History of the RADIUS Server
John Vollbrecht, the founder of Interlink Networks, was a central figure in how the RADIUS protocol came into existence, became a de-facto standard, and eventually a recognized IETF standard. The following is his account of how the RADIUS protocol and the RADIUS Server came to be.
Pioneering the RADIUS Server at Merit Network
From 1988 until the founding of Interlink Networks in 2000, I worked at Merit Network, Inc., a nonprofit corporation hosted at the University of Michigan and charged with promoting computer networking in Michigan. Merit was a pioneer in national and international networking and is highly respected for its Internet expertise. Formed in 1966 to interconnect computers at three Michigan universities, Merit played a vital role in building today's Internet. Merit developed and deployed its own network, roughly based on the ARPAnet protocols, initially connecting mainframe computers at the University of Michigan, Michigan State University and Wayne State University. By 1990, it had grown to interconnect most colleges and universities in Michigan, and had added support for distributed dial-in access. With distributed dial-in access, a Michigan State user could dial into modems at the University of Michigan and log on to the Michigan State host.
In 1987, Merit bid on and was awarded the contract to run the NSFnet by the National Science Foundation. The NSFnet was the backbone for the national Internet and from 1987 until the commercialization of the NSFnet in 1995 Merit was very involved with growing and supporting the Internet. Internally at Merit there were two operational groups, NSFnet group focusing on national networking and MichNet group focusing on statewide networking. (Merit’s MichNet service is the largest ISP in Michigan; MichNet has over 200 POPs and 10,000 modem ports and places 95% of Michigan's residents within a local call of the Internet.)
NSFnet started as an IP based network but MichNet had to convert from its proprietary protocol to IP. One of the requirements for MichNet to transition to IP was to replace the proprietary dial-in servers with standard dial servers provided by commercial vendors. A major requirement of any solution was to provide a way to support Merit’s distributed dial-in service. We wanted to continue to allow the Michigan State user to dial in to a University of Michigan modem and vice versa.
In 1991, we started a process to select a vendor for dial servers. As manager of the MichNet Engineering group, I drafted an RFI for Merit’s dial in support needs and solicited responses from seven or eight vendors, several of which were young start-ups. The requirement to provide distributed dial-in services was a stumbling block for many respondents. Only one vendor that Merit talked with at the time had a remote authentication protocol (Xylogic’s Access Control Protocol).
Several months after distributing the RFI, Steve Willens from a company called Livingston called me and asked what Merit thought of their proposal. Livingston’s response to the RFI was a description of a RADIUS Server. We thought the solution fit our needs and awarded the contract to Livingston. Livingston implemented the prototype RADIUS client in their “Portmaster” dial-in server product and created a simple RADIUS server software to support it.
We bought and installed Livingston Portmasters and RADIUS server software (which Livingston included for free with the Portmaster hardware) in MichNet. My team extended Livingston’s RADIUS server to support additional features such as proxying for distributed authentication and support for MichNet’s unique shared dial-in services. Within a year we had developed a totally rewritten RADIUS server—the Merit RADIUS Server. The Merit RADIUS Server and its successors (now Interlink Networks’ RAD-Series RADIUS Server) has been used in hundreds of thousands of networks across the world, securing not only dial-up, but wireless and mobile networks as well.
Moving the RADIUS Server into the Standards Arena
In the Fall of 1992, a NAS requirements (NASREQ) working group was formed in the IETF (Internet Engineering Task Force). Al Rubens, also with Merit, and I became co-chairs of the group. At the April 1994 IETF, Steve Willens and Carl Rigney (also with Livingston) submitted the RADIUS protocol as an Internet Draft to the NASREQ working group. They offered open access to the RADIUS server source code developed by Livingston. The Livingston RADIUS Server code became the basis for many subsequent RADIUS server implementations.
There was a fair amount of discussion at the IETF about whether RADIUS was appropriate as a standard. There were concerns about security and about whether this was even an appropriate protocol to be dealt with by IETF. Even with these concerns, after the RADIUS protocol became available as an Internet Draft almost every NAS vendor implemented it. RADIUS support became a de-facto requirement for a NAS selling into the ISP market. Eventually, pressure from vendors and users for what became known as a AAA (authentication, authorization, accounting—the basic functions of RADIUS) standard, became strong enough that in December 1995 a RADIUS working group was established in the IETF. The group’s charter was limited to documenting and “cleaning in the IETF. The group’s charter was limited to documenting and “cleaning up” the existing RADIUS protocol draft, with no new features or protocol changes.
The initial RADIUS RFC (2039) was issued in January 1997. The current standard RADIUS RFC (2865) was issued in June of 2000. (When the IETF updates a standard it issues an RFC with a new number and notes that the old RFC has been “superseded”.) In addition to the standard RFC, a RADIUS accounting specification was also documented in an “informational” (not standard) RFC, and in June 2000 a RADIUS Extensions Informational RFC was also written to document additional features beyond what is in the official standard RFC. Since 1997 RADIUS has been an accepted IETF standard. The IETF RADIUS RFC, along with the RADIUS accounting and RADIUS extensions RFCs, have become the official standards for RADIUS implementers.
The Future of RADIUS
The RADIUS protocol story does not end there, however. Diameter, a protocol whose beginnings were in unofficial meetings shortly after the RADIUS protocol working group was created, was initially intended to be a cleaned up version of RADIUS. The first suggestion was to call it RADIUS v2, but that was not allowed by the IETF because RADIUS v1 was still in the process of being ratified. The new protocol ended up being called Diameter (twice as good as RADIUS) and is now an IETF Standard RFC (3588).
At the same time, RADIUS protocol development didn’t stop with in IETF. Numerous extensions have been added to RADIUS with additional RFCs that have extended the RADIUS protocol beyond dial-up to support all forms of network authentication, authorization and accounting. These extensions removed many of the original motivations for the creation of Diameter and have blunted much of its commercial progress. Today, RADIUS is the de-facto standard for dial-up, DSL, wireless and mobile networks, and is the typical implementation used to support 802.1X access control management.
From the Merit RADIUS Server to Interlink Networks RAD-Series RADIUS Server
In July 2000, Merit Networks spun out its RADIUS Server technology to form Interlink Networks. Interlink continues with the traditions of the Merit RADIUS server, offering one of the most powerful, robust and scalable RADIUS server software solutions on the market. The RAD-Series RADIUS Server is used by some of the largest carriers and ISPs in the world, and is licensed by OEMs like HP and Siemens to address the high performance requirements of their customers.
The RAD-Series RADIUS Server offers a unique set of extensibility tools which make it easy to extend the software to meet the most unique, rigorous, and demanding applications. To learn more about Interlink Networks and the RAD-Series RADIUS Server, click here: RAD-Series RADIUS Server.