Radext Working Group L. Yeh, Ed. Internet-Draft Huawei Technologies Intended status: Standards Track October 31, 2011 Expires: May 3, 2012 RADIUS Accounting Extensions of Traffic Statistics draft-yeh-radext-ext-traffic-statistics-01 Abstract This document specifies the RADIUS attributes extensions of IPv4 and IPv6 traffic statistics for the differentiated accounting policies and traffic recording on the AAA server. Status of this Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on May 3, 2012. Copyright Notice Copyright (c) 2011 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Yeh Expires May 3, 2012 [Page 1] Internet-Draft RADIUS Accounting Extensions October 2011 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology and Language . . . . . . . . . . . . . . . . . . . 5 3. Deployment Scenarios . . . . . . . . . . . . . . . . . . . . . 5 4. Traffic Statistics Attributes . . . . . . . . . . . . . . . . 5 4.1. Define the Attributes in the Traditional Unsigned Type Space . . . . . . . . . . . . . . . . . . . . . . . . . . 5 4.2. Define the Attributes in the Extended Type Space . . . . . 7 5. Table of Attributes . . . . . . . . . . . . . . . . . . . . . 8 6. Security Considerations . . . . . . . . . . . . . . . . . . . 9 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 9 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 9 9.1. Normative References . . . . . . . . . . . . . . . . . . . 9 9.2. Informative References . . . . . . . . . . . . . . . . . . 10 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 11 Yeh Expires May 3, 2012 [Page 2] Internet-Draft RADIUS Accounting Extensions October 2011 1. Introduction RADIUS has been widely used as the centralized Authentication and Authorization management method for the service provision to the users in Broadband network. [RFC3162], [RFC4818] and [ietf-radext-ipv6-access-05] has specified some attributes to support the service provision of IPv6-only and dual-stack. Radius is also a protocol for carrying accounting information between a Network Access Server and a shared accounting server. In the scenarios of dual- stack or any other IPv6 transition use case, such as DS-Lite, 6rd or the potential 4rd, there is a demand to report the separated IPv4 & IPv6 traffic statistics for the differential accounting and traffic recording. [BBF TR-187] (Edited by ALU & Cisco), which dedicates for the network architecture models and elements requirements in the PPPoE scenario to support IPv6-only or dual stack for Internet access service, has expressed this demand in its section 9.4. The explicit texts are as follows: The BNG must also be able to support separate queues for IPv4 and IPv6 traffic, as they may be used to offer IPv4 and IPv6 services with different policies. Note that BNG of BBF is a kind of NAS of IETF. R-60 The BNG MUST support forwarding IPv6 and IPv4 traffic in common traffic classes. R-61 The BNG MUST support forwarding IPv6 and IPv4 traffic in separate traffic classes. R-64 The BNG MUST support input and output octet counters that are separate for both IPv6 and IPv4 traffic. R-65 The BNG MUST support input and output packet counters that are separate for both IPv6 and IPv4 traffic. Per the section 9.4 of BBF TR-187, the NAS is required to support separate queues and counters for IPv4 or IPv6 traffic, and the Radius attributes of Acct-Input-Octets, Acct-Output-Octets, Acct-Input- Packets, Acct-Output-Packets are recommended to use for the combination traffic. That means some new RADIUS attributes is required to report the separated IPv4 or IPv6 traffic statistics. [draft-maglione-radext-ipv6-acct-extensions-01] (Edited by Telecom Italia, Ericsson & Magyar Telekom) tries to define the following attributes: Yeh Expires May 3, 2012 [Page 3] Internet-Draft RADIUS Accounting Extensions October 2011 IPv6-Acct-Input-Octets IPv6-Acct-Output-Octets IPv6-Acct-Input-Packets IPv6-Acct-Output-Packets IPv6-Acct-Input-Gigawords IPv6-Acct-Output-Gigawords for the collecting of IPv6 traffic statistics in RADIUS accounting messages. [draft-hu-v6ops-radius-issues-ipv6-00] (Edited by China Telecom & ZTE) presents the same issue on the accounting for dual- stack traffic statistics, but it sounds like limit to the PPP case. [draft-winter-radext-fancyaccounting-00] also shows the interest to define a group of attributes to report the statistics for various traffic classes, but tries to use the extended type space. And [draft-yeh-radext-dual-stack-access-02] (Edited Huawei) tries to use the traditional format defined in [RFC2865], [RFC2866] and [RFC2869] to extend some new attributes: Acct-Input-IPv4-Octets Acct-Output-IPv4-Octets Acct-Input-IPv4-Packets Acct-Output-IPv4-Packets Acct-Input-IPv4-Gigawords Acct-Output-IPv4-Gigawords Acct-Input-IPv6-Octets Acct-Output-IPv6-Octets Acct-Input-IPv6-Packets Acct-Output-IPv6-Packets Acct-Input-IPv6-Gigawords Acct-Output-IPv6-Gigawords against the dual-stack case for traffic statistics reporting in RADIUS. [draft-ietf-radext-radius-extensions-02], which is already in the phase of WGLC, has extended the type space of RADIUS attribute and defined the new formats for the extended type attributes with some new data types. That might means the type code in the new extended space will be used to define a new attribute, if it is agreed to move the 'Unassigned' code space (from 144 to 191) to be 'Deprecated'. This document tries to use both the traditional format defined in [RFC2865] and the new format defined in [draft-ietf-radext-radius-extensions-02] for the extension of IPv4 and IPv6 traffic statistics, and let the WG decides which one is more suitable for the cases mentioned here. Yeh Expires May 3, 2012 [Page 4] Internet-Draft RADIUS Accounting Extensions October 2011 2. Terminology and Language This document describes some new RADIUS attributes and the associated usage on NAS and AAA server. This document should be read in conjunction with the relevant RADIUS specifications, including [RFC2865], [RFC2866], [RFC2869], and [draft-ietf-radext-radius-extensions-02], for a complete mechanism. Definitions for terms and acronyms not specifically defined in this document are defined in RFC2865, RFC2866, RFC2869, and [draft-ietf-radext-radius-extensions-02]. The keywords MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD, SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL, when they appear in this document, are to be interpreted as described in BCP 14, [RFC2119]. 3. Deployment Scenarios Figure 1 show the typical use case of the traffic statistics reporting for the dual-stack users. +----------+ +----------+ +----------+ | Host / | PPPoE | | RADIUS | AAA | | Customer | ------------ | NAS | ------------ | Server | | Router | IPoE | | Accounting | | +----------+ +----------+ +----------+ Dual-Stack Separated queues and counter for IPv4 and IPv6 traffic Figure 1: Traffic Statistics of Dual-Stack Users for RADIUS Accounting Note that traffic statistics reporting is also needed in the IPv6 transition cases, such as DS-Lite, 6rd or the potential 4rd. 4. Traffic Statistics Attributes 4.1. Define the Attributes in the Traditional Unsigned Type Space There are 8 new attributes of the traffic statistics, including: Yeh Expires May 3, 2012 [Page 5] Internet-Draft RADIUS Accounting Extensions October 2011 Acct-Input-IPv4-Octets Acct-Output-IPv4-Octets Acct-Input-IPv4-Packets Acct-Output-IPv4-Packets Acct-Input-IPv6-Octets Acct-Output-IPv6-Octets Acct-Input-IPv6-Packets Acct-Output-IPv6-Packets defined in this section per the traditional format defined in [RFC2865]. Description The traffic statistics attributes, including Acct-Input-IPv4- Octets, Acct-Output-IPv4-Octets, Acct-Input-IPv4-Packets, Acct- Output-IPv4-Packets and Acct-Input-IPv6-Octets, Acct-Output-IPv6- Octets, Acct-Input-IPv6-Packets, Acct-Output-IPv6-Packets, indicate how many octets or packets of IPv4 or IPv6 received from the user or sent to the user from the starting of this service provided, and can be present in Accounting-Request records while the Acct-Status-Type is set to Interim-Update or Stop. For the attribute of Acct-Input-IPv4-Octets, NAS report how many Octets of IPv4 traffic received from the user from the starting of the service authorized. For the attribute of Acct-Output-IPv4-Octets, NAS report how many Octets of IPv4 traffic sent to the user from the starting of the service authorized. For the attribute of Acct-Input-IPv4-Packets, NAS report how many packets of IPv4 traffic received from the user from the starting of the service authorized. For the attribute of Acct-Output-IPv4-Packets, NAS report how many packets of IPv4 traffic sent to the user from the starting of the service authorized. For the attribute of Acct-Input-IPv6-Octets, NAS report how many Octets of IPv6 traffic received from the user from the starting of the service authorized. For the attribute of Acct-Output-IPv6-Octets, NAS report how many Octets of IPv6 traffic sent to the user from the starting of the service authorized. Yeh Expires May 3, 2012 [Page 6] Internet-Draft RADIUS Accounting Extensions October 2011 For the attribute of Acct-Input-IPv6-Packets, NAS report how many packets of IPv6 traffic received from the user from the starting of the service authorized. For the attribute of Acct-Output-IPv6-Packets, NAS report how many packets of IPv6 traffic sent to the user from the starting of the service authorized. A summary of the Traffic Statistics attributes format is shown as below. The fields are transmitted from left to right. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Value | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Value (cont.) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Value (cont.) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type TBAn (by IANA) Length =10 Value The Value field is 8 octets and uses Integer64 defined in [draft-ietf-radext-radius-extensions-02], for its data type. 4.2. Define the Attributes in the Extended Type Space Description The definition and usage of the traffic statistics attributes, including Acct-Input-IPv4-Octets, Acct-Output-IPv4-Octets, Acct- Input-IPv4-Packets, Acct-Output-IPv4-Packets and Acct-Input-IPv6- Octets, Acct-Output-IPv6-Octets, Acct-Input-IPv6-Packets, Acct- Output-IPv6-Packets, are the same as that described in section 4.1 A summary of the Traffic Statistics attributes format is shown as below. The fields are transmitted from left to right. Yeh Expires May 3, 2012 [Page 7] Internet-Draft RADIUS Accounting Extensions October 2011 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Extended-Type | Value | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Value (cont.) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Value (cont.) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type Acct-Input-IPv4-Octets 241.TBA1(by IANA) or 241.42(suggested) Acct-Output-IPv4-Octets 241.TBA2(by IANA) or 241.43(suggested) Acct-Input-IPv4-Packets 241.TBA3(by IANA) or 241.47(suggested) Acct-Output-IPv4-Packets 241.TBA4(by IANA) or 241.48(suggested) Acct-Input-IPv6-Octets 241.TBA5(by IANA) or 242.42(suggested) Acct-Output-IPv6-Octets 241.TBA6(by IANA) or 242.43(suggested) Acct-Input-IPv6-Packets 241.TBA7(by IANA) or 242.47(suggested) Acct-Output-IPv6-Packets 241.TBA8(by IANA) or 242.48(suggested) Length =11 Value The Value field is 8 octets and uses Integer64 defined in [draft-ietf-radext-radius-extensions-02], for its data type. 5. Table of Attributes The following table provides a guide to which attributes may be found in which kinds of packets, and in what quantity. Req- Acc- Rej- Chall Accounting # Attribute uest ept ect -enge Request 0 0 0 0 0-1 TBA1 Acct-Input-IPv4-Octets 0 0 0 0 0-1 TBA2 Acct-Output-IPv4-Octets 0 0 0 0 0-1 TBA3 Acct-Input-IPv4-Packets 0 0 0 0 0-1 TBA4 Acct-Output-IPv4-Packets 0 0 0 0 0-1 TBA5 Acct-Input-IPv6-Octets 0 0 0 0 0-1 TBA6 Acct-Output-IPv6-Octets 0 0 0 0 0-1 TBA7 Acct-Input-IPv6-Packets 0 0 0 0 0-1 TBA8 Acct-Output-IPv6-Packets The meaning of the above table entries is as follows: Yeh Expires May 3, 2012 [Page 8] Internet-Draft RADIUS Accounting Extensions October 2011 0 This attribute MUST NOT be present. 0+ Zero or more instances of this attribute MAY be present. 0-1 Zero or one instance of this attribute MAY be present. 1 Exactly one instance of this attribute MUST be present. 1+ One or more of these attributes MUST be present. 6. Security Considerations Security issues related RADIUS are described in section 8 of RFC2865 and section 5 of RFC3162. 7. IANA Considerations IANA is requested to assign 8 new attribute types code in the "Radius Types" registry (http://www.iana.org/assignments/radius-types for the following attributes: Acct-Input-IPv4-Octets Acct-Output-IPv4-Octets Acct-Input-IPv4-Packets Acct-Output-IPv4-Packets Acct-Input-IPv6-Octets Acct-Output-IPv6-Octets Acct-Input-IPv6-Packets Acct-Output-IPv6-Packets IANA should allocate these codes from the standardized type space of the RADIUS attributes using the "IETF Review" policy [RFC5226]. 8. Acknowledgements TBD 9. References 9.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC2865] Rigney, C., Willens, S., Rubens, A., and W. Simpson, "Remote Authentication Dial In User Service (RADIUS)", RFC 2865, June 2000. Yeh Expires May 3, 2012 [Page 9] Internet-Draft RADIUS Accounting Extensions October 2011 [RFC2866] Rigney, C., "RADIUS Accounting", RFC 2866, June 2000. [RFC2869] Rigney, C., Willats, W., and P. Calhoun, "RADIUS Extensions", RFC 2869, June 2000. [RFC3162] Aboba, B., Zorn, G., and D. Mitton, "RADIUS and IPv6", RFC 3162, August 2001. [RFC4818] Salowey, J. and R. Droms, "RADIUS Delegated-IPv6-Prefix Attribute", RFC 4818, April 2007. [draft-ietf-radext-radius-extensions-02] DeKok, A. and A. Lior, "Remote Authentication Dial In User Service (RADIUS) Protocol Extensions", Oct 2011. 9.2. Informative References [BBF TR-187] Broadband Forum, "IPv6 for PPP Broadband Access, Issue 1", May 2010. [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 5226, May 2008. [draft-hu-v6ops-radius-issues-ipv6-00] Hu, J., Yan, L., Wang, Q., and J. Qin, "RADIUS issues in IPv6 deployments", February 2011. [draft-maglione-radext-ipv6-acct-extensions-01] Maglione, R., Krishnan, S., Kavanagh, A., Varga, B., and J. Kaippallimalil, "RADIUS Accounting Extensions for IPv6", January 2011. [draft-winter-radext-fancyaccounting-00] Winter, S., "RADIUS Accounting for traffic classes", March 2011. [draft-yeh-radext-dual-stack-access-02] Yeh, L. and T. Tsou, "RADIUS Attributes for Dual Stack Access", March 2011. [ietf-radext-ipv6-access-05] Lourdelet, B., Dec, W., Sarikaya, B., Zorn, G., and D. Miles, "RADIUS attributes for IPv6 Access Networks", July 2011. Yeh Expires May 3, 2012 [Page 10] Internet-Draft RADIUS Accounting Extensions October 2011 Author's Address Leaf Y. Yeh (editor) Huawei Technologies F4, Huawei Area, Bantian, Longgang District, Shenzhen 518129 P.R.China Phone: +86-755-28971871 Email: leaf.y.yeh@huawei.com Yeh Expires May 3, 2012 [Page 11]