proxy question

Alan DeKok aland at deployingradius.com
Thu Feb 6 19:55:39 CET 2014


Arran Cudbard-Bell wrote:
> Hm, ok I was wrong, it does always forward retries, it's only when the request
> is waiting to be processed or being processed by a worker that it ignores the
> retransmissions.

  Yes.  That was the subject of some debate in the IETF RADIUS working
group.  The proxy acts as a "pass through" device for retransmits.

  But if the server is still working on the reqeust, the answer is
*unknown*.  So it can't proxy it, it can't respond, and it can't do
anything other than ignore the retransmit.

> Doesn't seem that's entirely sensible, or consistent, but ok...

  It's really the only choice.

  The server could do re-transmits itself.  It did that in version 1.
But the code was complicated and fragile.   And the other people in the
RADIUS WG though doing that would break things in the network.

> But the status checks themselves will be retried.

  Because FreeRADIUS originated the packet, and is acting like a client.
 Clients do retransmits...

  Alan DeKok.


More information about the Freeradius-Users mailing list