[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: TCP + TLS on the same port
Bernard Aboba wrote:
> Let us presume that there is a NAT (perhaps a carrier grade NAT) located
> between
> a RADIUS over TLS client and server. Bringing up a TLS connection to
> the RTLS
> server and using this for traffic in both directions has several
> advantages, it seems
> to me:
...
> Does this make sense?
Yes.
Should we have a separate document saying that multiple packet types
can go over the same port?
I think the issue of CoA support can be handled. i.e. if the NAS
doesn't support CoA, how is it supposed to tell the server that?
The answer, I think, is the same as for accounting packets. If the
NAS sends an Accounting-Request and the server never responds, the NAS
simple has to deal with it. The server may not accept accounting
packets, or it may be proxying to an unresponsive home server, etc.
It's largely up to the administrator to notice that large amounts of
"request" packets are never receiving "responses". And then to
configure the client to stop sending those requests to the server.
Alan DeKok.
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>