Internet DRAFT - draft-yeh-radext-ext-dual-stack-access

draft-yeh-radext-ext-dual-stack-access






Radext Working Group                                              L. Yeh
Internet-Draft                                       Huawei Technologies
Intended status: Standards Track                            July 9, 2012
Expires: January 10, 2013


                 RADIUS Extension for Dual Stack Access
               draft-yeh-radext-ext-dual-stack-access-00

Abstract

   This document specifies the additional RADIUS attribute for IPv4 and
   IPv6 dual stack access, which are used in the AAA processes for NAS
   to employ the right mechanism and to allocate the proper
   configuration or resources for the users.

Status of this Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on January 10, 2013.

Copyright Notice

   Copyright (c) 2012 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.




Yeh                     Expires January 10, 2013                [Page 1]

Internet-Draft              RADIUS Dual Stack                  July 2012


Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . . . 3
   2.  Terminology and Conventions . . . . . . . . . . . . . . . . . . 4
   3.  Deployment Scenarios  . . . . . . . . . . . . . . . . . . . . . 4
   4.  Attributes  . . . . . . . . . . . . . . . . . . . . . . . . . . 5
     4.1.  Access-Type . . . . . . . . . . . . . . . . . . . . . . . . 5
   5.  Table of Attributes . . . . . . . . . . . . . . . . . . . . . . 8
   6.  Security Considerations . . . . . . . . . . . . . . . . . . . . 8
   7.  IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 8
   8.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . . . 8
   9.  References  . . . . . . . . . . . . . . . . . . . . . . . . . . 8
     9.1.  Normative References  . . . . . . . . . . . . . . . . . . . 8
     9.2.  Informative References  . . . . . . . . . . . . . . . . . . 9
   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . . . 9




































Yeh                     Expires January 10, 2013                [Page 2]

Internet-Draft              RADIUS Dual Stack                  July 2012


1.  Introduction

   Subscriber IP sessions can be either IPv4/IPv6 dual-stack, IPv6-only,
   or the legacy IPv4-only in the typical PPPoE based [BBF TR-187] or
   IPoE based [BBF TR-177] deployment scenarios.  The user in these IP
   sessions can be a host or a Customer Edge router (CE router, routed
   Residential Gateway, routed-RG, Customer Premise Equipment or routed-
   CPE).  In the IPv6 part of these session, the broadband Network
   Access Server (NAS) acting as the Provider Edge router (PE router)
   and RADIUS client simultaneously, usually employ DHCPv6-PD
   [RFC3633][RFC4818] to delegate IPv6 prefix to CE router for its
   customer network.  In the meantime, the WAN (NAS-facing) interface of
   CE router can be numbered or unnumbered (Section 2.3 of [BBF
   TR-177]).  The NAS can employ SLAAC [RFC4862] to assign a IPv6 prefix
   or employ DHCPv6 [RFC3315] to assign a IPv6 address to the CE router
   for its WAN interface.  Therefore, there are at least the following
   access types of user that the NAS and the centralized AAA server are
   served for:

      PPPoE-IPv4-only-host or CE

      PPPoE-IPv6-only-host (Numbered by SLAAC)
      PPPoE-IPv6-only-host (Numbered by DHCPv6)
      PPPoE-IPv6-only-CE (Unnumbered)
      PPPoE-IPv6-only-CE (Numbered by SLAAC)
      PPPoE-IPv6-only-CE (Numbered by DHCPv6)

      PPPoE-dual-stack-host (IPv6-Numbered by SLAAC)
      PPPoE-dual-stack-host (IPv6-Numbered by DHCPv6)
      PPPoE-dual-stack-CE (IPv6-Unnumbered)
      PPPoE-dual-stack-CE (IPv6-Numbered by SLAAC)
      PPPoE-dual-stack-CE (IPv6-Numbered by DHCPv6)

      IPoE-IPv4-only-host or CE

      IPoE-IPv6-only-host (Numbered by SLAAC)
      IPoE-IPv6-only-host (Numbered by DHCPv6)
      IPoE-IPv6-only-CE (Unnumbered)
      IPoE-IPv6-only-CE (Numbered by SLAAC)
      IPoE-IPv6-only-CE (Numbered by DHCPv6)

      IPoE-dual-stack-host (IPv6-Numbered by SLAAC)
      IPoE-dual-stack-host (IPv6-Numbered by DHCPv6)
      IPoE-dual-stack-CE (IPv6-Unnumbered)
      IPoE-dual-stack-CE (IPv6-Numbered by SLAAC)
      IPoE-dual-stack-CE (IPv6-Numbered by DHCPv6)

   The different access type of users need the NAS (Broadband Network



Yeh                     Expires January 10, 2013                [Page 3]

Internet-Draft              RADIUS Dual Stack                  July 2012


   Gateway or BNG) employ different mechanism and allocate different
   resource for the associated processes.  The addresses assigned and
   the prefixes delegated to the customer hosts or CE can be explicitly
   got from the AAA server through attributes in the Access-Accept
   packets ([RFC2865], [RFC3162] and [RFC4818]), or be dynamically get
   from the local address or prefix pool configured on the NAS
   ([RFC2869], [RFC3162] and [ietf-radext-ipv6-access-09]).  When the
   NAS dynamically assign address or delegate prefix to the customer
   hosts or CE from the pools, it can use the default or preconfigured
   pools on the NAS or alternatively use the indicated pools in the
   attributes of the Access-Accept.

   This document defines the additional RADIUS attributes to specify the
   access type of users for the simplified and proper authorization and
   accounting in RADIUS processes.


2.  Terminology and Conventions

   This document describes the additional RADIUS attribute and the
   associated usage on NAS and AAA server.  This document should be read
   in conjunction with the relevant RADIUS specifications, including
   [RFC2865], [RFC2866], [RFC2869], [RFC3162] and [RFC4818] for a
   complete mechanism.  Definitions for terms and acronyms not
   specifically defined in this document are defined in RFC2865,
   RFC2866, RFC2869, RFC3162 and RFC4818.

   The keywords MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD,
   SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL, when they appear in this
   document, are to be interpreted as described in BCP 14, [RFC2119].


3.  Deployment Scenarios

    +----------+                +----------+                +----------+
    |  Host    |      PPPoE     |          |     RADIUS     |   AAA    |
    |   or     | -------------- |   NAS    | -------------- |  Server  |
    |CE router |      IPoE      |          |   Access-Type  |          |
    +----------+                +----------+                +----------+
     Dual-Stack              Local Address Pool
     IPv6-only               Local Prefix Pool

    Figure 1: Deployment Scenario for various access types of the users

   In the above depicted scenario, the NAS acting as PE router may
   configure local address or prefix pools, use the mechanism of PPPoE
   NCP, IPv6 SLAAC or DHCPv6 protocols to handle IPv4 address, IPv6
   address and IPv6 prefix assignment to hosts or CEs.  The AAA server



Yeh                     Expires January 10, 2013                [Page 4]

Internet-Draft              RADIUS Dual Stack                  July 2012


   authenticates each host or CE, and returns the attributes used for
   authorization and accounting.

   The attribute of Access-Type can be used to indicate the right
   configuration on the NAS for the users, or to report the right access
   type of the users to the accounting server.  When the attribute of
   Access-Type is included, the address and prefix pools of the default
   configuration on the NAS are not always necessary to be indicated in
   the Access-Accept packet for the users' authorization.


4.  Attributes

   The fields shown in the diagrams below are transmitted from left to
   right.

4.1.  Access-Type

   Description

      The attribute indicates the access type of the user requested in
      the Access-Request packet, authorized in the Access-Accept packet
      or recorded in the Accounting-Request packet.

      The format of the Access-Type is:


       0                   1                   2                   3
       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |     Type      |     Length    |              Value            |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |          Value (cont.)        |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Type

      TBA1 (by IANA)

   Length

      6

   Value

      Enumerated Data Type in 4-Octet unsigned integer defined in
      [RFC6158].  The beginning 3 Octets are reserved for future use,
      and are set to 0x00 now.  The decimal value of the last octet is



Yeh                     Expires January 10, 2013                [Page 5]

Internet-Draft              RADIUS Dual Stack                  July 2012


      defined as follows:

      When PPPoE is used for the access method, the Access-Type of the
      user get the following 'Value':


      1   PPPoE-IPv4-only-host (or CE)
      2   PPPoE-IPv6-only-host (Numbered by SLAAC)
      3   PPPoE-IPv6-only-host (Numbered by DHCPv6)
      4   PPPoE-IPv6-only-CE (Unnumbered)
      5   PPPoE-IPv6-only-CE (Numbered by SLAAC)
      6   PPPoE-IPv6-only-CE (Numbered by DHCPv6)
      7   PPPoE-dual-stack-host (IPv6-Numbered by SLAAC)
      8   PPPoE-dual-stack-host (IPv6-Numbered by DHCPv6)
      9   PPPoE-dual-stack-CE (IPv6-Unnumbered)
      10  PPPoE-dual-stack-CE (IPv6-Numbered by SLAAC)
      11  PPPoE-dual-stack-CE (IPv6-Numbered by DHCPv6)

      When IPoE is used for the access method, the Access-Type of user
      gets the following 'Value':


      12  IPoE-IPv4-only-host (or CE)
      13  IPoE-IPv6-only-host (Numbered by SLAAC)
      14  IPoE-IPv6-only-host (Numbered by DHCPv6)
      15  IPoE-IPv6-only-CE (Unnumbered)
      16  IPoE-IPv6-only-CE (Numbered by SLAAC)
      17  IPoE-IPv6-only-CE (Numbered by DHCPv6)
      18  IPoE-dual-stack-host (IPv6-Numbered by SLAAC)
      19  IPoE-dual-stack-host (IPv6-Numbered by DHCPv6)
      20  IPoE-dual-stack-CE (IPv6-Unnumbered)
      21  IPoE-dual-stack-CE (IPv6-Numbered by SLAAC)
      22  IPoE-dual-stack-CE (IPv6-Numbered by DHCPv6)

   o  For the user access type of IPv4-only host (or CE), NAS needs to
      report Access-Type and Framed-IP-Address (8) in the accounting-
      request packets for the assigned IPv4 address;

   o  For the user access type of IPv6-only host (Numbered by SLAAC),
      NAS needs to report Access-Type and Framed-IPv6-Prefix (97) in the
      accounting-request packets;

   o  For the user access type of IPv6-only host (Numbered by DHCPv6),
      NAS needs to report Access-Type and Framed-IPv6-address in the
      accounting-request packets;

   o  For the user access type of IPv6-only CE (Unnumbered), NAS needs
      to report Access-Type and Delegated-IPv6-Prefix (123) in the



Yeh                     Expires January 10, 2013                [Page 6]

Internet-Draft              RADIUS Dual Stack                  July 2012


      accounting-request packets;

   o  For the user access type of IPv6-only CE (Numbered by SLAAC), NAS
      needs to report Access-Type, Framed-IPv6-Prefix (97) and
      Delegated-IPv6-Prefix (123) in the accounting-request packets;

   o  For the user access type of IPv6-only CE (Numbered by DHCPv6), NAS
      needs to report Access-Type, Framed-IPv6-address and Delegated-
      IPv6-Prefix (123) in the accounting-request packets;

   o  For the user access type of dual-stack host (IPv6-Numbered by
      SLAAC), NAS needs to report Access-Type, Framed-IP-Address (8) and
      Framed-IPv6-Prefix (97) in the accounting-request packets;

   o  For the user access type of dual-stack host (IPv6-Numbered by
      DHCPv6), NAS needs to report Access-Type, Framed-IP-Address (8)
      and Framed-IPv6-address in the accounting-request packets;

   o  For the user access type of dual-stack CE (IPv6-Unnumbered), NAS
      needs to report Access-Type, Framed-IP-Address (8) and Delegated-
      IPv6-Prefix (123) in the accounting-request packets;

   o  For the user access type of dual-Stack CE (IPv6-Numbered by
      SLAAC), NAS needs to report Access-Type, Framed-IP-Address (8),
      Framed-IPv6-Prefix (97) and Delegated-IPv6-Prefix (123) in the
      accounting-request packets;

   o  For the user access type of dual-Stack CE (IPv6-Numbered by
      DHCPv6), NAS needs to report Access-Type, Framed-IP-Address (8),
      Framed-IPv6-address and Delegated-IPv6-Prefix (123) in the
      accounting-request packets.

   Discussion:

      The alternative attribute design could separate the access type of
      the users into several dimensions.


      Access-Method: Enumerated Data Type
         0 for PPPoE; 1 for IPoE
      Stack-Type: Enumerated Data Type
         0 for dual stack; 1 for IPv4-only; 2 for IPv6-only
      Node-Type: Enumerated Data Type
         0 for host; 1 for CE
      WAN-Interface-Numbering-Type: Enumerated Data Type
         0 for Unnumbered; 1 for numbered
      WAN-Interface-Address-Assignment-Type: Enumerated Data Type
         0 for SLAAC; 1 for DHCPv6



Yeh                     Expires January 10, 2013                [Page 7]

Internet-Draft              RADIUS Dual Stack                  July 2012


      Though the combination of the attributes sounds clearer in the
      semantics, and not all of attributes defined are needed for every
      user, but it still looks too complicated in some use cases.


5.  Table of Attributes

   The following table provides a guide to which attributes may be found
   in which kinds of packets, and in what quantity.

   Req-  Acc-  Rej-  Chall  Accounting #      Attribute
   uest  ept   ect   -enge  Request
   0-1   0-1   0     0      0-1        TBA1   Access-Type

   The meaning of the above table entries is as follows:

   0    This attribute MUST NOT be present.
   0+   Zero or more instances of this attribute MAY be present.
   0-1  Zero or one instance of this attribute MAY be present.
   1    Exactly one instance of this attribute MUST be present.
   1+   One or more of these attributes MUST be present.


6.  Security Considerations

   Security issues related RADIUS are described in section 8 of RFC2865
   and section 5 of RFC3162.


7.  IANA Considerations

   The authors of this document request to assign new Radius type code
   for Access-Type.  IANA should allocate the new code from the standard
   RADIUS Attributes space using the "IETF Review" policy [RFC5226].


8.  Acknowledgements

   Thanks to David B. Nelson for his valuable comments in the mailing
   list of Radext.


9.  References

9.1.  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.



Yeh                     Expires January 10, 2013                [Page 8]

Internet-Draft              RADIUS Dual Stack                  July 2012


   [RFC2865]  Rigney, C., Willens, S., Rubens, A., and W. Simpson,
              "Remote Authentication Dial In User Service (RADIUS)",
              RFC 2865, June 2000.

   [RFC2866]  Rigney, C., "RADIUS Accounting", RFC 2866, June 2000.

   [RFC2869]  Rigney, C., Willats, W., and P. Calhoun, "RADIUS
              Extensions", RFC 2869, June 2000.

   [RFC3162]  Aboba, B., Zorn, G., and D. Mitton, "RADIUS and IPv6",
              RFC 3162, August 2001.

   [RFC3315]  Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C.,
              and M. Carney, "Dynamic Host Configuration Protocol for
              IPv6 (DHCPv6)", RFC 3315, July 2003.

   [RFC3633]  Troan, O. and R. Droms, "IPv6 Prefix Options for Dynamic
              Host Configuration Protocol (DHCP) version 6", RFC 3633,
              December 2003.

   [RFC4818]  Salowey, J. and R. Droms, "RADIUS Delegated-IPv6-Prefix
              Attribute", RFC 4818, April 2007.

   [RFC4862]  Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless
              Address Autoconfiguration", RFC 4862, September 2007.

   [RFC5226]  Narten, T. and H. Alvestrand, "Guidelines for Writing an
              IANA Considerations Section in RFCs", BCP 26, RFC 5226,
              May 2008.

9.2.  Informative References

   [BBF TR-177]
              Broadband Forum, "IPv6 in the context of TR-101, Issue 1",
              November 2010.

   [BBF TR-187]
              Broadband Forum, "IPv6 for PPP Broadband Access, Issue 1",
              May 2010.

   [ietf-radext-ipv6-access-09]
              Lourdelet, B., Dec, W., Sarikaya, B., Zorn, G., and D.
              Miles, "RADIUS attributes for IPv6 Access Networks",
              January 2011.







Yeh                     Expires January 10, 2013                [Page 9]

Internet-Draft              RADIUS Dual Stack                  July 2012


Author's Address

   Leaf Y. Yeh
   Huawei Technologies
   Shenzhen
   P.R.China

   Email: leaf.y.yeh@huawei.com











































Yeh                     Expires January 10, 2013               [Page 10]