a failure/admin
> reboot/etc.

  I agree, mostly.  Some complications:

- clients don't historically listen on a port for unsolicited RADIUS
packets (RFC 5176 is not widely deployed)

- clients may be behind NATs or firewalls.   The forward path is well
tested, deployed, with firewall traversal rules.  The backwards path is not.

- this would involve defining a new port (maybe), new packet codes
(could we re-use Status-Server?), and new behavior.  The existing
practice has multiple implementations, is widely used, and meets most of
the needs for client to server status checking.

  Alan DeKok.

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

References:
- Request for Review: Status Server Document
  - From: Bernard Aboba <bernard_aboba@hotmail.com>
- RE: Request for Review: Status Server Document
  - From: "David B. Nelson" <dnelson@elbrysnetworks.com>
- Re: Request for Review: Status Server Document
  - From: Alan DeKok <aland@deployingradius.com>
- Re: Request for Review: Status Server Document
  - From: "David B. Nelson" <dnelson@elbrysnetworks.com>
- Re: Request for Review: Status Server Document
  - From: Alan DeKok <aland@deployingradius.com>
- Re: Request for Review: Status Server Document
  - From: "David B. Nelson" <dnelson@elbrysnetworks.com>
- Re: Request for Review: Status Server Document
  - From: Alan DeKok <aland@deployingradius.com>
- RE: Request for Review: Status Server Document
  - From: "Glen Zorn" <glenzorn@comcast.net>

Prev by Date: RE: Request for Review: Status Server Document
Next by Date: RE: Request for Review: Status Server Document
Previous by thread: RE: Request for Review: Status Server Document
Next by thread: Re: Request for Review: Status Server Document
Index(es):
- Date
- Thread