Matching of radius request and response packets during high traffic volume
First Claim
1. A method for matching a RADIUS response packet with a corresponding RADIUS request packet from one or more RADIUS request packets, the packets all having identifier fields and authenticator fields, including:
- comparing the identifier field of the RADIUS response packet to the identifier field of one of the RADIUS request packets;
comparing the authenticator field of the RADIUS response packet to the authenticator field of said one of the RADIUS request packets, if the identifier field of the RADIUS response packet and the identifier field of said one of the RADIUS request packets match; and
repeating said comparing the identifier field and said comparing the authenticator field with an uncompared RADIUS request packet, if either the identifier field of the RADIUS response packet and the identifier field of said one of the RADIUS request packets don'"'"'t match, or the authenticator field of the RADIUS response packet and the authenticator field of said one of the RADIUS request packets don'"'"'t match.
1 Assignment
0 Petitions
Accused Products
Abstract
A solution for matching RADIUS request packets with corresponding RADIUS response packets when the number of simultaneous outstanding requests is greater than 256 involves using a sixteen-octet authenticator field in each packet. For each response packet that arrives, the identifier of the packet is compared in turn with the identifier of each outstanding request packet. If the identifiers match, the authenticators are then compared. If the results of the comparison indicate a match, the packet is accepted and no further processing of the outstanding requests is required. Otherwise, a search of the outstanding request packets is continued. This solution allows for more than 256 simultaneous outstanding RADIUS requests and only encounters a mismatch or ambiguous match with a probability of one in 3.4×1038 packets.
-
Citations
17 Claims
-
1. A method for matching a RADIUS response packet with a corresponding RADIUS request packet from one or more RADIUS request packets, the packets all having identifier fields and authenticator fields, including:
-
comparing the identifier field of the RADIUS response packet to the identifier field of one of the RADIUS request packets; comparing the authenticator field of the RADIUS response packet to the authenticator field of said one of the RADIUS request packets, if the identifier field of the RADIUS response packet and the identifier field of said one of the RADIUS request packets match; and repeating said comparing the identifier field and said comparing the authenticator field with an uncompared RADIUS request packet, if either the identifier field of the RADIUS response packet and the identifier field of said one of the RADIUS request packets don'"'"'t match, or the authenticator field of the RADIUS response packet and the authenticator field of said one of the RADIUS request packets don'"'"'t match. - View Dependent Claims (2, 3)
-
-
4. A method for matching an access response packet with a corresponding access request packet from one or more access request packets, the packets all having identifier fields and authenticator fields, including:
-
comparing the identifier field of the access response packet to the identifier field of one of the access request packets; comparing the authenticator field of the access response packet to the authenticator field of said one of the access request packets, if the identifier field of the access response packet and the identifier field of said one of the access request packets match; and repeating said comparing the identifier field and said comparing the authenticator field with an uncompared access request packet, if either the identifier field of the access response packet and the identifier field of said one of the access request packets don'"'"'t match, or the authenticator field of the access response packet and the authenticator field of said one of the access request packets don'"'"'t match. - View Dependent Claims (5)
-
-
6. A method for matching an accounting response packet with a corresponding accounting request packet from one or more accounting request packets, the packets all having identifier fields and authenticator fields, including:
-
comparing the identifier field of the accounting response packet to the identifier field of one of the accounting request packets; comparing the authenticator field of the accounting response packet to the authenticator field of said one of the accounting request packets, if the identifier field of the accounting response packet and the identifier field of said one of the accounting request packets match; and repeating said comparing the identifier field and said comparing the authenticator field with an uncompared accounting request packet, if either the identifier field of the accounting response packet and the identifier field of said one of the accounting request packets don'"'"'t match, or the authenticator field of the accounting response packet and the authenticator field of said one of the accounting request packets don'"'"'t match. - View Dependent Claims (7)
-
-
8. An apparatus for matching a RADIUS response packet with a corresponding RADIUS request packet from one or more RADIUS request packets, the packets all having identifier fields and authenticator fields, the apparatus including:
-
means for comparing the identifier field of the RADIUS response packet to the identifier field of one of the RADIUS request packets; means for comparing the authenticator field of the RADIUS response packet to the authenticator field of said one of the RADIUS request packets, if the identifier field of the RADIUS response packet and the identifier field of said one of the RADIUS request packets match; and means for repeating said comparing the identifier field and said comparing the authenticator field with an uncompared RADIUS request packet, if either the identifier field of the RADIUS response packet and the identifier field of said one of the RADIUS request packets don'"'"'t match, or the authenticator field of the RADIUS response packet and the authenticator field of said one of the RADIUS request packets don'"'"'t match. - View Dependent Claims (9, 10)
-
-
11. An apparatus for matching an access response packet with a corresponding access request packet from one or more access request packets, the packets all having identifier fields and authenticator fields, the apparatus including:
-
means for comparing the identifier field of the access response packet to the identifier field of one of the access request packets; means for comparing the authenticator field of the access response packet to the authenticator field of said one of the access request packets, if the identifier field of the access response packet and the identifier field of said one of the access request packets match; and means for repeating said comparing the identifier field and said comparing the authenticator field with an uncompared access request packet, if either the identifier field of the access response packet and the identifier field of said one of the access request packets don'"'"'t match, or the authenticator field of the access response packet and the authenticator field of said one of the access request packets don'"'"'t match. - View Dependent Claims (12)
-
-
13. An apparatus for matching an accounting response packet with a corresponding accounting request packet from one or more accounting request packets, the packets all having identifier fields and authenticator fields, the apparatus including:
-
means for comparing the identifier field of the accounting response packet to the identifier field of one of the accounting request packets; means for comparing the authenticator field of the accounting response packet to the authenticator field of said one of the accounting request packets, if the identifier field of the accounting response packet and the identifier field of said one of the accounting request packets match; and means for repeating said comparing the identifier field and said comparing the authenticator field with an uncompared accounting request packet, if either the identifier field of the accounting response packet and the identifier field of said one of the accounting request packets don'"'"'t match, or the authenticator field of the accounting response packet and the authenticator field of said one of the accounting request packets don'"'"'t match. - View Dependent Claims (14)
-
-
15. A program storage device readable by a machine, tangibly embodying a program of instructions executable by the machine for matching a RADIUS response packet with a corresponding RADIUS request packet from one or more RADIUS request packets, the packets all having identifier fields and authenticator fields, the method including:
-
comparing the identifier field of the RADIUS response packet to the identifier field of one of the RADIUS request packets; comparing the authenticator field of the RADIUS response packet to the authenticator field of said one of the RADIUS request packets, if the identifier field of the RADIUS response packet and the identifier field of said one of the RADIUS request packets match; and repeating said comparing the identifier field and said comparing the authenticator field with an uncompared RADIUS request packet, if either the identifier field of the RADIUS response packet and the identifier field of said one of the RADIUS request packets don'"'"'t match, or the authenticator field of the RADIUS response packet and the authenticator field of said one of the RADIUS request packets don'"'"'t match.
-
-
16. A program storage device readable by a machine, tangibly embodying a program of instructions executable by the machine for matching an access response packet with a corresponding access request packet from one or more access request packets, the packets all having identifier fields and authenticator fields, and a variable n initially set to 1, the method including:
-
comparing the identifier field of the access response packet to the identifier field of one of the access request packets; comparing the authenticator field of the access response packet to the authenticator field of said one of the access request packets, if the identifier field of the access response packet and the identifier field of said one of the access request packets match; and repeating said comparing the identifier field and said comparing the authenticator field with an uncompared access request packet, if either the identifier field of the access response packet and the identifier field of said one of the access request packets don'"'"'t match, or the authenticator field of the access response packet and the authenticator field of said one of the access request packets don'"'"'t match.
-
-
17. A program storage device readable by a machine, tangibly embodying a program of instructions executable by the machine for matching an accounting response packet with a corresponding accounting request packet from one or more accounting request packets, the packets all having identifier fields and authenticator fields, the method including:
-
comparing the identifier field of the accounting response packet to the identifier field of one of the accounting request packets; comparing the authenticator field of the accounting response packet to the authenticator field of said one of the accounting request packets, if the identifier field of the accounting response packet and the identifier field of said one of the accounting request packets match; and repeating said comparing the identifier field and said comparing the authenticator field with an uncompared accounting request packet, if either the identifier field of the accounting response packet and the identifier field of said one of the accounting request packets don'"'"'t match, or the authenticator field of the accounting response packet and the authenticator field of said one of the accounting request packets don'"'"'t match.
-
Specification