[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Draft of extensions format

To: Alan DeKok <aland@deployingradius.com>
Subject: Re: Draft of extensions format
From: Peter Deacon <peterd@iea-software.com>
Date: Thu, 2 Sep 2010 01:57:06 -0700 (Pacific Daylight Time)
Cc: 'radext mailing list' <radiusext@ops.ietf.org>
In-reply-to: <4C7F3F73.1050806@deployingradius.com>
References: <4C7E6214.5090902@deployingradius.com> <alpine.WNT.2.00.1009010919470.3048@SMURF> <4C7EB6BF.3050801@deployingradius.com> <alpine.WNT.2.00.1009011336160.2944@littlesmurf> <4C7F3F73.1050806@deployingradius.com>
User-agent: Alpine 2.00 (WNT 1167 2008-08-23)

On Thu, 2 Sep 2010, Alan DeKok wrote:

The underlying question for me: Is this just a solution in search of a
problem?  With my recommendation the same underlying goal is met and the
dot naming exercise is unnecessary.

 The dot naming exercise *also* allows for naming and allocation of
nested TLVs.  Without it, a TLV "1" could be seen as being in conflict
with attribute "1".

 Your solution has a problem (conflict) that this solution does not
have.  It provides for allocation of ~8K attributes which you say here

I think this boils down to my advocating for a flat model where each itemstands alone while the draft is advocating a hierarchical model where eachitems identity is strictly dependent on its parent.


When draft says TBD.1 it means attribute 'TBD.1'

When I say TBD.1 it means User-Name (Type 1) encoded in whatever TBD is.(TLV, Extension..etc)

For example lets say I have two TLVs (Containers) labeled Input andOutput.


Input
- Octets
- Packets

Output
- Octets
- Packets

Under the drafts scheme the attributes defined would be:

Input
Output
Input.Octets
Input.Packets
Output.Octets
Output.Packets

Under my recommendation the attribute picture is flattened:

Input (TLV Attribute)
Output (TLV Attribute)
Octets (Attribute)
Packets (Attribute)

On the wire the basic structure of the packet is the same with octets andpacket data encapsulated within input and output TLVs.


This boils down to a classic flat vs hierarchical schema argument.

As I see it the benefits of my recommendation are:

1. More flexibility. Existing attributes that were never labeled asgroupable can be grouped. For example I could create a generic TLVcontainer labeled 'suspect' containing all attributes that an intermediateproxy does not like.

2. "Like" attributes within TLVs can be reused. In the example aboveOctets and Packets need only be defined once and then apply to Input,Output and maybe a future "Combined" TLV container. To some extent thisis just a schema/definition argument.

3. The standard VSA space can be extended with less complexity/wholesalechange to existing infrastructure as every attribute definition standsalone and is therefore fully compatible with the current model.

I think its important to recognize there are two separate issues:Extension of standard attribute space and introduction of TLV (Container).The two address separate concerns. It may not be in everyones bestinterest to marry them.


Disadvantages of my recommendation:

1. What is allowed in a group may or may not simply be defined bydeclaration in a dictionary. Need a concept to declare constraints (LDAP"object classes"). I would argue you would need this anyway if there wasinterest in for example declaring minimum required sub attributes for aspecific TLV.

2. There is a strange aspect in that the additional space has to be"bootstrapped". Either hardwired or configuration to say standard space

2^8 goes to a TBD extension attribute along the same lines as

Vendor-Specific (26) in the implementation.

Anyway after looking over the draft again I have some (un)relatedcomments:

I think fragmentation support for 'jumbo' attribute values is a good thinghowever with the draft there does not seem to be a way to do both TLVgrouping and attributes with large payloads at the same time. IIRC wimaxVSAs support this. Could perhaps just get rid of TLV format and reuse theextended type as TLV?

In RADIUS everything is a "TLV" .. If it were labeled Container TLV orsomething similar to disambiguate the data types actual intended use itwould be less confusing (to me).


2.4.3

"to the number of the encapsulating
   attribute ("241.1"), to yeild "245.1.1".  "
                           ^^^^^ should be yield

               ^^^ should be 245?

isn't necessary.  And even if it was necessary, our proposal can address
that problem, too.  If your solution allows for TLVs, a "dot naming"
scheme is *also* necessary for it, too.

To the extent relationship between TLVs and attributes need to be definedyour correct. At the same time however it's not required when TLVs arenot used. In my view an important difference.

 On the "plus" side, I don't see a lot of differences between the two
solutions.  On the "negative" side, there are issues with your proposal
that our document does not have.


I would think the wire format is similar either way.

regards,
Peter

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Follow-Ups:
- Re: Draft of extensions format
  - From: Alan DeKok <aland@deployingradius.com>

References:
- Draft of extensions format
  - From: Alan DeKok <aland@deployingradius.com>
- Re: Draft of extensions format
  - From: Peter Deacon <peterd@iea-software.com>
- Re: Draft of extensions format
  - From: Alan DeKok <aland@deployingradius.com>
- Re: Draft of extensions format
  - From: Peter Deacon <peterd@iea-software.com>
- Re: Draft of extensions format
  - From: Alan DeKok <aland@deployingradius.com>

Prev by Date: Re: Draft of extensions format
Next by Date: Re: Draft of extensions format
Previous by thread: Re: Draft of extensions format
Next by thread: Re: Draft of extensions format
Index(es):
- Date
- Thread