Bernard Aboba wrote:
Let me try and summarize your main points:
1. PANA must have a reliable transport option for some set of messages
2. Creating an unreliable transport with packet order preservation over
IP adds significant complexity due to the overhead needed to prevent DOS
attacks.
So, the conclusion was to simply run EAP over a reliable transport and
adjust the timers in EAP accordingly. Much like EAP over IKE/TCP, if I
may use this comparison. EAP over PPP, of course, didn't have this issue
as PPP delivers packets in order (aside of the minor complication that
EAP over PPP/L2TP/IP commonly runs with no sequence number checking
enabled).
I know of at least one L2TP implementation that does check sequence
numbers when EAP is being used.
I know of many that *can* by configuration. I also know that this is
commonly turned off in deployment. Sad, but true.
I suspect that 802.1x makes the same assumption that EAP
frames on a LAN segment will be delivered in order.
Yes, IEEE 802.1X assumes that IEEE 802 ordering guarantees are provided
(e.g. no reordering within an 802.1p priority).
Thanks for the confirmation.
- Mark
Yoshi, your comparison to SCTP is well done, but I'd like to hear from
one of the transport ADs here. Is creating an unreliable, sequenced,
transport that is resilient to DOS attacks that difficult? Are there
some tricks that we might not be aware of here?
_______________________________________________
Pana mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/pana
