Hello, many hundreds of realms set NAPTR records in eduroam. Those typically point to an approximate dozen of country-level endpoints which take the traffic from there over RADIUS/UDP. Similarly, eduroam hotspots typically send traffic via RADIUS/UDP to their country-level, and those do the NAPTR lookups to find the destination country server. That way, dynamic lookups and shorter proxy chains are possible, but the complexity of having TLS certs for the realms and hotspots directly goes away. To be honest, the lack of NAPTR lookup capability is my #1 reason why I'm using Radiator and radsecproxy as the two RADIUS implementations for my own country-level servers. Both allow dynamic lookups. Greetings, Stefan Winter Am 03.03.20 um 23:25 schrieb Alan Buxey:
hi,
I wasn't aware that anyone was doing dynamic home server discovery. I know there's a standard for it, but wasn't aware there was support within the federation. oh yes. at the national level theres been a few federations using it to then send the requests directly to the relevant federation and not through the very top level proxies. but for end sites using it directly. not much lift (historically thats been due to individual sites not doing relevant logging so the national proxies lose visibility of traffic/usage
alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Stefan WINTER Ingenieur de Recherche Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche 2, avenue de l'Université L-4365 Esch-sur-Alzette Tel: +352 424409 1 Fax: +352 422473 PGP key updated to 4096 Bit RSA - I will encrypt all mails if the recipient's key is known to me http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66