[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Summary of WG review of "RADIUS over TCP" document

To: Bernard Aboba <bernard_aboba@hotmail.com>
Subject: Re: Summary of WG review of "RADIUS over TCP" document
From: Alan DeKok <aland@deployingradius.com>
Date: Wed, 17 Dec 2008 15:23:14 +0100
Cc: "dromasca@avaya.com" <dromasca@avaya.com>, "radiusext@ops.ietf.org" <radiusext@ops.ietf.org>
In-reply-to: <BLU137-W3019ABA0FC858F596DB49493F50@phx.gbl>
References: <BLU137-W44A506990C74159EBC224893F80@phx.gbl> <EDC652A26FB23C4EB6384A4584434A04011F6D65@307622ANEX5.global.avaya.com> <BLU137-W3407CAC20A0FF4509DA37D93F80@phx.gbl> <4947BC76.4080605@deployingradius.com> <BLU137-W3019ABA0FC858F596DB49493F50@phx.gbl>
User-agent: Thunderbird 2.0.0.18 (Macintosh/20081105)

Bernard Aboba wrote:
>> I would prefer to leave the discussion of Status-Server && RADIUS ID
>> use in this document. The traditional use of Status-Server is over UDP,
>> and therefore does not have the issues presented here. (i.e. suggestion
>> to reserve one RADIUS ID per TCP connection for Status-Server.)
> 
> Why should the ID be unique regardless of packet code when run
> over reliable transport, but not UDP?  This suggests that the ID is
> being processed differently for unreliable vs. reliable transport, which
> seems odd.

  With UDP, there is no "connection" from client to server.  So any
Status-Server checks are sent from any client port.  This removes much
of the problem of reserving one ID: the client just opens another source
port.

  If it uses the same source port for Status-Server as for
Access-Request, then it would need to ensure that the ID allocated to
Status-Server is unused by any Access-Request.

  With TCP, there is a connection between client and server.  The
watchdog timer algorithm in RFC 3539 is defined per *connection*.  So an
ID has to be reserved, because the client can't open a new connection to
test if an existing connection is still alive.

  Alan DeKok.

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Follow-Ups:
- RE: Summary of WG review of "RADIUS over TCP" document
  - From: Bernard Aboba <bernard_aboba@hotmail.com>

References:
- Summary of WG review of "RADIUS over TCP" document
  - From: Bernard Aboba <bernard_aboba@hotmail.com>
- RE: Summary of WG review of "RADIUS over TCP" document
  - From: "Romascanu, Dan (Dan)" <dromasca@avaya.com>
- RE: Summary of WG review of "RADIUS over TCP" document
  - From: Bernard Aboba <bernard_aboba@hotmail.com>
- Re: Summary of WG review of "RADIUS over TCP" document
  - From: Alan DeKok <aland@deployingradius.com>
- RE: Summary of WG review of "RADIUS over TCP" document
  - From: Bernard Aboba <bernard_aboba@hotmail.com>

Prev by Date: Re: Comments on draft-ietf-radext-radsec-02 for WGLC
Next by Date: Re: draft-ietf-radext-status-server-02 editorials (fwd)
Previous by thread: RE: Summary of WG review of "RADIUS over TCP" document
Next by thread: RE: Summary of WG review of "RADIUS over TCP" document
Index(es):
- Date
- Thread