EAP
David Peterson
davidp at wirelessconnections.net
Thu Dec 13 16:43:12 CET 2012
Hmm so if say the wireless inserted 55-65ms of latency and we have another
50ms of WAN latency it could cause some real issues with EAP.
David
-----Original Message-----
From: Phil Mayers [mailto:p.mayers at imperial.ac.uk]
Sent: Thursday, December 13, 2012 10:36 AM
To: David Peterson-WirelessConnections; FreeRadius users mailing list
Subject: Re: EAP
On 13/12/12 15:22, David Peterson wrote:
> I wanted to ping the Eduroam people about EAP over WAN links. Are
> there considerations that can cause connectivity issues that I should
> be examining?
Well... maybe.
EAP is lockstep, so round-trip time is a factor - if your RTT is 100ms and
your EAP exchange sends 10 packets, it will take a *minimum* of 1 second to
authenticate.
In addition, since a given source/dest ip/port can only have 255 radius
packets outstanding (because the ID field is 1 byte) a flurry of
re-authentications might necessitate multiple proxy sockets (I can't
remember if FreeRADIUS opens new ones for you automatically when the ID
space is full). But TBH this is a pretty theoretical problem.
Packet loss is an issue, because you'll then suffer retransmits and the
timers for these on most supplicants are slow. So avoid lossy links.
I guess in theory bit-error-rate is a factor if you have a "dirty" link,
since the packet may/will fail Message-Authenticator checks and have to be
retransmitted.
In short - the usual list of stuff with WAN links.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: winmail.dat
Type: application/ms-tnef
Size: 3014 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20121213/0c5d35fb/attachment-0001.bin>
More information about the Freeradius-Users
mailing list