[RADIATOR] AuthRADSEC: StatusServerNoreplyTimeout needed instead of NoreplyTimeout

Karl Gaissmaier karl.gaissmaier at uni-ulm.de
Sat Sep 2 21:00:30 UTC 2017


the dual usage of the 'NoreplyTimeout' for proxied requests AND for 
StatusServer noreply failover checks is bad!

The StatusServer receiver is one hop away and you should use a small 
value for this timeout, in order to make a fast failover possible to the 
next server.

The receiver of Access-Requests or Accounting-Requests may be many hops 
away and they may be not well managed, a normal value for this timeout 
in the eduroam federation is 10s.

The timeout for proxied radius packets MUST NOT be mixed with timeouts 
for StatusServer checks.

What's your opinion about this topic?

Btw, the whole process for failover and missing retries (as in 
AuthRADIUS) to the same (working) upstream server should be refactored 
for AuthRADSEC.

Best Regards

Karl Gaissmaier
Ulm University

More information about the radiator mailing list