[RADIATOR] AuthRADSEC: StatusServerNoreplyTimeout needed instead of NoreplyTimeout
Karl Gaissmaier
karl.gaissmaier at uni-ulm.de
Sat Sep 2 21:00:30 UTC 2017
Hi RADIATOR team,
the dual usage of the 'NoreplyTimeout' for proxied requests AND for
StatusServer noreply failover checks is bad!
The StatusServer receiver is one hop away and you should use a small
value for this timeout, in order to make a fast failover possible to the
next server.
The receiver of Access-Requests or Accounting-Requests may be many hops
away and they may be not well managed, a normal value for this timeout
in the eduroam federation is 10s.
The timeout for proxied radius packets MUST NOT be mixed with timeouts
for StatusServer checks.
What's your opinion about this topic?
Btw, the whole process for failover and missing retries (as in
AuthRADIUS) to the same (working) upstream server should be refactored
for AuthRADSEC.
Best Regards
Charly
--
Karl Gaissmaier
Ulm University
More information about the radiator
mailing list