RADIUS over TCP
RFC 6613
Document | Type |
RFC - Experimental
(May 2012; No errata)
Updated by RFC 7930
|
|
---|---|---|---|
Author | Alan DeKok | ||
Last updated | 2015-10-14 | ||
Replaces | draft-dekok-radext-tcp-transport | ||
Stream | IETF | ||
Formats | plain text html pdf htmlized bibtex | ||
Reviews | |||
Stream | WG state | WG Document | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 6613 (Experimental) | |
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | BenoƮt Claise | ||
IESG note | Bernard Aboba (bernard_aboba@hotmail.com) is the document shepherd. | ||
Send notices to | (None) |
Internet Engineering Task Force (IETF) A. DeKok Request for Comments: 6613 FreeRADIUS Category: Experimental May 2012 ISSN: 2070-1721 RADIUS over TCP Abstract The Remote Authentication Dial-In User Server (RADIUS) protocol has, until now, required the User Datagram Protocol (UDP) as the underlying transport layer. This document defines RADIUS over the Transmission Control Protocol (RADIUS/TCP), in order to address handling issues related to RADIUS over Transport Layer Security (RADIUS/TLS). It permits TCP to be used as a transport protocol for RADIUS only when a transport layer such as TLS or IPsec provides confidentiality and security. Status of This Memo This document is not an Internet Standards Track specification; it is published for examination, experimental implementation, and evaluation. This document defines an Experimental Protocol for the Internet community. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Not all documents approved by the IESG are a candidate for any level of Internet Standard; see Section 2 of RFC 5741. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc6613. DeKok Experimental [Page 1] RFC 6613 RADIUS over TCP May 2012 Copyright Notice Copyright (c) 2012 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction ....................................................3 1.1. Applicability of Reliable Transport ........................4 1.2. Terminology ................................................6 1.3. Requirements Language ......................................6 2. Changes to RADIUS ...............................................6 2.1. Packet Format ..............................................7 2.2. Assigned Ports for RADIUS/TCP ..............................7 2.3. Management Information Base (MIB) ..........................8 2.4. Detecting Live Servers .....................................8 2.5. Congestion Control Issues ..................................9 2.6. TCP Specific Issues ........................................9 2.6.1. Duplicates and Retransmissions .....................10 2.6.2. Head of Line Blocking ..............................11 2.6.3. Shared Secrets .....................................11 2.6.4. Malformed Packets and Unknown Clients ..............12 2.6.5. Limitations of the ID Field ........................13 2.6.6. EAP Sessions .......................................13 2.6.7. TCP Applications Are Not UDP Applications ..........14 3. Diameter Considerations ........................................14 4. Security Considerations ........................................14 5. References .....................................................15 5.1. Normative References ......................................15 5.2. Informative References ....................................15 DeKok Experimental [Page 2] RFC 6613 RADIUS over TCP May 2012 1. Introduction The RADIUS protocol is defined in [RFC2865] as using the User Datagram Protocol (UDP) for the underlying transport layer. While there are a number of benefits to using UDP as outlined in [RFC2865], Section 2.4, there are also some limitations: * Unreliable transport. As a result, systems using RADIUS have to implement application-layer timers and retransmissions, as described in [RFC5080], Section 2.2.1. * Packet fragmentation. [RFC2865], Section 3, permits RADIUS packets up to 4096 octets in length. These packets are larger than the common Internet MTU (576), resulting in fragmentationShow full document text