Network Working Group F. Adrangi, Intel INTERNET DRAFT P. Congdon, C. Black, Hewlett Packard Category: Informational A. Lior, Bridgewater Systems Expires: Aug 2004 F. Bari, AT&T Wireless Feb 8, 2004 Access Network Bandwidth Capability draft-adrangi-radius-bandwidth-capability-00.txt Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet- Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. Abstract This document describes network bandwidth parameters and a protocol framework within which the parameters can be exchanged between an Access Network (AN) and a Home Service Network (HSN) in order to determine the average minimum and maximum bandwidth for both ingress and egress traffic that should be allocated by the AN for the duration of an authorized client session. Adrangi, et al. Expires April 13, 2004 [Page 1] Internet Draft Access Network Bandwidth Capability 8 Feb 2004 Table of Contents 1. Introduction....................................................2 1.2 Requirements language..........................................3 1.3 Terminology....................................................3 2. Overview........................................................3 2.1 Bandwidth Parameters...........................................3 2.1.1 Ingress Minimum Bandwidth....................................3 2.1.2 Ingress Maximum Bandwidth....................................4 2.1.3 Egress Minimum Bandwidth.....................................4 2.1.4 Egress Maximum Bandwidth.....................................4 2.2 Protocol.......................................................4 2.2.1 Static Bandwidth Allocation..................................5 2.2.2 Dynamic Bandwidth Allocation.................................7 2.2.2.1 Push Method................................................7 2.2.2.2 Pull Method................................................8 3. Operations.....................................................10 4. Attribute Format/Syntax........................................10 5. Table of Attribute(s).........................................12 6. Attribute Usage Examples.......................................12 7. IANA Considerations............................................13 8. Security Considerations........................................13 9. Acknowledgements...............................................13 10. References....................................................13 AuthorsÆ Addresses................................................14 1. Introduction The bandwidth that a user is authorized within an Access Network (AN) can be a result of the AN bandwidth capabilities based on its architecture and access technology, and the type of user subscription to the home network (e.g., gold, silver, bronze user types). This document describes a simple protocol framework that enables an Access Network (AN) to advertise its network bandwidth capabilities that it can allocate for a given AN client connection to the clientÆs Home Service Network (HSN). And, it also enables the HSN to indicate its selection of the desired network bandwidth capabilities for the client connection to the AN. User bandwidth can be determined during initial authentication authorization of the session. It is also desirable to change the bandwidth for the mid-session. For example, the user may want to purchase additional bandwidth to download a large file. This document enables operators to dynamically modify the bandwidth allocation for a session. Adrangi, et al. Expires Aug 30, 2004 [Page 2] Internet Draft Access Network Bandwidth Capability 8 Feb 2004 This document defines a new AAA attribute used for exchanging network bandwidth parameters between the AN and the HSN, to determine the average minimum and maximum bandwidth for both ingress and egress traffic that an AN should allocate for the duration of an authorized client session. This attribute is also used for reporting the allocated bandwidth in accounting records. The attribute is described for RADIUS [1]. 1.2 Requirements language In this document, several words are used to signify the requirements of the specification. These words are often capitalized. The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. 1.3 Terminology Access Network (AN) The network that provides wired or wireless connectivity to the Internet for clients (or stations) present in the local access area. This MAY be in a separate security and routing domain with respect to the Home Service Network or a Mediating Network. Home Service Network (HSN) The network providing the service and therefore maintaining the direct relationship to its users and subscribers. All AAA functions are ultimately performed by the HSN. RADIUS server ôThis is a server which provides for authentication/authorization via the protocol described in [1], and for accounting as described in [6].ö It is deployed in the PWLAN AN, MN, and HSN. 2. Overview This section describes the bandwidth parameters and the protocol by which these parameters are exchanged between an AN and a HSN. 2.1 Bandwidth Parameters Bandwidth parameters describe the average minimum and maximum data rates (for both ingress and egress traffic) for a client connection within an AN. There are four bandwidth parameters, which are described in the following subsections. 2.1.1 Ingress Minimum Bandwidth Adrangi, et al. Expires Aug 30, 2004 [Page 3] Internet Draft Access Network Bandwidth Capability 8 Feb 2004 The ingress minimum bandwidth parameter indicates the average minimum ingress data rate that an AN will try to provide to an authorized user. This value is a target, rather than a guarantee. 2.1.2 Ingress Maximum Bandwidth The ingress maximum bandwidth parameter indicates the average maximum ingress data rate that an AN can allow to an authorized user. 2.1.3 Egress Minimum Bandwidth The minimum egress bandwidth parameter indicates the average minimum egress data rate that an AN will try to provide to an authorized user. 2.1.4 Egress Maximum Bandwidth The maximum egress bandwidth parameter indicates the average maximum data rate that an AN can allow to an authorized user. 2.2 Protocol Two protocols are described. One protocol is used to allocate bandwidth when a service is initiated (referred to as Static Bandwidth Allocation); the other protocol describes how to change bandwidth attribute dynamically that is, mid session (referred to as Dynamic Bandwidth Allocation). Both protocols exchange bandwidth parameters using the various RADIUS messages, and they are comprised of three phases: bandwidth Advertisement, Selection, and Confirmation. Bandwidth Advertisement: MAY be sent in Access-Request packet from the AN to the HSN and conveys possible/available bandwidth parameters that can be allocated for an the AN client connection to the HSN by the AN. Advertisements are optional. Bandwidth Selection: MAY be sent in Access-Accept packet and Change of Authorization (COA) messages. Selection conveys the desired bandwidth for the AN Client connection to the AN by the HSN. Bandwidth Confirmation: If Bandwidth Selection is received and enforced, It MUST be sent in Accounting-Request packets. Confirmation indicates Adrangi, et al. Expires Aug 30, 2004 [Page 4] Internet Draft Access Network Bandwidth Capability 8 Feb 2004 that the desired bandwidth parameters specified by a HSN are being enforced by the AN. Bandwidth Attribute (BA), defined in section 3, is used to carry the Bandwidth Advertisement, Selection, Confirmation in various RADIUS packets. An Advertisement, Selection, Confirmation is said to be valid if it contains the four aforementioned bandwidth parameters and the minimum bandwidth rate values for ingress and egress traffic MUST be equal or less than their corresponding maximum bandwidth rate values. If a Selection is sent in response to an Advertisement, for the Selection to be considered valid, then the bandwidth parameters in the Selection MUST NOT exceed the corresponding bandwidth parameters in the Advertisement. The following subsections describe static and dynamic bandwidth allocation. 2.2.1 Static Bandwidth Allocation Static bandwidth allocation is preformed during the initial session authentication / authorization. The following diagram shows the protocol interaction between the AN and the HSN for determining network bandwidth rates that an AN needs to allocate for an AN client connection. Adrangi, et al. Expires Aug 30, 2004 [Page 5] Internet Draft Access Network Bandwidth Capability 8 Feb 2004 AN Client AN Device + AAA client HSN + AAA Server | | | | | | | Authentication | | | Phase Begin | | |----------------->| Access-Request | | | + | | | BA for Advertisement | | |----------------------------->| | | | |<> | | | | | | | | |<-----------------------------| | | Access-Accept | | Authentication | + | | Accept | BA for Selection | |<-----------------| | | | | | | | | | Accounting Request | | | + | | | BA for Confirmation | | |----------------------------->| | | | The AN MAY send an Advertisement in an Access-Request message. If the HSN receives an invalid Advertisement, then the HSN MUST silently discard the Access-Request. A HSN MAY send the Selection after receiving a valid Advertisement. It MAY also send the Selection in the absence of an Advertisement, based on local policies such as the AN clientÆs subscription profile. When the AN receives an invalid Selection, it MUST treat the Access-Accept message as an Access Reject. If the AN receives a valid Selection in response to an Access- Request that did not contain an Advertisement, then the AN MAY honor the Selection. If the AN receives a valid Selection in response to an Access- Request that contained a valid Advertisement, then the AN MUST honor the Selection. In the absence of a Selection after sending a valid Advertisement, in accordance with local policy, the AN MAY Adrangi, et al. Expires Aug 30, 2004 [Page 6] Internet Draft Access Network Bandwidth Capability 8 Feb 2004 enforce its default bandwidth rate values or it MAY use ôbest effortö bandwidth for that client connection. 2.2.2 Dynamic Bandwidth Allocation Dynamic bandwidth allocation uses the Change of Authorization (COA) message as defined in [3]. In accordance with [3] there are two methods for dynamically changing authorization attributes of a session. These two methods are described in this section. At anytime during the session the HSN may send the AN a COA message containing session identification attributes (see [3] for the possible options). The COA message may include authorization attributes in which case it is pushing the BAs to the AN; or it may instruct the AN to generate an Authorize-Only Access-Request (Access-Request with Service-Type set to ôAuthorize-Onlyö) in which case it is instructing the AN to pull the BAs. In either push or pull method, upon successful acceptance of the new bandwidth parameters for the session. The AN MUST generate an Accouting-Stop record that contains the old bandwidth attributes followed by an Accounting-Start message that contains the new bandwidth attributes. In order to allow for downstream correlation of the accounting records, an AN that supports dynamic bandwidth allocation MUST include Acct-Multi-Session-Id when writing accounting records. 2.2.2.1 Push Method In the Push Method, to effect a dynamic bandwidth change the HSN sends a COA message and includes a valid Selection. The AN MAY also include other attributes in the COA message. Adrangi, et al. Expires Aug 30, 2004 [Page 7] Internet Draft Access Network Bandwidth Capability 8 Feb 2004 AN HSN | | | | | COA + BAs for Selection | |<---------------------------------------------| | | | | | COA ACK | |--------------------------------------------->| | | | | | Accounting-Stop + old BAs for Confirmation | |--------------------------------------------->| | | | Accounting-Start + new bandwidth | |--------------------------------------------->| | | | | Upon the successful reception of the COA message (see [3] for details) by the AN, if the COA message contains an invalid Selection, the AN MUST respond with a COA NAK with Error Cause (101) set to ôInvalid Requestö (404). If the AN is able to offer the requested bandwidth to the specified session, the AN MUST reply with a COA-ACK and it MUST generate an Accounting-Stop record containing the old bandwidth attributes followed by an Accounting-Start record containing the new bandwidth attributes. If the AN can not comply with the request for new bandwidth it MUST reply with a COA-NAK with Error Cause (101) set to ô"Resources Unavailable"(506). 2.2.2.2 Pull Method Alternatively, in the pull method, to effect a dynamic bandwidth change, as per [3], the HSN sends a COA message to instruct the AN to generate an Authorize-Only request (Access-Request with Service-Type set to Authorize-Only). Adrangi, et al. Expires Aug 30, 2004 [Page 8] Internet Draft Access Network Bandwidth Capability 8 Feb 2004 AN HSN | | | COA + Service-Type ôAuthorize Onlyö | |<----------------------------------------------| | | | COA NAK + Service-Type ôAuthorize Onlyö | | + Error-Cause "Request Initiated" | |---------------------------------------------->| | | | Access-Request + Service-Type ôAuthorize Onlyö| | + BAs for Advertisement | |---------------------------------------------->| | | | Access-Accept + BAs for Selection | |<----------------------------------------------| | | | Accounting-Stop + old BAs for Confirmation | |---------------------------------------------->| | | | Accounting-Start + new BAs for Confirmation | |---------------------------------------------->| | | | | As with the static bandwidth allocation (described earlier), the AN MAY Advertise the currently available bandwidth in the Authorize-Only message. Upon receiving the Authorize-Only message from the AN, the HSN MUST respond with either an Access-Accept message or an Access-Reject message. When responding with an Access-Accept message, the HSN MAY include the BAs for Selection. If the Authorize-Only message included an Advertisement, the bandwidth parameters in Selection MUST be within the bounds of bandwidth parameters in the Advertisement received in the Authorize-Only message. Upon sending an Authorize-Only message, the AN will receive an Access-Accept message or an Access-Reject message. Upon receiving an Access-Reject in response to the Authorize- Only, the AN will terminate the session and send an Accounting-Stop record. Upon receiving an Access-Accept in response to an Authorize- Only request that does not contain bandwidth Selection, the AN MUST resume utilizing the existing bandwidth parameters, and it MUST NOT generate an Accounting Stop message. Adrangi, et al. Expires Aug 30, 2004 [Page 9] Internet Draft Access Network Bandwidth Capability 8 Feb 2004 Upon receiving an Access-Accept packet that contains an invalid Bandwidth Selection, the AN MUST treat the response as an Access-Reject and immediately terminate the session. Upon receiving an Access-Accept message in response to an Authorize-Only message that contained the Bandwidth Advertisement, then providing the bandwidth selections are within the bounds of the Advertisement, then AN MUST honor the requested bandwidth and generate an Accounting-Stop message that contains the old bandwidth attributes followed by an Account-Start message that contains the new bandwidth attributes. If the bandwidth Selection were outside the bounds of the Advertisement, then the AN MUST treat the Access-Accept as an Access-Reject and immediately terminate the session. Upon receiving an Access-Accept message that contains a valid Selection in response to an Authorize-Only that did not contain the Advertisement, the AN MAY honor the Selection or it MAY continue to honor the previously agreed to bandwidth. In the former case, the AN must generate an Accounting Stop message containing the old bandwidth attributes followed by an Accounting-Start message containing the current bandwidth attributes. 3. Operations Operation is identical to that defined in RADIUS AAA specifications [1][2] and Dynamic Authorization Extensions to Remote Authentication Dial In User Service (RADIUS)[3]. 4. Attribute Format/Syntax This section describes format and syntax for the attribute that carries AN bandwidth rate parameters. The attribute is used for bandwidth rate parameters Advertisement, Selection, and Confirmation. The attribute MAY be present in Access-Request, Access-Accept, Accounting-Request. Adrangi, et al. Expires Aug 30, 2004 [Page 10] Internet Draft Access Network Bandwidth Capability 8 Feb 2004 A summary of the AN Bandwidth Parameter Attribute is shown below. 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Params | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Value | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type TBD Network Bandwidth Capability Length 8 Params It indicates what the value signifies. The values defined in the document are: 1 û Average Minimum Bandwidth Rate for Ingress Traffic in bits per second 2 û Average Minimum Bandwidth Rate for Ingress Traffic in Kilo bits per second 3 û Average Minimum Bandwidth Rate for Ingress Traffic in Giga bits per second 4 û Average Maximum Bandwidth Rate for Ingress Traffic in bits per second 5 û Average Maximum Bandwidth Rate for Ingress Traffic in Kilo bits per second 6 û Average Maximum Bandwidth Rate for Ingress Traffic in Giga bits per second 7 û Average Minimum Bandwidth Rate for Egress Traffic in bits per second 8 û Average Minimum Bandwidth Rate for Egress Traffic in Kilo bits per second 9 û Average Minimum Bandwidth Rate for Egress Traffic in Giga bits per second 10 û Average Maximum Bandwidth Rate for Egress Traffic in bits per second 11 û Average Maximum Bandwidth Rate for Egress Traffic in Kilo bits per second 12 û Average Maximum Bandwidth Rate for Egress Traffic in Giga bits per second Adrangi, et al. Expires Aug 30, 2004 [Page 11] Internet Draft Access Network Bandwidth Capability 8 Feb 2004 Value An integer value interpreted based the value of Param. 5. Table of Attribute(s) The following table provides a guide to which attribute(s) may be found in which kinds of packets, and in what quantity. Request Accept Reject Challenge Accounting # Attribute Request 0-4 0-4 0 0 0-4 TBD Network Bandwidth Capability For Change-of-Authorization Messages Request ACK NAK # Attribute 0-4 0-4 0 TBD Network Bandwidth Capability 6. Attribute Usage Examples This section provides an example on how Bandwidth attribute can be used to indicate the four bandwidth rate parameters, in Advertisement, Selection, and Confirmation. Ingress Minimum Bandwidth Rate for 28 Kilo bits per second 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | TBD | 7 | 2 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 28 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Ingress Maximum Bandwidth Rate for 28 Kilo bits per second 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | TBD | 7 | 5 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 28 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Egress Minimum Bandwidth Rate for 28 Kilo bits per second Adrangi, et al. Expires Aug 30, 2004 [Page 12] Internet Draft Access Network Bandwidth Capability 8 Feb 2004 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | TBD | 7 | 8 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 28 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Egress Maximum Bandwidth Rate for 28 Kilo bits per second 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | TBD | 7 | 11 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 28 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 7. IANA Considerations This document requires the assignment of three new RADIUS attribute numbers for the following attribute(s): AN-Bandwidth-Rate-Paramters See section 3 for the registered list of numbers. 8. Security Considerations The attributes in this document have no additional security considerations beyond those already identified in [?]. 9. Acknowledgements The authors would like to thank Bernard Aboba (of Microsoft), Parviz Yegani (of Cisco), for their feedback and guidance. 10. References [1] Rigney, C., Rubens, A., Simpson, W. and S. Willens, "Remote Authentication Dial In User Server (RADIUS)", RFC 2865, June 2000. [2] Rigney, C., "RADIUS Accounting", RFC 2866, June 2000. [3] Chiba, M., Dommety, G., Eklud, M., Mitton, D., Aboba, B., ôDynamic Authorization Extensions to Remote Authentication Dial In User Service (RADIUS)ö, RFC 3576, July 2003. Adrangi, et al. Expires Aug 30, 2004 [Page 13] Internet Draft Access Network Bandwidth Capability 8 Feb 2004 AuthorsÆ Addresses Farid Adrangi, Intel Corporatation farid.adrangi@intel.com Chuck Black, Hewlett Packard Company chuck.black@hp.com Paul Congdon, Hewlett Packard Company paul.congdon@hp.com Farooq Bari, AT&T Wireless farooq.bari@attws.com Avi Lior, Bridgwater Systems Corporation avi@bridgewatersystems.com Full Copyright Statement Copyright (C) The Internet Society (2002). All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns. This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Acknowledgement Funding for the RFC Editor function is currently provided by the Internet Society. Adrangi, et al. Expires Aug 30, 2004 [Page 14]