Maximum packet size for radius
https://stackoverflow.com/questions/4211803
-
25-09-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
Does RADIUS have a maximum packet size? One of my applications will require a signed biometric image to be sent for authentication purposes and I am unsure of whether radius will be able to handle it.
Solution
You can pass this information in the authenticator section wich is 16 octets (65k) long.
OTHER TIPS
According to RFC 2865 that details the RADIUS protocol, although the Radius packet length field is 2 octets long, the maximum packet size is restricted to 4096 bytes (someone else may be able to clarify the reason for this). The length field per attribute is 1 octet and therefore attributes are limited to 255 bytes.
RFC7499 allows for large packets based on fragment reassembly, that is concatenating the contents of multiple RADIUS packets.
and states the rationale for the original limit as being:
to avoid UDP fragmentation as much as possible. Back then, a size of 4096 bytes seemed large enough for any purpose. Now, new scenarios are emerging that require the exchange of authorization information exceeding this 4096-byte limit.
The new limit isn't absolute. RFC7499 suggests that 25 roundtrips should be the maximum, and that packets should be limited to the network PMTU.
