RFC 2607 (rfc2607) - Page 2 of 15
Proxy Chaining and Policy Implementation in Roaming
Alternative Format: Original Text Document
RFC 2607 Proxy Chaining and Policy in Roaming June 1999
RADIUS proxy
In order to provide for the routing of RADIUS authentication and
accounting requests, a RADIUS proxy can be employed. To the NAS,
the RADIUS proxy appears to act as a RADIUS server, and to the
RADIUS server, the proxy appears to act as a RADIUS client.
Network Access Identifier
In order to provide for the routing of RADIUS authentication and
accounting requests, the userID field used in PPP (known as the
Network Access Identifier or NAI) and in the subsequent RADIUS
authentication and accounting requests, can contain structure.
This structure provides a means by which the RADIUS proxy will
locate the RADIUS server that is to receive the request. The NAI
is defined in [6].
Roaming relationships
Roaming relationships include relationships between companies and
ISPs, relationships among peer ISPs within a roaming association,
and relationships between an ISP and a roaming consortia.
Together, the set of relationships forming a path between a local
ISP's authentication proxy and the home authentication server is
known as the roaming relationship path.
3. Requirements language
In this document, the key words "MAY", "MUST, "MUST NOT", "optional",
"recommended", "SHOULD", and "SHOULD NOT", are to be interpreted as
described in [5].
4. Introduction
Today, as described in [1], proxy chaining is widely deployed for the
purposes of providing roaming services. In such systems,
authentication/authorization and accounting packets are routed
between a NAS device and a home server through a series of proxies.
Consultation of the home server is required for password-based
authentication, since the home server maintains the password database
and thus it is necessary for the NAS to communicate with the home
authentication server in order to verify the user's identity.
Aboba & Vollbrecht Informational