Hmm so if say the wireless inserted 55-65ms of latency and we have another 50ms of WAN latency it could cause some real issues with EAP.
David -----Original Message----- From: Phil Mayers [mailto:[email protected]] Sent: Thursday, December 13, 2012 10:36 AM To: David Peterson-WirelessConnections; FreeRadius users mailing list Subject: Re: EAP On 13/12/12 15:22, David Peterson wrote: > I wanted to ping the Eduroam people about EAP over WAN links. Are > there considerations that can cause connectivity issues that I should > be examining? Well... maybe. EAP is lockstep, so round-trip time is a factor - if your RTT is 100ms and your EAP exchange sends 10 packets, it will take a *minimum* of 1 second to authenticate. In addition, since a given source/dest ip/port can only have 255 radius packets outstanding (because the ID field is 1 byte) a flurry of re-authentications might necessitate multiple proxy sockets (I can't remember if FreeRADIUS opens new ones for you automatically when the ID space is full). But TBH this is a pretty theoretical problem. Packet loss is an issue, because you'll then suffer retransmits and the timers for these on most supplicants are slow. So avoid lossy links. I guess in theory bit-error-rate is a factor if you have a "dirty" link, since the packet may/will fail Message-Authenticator checks and have to be retransmitted. In short - the usual list of stuff with WAN links.
<<attachment: winmail.dat>>
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
