Radext Working Group L. Yeh, Ed. Internet-Draft Huawei Technologies Intended status: Standards Track March 5, 2012 Expires: September 6, 2012 RADIUS Accounting Extensions for Traffic Statistics draft-yeh-radext-ext-traffic-statistics-02 Abstract This document specifies the RADIUS extensions of attributes for the traffic statistics with different type, which can be used to support the differentiated accounting policies and traffic recording on the AAA server. Status of this Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on September 6, 2012. Copyright Notice Copyright (c) 2012 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Yeh Expires September 6, 2012 [Page 1] Internet-Draft RADIUS Accounting Extensions March 2012 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology and Language . . . . . . . . . . . . . . . . . . . 4 3. Deployment Scenarios . . . . . . . . . . . . . . . . . . . . . 4 4. Acct-Traffic-Statistics attribute . . . . . . . . . . . . . . 4 4.1. Container attribute of Acct-Traffic-Statistics . . . . . . 5 4.2. Contained attribute of Acct-Traffic-Statistics . . . . . . 6 4.2.1. Acct-Traffic-Statistics.Traffic-Type . . . . . . . . . 6 4.2.2. Acct-Traffic-Statistics.Input-Octets . . . . . . . . . 7 4.2.3. Acct-Traffic-Statistics.Output-Octets . . . . . . . . 7 4.2.4. Acct-Traffic-Statistics.Input-Packets . . . . . . . . 8 4.2.5. Acct-Traffic-Statistics.Output-Packets . . . . . . . . 9 5. Table of Attribute . . . . . . . . . . . . . . . . . . . . . . 10 6. Diameter Considerations . . . . . . . . . . . . . . . . . . . 10 7. Security Considerations . . . . . . . . . . . . . . . . . . . 10 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 11 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 11 10.1. Normative References . . . . . . . . . . . . . . . . . . . 11 10.2. Informative References . . . . . . . . . . . . . . . . . . 12 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 12 Yeh Expires September 6, 2012 [Page 2] Internet-Draft RADIUS Accounting Extensions March 2012 1. Introduction RADIUS has been widely used as the centralized authentication, authorization and user management method for the service provision in Broadband access network. [RFC3162], [RFC4818] and [ietf-radext-ipv6-access-06] has specified some attributes to support the service provision for IPv6 access. In the meantime, Radius is also a protocol for carrying accounting information between a Network Access Server and a shared accounting server. In the scenarios of dual-stack or any other IPv6 transition use case, there is a demand to report the separated IPv4 & IPv6 traffic statistics for the differential accounting and traffic recording. [BBF TR-187], whose purpose is to describe the network architecture and elements requirements in the PPPoE scenario to support IPv6-only or dual-stack for Internet access service, has explicitly expressed this demand in its section 9.4. The BNG is required to support separate queues and counters for IPv4 or IPv6 traffic, and the Radius attributes of Acct-Input-Octets, Acct-Output-Octets, Acct-Input- Packets, Acct-Output-Packets are recommended to use for the combination traffic. New RADIUS attributes are required for the reporting on the separated IPv4 or IPv6 traffic statistics. (Note that BNG of BBF is a kind of broadband NAS of IETF.) [draft-hu-v6ops-radius-issues-ipv6-00] presented the same issue on 'protocol specific accounting' for the dual-stack traffic statistics, but it also limits to the PPP case. [draft-maglione-radext-ipv6-acct-extensions-01] and [draft-yeh-radext-dual-stack-access-02] tried to defined a batch of attributes on the traffic statistics respectively for the IPv6-only access and dual-stack access in the traditional flat mode, while [draft-winter-radext-fancyaccounting-00] indicated that the accounting attributes of Input-Octets, Output-Octets, Input-Packets and Output-Packets can be grouped in the new basic and standardizing data type of nesting-TLV for the extended type defined in [draft-ietf-radext-radius-extensions-04]. Nesting-TLV is also a recommended substitute of the data type for the potential attribute design, which intends to employ multiple fields of a new complex data type, in the section 6.3 of [draft-ietf-radext-radius-extensions-04]. Based on the judge on the quickly-exhausted standard type space, the Radext Working Group tends to adopt the new data type of nesting-TLV for the accounting report of the traffic statistics. (Note that some text in this section might not be necessary after the draft turns to be WG item.) Yeh Expires September 6, 2012 [Page 3] Internet-Draft RADIUS Accounting Extensions March 2012 2. Terminology and Language This document describes some new RADIUS attributes and the associated usage on NAS and AAA server. This document should be read in conjunction with the relevant RADIUS specifications, including [RFC2865], [RFC2866], [RFC2869], and [draft-ietf-radext-radius-extensions-04], for a complete mechanism. Definitions for terms and acronyms not specifically defined in this document are defined in [RFC2865], [RFC2866], [RFC2869], [RFC3575], [RFC6158], and [draft-ietf-radext-radius-extensions-04]. The keywords MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD, SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL, when they appear in this document, are to be interpreted as described in BCP 14, [RFC2119]. 3. Deployment Scenarios Figure 1 show the typical use case of the traffic statistics reporting for the dual-stack users. +----------+ +----------+ +----------+ | Host / | PPPoE | | RADIUS | AAA | | Customer | ------------ | NAS | ------------ | Server | | Router | IPoE | | Accounting | | +----------+ +----------+ +----------+ Dual-Stack Separated queues and counter for IPv4 and IPv6 traffic Figure 1: Traffic Statistics of Dual-Stack Users for RADIUS Accounting Note that traffic statistics reporting is also needed in the IPv6 transition cases, such as DS-Lite, 6rd or the potential MAP, where AFTR (Address Family Transition Router) or BR (Border Router) acts as the broadband NAS. 4. Acct-Traffic-Statistics attribute The attribute of Acct-traffic-statistics is designed according to the guidelines described in [RFC6158] and section 6 of [draft-ietf-radext-radius-extensions-04]. It adopts the data structure of the newly defined nesting TLV, has 1 container attribute, Acct-Traffic-Statistics, and 5 contained sub-attributes, Traffic-Type, Input-Octets, Output-Octets, Input-Packets, Output- Packets, to support the extensible types of traffic statistics. The sub-attribute of Acct-Traffic-Statistics.Traffic-Type, must be Yeh Expires September 6, 2012 [Page 4] Internet-Draft RADIUS Accounting Extensions March 2012 included in the container attribute; one or more of the other 4 sub- attributes much be included in the container attribute; Because sub- attribute has its own type code, the appearance of the contained sub- attribute in the container attribute is not necessary in order. 4.1. Container attribute of Acct-Traffic-Statistics Description The attribute of Acct-Traffic-Statistics, which includes sub- attributes of Traffic-Type and Input-Octets, Output-Octets, Input- Packets or Output-Packets, reports how many octets or packets of the traffic class specified in the sub-attributes of Acct-Traffic- Statistics.Traffic-Type, from the user or sent to the user, from the starting of the associated service provided. Acct-traffic- statistics can be present in Accounting-Request(4) message while the Acct-Status-Type(40) is set to Interim-Update or Stop. A summary of the Acct-Traffic-Statistics attribute format is shown as below. The fields are transmitted from left to right. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Extended-Type | Value | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Value (cont.)... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type Supposed to be 241, which indicates the extended type space. Length 19, 29 or 49, depend on 2, 3 or 5 sub-attributes contained. Extended-Type TBA for Acct-Traffic-Statistics (by IANA) Value The Value of the container attribute are the sub-attributes in TLV mode. At least the sub-attribute of Traffic-Type, and one of the other 4 sub-attributes, Input-Octets, Output-Octets, Input- Packets, Output-Packets should be included. Yeh Expires September 6, 2012 [Page 5] Internet-Draft RADIUS Accounting Extensions March 2012 4.2. Contained attribute of Acct-Traffic-Statistics 4.2.1. Acct-Traffic-Statistics.Traffic-Type Description The sub-attribute of Acct-Traffic-Statistics.Traffic-Type indicates the type of the separated and combined traffic of IPv4 and IPv6. (Note that [draft-winter-radext-fancyaccounting-00] intended to cover 'its DSCP'.) A summary of the Acct-Traffic-Statistics.Traffic-Type attribute format is shown as below. The fields are transmitted from left to right. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Value | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Value (cont.) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type TBA.1 for Acct-Traffic-Statistics.Traffic-Type (by IANA) Length 6 Value Enumerated Data Type in 4-Octet unsigned integer defined in [RFC6158]. The beginning 3 Octets are reserved for future usage, and are set to Ox00. The decimal value are as follows: 0 the combined traffic of IPv4 and IPv6 1 the separated traffic of IPv4 2 the separated traffic of IPv6 Discussion 1: If the Traffic-Type intends to cover the separated or combined IPv4 and IPv6 traffic type, and its DSCP(Differentiated Services Code Point), then the beginning 6 bits of the last octet (as per RFC2474) might be used for the DSCP. Or let the traffic class based on DSCP be determined in the Yeh Expires September 6, 2012 [Page 6] Internet-Draft RADIUS Accounting Extensions March 2012 future. Discussion 2: Is it a good idea to use the bits in this field to cover the change with Input/Output and Octets/Packets? 4.2.2. Acct-Traffic-Statistics.Input-Octets Description This attribute indicates how many octets in IP layer have been received from the user from the starting of the service authorized. (Note that IP layer is explicit here because is definitely related to the service.) A summary of the Acct-Traffic-Statistics.Input-Octets attribute format is shown as below. The fields are transmitted from left to right. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Value | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Value (cont.) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Value (cont.) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type TBA.2 for Acct-Traffic-Statistics.Input-Octets (by IANA) Length 10 Value Integer64 data type in 8-Octet unsigned integer defined in [draft-ietf-radext-radius-extensions-04]. 4.2.3. Acct-Traffic-Statistics.Output-Octets Description This attribute indicates how many octets in IP layer sent to the user from the starting of the service authorized. Yeh Expires September 6, 2012 [Page 7] Internet-Draft RADIUS Accounting Extensions March 2012 A summary of the Acct-Traffic-Statistics.Output-Octets attribute format is shown as below. The fields are transmitted from left to right. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Value | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Value (cont.) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Value (cont.) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type TBA.3 for Acct-Traffic-Statistics.Output-Octets (by IANA) Length 10 Value Integer64 data type in 8-Octet unsigned integer defined in [draft-ietf-radext-radius-extensions-04]. 4.2.4. Acct-Traffic-Statistics.Input-Packets Description This attribute indicates how many packets in IP layer received from the user from the starting of the service authorized. A summary of the Acct-Traffic-Statistics.Input-Packets attribute format is shown as below. The fields are transmitted from left to right. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Value | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Value (cont.) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Value (cont.) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Yeh Expires September 6, 2012 [Page 8] Internet-Draft RADIUS Accounting Extensions March 2012 Type TBA.4 for Acct-Traffic-Statistics.Input-Packets (by IANA) Length 10 Value Integer64 data type in 8-Octet unsigned integer defined in [draft-ietf-radext-radius-extensions-04]. 4.2.5. Acct-Traffic-Statistics.Output-Packets Description This attribute indicates how many packets in IP layer sent to the user from the starting of the service authorized. A summary of the Acct-Traffic-Statistics.Output-Packets attribute format is shown as below. The fields are transmitted from left to right. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Value | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Value (cont.) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Value (cont.) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type TBA.5 for Acct-Traffic-Statistics.Output-Packets (by IANA) Length 10 Value Integer64 data type in 8-Octet unsigned integer defined in [draft-ietf-radext-radius-extensions-04]. Yeh Expires September 6, 2012 [Page 9] Internet-Draft RADIUS Accounting Extensions March 2012 5. Table of Attribute The following table provides a guide to which attributes may be found in which kinds of packets, and in what quantity. Req- Acc- Rej- Chall Accounting # Attribute uest ept ect -enge Request 0 0 0 0 0-1 TBA Acct-Traffic-Statistics The meaning of the above table entries is as follows: 0 This attribute MUST NOT be present. 0+ Zero or more instances of this attribute MAY be present. 0-1 Zero or one instance of this attribute MAY be present. 1 Exactly one instance of this attribute MUST be present. 1+ One or more of these attributes MUST be present. 6. Diameter Considerations Given that the Attributes defined in this document are allocated from the RADIUS type space, no special handling is required by Diameter entities. 7. Security Considerations Known security vulnerabilities of the RADIUS protocol may apply to its attributes. Security issues related RADIUS are described in section 8 of [RFC2865], section 5 of [RFC3162]. 8. IANA Considerations IANA is requested to assign 1 new attribute type code and 5 type codes for its sub-attributes in the extended type space of "Radius Types" registry (http://www.iana.org/assignments/radius-types/radius-types.xml) for the following attributes: Acct-Traffic-Statistics Acct-Traffic-Statistics.Traffic-Type Acct-Traffic-Statistics.Input-Octets Acct-Traffic-Statistics.Output-Octets Acct-Traffic-Statistics.Input-Packets Acct-Traffic-Statistics.Output-Packets IANA should allocate these codes from the standardized extended type Yeh Expires September 6, 2012 [Page 10] Internet-Draft RADIUS Accounting Extensions March 2012 space of the RADIUS attributes using the "IETF Review" policy [RFC5226]. 9. Acknowledgements The authors would like to thank Roberta Maglione, Jie Hu for their efforts in the history to bring this problem to IETF, and Alan DeKok, Peter Deacon for their valuable discussion and comments on the RADIUS solution for this problem. 10. References 10.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC2865] Rigney, C., Willens, S., Rubens, A., and W. Simpson, "Remote Authentication Dial In User Service (RADIUS)", RFC 2865, June 2000. [RFC2866] Rigney, C., "RADIUS Accounting", RFC 2866, June 2000. [RFC2869] Rigney, C., Willats, W., and P. Calhoun, "RADIUS Extensions", RFC 2869, June 2000. [RFC3162] Aboba, B., Zorn, G., and D. Mitton, "RADIUS and IPv6", RFC 3162, August 2001. [RFC3575] Aboba, B., "IANA Considerations for RADIUS (Remote Authentication Dial In User Service)", RFC 3575, July 2003. [RFC4818] Salowey, J. and R. Droms, "RADIUS Delegated-IPv6-Prefix Attribute", RFC 4818, April 2007. [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 5226, May 2008. [draft-ietf-radext-radius-extensions-04] DeKok, A. and A. Lior, "Remote Authentication Dial In User Service (RADIUS) Protocol Extensions", Oct 2011. Yeh Expires September 6, 2012 [Page 11] Internet-Draft RADIUS Accounting Extensions March 2012 10.2. Informative References [BBF TR-187] Broadband Forum, "IPv6 for PPP Broadband Access, Issue 1", May 2010. [RFC6158] DeKok, A. and G. Weber, "RADIUS Design Guidelines", BCP 158, RFC 6158, March 2011. [draft-hu-v6ops-radius-issues-ipv6-00] Hu, J., Yan, L., Wang, Q., and J. Qin, "RADIUS issues in IPv6 deployments", February 2011. [draft-maglione-radext-ipv6-acct-extensions-01] Maglione, R., Krishnan, S., Kavanagh, A., Varga, B., and J. Kaippallimalil, "RADIUS Accounting Extensions for IPv6", January 2011. [draft-winter-radext-fancyaccounting-00] Winter, S., "RADIUS Accounting for traffic classes", March 2011. [draft-yeh-radext-dual-stack-access-02] Yeh, L. and T. Tsou, "RADIUS Attributes for Dual Stack Access", March 2011. [ietf-radext-ipv6-access-06] Lourdelet, B., Dec, W., Sarikaya, B., Zorn, G., and D. Miles, "RADIUS attributes for IPv6 Access Networks", July 2011. Author's Address Leaf Y. Yeh (editor) Huawei Technologies Shenzhen P. R. China Phone: +86-755-28978851 Email: leaf.y.yeh@huawei.com Yeh Expires September 6, 2012 [Page 12]