One document matched: draft-yeh-radext-dual-stack-access-00.txt
Radext Working Group L. Yeh, Ed.
Internet-Draft T. Tsou
Intended status: Standards Track Huawei Technologies
Expires: September 8, 2011 March 7, 2011
RADIUS Attributes for Dual Stack Access
draft-yeh-radext-dual-stack-access-00
Abstract
This document specifies the RADIUS attributes for IPv4 and IPv6 dual
stack access, which are intended to be used in the AAA processes for
the transfer of user's configuration from AAA server to NAS and
traffic statistics reporting from NAS to AAA server. The new
attributes cover a specified user type for NAS to allocate the proper
resource and employ the right mechanism for the users; and a batch of
IPv4 and IPv6 traffic statistics for the differentiated accounting
policies on the AAA server.
Status of this Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 8, 2011.
Copyright Notice
Copyright (c) 2011 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
Yeh & Tsou Expires September 8, 2011 [Page 1]
Internet-Draft RADIUS Dual Stack March 2011
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Terminology and Language . . . . . . . . . . . . . . . . . . . 4
3. Scenario . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
4. Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . 4
4.1. User-Type . . . . . . . . . . . . . . . . . . . . . . . . 4
4.2. Traffic Statistics Attributes . . . . . . . . . . . . . . 7
5. Table of Attributes . . . . . . . . . . . . . . . . . . . . . 8
6. Security Considerations . . . . . . . . . . . . . . . . . . . 9
7. Security Considerations . . . . . . . . . . . . . . . . . . . 9
8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 9
9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 10
9.1. Normative References . . . . . . . . . . . . . . . . . . . 10
9.2. Informative References . . . . . . . . . . . . . . . . . . 10
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 11
Yeh & Tsou Expires September 8, 2011 [Page 2]
Internet-Draft RADIUS Dual Stack March 2011
1. Introduction
IP sessions got from PPPoE can be either dual-stack IPv4/IPv6
session, IPv6-only, or the legacy IPv4-only session. Alternatively,
IP session can also be obtained from IPoE. The user in the IP
session could be a host or a customer router. In the IPv6 relevant
part of the session, the customer router (CE-Customer Equipment
Router) usually employ DHCPv6-PD to get the delegated prefix for the
customer network, while its WAN (NAS-facing) interface could be
either numbered or unnumbered (Section 2.3, [BBF TR-177]). The WAN
interface of the numbered customer router can either employ SLAAC to
get the prefix for the interface or employ DHCPv6 to get the 128bits
IPv6 address for interface, which acts as the same as the user of
IPv6 host.
There are at least the following types of users that the NAS and the
AAA server is serveed for:
IPv4-only - Host
IPv6-only - Host(Numbered by SLAAC)
IPv6-only - Host(Numbered by DHCPv6)
IPv6-only - Customer Router(Unnumbered)
IPv6-only - Customer Router(Numbered by SLAAC)
IPv6-only - Customer Router(Numbered by DHCPv6)
Dual stack - IPv4 Host + IPv6 Host(Numbered by SLAAC)
Dual stack - IPv4 Host + IPv6 Host(Numbered by DHCPv6)
Dual stack - IPv4 Host + IPv6 Customer Router(Unnumbered)
Dual stack - IPv4 Host + IPv6 Customer Router(Numbered by SLAAC)
Dual stack - IPv4 Host + IPv6 Customer Router(Numbered by DHCPv6)
The different type of users need the NAS (Network Access Server, PE-
Provider Edge Router or BNG-Broadband Network Gateway) employ
different mechanism and allocate different resource for the
associated processes. The addresses assigned and the prefixes
delegated to the customer hosts or routers can not only get from the
AAA server through attributes in the Access-Accept packets, but also
can get dynamically from the local address pool or prefix pool on the
NAS. That means a new attribute is required here for the right
indication of the configuration and proper reporting between the AAA
server and the NAS, which acts as a RADIUS client.
IP sessions got either from PPPoE or from IPoE can support dual-stack
users. It is desired to support either common or separate queues on
NAS for the IPv4 or IPv6 traffic from the users, while the QoS
policies for the IPv4 or IPv6 traffic can be differentiated .
Meanwhile, the NAS is required to support octets counters and packets
counters for the combined or the separated IPv4 or IPv6 traffic
(section 9.4, [BBF TR-187]). After these traffic statistics is
Yeh & Tsou Expires September 8, 2011 [Page 3]
Internet-Draft RADIUS Dual Stack March 2011
reported to the accounting server through RADIUS, the accounting
policies for the IPv4 or IPv6 traffic can be differentiated. Per the
section 9.4 of BBF TR-187, the attributes of Acct-Input-Octets, Acct-
Output-Octets, Acct-Input-Packets, Acct-Output-Packets are
recommended to use for the combination traffic. A batch of new
RADIUS accounting attributes is required here to report the separated
IPv4 or IPv6 traffic statistics to the Accounting Server.
2. Terminology and Language
This document describes some new RADIUS attributes and the associated
usage on NAS and AAA server. This document should be read in
conjunction with the relevant RADIUS specifications, including
[RFC2865], [RFC2866], [RFC2869], [RFC3162] and [RFC4818] for a
complete mechanism. Definitions for terms and acronyms not
specifically defined in this document are defined in RFC2865,
RFC2866, RFC2869, RFC3162 and RFC4818.
The keywords MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD,
SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL, when they appear in this
document, are to be interpreted as described in BCP 14, [RFC2119].
3. Scenario
To be added in the next version...
4. Attributes
The fields shown in the diagrams below are transmitted from left to
right.
4.1. User-Type
Description
The traffic statistics attributes, including Acct-Input-IPv4-
Octets, Acct-Output-IPv4-Octets, Acct-Input-IPv4-Packets, Acct-
Output-IPv4-Packets, Acct-Input-IPv4-Gigawords and Acct-Output-
IPv4-Gigawords, Acct-Input-IPv6-Octets, Acct-Output-IPv6-Octets,
Acct-Input-IPv6-Packets, Acct-Output-IPv6-Packets, Acct-Input-
IPv6-Gigawords and Acct-Output-IPv6-Gigawords, indicate how many
octets or packets of IPv4 or IPv6 received from the user or sent
to the user from the starting of this service provided, and can be
present in Accounting-Request records while the Acct-Status-Type
is set to Interim-Update or Stop.
Yeh & Tsou Expires September 8, 2011 [Page 4]
Internet-Draft RADIUS Dual Stack March 2011
The format of the User-Tye is:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Value |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Value (cont.) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
TTBA1 (by IANA)
Length
6
Value
The Value field is 4 octets.
When PPPoE is used for the access method, the type of user get the
following 'Value':
1 IPv4-only Host
2 IPv6-only Host(Numbered by SLAAC)
3 IPv6-only Host(Numbered by DHCPv6)
4 IPv6-only Customer Router(Unnumbered)
5 IPv6-only Customer Router(Numbered by SLAAC)
6 IPv6-only Customer Router(Numbered by DHCPv6)
7 Dual stack - IPv4 Host + IPv6 Host(Numbered by SLAAC)
8 Dual stack - IPv4 Host + IPv6 Host(Numbered by DHCPv6)
9 Dual stack - IPv4 Host + IPv6 Customer Router(Unnumbered)
10 Dual stack - IPv4 Host + IPv6 Customer Router(Numbered by SLAAC)
11 Dual stack - IPv4 Host + IPv6 Customer Router(Numbered by DHCPv6)
When IPoE is used for the access method, the type of user gets the
following 'Value':
Yeh & Tsou Expires September 8, 2011 [Page 5]
Internet-Draft RADIUS Dual Stack March 2011
17 IPv4-only Host
18 IPv6-only Host(Numbered by SLAAC)
19 IPv6-only Host(Numbered by DHCPv6)
20 IPv6-only Customer Router(Unnumbered)
21 IPv6-only Customer Router(Numbered by SLAAC)
22 IPv6-only Customer Router(Numbered by DHCPv6)
23 Dual stack - IPv4 Host + IPv6 Host(Numbered by SLAAC)
24 Dual stack - IPv4 Host + IPv6 Host(Numbered by DHCPv6)
25 Dual stack - IPv4 Host + IPv6 Customer Router(Unnumbered)
26 Dual stack - IPv4 Host + IPv6 Customer Router(Numbered by SLAAC)
27 Dual stack - IPv4 Host + IPv6 Customer Router(Numbered by DHCPv6)
For the user type of IPv4-only Host, NAS needs to report Framed-IP-
Address in the accounting-request packets for the assigned IPv4
address; For the user type of IPv6-only Host(Numbered by SLAAC), NAS
needs to report Framed-IPv6-Prefix in the accounting-request packets
for the assigned IPv6 prefix; For the user type of IPv6-only
Host(Numbered by DHCPv6), NAS needs to report Framed-IPv6-address in
the accounting-request packets for the assigned IPv6 address; For the
user type of IPv6-only Customer Router(Unnumbered), NAS needs to
report Delegated-IPv6-Prefix in the accounting-request packets for
the assigned IPv6 prefix; For the user type of IPv6-only Customer
Router(Numbered by SLAAC), NAS needs to report Framed-IPv6-Prefix and
Delegated-IPv6-Prefix in the accounting-request packets for the
assigned IPv6 prefixes against the WAN interface and the customer
network of the customer router; For the user type of IPv6-only
Customer Router(Numbered by DHCPv6), NAS needs to report Framed-IPv6-
address and Delegated-IPv6-Prefix in the accounting-request packets
for the assigned IPv6 address of the WAN interface of the customer
router and the assigned IPv6 prefix of the customer network; For the
user type of Dual-Stack including IPv4 Host and IPv6 Host(Numbered by
SLAAC), NAS needs to report Framed-IP-Address and Framed-IPv6-Prefix
in the accounting-request packets; For the user type of Dual-Stack
including IPv4 Host and IPv6 Host(Numbered by DHCPv6), NAS needs to
report Framed-IP-Address and Framed-IPv6-address in the accounting-
request packets; For the user type of Dual-Stack including IPv4 Host
and IPv6 Customer Router(Unnumbered), NAS needs to report Framed-IP-
Address and Delegated-IPv6-Prefix in the accounting-request packets;
For the user type of Dual-Stack including IPv4 Host and IPv6 Customer
Router(Numbered by SLAAC), NAS needs to report Framed-IP-Address,
Framed-IPv6-Prefix and Delegated-IPv6-Prefix in the accounting-
request packets; For the user type of Dual-Stack including IPv4 Host
and IPv6 Customer Router(Numbered by DHCPv6), NAS needs to report
Framed-IP-Address, Framed-IPv6-address and Delegated-IPv6-Prefix in
the accounting-request packets.
Yeh & Tsou Expires September 8, 2011 [Page 6]
Internet-Draft RADIUS Dual Stack March 2011
4.2. Traffic Statistics Attributes
Description
The traffic statistics attributes, including Acct-Input-IPv4-
Octets, Acct-Output-IPv4-Octets, Acct-Input-IPv4-Packets, Acct-
Output-IPv4-Packets, Acct-Input-IPv4-Gigawords and Acct-Output-
IPv4-Gigawords, Acct-Input-IPv6-Octets, Acct-Output-IPv6-Octets,
Acct-Input-IPv6-Packets, Acct-Output-IPv6-Packets, Acct-Input-
IPv6-Gigawords and Acct-Output-IPv6-Gigawords, indicate how many
octets or packets of IPv4 or IPv6 received from the user or sent
to the user from the starting of this service provided, and can be
present in Accounting-Request records while the Acct-Status-Type
is set to Interim-Update or Stop.
A summary of the Traffic Statistics attributes format is shown
below.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Value |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Value (cont.) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
TTBAn (by IANA)
For the attribute of Acct-Input-IPv4-Octets, NAS report how many
Octets of IPv4 traffic received from the user in the accounting-
request packets from the starting of the service authorized. For
the attribute of Acct-Output-IPv4-Octets, NAS report how many
Octets of IPv4 traffic sent to the user in the accounting-request
packets from the starting of the service authorized. For the
attribute of Acct-Input-IPv4-Packets, NAS report how many packets
of IPv4 traffic received from the user in the accounting-request
packets from the starting of the service authorized. For the
attribute of Acct-Output-IPv4-Packets, NAS report how many packets
of IPv4 traffic sent to the user in the accounting-request packets
from the starting of the service authorized. For the attribute of
Acct-Input-IPv4-Gigawords, NAS report how many Gigawords of IPv4
traffic received from the user in the accounting-request packets
from the starting of the service authorized. For the attribute of
Acct-Output-IPv4-Gigawords, NAS report how many Gigawords of IPv4
traffic sent to the user in the accounting-request packets from
Yeh & Tsou Expires September 8, 2011 [Page 7]
Internet-Draft RADIUS Dual Stack March 2011
the starting of the service authorized. For the attribute of
Acct-Input-IPv6-Octets, NAS report how many Octets of IPv6 traffic
received from the user in the accounting-request packets from the
starting of the service authorized. For the attribute of Acct-
Output-IPv6-Octets, NAS report how many Octets of IPv6 traffic
sent to the user in the accounting-request packets from the
starting of the service authorized. For the attribute of Acct-
Input-IPv6-Packets, NAS report how many packets of IPv6 traffic
received from the user in the accounting-request packets from the
starting of the service authorized. For the attribute of Acct-
Output-IPv6-Packets, NAS report how many packets of IPv6 traffic
sent to the user in the accounting-request packets from the
starting of the service authorized. For the attribute of Acct-
Input-IPv6-Gigawords, NAS report how many Gigawords of IPv6
traffic received from the user in the accounting-request packets
from the starting of the service authorized. For the attribute of
Acct-Output-IPv6-Gigawords, NAS report how many Gigawords of IPv6
traffic sent to the user in the accounting-request packets from
the starting of the service authorized.
Length
6
Value
The Value field is 4 octets.
5. Table of Attributes
The following table provides a guide to which attributes may be found
in which kinds of packets, and in what quantity.
Req- Acc- Rej- Chall Accounting # Attribute
uest ept ect -enge Request
0-1 0-1 0 0 0-1 TBA1 User-Type
0 0 0 0 0-1 TBA2 Acct-Input-IPv4-Octets
0 0 0 0 0-1 TBA3 Acct-Output-IPv4-Octets
0 0 0 0 0-1 TBA4 Acct-Input-IPv4-Packets
0 0 0 0 0-1 TBA5 Acct-Output-IPv4-Packets
0 0 0 0 0-1 TBA6 Acct-Input-IPv4-Gigawords
0 0 0 0 0-1 TBA7 Acct-Output-IPv4-Gigawords
0 0 0 0 0-1 TBA8 Acct-Input-IPv6-Octets
0 0 0 0 0-1 TBA9 Acct-Output-IPv6-Octets
0 0 0 0 0-1 TBA10 Acct-Input-IPv6-Packets
0 0 0 0 0-1 TBA11 Acct-Output-IPv6-Packets
0 0 0 0 0-1 TBA12 Acct-Input-IPv6-Gigawords
Yeh & Tsou Expires September 8, 2011 [Page 8]
Internet-Draft RADIUS Dual Stack March 2011
0 0 0 0 0-1 TBA13 Acct-Output-IPv6-Gigawords
The meaning of the above table entries is as follows:
0 This attribute MUST NOT be present.
0+ Zero or more instances of this attribute MAY be present.
0-1 Zero or one instance of this attribute MAY be present.
1 Exactly one instance of this attribute MUST be present.
1+ One or more of these attributes MUST be present.
6. Security Considerations
Security issues related RADIUS are described in section 8 of RFC2865
and section 5 of RFC3162.
7. Security Considerations
IANA is requested to assign 13 new Attribute Types code in the
"Radius Types" registry (http://www.iana.org/assignments/radius-types
for the following attributes:
o User-Type
o Acct-Input-IPv4-Octets
o Acct-Output-IPv4-Octets
o Acct-Input-IPv4-Packets
o Acct-Output-IPv4-Packets
o Acct-Input-IPv4-Gigawords
o Acct-Output-IPv4-Gigawords
o Acct-Input-IPv6-Octets
o Acct-Output-IPv6-Octets
o Acct-Input-IPv6-Packets
o Acct-Output-IPv6-Packets
o Acct-Input-IPv6-Gigawords
o Acct-Output-IPv6-Gigawords
IANA should allocate these codes from the standard RADIUS Attributes
space using the "IETF Review" policy [RFC5226].
8. Acknowledgements
TBD
9. References
Yeh & Tsou Expires September 8, 2011 [Page 9]
Internet-Draft RADIUS Dual Stack March 2011
9.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2865] Rigney, C., Willens, S., Rubens, A., and W. Simpson,
"Remote Authentication Dial In User Service (RADIUS)",
RFC 2865, June 2000.
[RFC2866] Rigney, C., "RADIUS Accounting", RFC 2866, June 2000.
[RFC2869] Rigney, C., Willats, W., and P. Calhoun, "RADIUS
Extensions", RFC 2869, June 2000.
[RFC3162] Aboba, B., Zorn, G., and D. Mitton, "RADIUS and IPv6",
RFC 3162, August 2001.
[RFC4241] Shirasaki, Y., Miyakawa, S., Yamasaki, T., and A.
Takenouchi, "A Model of IPv6/IPv4 Dual Stack Internet
Access Service", RFC 4241, December 2005.
[RFC4818] Salowey, J. and R. Droms, "RADIUS Delegated-IPv6-Prefix
Attribute", RFC 4818, April 2007.
[RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an
IANA Considerations Section in RFCs", BCP 26, RFC 5226,
May 2008.
9.2. Informative References
[BBF TR-177]
Broadband Forum, "IPv6 in the context of TR-101, Issue 1",
November 2010.
[BBF TR-187]
Broadband Forum, "IPv6 for PPP Broadband Access, Issue 1",
May 2010.
[draft-hu-v6ops-radius-issues-ipv6-00]
Hu, J., Yan, L., Wang, Q., and J. Qin, "RADIUS issues in
IPv6 deployments", February 2011.
[draft-maglione-radext-ipv6-acct-extensions-01]
Maglione, R., Krishnan, S., Kavanagh, A., Varga, B., and
J. Kaippallimalil, "RADIUS Accounting Extensions for
IPv6", January 2011.
[ietf-radext-ipv6-access-03]
Yeh & Tsou Expires September 8, 2011 [Page 10]
Internet-Draft RADIUS Dual Stack March 2011
Lourdelet, B., Dec, W., Sarikaya, B., Zorn, G., and D.
Miles, "RADIUS attributes for IPv6 Access Networks",
January 2011.
Authors' Addresses
Leaf Y. Yeh (editor)
Huawei Technologies
Area F, Huawei Park, Bantian,
Longgang District, Shenzhen 518129
P.R.China
Phone: +86-755-28971871
Email: leaf.y.yeh@huawei.com
Tina Tsou
Huawei Technologies
Email: tena@huawei.com
Yeh & Tsou Expires September 8, 2011 [Page 11]
| PAFTECH AB 2003-2026 | 2026-04-24 02:58:23 |