(RADIATOR) "Dupinterval" and big NAS

Hugh Irvine hugh at open.com.au
Thu Aug 1 02:41:24 CDT 2002 

Hello Sergey -

This discussion comes up from time to time.

The first thing to understand is that the identifier is used by the NAS 
only for the purposes of keeping track of outstanding requests, ie. 
access requests for which the NAS has not yet received a reply. It is 
also important to understand that this is how the radius protocol 
specification is written.

I have copied this mail to Mike who may have additional comments.

BTW - I would be interested to see a trace 4 debug showing what is 
happening, and I would also like to know what CommWorks say about how 
the identifier should be used by the radius server.

regards

Hugh



On Thursday, August 1, 2002, at 03:48 PM, Sergey Y. Afonin wrote:

> Hello.
>
>   I think I've discovered a problem with duplicate session detection 
> on a
> NAS with large amount of modems. The identifier of radius packet is one 
> byte
> sized (1-255), but in case of some NAS have over 255 modems. For 
> example,
> CommWorks Total Control 1000 (which was known as USR/3COM Total Control)
> may be have up to 420 modems. It is common to have two different 
> sessions
> having the same identifier in their authorization requests in short 
> time interval.
>
> That promlem had led to another one. The Radiator ignores the second 
> accounting
> packet of the same identifier. The NAS thinks that that radius server 
> has gone away
> and moves to backup radius server. If backup is not pesent, any further 
> accounting
> packets will be lost.
>
> I think in that case it is necessary to use "username" (for example) in 
> addition to
> identifier to compare sessions for big NAS.
>
> --
> Regards, Sergey Afonin
> asy at kraft-s.ru
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list