[Serusers] Fwd: Re: AW: AW: [Sipping] FYI: RADIUS & SIP

Alexander Mayrhofer axelm at nic.at
Thu Aug 7 23:05:16 CEST 2003


On (07.08.03 19:47), Jiri Kuthan wrote:
> Can people with hands on real deployments share their experience
> with me? I'm interested in aspects like how the missing reliability
> has been stressing your operation, how much they are interested
> in fixing it, and what kind of fixes they would welcoyme (transition
> to Diameter? adding fail-over capabilities?)

RADIUS is a well known AAA protocol, which even the smallest ISP and
even midsized SME's use to authenticate e.g. their teleworking staff.

The credentials handed out to users are an enormously valueable asset,
as rolling out new credentails usually involved great efforts in terms
of administration.

So, for integration of the new service "SIP" into existing communities
(as like as ISPs, Universities and probably enterprises), plugging into
existing RADIUS infrastructure is essentially a very easy task. Which,
in turn, makes it a very attractive option to increase your user's
population from 0 to several thousands existing accounts in one simple step.

What i'm missing a bit is work on interoperable RADIUS (vendor) attribute
definitions e.g. for SIP-Aliases (what i'm working on right now),
Remote-Party-ID (or related type of information, considering the state
of the sterman-draft), service Classes of SIP users, etc.

In terms of reliability: Accounting records are being retransmitted as
long as they are not ACK'ed, so the only way of loosing accounting
records (besides misconfiguration, of course) is to reboot the RADIUS
client (which would make it loose it's current sessions). Intermediate
accounting records may remedy that a bit, because one only looses the
difference between the last intermediate accounting record and the
missed STOP record). Proper Client implementations change server to a
backup RADIUS is server if the first one does not respond. 

But: RADIUS is usually used as the main session accounting technique at 
major ISP's (where missing reliability leads to direct loss of money 
and therefore management attention ;), so if it was not reliable enough
for that job, it would already have been improved or kicked out of the
window.

cheers

axelm




More information about the sr-users mailing list