Re: (RADIATOR) Improving RADIUS reliability?

Thu, 17 Jun 1999 18:31:34 -0700 

I agree that udp is just not the right protocol for something as
potentially critical as a radius packet.  However, any type of
encapsulation creates overhead and with busy pops/routers/radius servers
I'm not sure the increased good packets being received would be beneficial
vs. the load on the routers.  I'm also unsure how it could be implemented
on existing equipment.  But I strongly believe that a change in the radius
transport protocol is needed.  This is certainly an ISP driven change, but
arguably is beneficial to anyone using radius/AAA servers for
authentication and accounting.  Just my $0.02.


--------------------------------------------------------------------------
Aaron Holtz
ComNet Inc.
UNIX Systems Specialist
Email:  [EMAIL PROTECTED]
"It's not broken, it just lacks duct tape."
--------------------------------------------------------------------------


On Jun 18, Mike McCauley molded the electrons to say....

>We all know that the RADIUS protocol (being based on UDP)
>can be unreliable, especially in the face of saturated or unreliable
>links from your POP to your radius server, so we wonder if this
>is a good idea:
>
>1. Invent a simple way to encapsulate RADIUS requests on a
>TCP connection, and build a simple app that will receive UDP Radius,
>and proxy it out on a TCP connection. Modify Radiator so it can
>received these proxied requests by TCP
>
>2. Run the simple app at your POP, connecting you your central
>radius server(s) back in the core
>
>The theory is that using TCP allows the apps to get a better handle on poor
>network connections or down/unreachable radius servers than the
>simple UDP protocol.
>
>Does that seem like a good idea to anyone?
>Thoughts, feedback, flames solicited.
>
>Cheers.
>
>
>-- 
>Mike McCauley                               [EMAIL PROTECTED]
>Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
>24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
>Phone +61 3 9598-0985                       Fax   +61 3 9598-0955
>
>Radiator: the most portable, flexible and configurable RADIUS server 
>anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
>Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, 
>NT, Rhapsody
>===
>Archive at http://www.thesite.com.au/~radiator/
>To unsubscribe, email '[EMAIL PROTECTED]' with
>'unsubscribe radiator' in the body of the message.
>


===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Reply via email to