Re: [radext] BoF request for IETF 115

Jan-Frederik Rieckers <> Tue, 04 October 2022 12:09 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 55FEFC14CE44 for <>; Tue, 4 Oct 2022 05:09:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.109
X-Spam-Status: No, score=-2.109 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id U9oeABhHmrGD for <>; Tue, 4 Oct 2022 05:09:38 -0700 (PDT)
Received: from ( [IPv6:2001:638:d:c302:acdc:1979:2:58]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by (Postfix) with ESMTPS id 19349C14CE30 for <>; Tue, 4 Oct 2022 05:09:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;; h= content-transfer-encoding:content-type:content-type:in-reply-to :organization:from:from:references:content-language:subject :subject:user-agent:mime-version:date:date:message-id:received; s=s1; t=1664885371; x=1666699772; bh=G7QVK5fbmGgAB8teGAI5UhByso Uy404WovfqlpjF7sc=; b=D8l1DDOGKZFsM8o9b/meB3niTM0nL0MvIws9MYSm5E kO8Mw88/KACz1o4Ln9Dw+TDkAcaNIVB9L4tBIeWZ87JrJWiA9i7p1X0LWxUMRhZN zz1ccuIppTwMD7+RXNbXokwZdIYIiMw7n3fcWlbw+USHEz6vQmh12QQO+08lsa3i I=
Received: from ( []) by (Postfix) with ESMTPS id 9F2C12200C7 for <>; Tue, 4 Oct 2022 14:09:30 +0200 (CEST)
Received: from [IPV6:2001:638:d:1016::1000] (unknown [IPv6:2001:638:d:1016::1000]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by (Postfix) with ESMTPSA id CE0E282 for <>; Tue, 4 Oct 2022 14:09:29 +0200 (CEST)
Message-ID: <>
Date: Tue, 04 Oct 2022 14:09:28 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.13.0
Content-Language: en-US
References: <> <>
From: Jan-Frederik Rieckers <>
Organization: DFN e.V.
In-Reply-To: <>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <>
Subject: Re: [radext] BoF request for IETF 115
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 04 Oct 2022 12:09:42 -0000

On 03.10.22 10:46, Margaret Cullen wrote:> In our efforts to operate and 
support a large, proxied RADIUS fabric, we
> often wish we had a Status-Server equivalent that would cross proxies 
> (like a multi-hop RADIUS ping), with or without a path tracing capability.
> I’d be happy to contribute to an effort to provide something like that, 
> if others agree it is needed.

Speaking as a national eduroam roaming operator in Germany, I had issues 
detecting routing problems and would definitely welcome a probing method 
that gives better information then "I've started eapol_test and looked 
at the response using wireshark combined with my radsecproxy logs and it 
looked ok™"

> Several years ago, a group of us designed a realm routing protocol for 
> ABFAB called the “Trust Router Protocol”.  It has been documented in an 
> Internet Draft, implemented as an open source project, and used (to a 
> limited degree) in a production service.  It could be a good starting 
> point if others agree that a realm routing protocol would be useful.

Having a routing protocol, especially one aware of HA-setups and 
failover scenarios, would definitely be helpful.

Probably nothing we should include in this new WG charter just now, 
getting RADIUS/UDP of the general internet is a much more important task 
IMHO, but I'd be happy to contribute to such a realm routing protocol.



E-Mail: | Fon: +49 30884299-339 | Fax: +49 30884299-370
Pronomen: er/sein | Pronouns: he/him

DFN - Deutsches Forschungsnetz | German National Research and Education 
Verein zur Förderung eines Deutschen Forschungsnetzes e.V.
Alexanderplatz 1 | 10178 Berlin

Vorstand: Prof. Dr. Odej Kao (Vorsitzender) | Dr. Rainer Bockholt | 
Christian Zens
Geschäftsführung: Dr. Christian Grimm | Jochem Pattloch
VR AG Charlottenburg 7729B | USt.-ID. DE 1366/23822