Internet Draft Pat R. Calhoun
Category: Experimental US Robotics Access Corp.
expires in six months July 1996
Enhanced Remote Authentication Dial In User Service (RADIUS)
Resource Management Extension
<draft-calhoun-enh-radius-res-mgmt-00.txt>
Status of this Memo
Distribution of this memo is unlimited.
This document is an Internet-Draft. Internet-Drafts are working
documents of the Internet Engineering Task Force (IETF), its areas,
and its working groups. Note that other groups may also distribute
working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as ``work in progress.''
To learn the current status of any Internet-Draft, please check the
``1id-abstracts.txt'' listing contained in the Internet-Drafts Shadow
Directories on ds.internic.net (US East Coast), nic.nordu.net
(Europe), ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific
Rim).
Abstract
This specification defines an extension to the Enhanced RADIUS
protocol [1]. This extension provides the ability for a RADIUS
server to manage a pool of resources.
Calhoun [Page 1]
DRAFT Resource Management Extension July 1996
1. Introduction
The RADIUS Resource Management extensions are intended to allow
the RADIUS server to manage a set of resources. This document does
not specify which resources may be managed by a RADIUS server since
this is vendor specific. However it is envisioned that the RADIUS
server be able to manage IP address Pools in order to make use of
the valuable address space.
2. Command Name and Command Code
Command Name: Resource-Free-Request
Command Code: 261
Command Name: Resource-Free-Response
Command Code: 262
Command Name: Query-Resource-Request
Command Code: 263
Command Name: Query-Resource-Response
Command Code: 264
Command Name: Query-Reclaim-Request
Command Code: 265
Command Name: Query-Reclaim-Response
Command Code: 266
3. Command Meanings
3.1 Resource-Free-Request
Description
Resource-Free-Request packets are sent by the NAS to the Radius
Server, and provides information on specific resources which have
been released.
Since a NAS cannot predict what resources will be managed by the
RADIUS Server, it is desirable that the NAS return ALL of the
attributes which were part of the Access-Accept. This flexibility
will allow a RADIUS Server to manage widgets, should that be
necessary in the future.
Calhoun [Page 2]
DRAFT Resource Management Extension July 1996
Upon receipt of an Resource-Free-Request, A RADIUS Server MUST
reply with a response. This response MAY be either a
Resource-Free-Response if resource management is supported or a
Command-Unrecognized packet if it does not.
If the RADIUS Server does support Resource Management, it SHOULD
then release any resources at this point.
The NAS should only return this message to the RADIUS Server if
a Terminate-Action attribute was sent in the original Access-Accept
with a value of 2.
A summary of the Resource-Free-Request packet format is shown
below. The fields are transmitted from left to right.
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Code | Flags | Ver | Command |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Identifier | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
| Authenticator |
| |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
| Message Integrity Code |
| |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Attributes ...
+-+-+-+-+-+-+-+-+-+-+-+-+-
Code
254 for Enhanced RADIUS.
Flags
The Flag field is used as defined in [1].
Version
MUST be set to 2
Calhoun [Page 3]
DRAFT Resource Management Extension July 1996
Command
261 for Resource-Free-Request.
Identifier
The Identifier field MUST be changed whenever the content of the
Attributes field changes, and whenever a valid reply has been
received for a previous request. For retransmissions, the
Identifier MAY remain unchanged.
Authenticator
The Authenticator field is a random 16 octet value. If the Timestamp
option is supported, the first four octets contain a timestamp of
when the packet was sent from the peer.
Message Integrity Code
This field contains an MD5 hash of the following:
MD5( packet | Shared Secret )
Attributes
The Attribute field is variable in length, and contains a list of
zero or more Attributes.
3.2 Resource-Free-Response
Description
Resource-Free-Response packets are sent by the RADIUS server to
the NAS to acknowledge that a specific resource has been freed.
The RADIUS server is responsible for releasing any resources which
are attached via the attributes.
The Resource-Free-Response packets SHOULD NOT include any of the
attributes which where included in the request packet.
A summary of the Resource-Free-Response packet format is shown
below. The fields are transmitted from left to right.
Calhoun [Page 4]
DRAFT Resource Management Extension July 1996
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Code | Flags | Ver | Command |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Identifier | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
| Authenticator |
| |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
| Message Integrity Code |
| |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Attributes ...
+-+-+-+-+-+-+-+-+-+-+-+-+-
Code
254 for Enhanced RADIUS.
Flags
The Flag field is used as defined in [1].
Version
MUST be set to 2
Command
262 for Resource-Free-Response.
Identifier
The Identifier field is a copy of the Identifier field of the
Resource-Free-Request which caused this Resource-Free-Response.
Authenticator
The Authenticator field is a random 16 octet value. If the Timestamp
option is supported, the first four octets contain a timestamp of
when the packet was sent from the peer.
Calhoun [Page 5]
DRAFT Resource Management Extension July 1996
Message Integrity Code
This field contains an MD5 hash of the following:
MD5( packet | Shared Secret )
3.3 Query-Resource-Request
Description
Query-Resource-Request packets are sent by the RADIUS server to
the NAS. Although this procedure SHOULD only be done at
initialization time, it is certainly possible that an
implementation send regular Query-Resource-Requests.
Upon receipt of an Query-Resource-Request, A NAS MUST reply with
a response. This response MAY be either a Query-Resource-Response
if resource management is supported or a Command-Unrecognized
packet if it does not.
A RADIUS Server MUST support NAS' which do not support Enhanced
RADIUS which would simply silently ignore the
Query-Resource-Request.
The initial Resource-Query-Request MUST contain a Packet-Index
attribute with a value of zero (See the attribute definition for
more information). However, if a Query-Resource-Response is
received with a Packet-Index attribute with a non-zero value, the
Server MUST send another Query-Resource-Request with the
Packet-Index attribute value set to the value which was received
in the response. A response with the Packet-Index attribute value
set to zero indicates that the transaction is complete.
If the RADIUS Server times out before receiving any responses, it
MAY assume that there are no NAS' on the network, or that the
NAS' do not support Enhanced RADIUS, at which point it may retry
periodically or give up and expect an Access-Request (this is
implementation specific).
A summary of the Query-Resource-Request packet format is shown
below. The fields are transmitted from left to right.
Calhoun [Page 6]
DRAFT Resource Management Extension July 1996
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Code | Flags | Ver | Command |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Identifier | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
| Authenticator |
| |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
| Message Integrity Code |
| |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Attributes ...
+-+-+-+-+-+-+-+-+-+-+-+-+-
Code
254 for Enhanced RADIUS.
Flags
The Flag field is used as defined in [1].
Version
MUST be set to 2
Command
263 for Query-Resource-Request.
Identifier
The Identifier field MUST be changed whenever the content of the
Attributes field changes, and whenever a valid reply has been
received for a previous request. For retransmissions, the
Identifier MAY remain unchanged.
Calhoun [Page 7]
DRAFT Resource Management Extension July 1996
Authenticator
The Authenticator field is a random 16 octet value. If the Timestamp
option is supported, the first four octets contain a timestamp of
when the packet was sent from the peer.
Message Integrity Code
This field contains an MD5 hash of the following:
MD5( packet | Shared Secret )
Attributes
The Attribute field is variable in length, and contains a list of
zero or more Attributes.
3.4 Query-Resource-Response
Description
Upon receipt of a request, each NAS is responsible to respond
with all Access-Accept packets which were previously received and
which the session is still active. In order to attach the packets,
the use of the Resource-Attached attribute MUST be used (see below).
Since many Access-Accept packets may be returned within one
Resource-Query-Response, it is likely that the total packet length
exceed the interface's MTU. The NAS MUST not send packets which
exceed the MTU, therefore once the maximum packet length has been
reached, the Packet-Index attribute's value MUST be set to a value
which the NAS could use on a further request to return the rest of
the information.
When the RADIUS Server receives a response with the Packet-Index
set to a non-zero value, it must sent another
Query-Resource-Request with the Packet-Index set to the value
which was set in the response.
When the RADIUS Server receives a Query-Resource-Response from the
NAS with a Packet-Index attribute with a value of zero, it MUST
assume that the NAS has no data left and should NOT send another
Query-Resource-Request.
A summary of the Query-Resource-Response packet format is shown
below. The fields are transmitted from left to right.
Calhoun [Page 8]
DRAFT Resource Management Extension July 1996
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Code | Flags | Ver | Command |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Identifier | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
| Authenticator |
| |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
| Message Integrity Code |
| |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Attributes ...
+-+-+-+-+-+-+-+-+-+-+-+-+-
Code
254 for Enhanced RADIUS.
Flags
The Flag field is used as defined in [1].
Version
MUST be set to 2
Command
264 for Query-Resource-Response.
Identifier
The Identifier field is a copy of the Identifier field of the
Query-Resource-Request which caused this Query-Resource-Response.
Authenticator
The Authenticator field is a random 16 octet value. If the Timestamp
option is supported, the first four octets contain a timestamp of
when the packet was sent from the peer.
Calhoun [Page 9]
DRAFT Resource Management Extension July 1996
Message Integrity Code
This field contains an MD5 hash of the following:
MD5( packet | Shared Secret )
Attributes
The Attribute field is variable in length, and contains a list of
zero or more Attributes.
3.5 Resource-Reclaim-Request
Description
Resource-Reclaim-Request packets are sent by the RADIUS server to
the NAS to request that a previously allocated resource be freed
immediately. This allows an administrator to free used
resources from the RADIUS server without any manual intervention
on the NAS.
The Resource-Reclaim-Request message should include all previously
allocated resources, including the NAS-IP-Address and NAS-Port-Id
attributes which where included in the request packet. It is
assumed that if all of the attributes which were in the
Access-Accept are present in this packet, then the RADIUS Server is
requesting that the NAS disconnect the user.
A summary of the Resource-Reclaim-Request packet format is shown
below. The fields are transmitted from left to right.
Calhoun [Page 10]
DRAFT Resource Management Extension July 1996
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Code | Flags | Ver | Command |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Identifier | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
| Authenticator |
| |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
| Message Integrity Code |
| |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Attributes ...
+-+-+-+-+-+-+-+-+-+-+-+-+-
Code
254 for Enhanced RADIUS.
Flags
The Flag field is used as defined in [1].
Version
MUST be set to 2
Command
265 for Resource-Reclaim-Request.
Identifier
The Identifier field MUST be changed whenever the content of the
Attributes field changes, and whenever a valid reply has been
received for a previous request. For retransmissions, the
Identifier MAY remain unchanged.
Calhoun [Page 11]
DRAFT Resource Management Extension July 1996
Authenticator
The Authenticator field is a random 16 octet value. If the Timestamp
option is supported, the first four octets contain a timestamp of
when the packet was sent from the peer.
Message Integrity Code
This field contains an MD5 hash of the following:
MD5( packet | Shared Secret )
Attributes
The Attribute field is variable in length, and contains a list of
zero or more Attributes.
3.5 Resource-Reclaim-Response
Description
Resource-Reclaim-Response packets are sent by the NAS to the RADIUS
server to acknowledge the reception of the
Resource-Reclaim-Request. The RADIUS Server MUST however wait for
a Resource-Free-Request from the NAS before flagging the resources
as available.
The Resource-Reclaim-Response message should include the
NAS-IP-Address and NAS-Port-Id attributes which where included
in the request packet.
A summary of the Resource-Reclaim-Response packet format is shown
below. The fields are transmitted from left to right.
Calhoun [Page 12]
DRAFT Resource Management Extension July 1996
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Code | Flags | Ver | Command |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Identifier | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
| Authenticator |
| |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
| Message Integrity Code |
| |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Attributes ...
+-+-+-+-+-+-+-+-+-+-+-+-+-
Code
254 for Enhanced RADIUS.
Flags
The Flag field is used as defined in [1].
Version
MUST be set to 2
Command
266 for Resource-Reclaim-Response.
Identifier
The Identifier field is a copy of the Identifier field of the
Resource-Reclaim-Request which caused this
Resource-Reclaim-Response.
Calhoun [Page 13]
DRAFT Resource Management Extension July 1996
Authenticator
The Authenticator field is a random 16 octet value. If the Timestamp
option is supported, the first four octets contain a timestamp of
when the packet was sent from the peer.
Message Integrity Code
This field contains an MD5 hash of the following:
MD5( packet | Shared Secret )
Attributes
The Attribute field is variable in length, and contains a list of
zero or more Attributes.
4. Attribute Name and Attribute Code
Attribute Name: Number-Of-Sessions
Attribute Code: 260
Attribute Name: Packet-Index
Attribute Code: 261
Attribute Name: Resource-Attached
Attribute Code: 262
5. Attribute Meanings
5.1 Number-Of-Sessions
Description
This Attribute is available for internal RADIUS server use only.
This attribute indicates to the RADIUS server the number of active
sessions a user may have at any given time. This attribute should
not be added to the Access-Accept message.
It is assumed that if this field is not present in the user
definition, the number of active sessions is set to 1.
Calhoun [Page 14]
DRAFT Resource Management Extension July 1996
5.2 Packet-Index
Description
This attribute is used in conjunction with the Resource Query
mechanism and allows for packets greater than the MTU size.
In the original Resource-Query-Request, this attribute should be
present with a value of zero. Upon receipt of a Resource Query
Response command, the RADIUS server must check if the attribute is
still set to zero. If the value is a non-zero, the RADIUS server
MUST return a Resource Query Request with a Packet-Index value
equal to the value which was set in the response. Upon receipt of
a zero, the RADIUS Server MUST assume that this is the last
packet.
The value of the Packet-Index attribute is NAS specific and is not
discussed further.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Attribute Type |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Length | Flags | Value ... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
261 for Packet-Index
Length
>= 3
Flags
The Flags field SHOULD be set to 1 (The attribute MUST be supported
by the receiving device). Of course, the attribute would only be
supported if the implementation supported resource management.
Value
The integer contains a value which is set by the NAS in order
to keep track of which Access-Accepts have already been sent to
the RADIUS server.
Calhoun [Page 15]
DRAFT Resource Management Extension July 1996
5.2 Resource-Attached
Description
This attribute indicates that the value attached is a previously
received Access-Accept. This attribute is used with the Resource
Query Response in order for the NAS to return the previously
allocated resources.
It is likely that more than one of these attributes exist in
a Resource Query Response.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Attribute Type |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Length | Flags | Value ... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
262 for Resource-Attached
Length
>= 3
Flags
The Flags field SHOULD be set to 1 (The attribute MUST be supported
by the receiving device). Of course, the attribute would only be
supported if the implementation supported resource management.
String
The String field is one or more octets. The value is an
Access-Accept packet.
6. Motivation
With the large demand for the leasing of dial-up ports and access
to corporate backbone networks, it is necessary for a central
registry to maintain an address pool. In the past, this was mostly
Calhoun [Page 16]
DRAFT Resource Management Extension July 1996
done by the NAS, but with the above scenarios there are now
multiple pools to deal with.
One way would be to pre-configure in the NAS' all of the possible
address pools. However, this is not only very wasteful but is a
deployment nightmare for service providers.
Since the protocol can manage any resource, another possible pool
would be a user's simultaneous logins. This would allow service
providers the ability to limit the number of concurrent logins
based of the user's service profile (i.e. more than one if
Multi-Link is enabled for the user). This also resolves the problem
with service providers who charge a flat fee for unlimited usage,
where a user can distribute his/her username and password and end up
tying up dial-up ports.
The method which is most commonly used today is for the RADIUS
server to make use of the STOP accounting record in order to
determine when the user has been disconnected. This solution is
unfortunately not suitable in installations where the accounting
and operations departments are physically separate and so are
the accounting and authentication RADIUS servers. This solution
will allow for the authentication server to determine when a
session has been released.
Since it is quite likely that a RADIUS server would loose it's
internal database of allocated resources should a crash occur (or
power outage), a mechanism should exist which would allow the
RADIUS server to rebuild the information. The Resource Query
mechanism described in this document will allow the RADIUS server
to poll all of it's clients in order to determine what has
already been allocated.
Note that for large networks with resilient Enhanced RADIUS
Servers, it is required that a distributed database be used as a
back-end to the RADIUS Server.
7. Description (or Implementation Rules)
Upon a call termination, a Resource-Free Message is generated by
the NAS to the Radius Server and MUST contain all of the attributes
which were attached in the Access-Accept.
In order to support the fact that a NAS may reboot, if a Radius
Server receives a NAS-Reboot message it MUST assume that
all resources currently allocated to that NAS MUST be freed.
Calhoun [Page 17]
DRAFT Resource Management Extension July 1996
The RADIUS Server now requires a special state for each of it's
configured clients. This state will indicate whether the client
has responded to the Resource-Query-Request which was sent out
when the RADIUS Server rebooted. If the RADIUS Server receives an
Access-Request from a client which did NOT respond the
the Query message, the RADIUS server MAY send a
Resource-Query-Request to the client in order to retrieve any
resources that may have been already allocated. If it is determined
that the NAS supports Enhanced RADIUS and the resource management
extension, then the RADIUS server should only respond to
Access-Requests if it has received a Resource-Query-Response from
the requesting NAS. If the Access-Request received is in the
version 1 format, the RADIUS Server SHOULD NOT send the Query
message.
A NAS MUST respond to a Resource-Query-Request with all of the
resources which were allocated to it via the RADIUS Server. In
order to do this, the NAS SHOULD return all Access-Accept messages
in the response. Since response packets may be greater than the MTU,
the Packet-Index attribute allow the protocol to send multiple
request response pairs.
This will allow a RADIUS Server, which may have crashed, to
recover and to be able to identify what resources have been
allocated.
8. References
[1] Rigney, et alia, "RADIUS Authentication", Internet-Draft,
draft-ietf-radius-radius-02.txt, Livingston, May 1996.
[2] Calhoun, Rubens, "Enhanced RADIUS", Internet-Draft,
draft-calhoun-enh-radius-00.txt,
US Robotics Access Corp., June 1996.
[3] Calhoun, "Enhanced RADIUS Protocol Extension Specifications",
draft-calhoun-radius-ext-00.txt, Internet-Draft,
US Robotics Access Corp., June 1996.
Calhoun [Page 18]