IETF Logo Mail Archive

Re: [radext] configuration auto-discovery [was: draft-cullen-radextra-status-realm-00]

Bernard Aboba <bernard.aboba@gmail.com> Sun, 13 August 2023 21:04 UTC

Return-Path: <bernard.aboba@gmail.com>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1FFC5C151077 for <radext@ietfa.amsl.com>; Sun, 13 Aug 2023 14:04:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.107
X-Spam-Level:
X-Spam-Status: No, score=-7.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k2x_Wdn3heSO for <radext@ietfa.amsl.com>; Sun, 13 Aug 2023 14:04:46 -0700 (PDT)
Received: from mail-pf1-x432.google.com (mail-pf1-x432.google.com [IPv6:2607:f8b0:4864:20::432]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A827AC15106E for <radext@ietf.org>; Sun, 13 Aug 2023 14:04:46 -0700 (PDT)
Received: by mail-pf1-x432.google.com with SMTP id d2e1a72fcca58-686f19b6dd2so2490353b3a.2 for <radext@ietf.org>; Sun, 13 Aug 2023 14:04:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1691960685; x=1692565485; h=to:in-reply-to:cc:references:message-id:date:subject:mime-version :content-transfer-encoding:from:from:to:cc:subject:date:message-id :reply-to; bh=5cam2IP3oRFtJZJPlB47FIdy+CTxYQHfB7Q5pOJ88hc=; b=Ug9J+ksePbR75leM637YrSXTGci5M05HqY61I/gKtRY/WU5zQ/+t2ZmGJ+WKCfAjBj aw0RsTlaZsJ0DyNtl0Pk4gJq40oS5AOrZz2HlSm0YsUkdT9uPPR1P+VNeWQ4qxrhk/Gk Wp2AhZfxtW3JEEdHXYMenWLzl6upgYRHctesvAltAvwWpXc7MG6FMlMYTCTlaKhBoVaY 7J1EvGwN4gVEdl1GcVKeaowKPbtXTTRWGmIslxyFU0cjN4kw6asdIbE8E34zPSYS8A2v +PyOGbypuwo1zLg+aOh3grW4/iBvPV9M60uBp6b3ZiEX80HMny9k+gA6MkIYBpilE2Rm yWEQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691960685; x=1692565485; h=to:in-reply-to:cc:references:message-id:date:subject:mime-version :content-transfer-encoding:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=5cam2IP3oRFtJZJPlB47FIdy+CTxYQHfB7Q5pOJ88hc=; b=kkY1qbNAqFaL26PxYo9eQtK031B1UNimzt8iJQD4qr8c4JnhkPcmHQ0NPf2QObWOcZ BSS9KMrTjZ0BHLsMcqRvYHtYwJRFl9qKsL69/1aCWvLyKZ4jEguxLPN1zEnxCOQJ61iz nUc4tBBpNOnahzYvE9B+XJ/sUjpOG2R2+WUvB3xeCZi89W8xBNTUSWIwyB3KFg89Unwh mSdt8nMcCCgIvfOZb0nOZ5qJ1gPtc3kfM5r5X+XpJF/rz5X0LV5w4ZG7yGX0+iuTd3ZD 8m3LZFCYBTKs2zpKxQQ6MfuxNtqNgIC67Wb7cyBGKJci1rqDhXDghlcsxXE867mpTRTU Zp5g==
X-Gm-Message-State: AOJu0Yy3J0X2ESycJXkoQYM1toEATd99ljOdYhyshX53okLdfJ5aqiP2 kL0W78ZvnzqZFrAhBl3Hz/b/XeBldejc1A==
X-Google-Smtp-Source: AGHT+IFbCnOxSZYd46+L/5/msPpoWydnmo/3nBZSMm1mNNXLUv8SQy/LO3nMkdoEp3jW4/DpGp3ppA==
X-Received: by 2002:a05:6a21:3e0b:b0:140:b178:9b36 with SMTP id bk11-20020a056a213e0b00b00140b1789b36mr7273973pzc.48.1691960685064; Sun, 13 Aug 2023 14:04:45 -0700 (PDT)
Received: from smtpclient.apple (c-24-16-156-188.hsd1.wa.comcast.net. [24.16.156.188]) by smtp.gmail.com with ESMTPSA id n21-20020a637215000000b0056420d3cd20sm7122228pgc.71.2023.08.13.14.04.44 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sun, 13 Aug 2023 14:04:44 -0700 (PDT)
From: Bernard Aboba <bernard.aboba@gmail.com>
X-Google-Original-From: Bernard Aboba <Bernard.Aboba@gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (1.0)
Date: Sun, 13 Aug 2023 14:04:33 -0700
Message-Id: <EF267A2A-520A-4A99-AF5A-A9083C725E73@gmail.com>
References: <3CAEA649-7996-4564-B6C9-7B28DD32FDDA@deployingradius.com>
Cc: radext@ietf.org
In-Reply-To: <3CAEA649-7996-4564-B6C9-7B28DD32FDDA@deployingradius.com>
To: Alan DeKok <aland@deployingradius.com>
X-Mailer: iPad Mail (20G75)
Archived-At: <https://mailarchive.ietf.org/arch/msg/radext/TqTLdxY9ZY9S6aYwoS5FeJ0shFg>
Subject: Re: [radext] configuration auto-discovery [was: draft-cullen-radextra-status-realm-00]
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/radext/>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Aug 2023 21:04:47 -0000

On Aug 13, 2023, at 13:37, Alan DeKok <aland@deployingradius.com> wrote:
> 
> This lack means that any fail-over mechanism is largely implementation-defined.  Which means there are often connection / destination flapping, similar to route flaps.

Fail-over and fail-back have been implemented widely, but I don’t recall much in the way of systematic studies. We built algorithms that worked “well enough” for particular deployments, and then left things alone.

And yes, hysteresis was needed to dampen flapping.

> 
>  There is no way for a proxy to say "I'm alive, but I can't route this particular packet.  Please redirect it somewhere else".  Better connection signalling would solve that issue directly.  A routing protocol would solve it indirectly.

Consider that transport giveup timers are set often based on route flap durations. So a “route unreachable” message could just be evidence of a flap that might resolve before the retransmission timer expires.

>  But both solutions would benefit from clearer and more standardized fail-over, load-balancing, and discovery mechanism.

If there’s enough data to validate an algorithm, this could make sense.

v2.35.0 | Report a Bug | By Email | System Status