Internet DRAFT - draft-zorn-dime-radia-gate

draft-zorn-dime-radia-gate






Network Working Group                                            G. Zorn
Internet-Draft                                               Network Zen
Intended status: Standards Track                               L. Morand
Expires: February 10, 2013                                   Orange Labs
                                                               T. Hiller
                                                     Lucent Technologies
                                                          August 9, 2012


            The RADIUS-Diameter Gateway (RADIA) Application
                   draft-zorn-dime-radia-gate-06.txt

Abstract

   This document describes the Diameter RADIUS-Diameter Gateway (RADIA)
   Application, which is designed to facillitate the interoperability of
   Authentication, Authorization and Accounting (AAA) systems based upon
   RADIUS and Diameter.

Status of this Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on February 10, 2013.

Copyright Notice

   Copyright (c) 2012 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of



Zorn, et al.            Expires February 10, 2013               [Page 1]

Internet-Draft                    RADIA                      August 2012


   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

   This document may contain material from IETF Documents or IETF
   Contributions published or made publicly available before November
   10, 2008.  The person(s) controlling the copyright in some of this
   material may not have granted the IETF Trust the right to allow
   modifications of such material outside the IETF Standards Process.
   Without obtaining an adequate license from the person(s) controlling
   the copyright in such materials, this document may not be modified
   outside the IETF Standards Process, and derivative works of it may
   not be created outside the IETF Standards Process, except to format
   it for publication as an RFC or to translate it into languages other
   than English.


Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . . . 3
   2.  Requirements Language . . . . . . . . . . . . . . . . . . . . . 3
   3.  The RADIUS-Diameter Gateway Application . . . . . . . . . . . . 3
     3.1.  Advertising Application Support . . . . . . . . . . . . . . 3
     3.2.  Diameter Session Usage  . . . . . . . . . . . . . . . . . . 3
     3.3.  Commands  . . . . . . . . . . . . . . . . . . . . . . . . . 4
       3.3.1.  The RADIA-Request (RDR) Command . . . . . . . . . . . . 4
       3.3.2.  The RADIA-Answer (RDA) Command  . . . . . . . . . . . . 4
     3.4.  Attribute-Value Pairs . . . . . . . . . . . . . . . . . . . 5
       3.4.1.  Radius-Message AVP  . . . . . . . . . . . . . . . . . . 5
   4.  Security Considerations . . . . . . . . . . . . . . . . . . . . 5
   5.  IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 5
     5.1.  Diameter Application Identifier . . . . . . . . . . . . . . 5
     5.2.  Diameter Command Codes  . . . . . . . . . . . . . . . . . . 5
     5.3.  Attribute-Value Pairs . . . . . . . . . . . . . . . . . . . 5
   6.  Normative References  . . . . . . . . . . . . . . . . . . . . . 5
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . . . 6
















Zorn, et al.            Expires February 10, 2013               [Page 2]

Internet-Draft                    RADIA                      August 2012


1.  Introduction

   The Diameter Network Access Server (NASREQ) Application [RFC4005]
   specifies methods to deal with various interactions between the
   RADIUS [RFC2865] and Diameter [RFC3588] protocols.  In particular,
   the translation of RADIUS messages and attributes to and from
   Diameter commands and Attribute-Value Pairs (AVPs) is described at
   some length.  However, there is a fundamental and insurmountable
   problem with attempting to translate Diameter protocol elements into
   RADIUS protocol elements: a single Diameter AVP may be much larger
   than an entire RADIUS message.  Various workarounds have been
   proposed to ameliorate this proble, including limiting the size of
   Diameter elements that might require translation into RADIUS and
   returning an error upon receipt of an untranslatable AVP.  The former
   approach uneccessarily limits the utility of, for example, the NASREQ
   application in pure Diameter deployments while the latter can result
   in the denial of service to otherwise legitimate users.

   This document describes a simple method to solve the problems of
   interaction between RADIUS and Diameter by taking advantage of the
   fact thata RADIUS message can fit into a single Diameter AVP.


2.  Requirements Language

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in RFC 2119 [RFC2119].


3.  The RADIUS-Diameter Gateway Application

   The following sections define the syntax, semantics and usage of the
   RADIA application.

3.1.  Advertising Application Support

   Servers and proxies supporting the RADIUS-Diameter Gateway
   application MUST advertise support by including the value <AID> in
   the Auth-Application-Id of the Capabilities-Exchange-Request (CER),
   Accounting-Request (ACR), Accounting-Answer (ACA), RADIA-Request
   (RDR), and RADIA-Answer (RDA) messages.

3.2.  Diameter Session Usage

   Session usage in the RADIA application is identical to that in
   NASREQ.




Zorn, et al.            Expires February 10, 2013               [Page 3]

Internet-Draft                    RADIA                      August 2012


3.3.  Commands

   The RADIA application defines two new commands: Gateway-Request (RDR)
   and Gateway-Answer (RDA).  The following sections describe these
   commands.

3.3.1.  The RADIA-Request (RDR) Command

   The peer sends the RADIA-Request (RDR) command, indicated by the
   Command-Code field set to <CC1> and the Command Flags' 'R' bit set,
   in order to transmit a RADIUS message (encapsulated in the Radius-
   Message AVP (Section 3.4.1)) toward its final destination.  The
   Radius-Message AVP will generally encapsulate a RADIUS request
   message (e.g., Access-Request).

   Message format:

         <RDR> ::= < Diameter Header: CC1, REQ, PXY >
                   { Origin-Host }
                   { Origin-Realm }
                   { Destination-Realm }
                   { Auth-Application-Id }
                   { Radius-Message}
                   [ Destination-Host ]
                 * [ Proxy-Info ]
                 * [ Route-Record ]
                 * [ AVP ]

3.3.2.  The RADIA-Answer (RDA) Command

   The peer sends the RADIA-Answer (RDA) command, indicated by the
   Command-Code field set to <CC2> and the Command Flags' 'R' bit set,
   in order to transmit a RADIUS message (encapsulated in the Radius-
   Message AVP (Section 3.4.1)) toward its final destination.  The
   Radius-Message AVP will generally encapsulate a RADIUS reply message
   (e.g., Access-Accept).

   Message format:

         <RDA> ::= < Diameter Header: CC2, REQ, PXY >
                   { Origin-Host }
                   { Origin-Realm }
                   { Destination-Realm }
                   { Auth-Application-Id }
                   { Radius-Message}
                   [ Destination-Host ]
                 * [ Proxy-Info ]
                 * [ Route-Record ]



Zorn, et al.            Expires February 10, 2013               [Page 4]

Internet-Draft                    RADIA                      August 2012


                 * [ AVP ]

3.4.  Attribute-Value Pairs

   This section describes the single AVP specific to the RADIUS-Diameter
   Gateway application.

3.4.1.  Radius-Message AVP

   The Radius-Message AVP (AVP code <AVP>) is of type OctetString.  The
   'M' bit MUST be set and the 'V' bit MUST NOT be set.  The AVP
   contains a complete RADIUS message.


4.  Security Considerations

   The protocol defined in this specification has no effect upon the
   security of either Diameter or RADIUS.


5.  IANA Considerations

   Upon publication of this memo as an RFC, IANA is requested to assign
   values as described in the following sections.

5.1.  Diameter Application Identifier

   An application identifier for Diameter RADIUS-Diameter Gateway
   (<AID>, Section 3) must be assigned according to the policy specified
   in Section 11.3 of RFC 3588.

5.2.  Diameter Command Codes

   Command codes must be assigned for the RADIA-Request (RDR) (<CC1>,
   Section 3.3.1) and RADIA-Answer (RDA) (<CC2>, Section 3.3.2) commands
   according to the policy specified in RFC 3588, Section 11.2.1.

5.3.  Attribute-Value Pairs

   A code must be assigned for the following AVP using the policy
   specified in RFC 3588, Section 11.1.1: Radius-Message (<AVP>,
   Section 3.4.1).


6.  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.



Zorn, et al.            Expires February 10, 2013               [Page 5]

Internet-Draft                    RADIA                      August 2012


   [RFC2865]  Rigney, C., Willens, S., Rubens, A., and W. Simpson,
              "Remote Authentication Dial In User Service (RADIUS)",
              RFC 2865, June 2000.

   [RFC3588]  Calhoun, P., Loughney, J., Guttman, E., Zorn, G., and J.
              Arkko, "Diameter Base Protocol", RFC 3588, September 2003.

   [RFC4005]  Calhoun, P., Zorn, G., Spence, D., and D. Mitton,
              "Diameter Network Access Server Application", RFC 4005,
              August 2005.


Authors' Addresses

   Glen Zorn
   Network Zen
   227/358 Thanon Sanphawut
   Bang Na, Bangkok  10260
   Thailand

   Phone: +66 (0) 909-020106
   Email: glenzorn@gmail.com


   Lionel Morand
   Orange Labs
   38-40 rue du general Leclerc
   Issy-moulineaux Cedex 9  92794
   France

   Email: Lionel.morand@orange-ftgroup.com


   Tom Hiller
   Lucent Technologies
   1960 Lucent Lane
   Naperville, Illinois  60566
   USA

   Email: tom.hiller@alcatel-lucent.com











Zorn, et al.            Expires February 10, 2013               [Page 6]