[RADIATOR] New features and changes in the next Radiator release

Hartmaier Alexander alexander.hartmaier at t-systems.at
Thu Jun 18 05:01:37 CDT 2015 

That are *great* news!

Especially the work on sharing state between instances, we had problems
with tacacs sessions from Cisco WLCs that authorize on a different
server than the authentication happened which lead to non-working user
rights.

Regarding logging I'd love to see support for noSQL databases and
messages queues like RabbitMQ and Elasticsearch which can be used as log
target.

I think those features justify a new version, maybe even a major one.

Thanks, Alex

On 2015-06-18 10:29, Heikki Vatiainen wrote:
> There are a number of new features and changes in the current Radiator
> 4.14 patches we thought might be of interest for the list members.
>
> Any comments and questions are welcome.
>
>
> Windows Eventlog logging
> ++++++++++++++++++++++++
> New modules AuthLog EVENTLOG and Log EVENTLOG are now included. See
> goodies/eventlog.cfg for instructions and more information about DLLs
> that are useful, but not required, to set up eventlog. There are both
> sources and precompiled binaries for the DLLs in goodies.
>
>
> Clustering control plane support with Gossip framework
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++
> Gossip [1] framework with Redis based implementation was recently added
> in patches. The purpose of the framework is to allow individual Radiator
> instances to share information between each other.
>
> For example, server farm members can use Gossip to relay next hop proxy
> unreachability/reachability information to each other. This allows
> faster recovery from failures and other events as opposed to each
> instance doing detection and recovery individually.
>
> The patches have an implementation for this. Radiator instances, not
> restricted to just farm members, can share next hop proxy status
> information based on Status-Server or lack of responses to normal
> requests. In addition, a farm can be configured so that Status-Server is
> run by only one member whose responsibility is to send reachability
> updates to the other members via Gossip.
>
> The future uses may include distributing TACACS+ authorisation
> information, TLS session tickets, configuration updates or anything a
> custom Radiator installation may require.
>
>
> TLS updates
> +++++++++++
> TLS and SSL configuration options for TLS based EAP methods and TLS
> enabled stream protocol modules, RadSec, Diameter, ServerHTTP, etc.,
> have been updated.
>
> New configuration parameters EAPTLS_Ciphers and TLS_Ciphers allows
> defining the supported ciphersuites. The current default for the both is
> 'DEFAULT:!EXPORT:!LOW'. This should provide the least amount of suprises
> when upgrading.
>
> New configuration parameters EAPTLS_TLS_Protocols and TLS_Protocols are
> available for defining which TLS versions (or SSLv3) to support.
>
> When TLS_Protocols is defined, it overrides UseTLS and UseSSL.
> EAPTLS_Protocols is available for restricting supported TLS versions for
> TLS based EAP methods. The default is to support all available TLS versions.
>
> A useful resource for TLS configuration is for example the Mozilla TLS
> server guide [2]
>
>
> Server farm
> +++++++++++
> Server farm users may be interested in the possibility to use shared
> memory for duplicate cache. With this parameter, the
> UseContentsForDuplicateDetection parameter is no longer needed.
>
>
> Structured logging
> ++++++++++++++++++
> New module LogFormat.pm has examples of how to format Radiator log and
> authentication log messages in JSON and CEF (ArcSight Common Event
> Format) formats. Configuration sample goodies/logformat.cfg has more
> information about how to create a custom module for your local logging
> requirements.
>
>
>
> [1] https://en.wikipedia.org/wiki/Gossip_protocol
> [2] https://wiki.mozilla.org/Security/Server_Side_TLS
>



*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien
Handelsgericht Wien, FN 79340b
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
Notice: This e-mail contains information that is confidential and may be privileged.
If you are not the intended recipient, please notify the sender and then
delete this e-mail immediately.
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*

More information about the radiator mailing list