Merit has a private attribute for concurrency control in their
daemon that is not the same as Port-Limit. You were either told
wrong or accidentally mixed the two up.
> Hmmm...telebit is a holdover that we're currently using. So..are you
Since Telebit was active in the LA bakeoff and I KNOW that atleast one
of the Telebit engineers frequents the RADIUS IETF list, I really doubt
that. Just to verify, the NetBlazer ST, LS, and PN all support RADIUS.
> suggesting that an isp must all of a sudden replace all of its older
> terminal servers to convert to radius? If so, economics are going to
> dictate and in most cases its simply not going to happen. We're currently
Actually, economics dictate that is MORE cost effective to use
a single technology (like RADIUS) than have to support mulltiple
technologies. ISP throw out old equipment all the time for newer
technology (just how many used PM2s are available and being replaced
by PM3s?).
> in the process of switching the ciscos to radius. It sounds as if you're
> just entering into the market. Radius is a fairly new scheme... I think
No, actually, it sounds like you are just new to this market. I have
been here for years, RADIUS has been here for years. I have worked
with ISPs for over three years now and am well qualified in that area.
> its entered into the limelight within the last year maybe last year and a
> half. I may be worng but I think the very first version of radius was
> released less than two years ago.. ISPs like ours have had to deal with
> remote authentication for the last four years and longer.
MZ already told you all of that is wrong...
> > Are you suggesting the RADIUS server would poll the servers to verify?
> > Is that why the latency would come into effect? I don't follow the
> > latency errors issue?
> No... I'm saying that if a code is implemented to check for concuirrent
> logins that program would increase/decrease its response based by the
> number of users online. The number of users online traditionally
> increases from 4pm to 1am. The time it takes for the radius server to
> individually poll and check each radius device would take too long during
> busy hours. Theoretically the latency would force the radius device to use
> the secondary authenticator.
But the RADIUS servers are *NOT* polling the clients in my scenario.
Thats what the monitors do (like PMMON). There there is NO additional
load on the RADIUS servers. They only do what they are designed to do.
If the polling program finds inconsistencies, it can correct them
without
having to signal the RADIUS servers (remember, RDBMS here).
> Hmmm... personal choicxe I guess. I'd rather have the radius device send
> its accounting info to the authetication server. Saves on bandwidth usage
> in long term also less chance of a security breach.
Well, if you want to put all your eggs in the same basket, thats
YOUR choice. There is NO difference in bandwidth and NO security
breach issues. Where are you getting this stuff from? Do you
even have a backup RADIUS server?
> Considering Microsoft puts a warning on its sql server packs about
> drainage of resources by the sql server I have to say I don't believe
Any DB server should be on a machine on its own, whether Oracle,
Sybase, etc. ESPECIALLY if its mission critical.
> this. My own personal experience with NT server 4.0 4.1 3.5x has been
> negative when it comes to system speed and usage percentages. Mainly
> because nt is a gui. In a multiplatform, multiusage environment the
> authentication server must be able to do more than just authenticate.
And sendmail should do more than just send mail? That statement just
makes me laugh. What do you want it to do, make your coffee? Thats
why multi-tasking was invented was so one program didn't have to do
everything.
> Then there's the programming aspects of nt. Which, quite frankly, suck.
> but that's another story... suffice it to say I feel sorry for nt users.
I am not here for an OS war. I'm talking theories here, not operating
systems.
> Sure... Figure in the cost. For what you spend in a couple of radiusNT
> machines its not worth it. Scaleability id fine but remember you're in a
> business. You can't just toss another machine on the circuit because of
> load.
Oh yeah, I forgot you only have one RADIUS server. If you run your
backup RADIUS server on a different machine, thats another machine
for you too, right? I was referring to scaleability and supporting
a very large number of users. If you want to authentication 5000 ports
to ONE RADIUS server, have at it. I don't know anyone else who would
even think about it. If you are distributing the load, then you have
to deal with syncronization.
> Sorry, but considering the response I have recieved by people with
> multiple concurrent login problems your vendors solution is either not
> working or you've misunderstood the nature of the problem.
My vendors? I *AM* the vendor. I didn't miss the boat, either.
> Authentication is not the problem. Tracking concurrent logins during
> authentication is the problem.
Which should NOT be the responsibilty of the Authentication server to
verify at the exact momement the authentication is happening. That
is what most people try to do and thats why their are response time
ramifications with it.
> If you think NT is so good at handling this problem, I'm told Livingston
> NT Radius source code is or will soon be avaliable. My challenge to you is
I really doubt this. Is this the same person that told you about
port-limit?
> code a solution. I think then you'll have a better understanding of why NT
Well, in case you didn't know, I was the *FIRST* person to code a
solution
for RADIUS on Windows NT, and don't need Livingston's new code to do
it. We have
had an NT solutions for almost two years now (since September 95) and
its done
concurrency control since November of 95. I am still unaware of any
RADIUS
server with the in-depth RDBMS support that RadiusNT has.
> is really unprepared for wan management as well as you'll encounter some
> of the problems wioth dealing in multi vendor authentication schemes. Its
Never had a problem with it and RadiusNT is one of the most widely used
RADIUS servers for WindowsNT. Its recommended by Livingston, Cisco,
Computone, Ascend, and many other major vendors. Would they recommend
something if it didn't work?
> nice to say, "Its not an option" but if you get hired by a company that
> has a mix of everything and are told "Find a solution" then maybe you'll
> understand.
I work for a company with a mix. I help people out everyday that has a
mix. I have found solutions for those situations and will continue in
the future to.
--
Dale E. Reed Jr. (daler@iea.com)
_________________________________________________________________
IEA Software, Inc. | RadiusNT, Emerald, and NT FAQs
Internet Solutions for Today | http://www.emerald.iea.com