David Peterson davidp at wirelessconnections.net
Thu Dec 13 16:43:12 CET 2012

Hmm so if say the wireless inserted 55-65ms of latency and we have another
50ms of WAN latency it could cause some real issues with EAP.


-----Original Message-----
From: Phil Mayers [mailto:p.mayers at imperial.ac.uk] 
Sent: Thursday, December 13, 2012 10:36 AM
To: David Peterson-WirelessConnections; FreeRadius users mailing list
Subject: Re: EAP

On 13/12/12 15:22, David Peterson wrote:
> I wanted to ping the Eduroam people about EAP over WAN links.  Are 
> there considerations that can cause connectivity issues that I should 
> be examining?

Well... maybe.

EAP is lockstep, so round-trip time is a factor - if your RTT is 100ms and
your EAP exchange sends 10 packets, it will take a *minimum* of 1 second to

In addition, since a given source/dest ip/port can only have 255 radius
packets outstanding (because the ID field is 1 byte) a flurry of
re-authentications might necessitate multiple proxy sockets (I can't
remember if FreeRADIUS opens new ones for you automatically when the ID
space is full). But TBH this is a pretty theoretical problem.

Packet loss is an issue, because you'll then suffer retransmits and the
timers for these on most supplicants are slow. So avoid lossy links.

I guess in theory bit-error-rate is a factor if you have a "dirty" link,
since the packet may/will fail Message-Authenticator checks and have to be

In short - the usual list of stuff with WAN links.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: winmail.dat
Type: application/ms-tnef
Size: 3014 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20121213/0c5d35fb/attachment-0001.bin>

More information about the Freeradius-Users mailing list