IETF Logo Mail Archive

Re: [radext] BoF request for IETF 115

Jan-Frederik Rieckers <rieckers@dfn.de> Tue, 04 October 2022 12:09 UTC

Return-Path: <rieckers@dfn.de>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 55FEFC14CE44 for <radext@ietfa.amsl.com>; Tue, 4 Oct 2022 05:09:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.109
X-Spam-Level:
X-Spam-Status: No, score=-2.109 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=dfn.de
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U9oeABhHmrGD for <radext@ietfa.amsl.com>; Tue, 4 Oct 2022 05:09:38 -0700 (PDT)
Received: from b1004.mx.srv.dfn.de (b1004.mx.srv.dfn.de [IPv6:2001:638:d:c302:acdc:1979:2:58]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 19349C14CE30 for <radext@ietf.org>; Tue, 4 Oct 2022 05:09:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dfn.de; h= content-transfer-encoding:content-type:content-type:in-reply-to :organization:from:from:references:content-language:subject :subject:user-agent:mime-version:date:date:message-id:received; s=s1; t=1664885371; x=1666699772; bh=G7QVK5fbmGgAB8teGAI5UhByso Uy404WovfqlpjF7sc=; b=D8l1DDOGKZFsM8o9b/meB3niTM0nL0MvIws9MYSm5E kO8Mw88/KACz1o4Ln9Dw+TDkAcaNIVB9L4tBIeWZ87JrJWiA9i7p1X0LWxUMRhZN zz1ccuIppTwMD7+RXNbXokwZdIYIiMw7n3fcWlbw+USHEz6vQmh12QQO+08lsa3i I=
Received: from mail.dfn.de (mail.dfn.de [194.95.245.150]) by b1004.mx.srv.dfn.de (Postfix) with ESMTPS id 9F2C12200C7 for <radext@ietf.org>; Tue, 4 Oct 2022 14:09:30 +0200 (CEST)
Received: from [IPV6:2001:638:d:1016::1000] (unknown [IPv6:2001:638:d:1016::1000]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mspool2.srv.dfn.de (Postfix) with ESMTPSA id CE0E282 for <radext@ietf.org>; Tue, 4 Oct 2022 14:09:29 +0200 (CEST)
Message-ID: <99f6da69-e21f-27e6-32fd-8fc4853179ed@dfn.de>
Date: Tue, 04 Oct 2022 14:09:28 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.13.0
Content-Language: en-US
To: radext@ietf.org
References: <B32CF523-A160-4F6E-9904-8FE6151D3F11@deployingradius.com> <90C64DF1-C646-47D4-9449-2698A96A6A4B@gmail.com>
From: Jan-Frederik Rieckers <rieckers@dfn.de>
Organization: DFN e.V.
In-Reply-To: <90C64DF1-C646-47D4-9449-2698A96A6A4B@gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/radext/IrWF64JRmbq7pzimKmPcVfPxoaE>
Subject: Re: [radext] BoF request for IETF 115
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/radext/>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Oct 2022 12:09:42 -0000

On 03.10.22 10:46, Margaret Cullen wrote:> In our efforts to operate and 
support a large, proxied RADIUS fabric, we
> often wish we had a Status-Server equivalent that would cross proxies 
> (like a multi-hop RADIUS ping), with or without a path tracing capability.
> 
> I’d be happy to contribute to an effort to provide something like that, 
> if others agree it is needed.

Speaking as a national eduroam roaming operator in Germany, I had issues 
detecting routing problems and would definitely welcome a probing method 
that gives better information then "I've started eapol_test and looked 
at the response using wireshark combined with my radsecproxy logs and it 
looked ok™"

> Several years ago, a group of us designed a realm routing protocol for 
> ABFAB called the “Trust Router Protocol”.  It has been documented in an 
> Internet Draft, implemented as an open source project, and used (to a 
> limited degree) in a production service.  It could be a good starting 
> point if others agree that a realm routing protocol would be useful.

Having a routing protocol, especially one aware of HA-setups and 
failover scenarios, would definitely be helpful.

Probably nothing we should include in this new WG charter just now, 
getting RADIUS/UDP of the general internet is a much more important task 
IMHO, but I'd be happy to contribute to such a realm routing protocol.

Greetings

Janfred

-- 
E-Mail: rieckers@dfn.de | Fon: +49 30884299-339 | Fax: +49 30884299-370
Pronomen: er/sein | Pronouns: he/him
__________________________________________________________________________________

DFN - Deutsches Forschungsnetz | German National Research and Education 
Network
Verein zur Förderung eines Deutschen Forschungsnetzes e.V.
Alexanderplatz 1 | 10178 Berlin
www.dfn.de

Vorstand: Prof. Dr. Odej Kao (Vorsitzender) | Dr. Rainer Bockholt | 
Christian Zens
Geschäftsführung: Dr. Christian Grimm | Jochem Pattloch
VR AG Charlottenburg 7729B | USt.-ID. DE 1366/23822

v2.23.0 | Report a Bug | By Email