pcp                                                          R. Maglione
Internet-Draft                                            Telecom Italia
Intended status: Standards Track                                D. Cheng
Expires: December 10, 2011                           Huawei Technologies
                                                            June 8, 2011


              RADIUS Extensions for Port Control Protocol
                    draft-maglione-pcp-radius-ext-01

Abstract

   Port Control Protocol (PCP) provides a mechanism to pre-configure a
   port on a NAT device, a firewall, etc., so that IP packets of
   applications initiated from network side can be "port forwarded" to
   the correct user.  PCP is a client-server protocol and the PCP client
   needs to be provisioned with the FQDN of the server.  In a broadband
   network, customer information is usually stored on a RADIUS server
   and DHC protocol is used to populate user's configuration
   information.  This memo proposes a new RADIUS attribute to carry the
   FQDN of a PCP server, such that while the PCP server information is
   configured on a RADIUS server, the information can be conveyed to NAS
   via RADIUS protocol, and the co-located DHCP/DHCPv6 server can then
   populate the information to PCP client.

Status of this Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on December 10, 2011.

Copyright Notice

   Copyright (c) 2011 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal



Maglione & Cheng        Expires December 10, 2011               [Page 1]

Internet-Draft            PCP RADIUS Extensions                June 2011


   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

   This document may contain material from IETF Documents or IETF
   Contributions published or made publicly available before November
   10, 2008.  The person(s) controlling the copyright in some of this
   material may not have granted the IETF Trust the right to allow
   modifications of such material outside the IETF Standards Process.
   Without obtaining an adequate license from the person(s) controlling
   the copyright in such materials, this document may not be modified
   outside the IETF Standards Process, and derivative works of it may
   not be created outside the IETF Standards Process, except to format
   it for publication as an RFC or to translate it into languages other
   than English.































Maglione & Cheng        Expires December 10, 2011               [Page 2]

Internet-Draft            PCP RADIUS Extensions                June 2011


Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  4
   2.  Terminology  . . . . . . . . . . . . . . . . . . . . . . . . .  4
   3.  PCP Server Configuration using RADIUS and DHCP/DHCPv6  . . . .  5
   4.  RADIUS Attribute . . . . . . . . . . . . . . . . . . . . . . .  8
   5.  Table of attributes  . . . . . . . . . . . . . . . . . . . . .  9
   6.  Security Considerations  . . . . . . . . . . . . . . . . . . .  9
   7.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . .  9
   8.  Normative References . . . . . . . . . . . . . . . . . . . . .  9
   Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 10








































Maglione & Cheng        Expires December 10, 2011               [Page 3]

Internet-Draft            PCP RADIUS Extensions                June 2011


1.  Introduction

   Port Control Protocol (PCP) [I-D.ietf-pcp-base] provides a mechanism
   to control how incoming packets are forwarded by upstream devices
   such as NATs and firewalls.  PCP is a client-server protocol where a
   PCP client may reside on a host, a CPE, etc., which communicates with
   a PCP server that may reside anywhere in a network.

   A PCP client must know the Fully Qualified Domain Name of a PCP
   server, before it can communicate with the later in order to perform
   the relevant functions defined by PCP.

   The draft [I-D.bpw-pcp-dhcp] defines DHCPv6 and DHCP options which
   are meant to be used by a PCP client to discover a PCP server name.
   However, provisioning for name of the PCP server is required on a
   DHCP/DHCPv6 server before it can populate these information.

   Auto-configuration on a DHCP/DHCPv6 is possible in a broadband
   network, where typically, user profile is maintained on a RADIUS
   server and RADIUS protocol [RFC2865] is used to convey user related
   information to other network elements including a host and CPE.
   [I-D.ietf-radext-ipv6-access] describes a typical broadband network
   scenario in which the Network Access Server (NAS) acts as the access
   gateway for the users (hosts or CPEs) and the NAS embeds a DHCPv6
   Server function that allows it to locally handle any DHCPv6 requests
   issued by the clients.

   In such environment, PCP server's name can be configured on a RADIUS
   server, which then passes the information to a NAS that co-locates
   with the DHCP/DHCPv6 server, which in turn populates the location of
   the PCP server.

   This memo defines a new RADIUS attribute that can be used to carry
   the FQDN of a PCP server.


2.  Terminology

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119].

   The following terms are defined in [I-D.ietf-pcp-base]:

        - Port forwarding
        - PCP





Maglione & Cheng        Expires December 10, 2011               [Page 4]

Internet-Draft            PCP RADIUS Extensions                June 2011


        - PCP client
        - PCP Server


3.  PCP Server Configuration using RADIUS and DHCP/DHCPv6

   Figure 1 illustrates how RADIUS protocol works together with DHCPv6,
   to allow a user (host or CPE) to learn automatically the FQDN of a
   PCP server in case of a PPP Session that carries IPv6 traffic.

   The Network Access Server (NAS) operates as a client of RADIUS and as
   DHCPv6 Server for DHCPv6 protocol.  The NAS initially sends a RADIUS
   Access Request message to the RADIUS server, requesting
   authentication.  Once the RADIUS server receives the request, it
   validates the sending client and if the request is approved, the
   RADIUS server replies with an Access Accept message including a list
   of attribute-value pairs that describe the parameters to be used for
   this session.  This list may also contain the name of a PCP server.
   When the NAS receives a DHCPv6 message containing the PCP Server
   Option, the NAS shall use the name returned in the RADIUS attribute
   as defined in this memo to populate the DHCPv6 PCP Server option
   defined in [I-D.bpw-pcp-dhcp]





























Maglione & Cheng        Expires December 10, 2011               [Page 5]

Internet-Draft            PCP RADIUS Extensions                June 2011


      PCP                                NAS                     AAA
     Client                               |                     Server
       |                                  |                        |
       |----PPP LCP Config Request------> |                        |
       |                                  |                        |
       |                                  |----Access-Request ---->|
       |                                  |                        |
       |                                  |<-Access-Accept---------|
       |                                  | (PCP-server-name)      |
       |<-----PPP LCP Config ACK  -----   |                        |
       |                                  |                        |
       |                                  |                        |
       |------ PPP IPv6CP Config Req ---->|                        |
       |                                  |                        |
       |<----- PPP IPv6CP Config ACK -----|                        |
       |                                  |                        |
       |-------  DHCPv6 Solicit  -------->|                        |
       |                                  |                        |
       |<-------DHCPv6 Advertisement------|                        |
       |  (PCP server FQDN DHCPv6 Option) |                        |
       |                                  |                        |
       |-------  DHCPv6 Request  -------->|                        |
       |  (PCP server FQDN DHCPv6 Option) |                        |
       |                                  |                        |
       |<-------- DHCPv6 Reply ---------  |                        |
       |  (PCP server FQDN DHCPv6 Option) |                        |
       |                                  |                        |

                   DHCPv6                         RADIUS

        Figure 1: RADIUS and DHCPv6 Message Flow for a PPP Session

   The Figure 2 illustrates how the RADIUS protocol and DHCPv6 work
   together to accomplish PCP client configuration when an IP Session is
   used to provide connectivity to the user.

   The only difference between this message flow and previous one is
   that in this scenario the interaction between NAS and AAA/ RADIUS
   Server is triggered by the DHCPv6 Solicit message received by the NAS
   from the B4 acting as DHCPv6 client, while in case of a PPP Session
   the trigger is the PPP LCP Config Request message received by the
   NAS.









Maglione & Cheng        Expires December 10, 2011               [Page 6]

Internet-Draft            PCP RADIUS Extensions                June 2011


       PC                                NAS                     AAA
     Client                               |                     Server
       |                                  |                        |
       |------ DHCPv6 Solicit --------->  |                        |
       |                                  |                        |
       |                                  |----Access-Request ---->|
       |                                  |                        |
       |                                  |<-Access-Accept---------|
       |                                  | (PCP-server-name)      |
       |                                  |                        |
       |<-------DHCPv6 Advertisement------|                        |
       |  (PCP server FQDN DHCPv6 Option) |                        |
       |                                  |                        |
       |-------  DHCPv6 Request  -------->|                        |
       |  (PCP server FQDN DHCPv6 Option) |                        |
       |                                  |                        |
       | <-------- DHCPv6 Reply --------- |                        |
       | (PCP server FQDN DHCPv6 Option)  |                        |


                   DHCPv6                         RADIUS

        Figure 2: RADIUS and DHCPv6 Message Flow for an IP Session

   A similar message flow also applies to the IPv4 scenario when an IP
   Session is used to provide connectivity to the user (Figure 3).
       PC                                NAS                     AAA
     Client                               |                     Server
       |                                  |                        |
       |-------- DHCP Discovery --------> |                        |
       |                                  |                        |
       |                                  |----Access-Request ---->|
       |                                  |                        |
       |                                  |<-Access-Accept---------|
       |                                  | (PCP-server-name)      |
       |                                  |                        |
       |<--------- DHCP Offer ------------|                        |
       |    (PCP server FQDN Sub-Option)  |                        |
       |                                  |                        |
       |---------  DHCP Request  -------->|                        |
       |   (PCP server FQDN Sub-Option)   |                        |
       |                                  |                        |
       | <--------- DHCP Ack -------------|                        |
       |    (PCP server FQDN Sub-Option)  |                        |

                   DHCPv4                         RADIUS

        Figure 3: RADIUS and DHCPv4 Message Flow for an IP Session



Maglione & Cheng        Expires December 10, 2011               [Page 7]

Internet-Draft            PCP RADIUS Extensions                June 2011


   The scenario with PPP Session and IPv4 only connectivity does not
   require the DHCP protocol: the whole configuration of the client is
   performed by PPP.  This case is out of scope of this document because
   in order to complete the configuration of the PCP client a new PPP
   IPC option would be required.


4.  RADIUS Attribute

   A new RADIUS attribute, called PCP-Server-Name, along with its format
   is defined below.

   Description

   The PCP-server-name attribute contains a Fully Qualified Domain Name
   (FQDN) that refers to a PCP server the client requests to establish a
   connection to for PCP related service.  The NAS shall use the name
   returned in the RADIUS PCP-server-name attribute to populate the PCP
   Server FQDN DHCP Sub-Option in IPv4 addressing context, or the PCP
   Server FQDN DHCPv6 Option in IPv6 addressing context, as determined
   by the DHCP server [I-D.bpw-pcp-dhcp]

   The PCP-server-name attribute MAY appear in an Access-Accept packet,
   and may also appear in an Accounting-Request packet.  In either case,
   the attribute MUST NOT appear more than once in a single packet.  The
   PCP-server-name MUST NOT appear in any other RADIUS packets.

   A summary of the PCP-Server-Name RADIUS attribute format is shown
   below.  The fields are transmitted from left to right.

       0                   1                   2                   3
       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |     Type      |    Length     |  PCP-Server-Name (FQDN)       |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |                PCP-Server-Name (FQDN) (cont)                  |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Type:

        TBA1 for PCP-Server-Name.
   Length:
        This field indicates the total length in octets of this
        attribute including the Type, the Length fields and the length
        in octets of the PCP-Server-Name field

   PCP-Server-Name:




Maglione & Cheng        Expires December 10, 2011               [Page 8]

Internet-Draft            PCP RADIUS Extensions                June 2011


        A single Fully Qualified Domain Name of the PCP-Server.  The
        domain name is encoded as specified in [RFC1035]


5.  Table of attributes

   The following table provides a guide to which attributes may be found
   in which kinds of packets, and in what quantity.

   Request Accept Reject Challenge Accounting       #    Attribute
                                   Request
   0-1     0-1    0      0         0-1              TBA1 PCP-Server-Name

   The following table defines the meaning of the above table entries.

   0   This attribute MUST NOT be present in packet.
   0+  Zero or more instances of this attribute MAY be present in
       packet.
   0-1 Zero or one instance of this attribute MAY be present in packet.


6.  Security Considerations

   This document has no additional security considerations beyond those
   already identified in [RFC2865].


7.  IANA Considerations

   This document requests the allocation of a new Radius attribute types
   from the IANA registry "Radius Attribute Types" located at
   http://www.iana.org/assignments/radius-types

      PCP-Server-Name - TBA1


8.  Normative References

   [I-D.bpw-pcp-dhcp]
              Boucadair, M., Penno, R., and D. Wing, "DHCP and DHCPv6
              Options for the Port Control Protocol (PCP)",
              draft-bpw-pcp-dhcp-04 (work in progress), April 2011.

   [I-D.ietf-pcp-base]
              Wing, D., Cheshire, S., Boucadair, M., Penno, R., and P.
              Selkirk, "Port Control Protocol (PCP)",
              draft-ietf-pcp-base-12 (work in progress), May 2011.




Maglione & Cheng        Expires December 10, 2011               [Page 9]

Internet-Draft            PCP RADIUS Extensions                June 2011


   [I-D.ietf-radext-ipv6-access]
              Lourdelet, B., Dec, W., Sarikaya, B., Zorn, G., and D.
              Miles, "RADIUS attributes for IPv6 Access Networks",
              draft-ietf-radext-ipv6-access-04 (work in progress),
              March 2011.

   [RFC1035]  Mockapetris, P., "Domain names - implementation and
              specification", STD 13, RFC 1035, November 1987.

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.

   [RFC2865]  Rigney, C., Willens, S., Rubens, A., and W. Simpson,
              "Remote Authentication Dial In User Service (RADIUS)",
              RFC 2865, June 2000.


Authors' Addresses

   Roberta Maglione
   Telecom Italia
   Via Reiss Romoli 274
   Torino  10148
   Italy

   Phone:
   Email: roberta.maglione@telecomitalia.it


   Dean Cheng
   Huawei Technologies
   2330 Central Expressway
   Santa Clara, CA  95050
   USA

   Phone: +1 408 330 4754
   Fax:
   Email: Chengd@huawei.com
   URI:












Maglione & Cheng        Expires December 10, 2011              [Page 10]