IETF Logo Mail Archive

Re: [radext] Adoption call for draft-perez-radext-radius-fragmentation-06

"Diego R. Lopez" <diego@tid.es> Thu, 17 October 2013 16:49 UTC

Return-Path: <diego@tid.es>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3C3E611E82A0 for <radext@ietfa.amsl.com>; Thu, 17 Oct 2013 09:49:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.776
X-Spam-Level:
X-Spam-Status: No, score=-5.776 tagged_above=-999 required=5 tests=[AWL=0.222, BAYES_00=-2.599, HTML_MESSAGE=0.001, J_CHICKENPOX_22=0.6, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5SPrANdoBFT1 for <radext@ietfa.amsl.com>; Thu, 17 Oct 2013 09:49:35 -0700 (PDT)
Received: from correo-bck.tid.es (correo-bck.tid.es [195.235.93.200]) by ietfa.amsl.com (Postfix) with ESMTP id 005AF11E82A2 for <radext@ietf.org>; Thu, 17 Oct 2013 09:49:30 -0700 (PDT)
Received: from sbrightmailg02.hi.inet (Sbrightmailg02.hi.inet [10.95.78.105]) by tid.hi.inet (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTP id <0MUT00BMCO2AP3@tid.hi.inet> for radext@ietf.org; Thu, 17 Oct 2013 18:49:28 +0200 (MEST)
Received: from vanvan (vanvan.hi.inet [10.95.78.49]) by sbrightmailg02.hi.inet (Symantec Messaging Gateway) with SMTP id 31.83.28420.81510625; Thu, 17 Oct 2013 18:49:28 +0200 (CEST)
Received: from correo.tid.es (mailhost.hi.inet [10.95.64.100]) by tid.hi.inet (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTPS id <0MUT00BMPO2GP3@tid.hi.inet> for radext@ietf.org; Thu, 17 Oct 2013 18:49:28 +0200 (MEST)
Received: from EX10-MB2-MAD.hi.inet ([169.254.2.165]) by EX10-HTCAS6-MAD.hi.inet ([::1]) with mapi id 14.03.0123.003; Thu, 17 Oct 2013 18:49:28 +0200
Date: Thu, 17 Oct 2013 16:49:27 +0000
From: "Diego R. Lopez" <diego@tid.es>
In-reply-to: <525E39A4.7030201@um.es>
X-Originating-IP: [10.95.64.115]
To: Alejandro Perez Mendez <alex@um.es>
Message-id: <48380D05-BEAC-4DB6-AC90-A31C97542257@tid.es>
MIME-version: 1.0
Content-type: multipart/alternative; boundary="Boundary_(ID_9tA1u3VphA4gjazsvUi0aA)"
Content-language: en-US
Accept-Language: en-US, es-ES
Thread-topic: [radext] Adoption call for draft-perez-radext-radius-fragmentation-06
Thread-index: AQHOyj2RuxEiKTAai0ac6i/zvYm/+Zn45WEA
X-AuditID: 0a5f4e69-b7fe58e000006f04-24-5260151859af
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprEIsWRmVeSWpSXmKPExsXCFe9nqCshmhBkcGqlpkXLq5lsDoweS5b8 ZApgjOKySUnNySxLLdK3S+DK6Lw0gaVgXVHF0rk7mRoYn8R3MXJySAiYSJydfJQdwhaTuHBv PVsXIxeHkMB2RomJRxqgnF+MEm+OvoZyZjJKPF/1B8jh4GARUJV42JkP0s0GZD5q/g02SVgg ROJ932RGEJsTKH5o7XZGiA0KEn/OPWYBsUUE1CW23vvEBGIzC2hKLH/TD9bLK2ApsW7uajYI W1Dix+R7LBA10RJLTx6FqheXaG69CRZnFJCVeDd/PivEzFCJpu9zmCFsI4mtX2eyQuwVkFiy 5zwzhC0q8fLxP7C4kICvxPIdv1gmMIrNQrJuFpJ1s5Csg7D1JG5MncIGYWtLLFv4mhnC1pWY 8e8QVI2ZxOyn31iR1Sxg5FjFKFacVJSZnlGSm5iZk25gpJeRqZeZl1qyiRESj5k7GJfvVDnE KMDBqMTDe/BbfJAQa2JZcWXuIUYJDmYlEd5W4YQgId6UxMqq1KL8+KLSnNTiQ4xMHJxSDYyd /Dc/fbf++/ze/mmnO8PSk5OyPxYd3/Hxoer9SQ9/7Wo4/mFJ8oa0FRb5x//xaexl9zX8/Ja/ 7aWh1bnvKTy3pN6U5PZfmmYp7jfn75KiGWceWVqLCceeDAq1YLmy6dVE/Rk/1mzQivAukvsq +elqQNT6Ji+T/r7zrs/qM1T0OzL28c+auf2REktxRqKhFnNRcSIA1xpuPKUCAAA=
References: <CE8378C2.4C67D%mauricio.sanchez@hp.com> <525E39A4.7030201@um.es>
Cc: "<radext@ietf.org>" <radext@ietf.org>
Subject: Re: [radext] Adoption call for draft-perez-radext-radius-fragmentation-06
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/radext>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Oct 2013 16:49:39 -0000

Hi,

I plan to attend the meeting, and I am rather sure that at least another co-author will be there, so please do add the item to the agenda.

Be goode,

On 16 Oct 2013, at 09:00 , Alejandro Perez Mendez wrote:


El 16/10/13 08:01, Sanchez, Mauricio escribió:

Now that the the Perez, et.al. draft has made it into WG draft status we
see that discussion turned to what the scope of solution should be.  Can
the authors of the draft summarize their current understanding of the
situation and what their suggested/planned next steps are?  I expect that
one or more of the authors will be at IETF 88 to add this draft to the
agenda, so please confirm availability.

As a reminder, we are on the 1st day (Monday) at 1300.

-Mauricio & Jouni

Dear Mauricio & Jouni,

the scope of this draft is to provide a means for the transmission of large amounts of authorization data between two RADIUS endpoints. The reasons why it is focused only on authorization data are described in the "Scope of this document" section on the draft, and can be summarized on the following sentence: "Other exchanges (i.e. authentication and accounting) do not require of such a mechanism". This is justified on the following premises:

1) Authentication exchanges already deal with fragmentation (e.g. RADIUS-EAP). Moreover, as they represent the most critical part of a RADIUS conversation, it is preferable to not introduce any modification to their operation that may affect existing equipment.
2) There not documented need for fragmentation of accounting data so far.

Additionally, other of the cornerstone points of this mechanism is to work through unmodified proxies, thus:
* It should be based on UDP
* It should not require of any change to the RADIUS specification
* It should conform with current RADIUS attribute & packet formats

Those are the basis of our draft, and the requirements that have guided the definition of the current fragmentation mechanism.

However, it does not provide a perfect solution. In particular, it requires proxying to be done based on the User-Name attribute (although the most typical case, specific scenarios may have a different configuration), it requires proxies to not drop unrecognised attributes (who does not?), it requires proxies to not try to modify the contents of a packet (apart of inserting Proxy-State attributes), and the receptor do not know how much data will arrive until it  actually receives it.

Taking into account aforementioned restrictions it seems that, for new deployments where keeping the infrastructure unmodified is not a MUST, a different approach of using RADIUS TCP, *and* changing RADIUS specification to increase the maximum packet length from 4 KiB to 64 KiB may provide a simpler solution.

>From my perspective, both solutions could coexists. While the TCP-based solution may provide a simpler solution, in scenarios where existing infrastructure cannot be easily upgraded, an UDP-based solution is still needed.

We are currently finishing a new version which clarifies some points that were raised on the mailing list, mainly related to the mentioned limitations. It is our intention to have it ready before the IETF meeting.

I will not personally attend the meeting, but I will be available via Jabber.

Regards,
Alejandro








On 8/26/13 12:35 AM, "Jouni Korhonen" <jouni.nospam@gmail.com><mailto:jouni.nospam@gmail.com> wrote:



Folks,

We got some support and none going against the adoption. There were
already some very detailed discussion on aspects people want to see
changed in the document, which is a really good start.

We will take draft-perez-radext-radius-fragmentation-06 as the _basis_
for the WG solution. Now the WG needs to come up with text that everybody
agrees with. whether we need further documents on fragmentation, e.g. as
a generic long term solution is to be seen and discussed.

- Jouni & Mauricio


On Aug 9, 2013, at 3:02 PM, Jouni Korhonen <jouni.nospam@gmail.com><mailto:jouni.nospam@gmail.com> wrote:



Folks,

Based on the discussion in Berlin we are ready to start another
adoption call for the solution for fragmentation of RADIUS packets.

This email starts a two week consensus call on adopting:

Filename:         draft-perez-radext-radius-fragmentation
Revision:         06
Title:            Support of fragmentation of RADIUS packets
Creation date:    2013-07-02

Express your concerns or support by 23rd August EOB on the mailing list.

- Jouni & Mauricio


_______________________________________________
radext mailing list
radext@ietf.org<mailto:radext@ietf.org>
https://www.ietf.org/mailman/listinfo/radext




_______________________________________________
radext mailing list
radext@ietf.org<mailto:radext@ietf.org>
https://www.ietf.org/mailman/listinfo/radext


_______________________________________________
radext mailing list
radext@ietf.org<mailto:radext@ietf.org>
https://www.ietf.org/mailman/listinfo/radext


--
"Esta vez no fallaremos, Doctor Infierno"

Dr Diego R. Lopez
Telefonica I+D
http://people.tid.es/diego.lopez/

e-mail: diego@tid.es
Tel:    +34 913 129 041
Mobile: +34 682 051 091
-----------------------------------------


________________________________

Este mensaje se dirige exclusivamente a su destinatario. Puede consultar nuestra política de envío y recepción de correo electrónico en el enlace situado más abajo.
This message is intended exclusively for its addressee. We only send and receive email on the basis of the terms set out at:
http://www.tid.es/ES/PAGINAS/disclaimer.aspx

v2.23.0 | Report a Bug | By Email