Radext Working Group L. Yeh, Ed. Internet-Draft T. Tsou Intended status: Standards Track Huawei Technologies Expires: September 30, 2011 March 29, 2011 RADIUS Attributes for Dual Stack Access draft-yeh-radext-dual-stack-access-02 Abstract This document specifies the RADIUS attributes for IPv4 and IPv6 dual stack access, which are intended to be used in the AAA processes for the transfer of user's configuration from AAA server to NAS and traffic statistics reporting from NAS to AAA server. The new attributes cover a specified user type for NAS to allocate the proper resource and employ the right mechanism for the users; and a batch of IPv4 and IPv6 traffic statistics for the differentiated accounting policies on the AAA server. Status of this Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on September 30, 2011. Copyright Notice Copyright (c) 2011 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must Yeh & Tsou Expires September 30, 2011 [Page 1] Internet-Draft RADIUS Dual Stack March 2011 include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology and Language . . . . . . . . . . . . . . . . . . . 4 3. Deployment Scenarios . . . . . . . . . . . . . . . . . . . . . 4 4. Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . 5 4.1. User-Type . . . . . . . . . . . . . . . . . . . . . . . . 5 4.2. Traffic Statistics Attributes . . . . . . . . . . . . . . 7 5. Table of Attributes . . . . . . . . . . . . . . . . . . . . . 8 6. Security Considerations . . . . . . . . . . . . . . . . . . . 9 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 10 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 10 9.1. Normative References . . . . . . . . . . . . . . . . . . . 10 9.2. Informative References . . . . . . . . . . . . . . . . . . 11 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 11 Yeh & Tsou Expires September 30, 2011 [Page 2] Internet-Draft RADIUS Dual Stack March 2011 1. Introduction IP sessions got from PPPoE can be either dual-stack IPv4/IPv6 session, IPv6-only, or the legacy IPv4-only session. Alternatively, IP session can also be obtained from IPoE. The user in the IP session could be a host or a customer router (RG-Residential Gateway, CE-Customer Edge Router or CPE-Customer Premise Equipment). In the IPv6 relevant part of the session, the customer router usually employ DHCPv6-PD to get the delegated prefix for the customer network, while its WAN (NAS-facing) interface could be either numbered or unnumbered (Section 2.3, [BBF TR-177]). The WAN interface of the numbered customer router can either employ SLAAC to get the prefix for the interface or employ DHCPv6 to get the 128bits IPv6 address for interface, which acts as the same as the user of IPv6 host. There are at least the following types of users that the NAS and the AAA server is serveed for: IPv4-only - Host IPv6-only - Host(Numbered by SLAAC) IPv6-only - Host(Numbered by DHCPv6) IPv6-only - Customer Router(Unnumbered) IPv6-only - Customer Router(Numbered by SLAAC) IPv6-only - Customer Router(Numbered by DHCPv6) Dual stack - IPv4 Host + IPv6 Host(Numbered by SLAAC) Dual stack - IPv4 Host + IPv6 Host(Numbered by DHCPv6) Dual stack - IPv4 Host + IPv6 Customer Router(Unnumbered) Dual stack - IPv4 Host + IPv6 Customer Router(Numbered by SLAAC) Dual stack - IPv4 Host + IPv6 Customer Router(Numbered by DHCPv6) The different type of users need the NAS (Network Access Server, PE- Provider Edge Router or BNG-Broadband Network Gateway) employ different mechanism and allocate different resource for the associated processes. The addresses assigned and the prefixes delegated to the customer hosts or routers can not only get from the AAA server through attributes in the Access-Accept packets, but also can get dynamically from the local address pool or prefix pool on the NAS. That means a new attribute is required here for the right indication of the configuration and proper reporting between the AAA server and the NAS, which acts as a RADIUS client. IP sessions got either from PPPoE or from IPoE can support dual-stack users. It is desired to support either common or separate queues on NAS for the IPv4 or IPv6 traffic from the users, while the QoS policies for the IPv4 or IPv6 traffic can be differentiated. Meanwhile, the NAS is required to support octets counters and packets counters for the combined or the separated IPv4 or IPv6 traffic (section 9.4, [BBF TR-187]). After the traffic statistics is Yeh & Tsou Expires September 30, 2011 [Page 3] Internet-Draft RADIUS Dual Stack March 2011 reported to the accounting server through RADIUS, the accounting policies for the IPv4 or IPv6 traffic can be differentiated. Per the section 9.4 of BBF TR-187, the attributes of Acct-Input-Octets, Acct- Output-Octets, Acct-Input-Packets, Acct-Output-Packets are recommended to use for the combination traffic. A batch of new RADIUS accounting attributes is required here to report the separated IPv4 or IPv6 traffic statistics to the Accounting Server. 2. Terminology and Language This document describes some new RADIUS attributes and the associated usage on NAS and AAA server. This document should be read in conjunction with the relevant RADIUS specifications, including [RFC2865], [RFC2866], [RFC2869], [RFC3162] and [RFC4818] for a complete mechanism. Definitions for terms and acronyms not specifically defined in this document are defined in RFC2865, RFC2866, RFC2869, RFC3162 and RFC4818. The keywords MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD, SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL, when they appear in this document, are to be interpreted as described in BCP 14, [RFC2119]. 3. Deployment Scenarios +----------+ +----------+ +----------+ | Host / | PPPoE | | RADIUS | AAA | | Customer | ------------ | NAS | ------------ | Server | | Router | IPoE | | | | +----------+ +----------+ +----------+ Dual-Stack Local Address Pool IPv6-only Local Prefix Pool Figure 1: Deployment Scenario for various types of the users +----------+ +----------+ +----------+ | Host / | PPPoE | | RADIUS | AAA | | Customer | ------------ | NAS | ------------ | Server | | Router | IPoE | | | | +----------+ +----------+ +----------+ Dual-Stack Separated queues and counter for IPv4 and IPv6 traffic Figure 2: Deployment Scenario for dual-stack users Yeh & Tsou Expires September 30, 2011 [Page 4] Internet-Draft RADIUS Dual Stack March 2011 4. Attributes The fields shown in the diagrams below are transmitted from left to right. 4.1. User-Type Description The attribute indicates the type of the user requested in the Access-Request packet or authorized in the Access-Accept packet. The format of the User-Type is: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Value | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Value (cont.) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type TTBA1 (by IANA) Length 6 Value The Value field is 4 octets. When PPPoE is used for the access method, the type of user get the following 'Value': Yeh & Tsou Expires September 30, 2011 [Page 5] Internet-Draft RADIUS Dual Stack March 2011 1 IPv4-only Host 2 IPv6-only Host(Numbered by SLAAC) 3 IPv6-only Host(Numbered by DHCPv6) 4 IPv6-only Customer Router(Unnumbered) 5 IPv6-only Customer Router(Numbered by SLAAC) 6 IPv6-only Customer Router(Numbered by DHCPv6) 7 Dual stack - IPv4 Host + IPv6 Host(Numbered by SLAAC) 8 Dual stack - IPv4 Host + IPv6 Host(Numbered by DHCPv6) 9 Dual stack - IPv4 Host + IPv6 Customer Router(Unnumbered) 10 Dual stack - IPv4 Host + IPv6 Customer Router(Numbered by SLAAC) 11 Dual stack - IPv4 Host + IPv6 Customer Router(Numbered by DHCPv6) When IPoE is used for the access method, the type of user gets the following 'Value': 17 IPv4-only Host 18 IPv6-only Host(Numbered by SLAAC) 19 IPv6-only Host(Numbered by DHCPv6) 20 IPv6-only Customer Router(Unnumbered) 21 IPv6-only Customer Router(Numbered by SLAAC) 22 IPv6-only Customer Router(Numbered by DHCPv6) 23 Dual stack - IPv4 Host + IPv6 Host(Numbered by SLAAC) 24 Dual stack - IPv4 Host + IPv6 Host(Numbered by DHCPv6) 25 Dual stack - IPv4 Host + IPv6 Customer Router(Unnumbered) 26 Dual stack - IPv4 Host + IPv6 Customer Router(Numbered by SLAAC) 27 Dual stack - IPv4 Host + IPv6 Customer Router(Numbered by DHCPv6) For the user type of IPv4-only Host, NAS needs to report Framed-IP- Address in the accounting-request packets for the assigned IPv4 address; For the user type of IPv6-only Host(Numbered by SLAAC), NAS needs to report Framed-IPv6-Prefix in the accounting-request packets for the assigned IPv6 prefix; For the user type of IPv6-only Host(Numbered by DHCPv6), NAS needs to report Framed-IPv6-address in the accounting-request packets for the assigned IPv6 address; For the user type of IPv6-only Customer Router(Unnumbered), NAS needs to report Delegated-IPv6-Prefix in the accounting-request packets for the assigned IPv6 prefix; For the user type of IPv6-only Customer Router(Numbered by SLAAC), NAS needs to report Framed-IPv6-Prefix and Delegated-IPv6-Prefix in the accounting-request packets for the assigned IPv6 prefixes against the WAN interface and the customer network of the customer router; For the user type of IPv6-only Customer Router(Numbered by DHCPv6), NAS needs to report Framed-IPv6- address and Delegated-IPv6-Prefix in the accounting-request packets for the assigned IPv6 address of the WAN interface of the customer router and the assigned IPv6 prefix of the customer network; For the user type of Dual-Stack including IPv4 Host and IPv6 Host(Numbered by SLAAC), NAS needs to report Framed-IP-Address and Framed-IPv6-Prefix in the accounting-request packets; For the user type of Dual-Stack Yeh & Tsou Expires September 30, 2011 [Page 6] Internet-Draft RADIUS Dual Stack March 2011 including IPv4 Host and IPv6 Host(Numbered by DHCPv6), NAS needs to report Framed-IP-Address and Framed-IPv6-address in the accounting- request packets; For the user type of Dual-Stack including IPv4 Host and IPv6 Customer Router(Unnumbered), NAS needs to report Framed-IP- Address and Delegated-IPv6-Prefix in the accounting-request packets; For the user type of Dual-Stack including IPv4 Host and IPv6 Customer Router(Numbered by SLAAC), NAS needs to report Framed-IP-Address, Framed-IPv6-Prefix and Delegated-IPv6-Prefix in the accounting- request packets; For the user type of Dual-Stack including IPv4 Host and IPv6 Customer Router(Numbered by DHCPv6), NAS needs to report Framed-IP-Address, Framed-IPv6-address and Delegated-IPv6-Prefix in the accounting-request packets. 4.2. Traffic Statistics Attributes Description The traffic statistics attributes, including Acct-Input-IPv4- Octets, Acct-Output-IPv4-Octets, Acct-Input-IPv4-Packets, Acct- Output-IPv4-Packets, Acct-Input-IPv4-Gigawords and Acct-Output- IPv4-Gigawords, Acct-Input-IPv6-Octets, Acct-Output-IPv6-Octets, Acct-Input-IPv6-Packets, Acct-Output-IPv6-Packets, Acct-Input- IPv6-Gigawords and Acct-Output-IPv6-Gigawords, indicate how many octets or packets of IPv4 or IPv6 received from the user or sent to the user from the starting of this service provided, and can be present in Accounting-Request records while the Acct-Status-Type is set to Interim-Update or Stop. A summary of the Traffic Statistics attributes format is shown below. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Value | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Value (cont.) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type TTBAn (by IANA) For the attribute of Acct-Input-IPv4-Octets, NAS report how many Octets of IPv4 traffic received from the user in the accounting- request packets from the starting of the service authorized. For the attribute of Acct-Output-IPv4-Octets, NAS report how many Yeh & Tsou Expires September 30, 2011 [Page 7] Internet-Draft RADIUS Dual Stack March 2011 Octets of IPv4 traffic sent to the user in the accounting-request packets from the starting of the service authorized. For the attribute of Acct-Input-IPv4-Packets, NAS report how many packets of IPv4 traffic received from the user in the accounting-request packets from the starting of the service authorized. For the attribute of Acct-Output-IPv4-Packets, NAS report how many packets of IPv4 traffic sent to the user in the accounting-request packets from the starting of the service authorized. For the attribute of Acct-Input-IPv4-Gigawords, NAS report how many Gigawords of IPv4 traffic received from the user in the accounting-request packets from the starting of the service authorized. For the attribute of Acct-Output-IPv4-Gigawords, NAS report how many Gigawords of IPv4 traffic sent to the user in the accounting-request packets from the starting of the service authorized. For the attribute of Acct-Input-IPv6-Octets, NAS report how many Octets of IPv6 traffic received from the user in the accounting-request packets from the starting of the service authorized. For the attribute of Acct- Output-IPv6-Octets, NAS report how many Octets of IPv6 traffic sent to the user in the accounting-request packets from the starting of the service authorized. For the attribute of Acct- Input-IPv6-Packets, NAS report how many packets of IPv6 traffic received from the user in the accounting-request packets from the starting of the service authorized. For the attribute of Acct- Output-IPv6-Packets, NAS report how many packets of IPv6 traffic sent to the user in the accounting-request packets from the starting of the service authorized. For the attribute of Acct- Input-IPv6-Gigawords, NAS report how many Gigawords of IPv6 traffic received from the user in the accounting-request packets from the starting of the service authorized. For the attribute of Acct-Output-IPv6-Gigawords, NAS report how many Gigawords of IPv6 traffic sent to the user in the accounting-request packets from the starting of the service authorized. Length 6 Value The Value field is 4 octets. 5. Table of Attributes The following table provides a guide to which attributes may be found in which kinds of packets, and in what quantity. Yeh & Tsou Expires September 30, 2011 [Page 8] Internet-Draft RADIUS Dual Stack March 2011 Req- Acc- Rej- Chall Accounting # Attribute uest ept ect -enge Request 0-1 0-1 0 0 0-1 TBA1 User-Type 0 0 0 0 0-1 TBA2 Acct-Input-IPv4-Octets 0 0 0 0 0-1 TBA3 Acct-Output-IPv4-Octets 0 0 0 0 0-1 TBA4 Acct-Input-IPv4-Packets 0 0 0 0 0-1 TBA5 Acct-Output-IPv4-Packets 0 0 0 0 0-1 TBA6 Acct-Input-IPv4-Gigawords 0 0 0 0 0-1 TBA7 Acct-Output-IPv4-Gigawords 0 0 0 0 0-1 TBA8 Acct-Input-IPv6-Octets 0 0 0 0 0-1 TBA9 Acct-Output-IPv6-Octets 0 0 0 0 0-1 TBA10 Acct-Input-IPv6-Packets 0 0 0 0 0-1 TBA11 Acct-Output-IPv6-Packets 0 0 0 0 0-1 TBA12 Acct-Input-IPv6-Gigawords 0 0 0 0 0-1 TBA13 Acct-Output-IPv6-Gigawords The meaning of the above table entries is as follows: 0 This attribute MUST NOT be present. 0+ Zero or more instances of this attribute MAY be present. 0-1 Zero or one instance of this attribute MAY be present. 1 Exactly one instance of this attribute MUST be present. 1+ One or more of these attributes MUST be present. 6. Security Considerations Security issues related RADIUS are described in section 8 of RFC2865 and section 5 of RFC3162. 7. IANA Considerations IANA is requested to assign 13 new Attribute Types code in the "Radius Types" registry (http://www.iana.org/assignments/radius-types for the following attributes: Yeh & Tsou Expires September 30, 2011 [Page 9] Internet-Draft RADIUS Dual Stack March 2011 o User-Type o Acct-Input-IPv4-Octets o Acct-Output-IPv4-Octets o Acct-Input-IPv4-Packets o Acct-Output-IPv4-Packets o Acct-Input-IPv4-Gigawords o Acct-Output-IPv4-Gigawords o Acct-Input-IPv6-Octets o Acct-Output-IPv6-Octets o Acct-Input-IPv6-Packets o Acct-Output-IPv6-Packets o Acct-Input-IPv6-Gigawords o Acct-Output-IPv6-Gigawords IANA should allocate these codes from the standard RADIUS Attributes space using the "IETF Review" policy [RFC5226]. 8. Acknowledgements TBD 9. References 9.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC2865] Rigney, C., Willens, S., Rubens, A., and W. Simpson, "Remote Authentication Dial In User Service (RADIUS)", RFC 2865, June 2000. [RFC2866] Rigney, C., "RADIUS Accounting", RFC 2866, June 2000. [RFC2869] Rigney, C., Willats, W., and P. Calhoun, "RADIUS Extensions", RFC 2869, June 2000. [RFC3162] Aboba, B., Zorn, G., and D. Mitton, "RADIUS and IPv6", RFC 3162, August 2001. [RFC4241] Shirasaki, Y., Miyakawa, S., Yamasaki, T., and A. Takenouchi, "A Model of IPv6/IPv4 Dual Stack Internet Access Service", RFC 4241, December 2005. [RFC4818] Salowey, J. and R. Droms, "RADIUS Delegated-IPv6-Prefix Attribute", RFC 4818, April 2007. Yeh & Tsou Expires September 30, 2011 [Page 10] Internet-Draft RADIUS Dual Stack March 2011 [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 5226, May 2008. 9.2. Informative References [BBF TR-177] Broadband Forum, "IPv6 in the context of TR-101, Issue 1", November 2010. [BBF TR-187] Broadband Forum, "IPv6 for PPP Broadband Access, Issue 1", May 2010. [draft-hu-v6ops-radius-issues-ipv6-00] Hu, J., Yan, L., Wang, Q., and J. Qin, "RADIUS issues in IPv6 deployments", February 2011. [draft-maglione-radext-ipv6-acct-extensions-01] Maglione, R., Krishnan, S., Kavanagh, A., Varga, B., and J. Kaippallimalil, "RADIUS Accounting Extensions for IPv6", January 2011. [ietf-radext-ipv6-access-03] Lourdelet, B., Dec, W., Sarikaya, B., Zorn, G., and D. Miles, "RADIUS attributes for IPv6 Access Networks", January 2011. Authors' Addresses Leaf Y. Yeh (editor) Huawei Technologies Area F, Huawei Park, Bantian, Longgang District, Shenzhen 518129 P.R.China Phone: +86-755-28971871 Email: leaf.y.yeh@huawei.com Tina Tsou Huawei Technologies Email: tena@huawei.com Yeh & Tsou Expires September 30, 2011 [Page 11]