2.4 RADIUS Connections

RADIUS clients initiate transactions. RADIUS servers route/process transactions received from clients and send responses. The RADIUS protocol primarily uses a connectionless datagram service as a transport layer between peer nodes. Although a connectionless transport service is used, RADIUS connections allow a simple adaptation of the Diameter connection oriented feature set for use with RADIUS. A RADIUS connection is defined as the tuple consisting of a client IP address, a server IP address and a server destination port. Because of the connectionless client-server model, a DSR RADIUS connection is transactionally uni-directional, meaning that DSR can either send or receive RADIUS transactions on a RADIUS connection, but not do both. In this regard, from DSR's perspective, RADIUS connections are configured as either client or server.
  • RADIUS Client Connection - A RADIUS connection used by DSR for sending RADIUS Requests and receiving RADIUS Response to/from a RADIUS server node. RCL never forwards RADIUS Requests received from a RADIUS Client Connection.
  • RADIUS Server Connection - A RADIUS connection used by DSR for receiving RADIUS Requests and forwarding RADIUS Responses from/to a RADIUS client node. RCL never forwards RADIUS Requests to a RADIUS Server Connection.

RADIUS supports up to 256 outstanding transactions per source IP address and port, owing to the 8-bit Identifier field in the RADIUS header. RADIUS clients that need to send more than 256 outstanding requests typically use more than one source port. DSR does not validate or enforce the source port number for RADIUS requests received from clients. DSR supports the notion of a configurable source port range which is used when forwarding RADIUS requests to a peer.

A DSR RADIUS Server Connection is the association of:
  • Source/RADIUS Client's IP Address
  • Destination/DSR's IP Address
  • Destination/DSR's Port Number
In contrast, a DSR RADIUS Client connection is an association of:
  • Source/DSR's IP Address
  • Destination/RADIUS Server's IP Address
  • Destination/RADIUS Server's Port Number

A port number is configured on DSR to serve as the destination of Requests that are sent by RADIUS clients to DSR. Note that the same DSR (IP address and) port number can be used to configure multiple RADIUS server connections, as long as the clients IP address is unique for each RADIUS server connection.