One document matched: draft-zorn-dime-radia-gate-00.txt
Network Working Group G. Zorn
Internet-Draft Network Zen
Updates: 4005 (if approved) L. Morand
Intended status: Standards Track Orange Labs
Expires: January 6, 2010 July 5, 2009
The RADIUS-Diameter Gateway (RADIA) Application
draft-zorn-dime-radia-gate-00.txt
Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79. This document may contain material
from IETF Documents or IETF Contributions published or made publicly
available before November 10, 2008. The person(s) controlling the
copyright in some of this material may not have granted the IETF
Trust the right to allow modifications of such material outside the
IETF Standards Process. Without obtaining an adequate license from
the person(s) controlling the copyright in such materials, this
document may not be modified outside the IETF Standards Process, and
derivative works of it may not be created outside the IETF Standards
Process, except to format it for publication as an RFC or to
translate it into languages other than English.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on January 6, 2010.
Copyright Notice
Copyright (c) 2009 IETF Trust and the persons identified as the
document authors. All rights reserved.
Zorn & Morand Expires January 6, 2010 [Page 1]
Internet-Draft RADIA July 2009
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents in effect on the date of
publication of this document (http://trustee.ietf.org/license-info).
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document.
Abstract
This document describes the Diameter RADIUS-Diameter Gateway (RADIA)
Application, which is designed to facillitate the interoperability of
Authentication, Authorization and Accounting (AAA) systems based upon
RADIUS and Diameter.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Requirements Language . . . . . . . . . . . . . . . . . . . . . 3
3. The RADIUS-Diameter Gateway Application . . . . . . . . . . . . 3
3.1. Advertising Application Support . . . . . . . . . . . . . . 3
3.2. Diameter Session Usage . . . . . . . . . . . . . . . . . . 3
3.3. Commands . . . . . . . . . . . . . . . . . . . . . . . . . 4
3.3.1. The RADIA-Request (RDR) Command . . . . . . . . . . . . 4
3.3.2. The RADIA-Answer (RDA) Command . . . . . . . . . . . . 4
3.4. Attribute-Value Pairs . . . . . . . . . . . . . . . . . . . 5
3.4.1. Radius-Message AVP . . . . . . . . . . . . . . . . . . 5
4. Security Considerations . . . . . . . . . . . . . . . . . . . . 5
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 5
5.1. Diameter Application Identifier . . . . . . . . . . . . . . 5
5.2. Diameter Command Codes . . . . . . . . . . . . . . . . . . 5
5.3. Attribute-Value Pairs . . . . . . . . . . . . . . . . . . . 6
6. Normative References . . . . . . . . . . . . . . . . . . . . . 6
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 6
Zorn & Morand Expires January 6, 2010 [Page 2]
Internet-Draft RADIA July 2009
1. Introduction
The Diameter Network Access Server (NASREQ) Application [RFC4005]
specifies methods to deal with various interactions between the
RADIUS [RFC2865] and Diameter [RFC3588] protocols. In particular,
the translation of RADIUS messages and attributes to and from
Diameter commands and Attribute-Value Pairs (AVPs) is described at
some length. However, there is a fundamental and insurmountable
problem with attempting to translate Diameter protocol elements into
RADIUS protocol elements: a single Diameter AVP may be much larger
than an entire RADIUS message. Various workarounds have been
proposed to ameliorate this proble, including limiting the size of
Diameter elements that might require translation into RADIUS and
returning an error upon receipt of an untranslatable AVP. The former
approach uneccessarily limits the utility of, for example, the NASREQ
application in pure Diameter deployments while the latter can result
in the denial of service to otherwise legitimate users.
This document describes a simple method to solve the problems of
interaction between RADIUS and Diameter by taking advantage of the
fact thata RADIUS message can fit into a single Diameter AVP.
2. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119].
3. The RADIUS-Diameter Gateway Application
The following sections define the syntax, semantics and usage of the
RADIA application.
3.1. Advertising Application Support
Servers and proxies supporting the RADIUS-Diameter Gateway
application MUST advertise support by including the value <AID> in
the Auth-Application-Id of the Capabilities-Exchange-Request (CER),
Accounting-Request (ACR), Accounting-Answer (ACA), RADIA-Request
(RDR), and RADIA-Answer (RDA) messages.
3.2. Diameter Session Usage
Session usage in the RADIA application is identical to that in
NASREQ.
Zorn & Morand Expires January 6, 2010 [Page 3]
Internet-Draft RADIA July 2009
3.3. Commands
The RADIA application defines two new commands: Gateway-Request (RDR)
and Gateway-Answer (RDA). The following sections describe these
commands.
3.3.1. The RADIA-Request (RDR) Command
The peer sends the RADIA-Request (RDR) command, indicated by the
Command-Code field set to <CC1> and the Command Flags' 'R' bit set,
in order to transmit a RADIUS message (encapsulated in the Radius-
Message AVP (Section 3.4.1)) toward its final destination. The
Radius-Message AVP encapsulates a RADIUS request message (e.g.,
Access-Request).
Message format:
<RDR> ::= < Diameter Header: CC1, REQ, PXY >
{ Origin-Host }
{ Origin-Realm }
{ Destination-Realm }
{ Auth-Application-Id }
{ Radius-Message}
[ User-Name ]
[ Destination-Host ]
* [ Proxy-Info ]
* [ Route-Record ]
* [ AVP ]
3.3.2. The RADIA-Answer (RDA) Command
The peer sends the RADIA-Answer (RDA) command, indicated by the
Command-Code field set to <CC2> and the Command Flags' 'R' bit set,
in order to transmit a RADIUS message (encapsulated in the Radius-
Message AVP (Section 3.4.1)) toward its final destination. The
Radius-Message AVP encapsulates a RADIUS reply message (e.g., Access-
Accept).
Message format:
Zorn & Morand Expires January 6, 2010 [Page 4]
Internet-Draft RADIA July 2009
<RDA> ::= < Diameter Header: CC2, REQ, PXY >
{ Origin-Host }
{ Origin-Realm }
{ Destination-Realm }
{ Auth-Application-Id }
{ Radius-Message}
[ User-Name ]
[ Destination-Host ]
* [ Proxy-Info ]
* [ Route-Record ]
* [ AVP ]
3.4. Attribute-Value Pairs
This section describes the single AVP specific to the RADIUS-Diameter
Gateway application.
3.4.1. Radius-Message AVP
The Radius-Message AVP (AVP code <AVP>) is of type OctetString. The
'M' bit MUST be set and the 'V' bit MUST NOT be set. The AVP
contains a complete RADIUS message.
4. Security Considerations
The protocol defined in this specification has no effect upon the
security of either Diameter or RADIUS.
5. IANA Considerations
Upon publication of this memo as an RFC, IANA is requested to assign
values as described in the following sections.
5.1. Diameter Application Identifier
An application identifier for Diameter RADIUS-Diameter Gateway
(<AID>, Section 3) must be assigned according to the policy specified
in Section 11.3 of RFC 3588.
5.2. Diameter Command Codes
Command codes must be assigned for the RADIA-Request (RDR) (<CC1>,
Section 3.3.1) and RADIA-Answer (RDA) (<CC2>, Section 3.3.2) commands
according to the policy specified in RFC 3588, Section 11.2.1.
Zorn & Morand Expires January 6, 2010 [Page 5]
Internet-Draft RADIA July 2009
5.3. Attribute-Value Pairs
A code must be assigned for the following AVP using the policy
specified in RFC 3588, Section 11.1.1: Radius-Message (<AVP>,
Section 3.4.1).
6. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2865] Rigney, C., Willens, S., Rubens, A., and W. Simpson,
"Remote Authentication Dial In User Service (RADIUS)",
RFC 2865, June 2000.
[RFC3588] Calhoun, P., Loughney, J., Guttman, E., Zorn, G., and J.
Arkko, "Diameter Base Protocol", RFC 3588, September 2003.
[RFC4005] Calhoun, P., Zorn, G., Spence, D., and D. Mitton,
"Diameter Network Access Server Application", RFC 4005,
August 2005.
Authors' Addresses
Glen Zorn
Network Zen
1310 East Thomas Street
#306
Seattle, Washington 98102
USA
Email: gwz@net-zen.net
Lionel Morand
Orange Labs
38-40 rue du general Leclerc
Issy-moulineaux Cedex 9 92794
France
Email: Lionel.morand@orange-ftgroup.com
Zorn & Morand Expires January 6, 2010 [Page 6]
| PAFTECH AB 2003-2026 | 2026-04-23 02:41:40 |