Re: [Dime] WG adoption call for draft-zorn-dime-rfc4005bis-01

[Stefan Winter <stefan.winter@restena.lu>]

  Hi,

> Thank you for the real-life example :)
> Anyway since the server receives an indication that RADIUS translation
> is happening (thanks to Origin-AAA-Protocol AVP) the server is (at
> least, should be) able to handle this situation in a not-too-ugly way.
> Put otherwise: if we are using pure RADIUS (or RADIA), we face the same
> problem to convey this Filter Rule. What is the solution in that case?

There is none. In a RADIUS world, such complex filter rules can't exist 
(or at least, not be transmitted from server to client).
In a Diameter world, they can; which is the source of the translation 
problem.

Of course a Diameter server can act thoughtfully, check the 
Origin-AAA-Protocol, and craft less complex filter rules which don't 
fill 4096 Bytes for that retarded RADIUS NAS. It will lead to different 
permissions for the connecting end users though, depending on which NAS 
they connect to, which is at least confusing.

Note also that even if that Diameter server manages to cram its 
Filter-Rule into say 3900 Byte, there is still the problem that on the 
end (back translation to RADIUS for the NAS), a new RADIUS packet is 
constructed, with an unknown number and unknown size of attributes 
besides the ones that the Diameter server had. The resulting RADIUS 
packet could then be beyond 4096 again, even if the home Diameter server 
paid attention. This creates these highly unsatisfying "sometimes, it 
just doesn't work" situations.

Stefan

-- 
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg

Tel: +352 424409 1
Fax: +352 422473