How does eduroam work ?

RADIUS hierarchy protocol or RadSec Protocol ?

The current implementation of eduroam (RADIUS hierarchy protocol) works very well. However,  due to the growing number of users and organisations around the world certain issues related to timing and reliability of communication started to appear. The goal of RadSec is to resolve these issues and to add some useful features and more flexibility.

 

RADIUS hierarchy protocol RadSec protocol
  • Usage of UDP
    This protocol doesn’t support retry and timeout mechanisms at a high level.
  • Usage of TCP
    The use of this protocol is more reliable        between RADIUS servers.                     Timeout and reliability issues are diminished.                                        
     
  • MTU
    RadSec has a better MTU (maximum transmission unit) discovery and fragmentation management.
  • The RADIUS server hierarchy
    A connection through the RADIUS server hierarchy implies cumulative communication flows and process times between each level of the hierarchy.
     
  • The realm management
    Non-national top level domains, such as .net, .org, .edu, .eu,…, demand realm management.

     

 

 

  • Trust Relationship
    Each RADIUS server must authenticate itself with special server certificates which allow the discovery of the home institution through a DNS query.
     
  • Use of DNS Discovery
    The use of DNS discovery helps to avoid a point to point connection. This way of working removes the cumulative communication flow and process times.
     
  • The realm management
    With DNS discovery, you can configure your own DNS with other domains than the national top level one. This is just a matter of adding SRV and NAPTR records.