[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Issue 38 - Ordering of filter attributes

To: "Sanchez, Mauricio (PNB Roseville)" <mauricio.sanchez@hp.com>, Avi Lior <avi@bridgewatersystems.com>, radiusext@ops.ietf.org
Subject: RE: Issue 38 - Ordering of filter attributes
From: Avi Lior <avi@bridgewatersystems.com>
Date: Tue, 1 Feb 2005 10:15:29 -0500

Hi,

Perhaps I didn't make myself clear.

What I am trying to say is that: when a NAS receives multiple
NAS-Filter-Rule attributes it has to reconstruct the list.  In doing that
task it has to be mindfull that some of the Filter-Rules may span more then
one NAS-Filter-Rule attribute.

> How often do you forsee generating a single NAS-Filter-Rule that would
> blow out a single RADIUS attribute? 

I don't know how often.  The question is can it happen?

> Even so, why couldn't you spread
> out the rule over multiple attributes with the same net effect?

Yes you would.  And that is my point.

> If
> anything, I do see an issue in running out of space for multiple rules
> (i.e. multiple NAS-Filter-Rule attributes) within a single
> Access-Accept.  

I don't disagree.  That could happen.


> -----Original Message-----
> From: Sanchez, Mauricio (PNB Roseville) 
> [mailto:mauricio.sanchez@hp.com] 
> Sent: Monday, January 31, 2005 7:01 PM
> To: Avi Lior; radiusext@ops.ietf.org
> Subject: RE: Issue 38 - Ordering of filter attributes
> 
> 
> 
> 
> Avi writes...
> 
> > 
> > There are two issues that need to be addressed.
> > 
> > One is that one NAS-Filter-Rule maybe too large to fit a
> > single RADIUS attribute; and A session may require several of 
> > these NAS attributes.
> > 
> > Ordering is a given in RADIUS (as already described in the mail)
> > 
> > Therefore receipient of the Access-Accept must be able to
> > reconstruct a single NAS-Filter-Rule that extends over two or 
> > more attributes.  And then you need to build the list of 
> > NAS-Filter-Rules.
> > 
> > Note that there is no specific hint to help detect a
> > Filter-Rule that spans over more then one attribute.  For 
> > example a key word at the end that indicates that the rule is 
> > extended over the next attribute.  
> > 
> 
> How often do you forsee generating a single NAS-Filter-Rule that would
> blow out a single RADIUS attribute?  Even so, why couldn't you spread
> out the rule over multiple attributes with the same net effect?  If
> anything, I do see an issue in running out of space for multiple rules
> (i.e. multiple NAS-Filter-Rule attributes) within a single
> Access-Accept.  
> 
> MS
> 

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Prev by Date: Re: Capabilities Proposals
Next by Date: RE: Capabilities Proposals
Previous by thread: RE: Issue 38 - Ordering of filter attributes
Next by thread: RE: Issue 38 - Ordering of filter attributes
Index(es):
- Date
- Thread