Multiplex communications – Communication techniques for information carried in plural... – Address transmitted
Reexamination Certificate
2000-08-31
2004-08-03
Marcelo, Melvin (Department: 2663)
Multiplex communications
Communication techniques for information carried in plural...
Address transmitted
C709S217000
Reexamination Certificate
active
06771665
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to the field of network communications. More specifically, the present invention relates to matching of RADIUS request packets with corresponding RADIUS response packets.
2. The Background
Remote Authentication Dial In User Service (RADIUS) is a protocol for carrying authentication, authorization, and configuration information between a Network Access Server (NAS) and a shared Authentication Server in a computer network. Once a client is configured to use RADIUS, users of the client may present authentication data to the client, such as by using a username and password prompt. When the client has received the authentication data, it may desire to authenticate using RADIUS. In doing so, it must create a RADIUS “Access-Request” packet containing the authentication data and additional information, such as the port ID the user is accessing.
The RADIUS “Access-Request” Packet may then be transmitted over the network to a RADIUS server, which validates the sending client. If the client is valid, the RADIUS server consults a user database to find the user whose name matches the request. A corresponding record in the database contains information regarding how much access the user may have and what requirements must be fulfilled before access is granted. The RADIUS server may then compare the authentication data received via the RADIUS “access-request” packet with this record to determine if the user is authenticated. It may then send an “Access-Accept”, “Access-Reject”, or “Access-Challenge” response packet back to the client. A similar process may be invoked for accounting requests.
The RADIUS protocol provides for a one-octet identifier in request and response packets. A value is assigned to the identifier when an “access-request” packet is sent. The RADIUS server then takes this identifier and copies it into whatever response packet is sent, ensuring that corresponding request and response packets have the same identifier and thus may be matched up by the client when the response packet is received.
However, when traffic is heavy, it is possible to have more than two hundred and fifty-six outstanding simultaneous request packets from a single client. Since a one-octet identifier only allows for two hundred and fifty-six unique identifiers, this creates a problem when traffic is heavy.
One solution is to alter the User Datagram Protocol (UDP) source port used for the packets when more than two hundred and fifty-six RADIUS request packets are outstanding. The client may then match both the UDP port and the identifier to correspond RADIUS requests and response packets. Unfortunately, many companies have designed their network hardware to utilize a fixed UDP port. Furthermore, these different companies often use different fixed ports. Thus, using the UDP port as a solution is not effective.
What is needed is a solution which provides for matching RADIUS request packets with corresponding RADIUS response packets when traffic is heavy enough to require more than two hundred and fifty-six simultaneous outstanding RADIUS request packets.
SUMMARY OF THE INVENTION
A solution for matching RADIUS request packets with corresponding RADIUS response packets when the number of simultaneous outstanding requests is greater than 256 involves using a sixteen-octet authenticator field in each packet. For each response packet that arrives, the identifier of the packet is compared in turn with the identifier of each outstanding request packet. If the identifiers match, the authenticators are then compared. If the results of the comparison indicate a match, the packet is accepted and no further processing of the outstanding requests is required. Otherwise, a search of the outstanding request packets is continued. This solution allows for more than 256 simultaneous outstanding RADIUS requests and only encounters a mismatch or ambiguous match with a probability of one in 3.4×10
38
packets.
REFERENCES:
patent: 4439763 (1984-03-01), Limb
patent: 4506358 (1985-03-01), Montgomery
patent: 4532626 (1985-07-01), Flores et al.
patent: 4769810 (1988-09-01), Eckberg, Jr. et al.
patent: 4769811 (1988-09-01), Eckberg, Jr. et al.
patent: 4922486 (1990-05-01), Lidinsky et al.
patent: 5014265 (1991-05-01), Hahne et al.
patent: 5241594 (1993-08-01), Kung
patent: 5280470 (1994-01-01), Buhrke et al.
patent: 5303237 (1994-04-01), Bergman et al.
patent: 5313454 (1994-05-01), Bustini et al.
patent: 5359592 (1994-10-01), Corbalis et al.
patent: 5430715 (1995-07-01), Corbalis et al.
patent: 5473607 (1995-12-01), Hausman et al.
patent: 5485455 (1996-01-01), Dobbins et al.
patent: 5655077 (1997-08-01), Jones et al.
patent: 5671354 (1997-09-01), Ito et al.
patent: 5684950 (1997-11-01), Dare et al.
patent: 5715394 (1998-02-01), Jabs
patent: 5802047 (1998-09-01), Kinoshita
patent: 5812529 (1998-09-01), Czarnik et al.
patent: 5815665 (1998-09-01), Teper et al.
patent: 5835727 (1998-11-01), Wong et al.
patent: 5898780 (1999-04-01), Liu et al.
patent: 5922051 (1999-07-01), Sidey
patent: 5944824 (1999-08-01), He
patent: 5987232 (1999-11-01), Tabuki
patent: 5991810 (1999-11-01), Shapiro et al.
patent: 6011910 (2000-01-01), Chau et al.
patent: 6021496 (2000-02-01), Dutcher et al.
patent: 6047376 (2000-04-01), Hosoe
patent: 6092196 (2000-07-01), Reiche
patent: 6119160 (2000-09-01), Zhang et al.
patent: 6141687 (2000-10-01), Blair
patent: 2002/0012339 (2002-01-01), Wenzel et al.
patent: 2002/0026573 (2002-02-01), Park
patent: 99/53408 (1999-10-01), None
Rigney, et al., “Remote Authentication Dial In User Service (RADIUS)”, Apr. 1997, Network Working Group, RFC 2138, pp. 1-57.
Carrel, D. et al. The TACACS+ Protocol, Version 1.78, Cisco Systems, Inc., printed from ftp://ftp-eng.cisco.com/gdweber/tac-rfc.1.78.txt on Oct. 23, 2000.
Eklund Mark
Reed Scott K.
Rich Steven J.
Sargent Robert
Weber Gregory
Cisco Technology Inc.
Hanish Marc S.
Marcelo Melvin
Thelen Reid & Priest LLP
LandOfFree
Matching of RADIUS request and response packets during high... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Matching of RADIUS request and response packets during high..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Matching of RADIUS request and response packets during high... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3349990