[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Is provisioning services in Accounting-Request packets bad?

To: "David B. Nelson" <dnelson@elbrysnetworks.com>
Subject: Re: Is provisioning services in Accounting-Request packets bad?
From: Avi Lior <avi@bridgewatersystems.com>
Date: Tue, 15 Jun 2010 13:58:32 -0400
Accept-language: en-US
Acceptlanguage: en-US
Cc: Alan DeKok <aland@deployingradius.com>, radext mailing list <radiusext@ops.ietf.org>
In-reply-to: <A8BFDB7F-2B4B-44F8-9638-8AF70796DF82@elbrysnetworks.com>
References: <4C17A33D.2090405@deployingradius.com> <A8BFDB7F-2B4B-44F8-9638-8AF70796DF82@elbrysnetworks.com>

On one hand we may need more information as David is mentioning.

But there is nothing wrong with a Back office system using information contained in an accounting message.

A back office system can be used for billing but it can also be used to do other things like generate triggers for Intrussion Detection/Prevention systems, Firewalls etc etc....

And thus some of the information could be used for provisioning of some service by a back office system.

We should not be concerned about this.  It has nothing to do with the over the wire protocol.  As long as the information is valid to be sent in the Accounting Messages we should be fine.




On 15-06-2010, at 12:13 , David B. Nelson wrote:

> On Jun 15, 2010, at 11:58 AM, Alan DeKok wrote:
> 
>> When a RADIUS server returns Access-Accept, some systems also request
>> that it send an Accounting-Request packet to a provisioning system.
>> This provisioning system requires information such as Framed-IP-Address,
>> or copies of some VSAs from the Access-Accept.
> 
> What does the provisioning system do with the information and how does it relate the result back to the NAS?
> 
> What entity sends the Accounting-Request, the NAS or he RADIUS server.  You use "it" and I'm unclear what "it" refers to.
> 
>> Quote "This is not unusual, and several vendors are providing such a
>> solution".
>> 
>> RFC 2866 doesn't forbid this, as it expects accounting packets to be
>> sent by the NAS.  The guidelines document contains minimal text about
>> accounting.
>> 
>> Is it worth adding a line in the "guidelines" document saying that
>> accounting packets are to be used for... accounting?  And that
>> provisioning services via Accounting-Request is bad?
> 
> Well, I personally think that provisioning services via an Accounting-Request is bad, but I don't yet see how the NAS is actually being provisioned by a request message.  What is fairly common practice is to build resource management systems around RADIUS Accounting.  Is that the sort of thing you're talking about?
> 
> Regards,
> 
> Dave
> 
> David B. Nelson
> 
> Elbrys Networks, Inc.
> 282 Corporate Drive, Unit 1
> Portsmouth, NH 03801
> 
> +1.603.570.2636
> www.elbrysnetworks.com
> dnelson@elbrysnetworks.com
> 
> 
> 
> 
> 
> 
> --
> to unsubscribe send a message to radiusext-request@ops.ietf.org with
> the word 'unsubscribe' in a single line as the message text body.
> archive: <http://psg.com/lists/radiusext/>

Avi Lior
avi@bridgewatersystems.com
office: +1 613-591-9104x6417
    cell: +1 613-796-4183



--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Follow-Ups:
- Re: Is provisioning services in Accounting-Request packets bad?
  - From: Alan DeKok <aland@deployingradius.com>

References:
- Is provisioning services in Accounting-Request packets bad?
  - From: Alan DeKok <aland@deployingradius.com>
- Re: Is provisioning services in Accounting-Request packets bad?
  - From: "David B. Nelson" <dnelson@elbrysnetworks.com>

Prev by Date: Re: Is provisioning services in Accounting-Request packets bad?
Next by Date: Re: Is provisioning services in Accounting-Request packets bad?
Previous by thread: Re: Is provisioning services in Accounting-Request packets bad?
Next by thread: Re: Is provisioning services in Accounting-Request packets bad?
Index(es):
- Date
- Thread