Radext Working Group L. Yeh Internet-Draft Huawei Technologies Intended status: Standards Track M. Boucadair Expires: April 18, 2013 France Telecom October 15, 2012 RADIUS Accounting Extensions for Traffic Statistics draft-yeh-radext-ext-traffic-statistics-04 Abstract This document specifies the RADIUS extensions of attributes for the traffic statistics with different type, which can be used to support the differentiated accounting policies and traffic recording on the AAA server. Status of this Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on April 18, 2013. Copyright Notice Copyright (c) 2012 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Yeh & Boucadair Expires April 18, 2013 [Page 1] Internet-Draft RADIUS Accounting Extensions October 2012 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology and Conventions . . . . . . . . . . . . . . . . . 4 3. Deployment Scenarios . . . . . . . . . . . . . . . . . . . . . 4 4. Acct-Traffic-Statistics attribute . . . . . . . . . . . . . . 4 4.1. Container attribute of Acct-Traffic-Statistics . . . . . . 5 4.2. Contained attribute of Acct-Traffic-Statistics . . . . . . 6 4.2.1. Acct-Traffic-Statistics.Stack-Type . . . . . . . . . . 6 4.2.2. Acct-Traffic-Statistics.Input-Octets . . . . . . . . . 7 4.2.3. Acct-Traffic-Statistics.Output-Octets . . . . . . . . 7 4.2.4. Acct-Traffic-Statistics.Input-Packets . . . . . . . . 8 4.2.5. Acct-Traffic-Statistics.Output-Packets . . . . . . . . 9 4.2.6. Acct-Traffic-Statistics.DSCP-Type . . . . . . . . . . 10 5. Table of Attribute . . . . . . . . . . . . . . . . . . . . . . 10 6. Diameter Considerations . . . . . . . . . . . . . . . . . . . 11 7. Security Considerations . . . . . . . . . . . . . . . . . . . 11 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 11 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 12 10.1. Normative References . . . . . . . . . . . . . . . . . . . 12 10.2. Informative References . . . . . . . . . . . . . . . . . . 12 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 13 Yeh & Boucadair Expires April 18, 2013 [Page 2] Internet-Draft RADIUS Accounting Extensions October 2012 1. Introduction RADIUS has been widely used as the centralized authentication, authorization and subscriber management method for the service provision in Broadband access network. [RFC3162], [RFC4818] and [I-D.ietf-radext-ipv6-access] have specified some attributes to support the service provision for IPv6 access. In the meantime, RADIUS is also a protocol for carrying accounting information between a Network Access Server (NAS) and a shared accounting server. In the scenarios of dual-stack or any other IPv6 migration technologies, there is a demand to report the separated IPv4 & IPv6 traffic statistics for the differential accounting and traffic recording. [BBF TR-187], whose purpose is to describe the network architecture and elements requirements in the PPPoE scenario to support IPv6-only or dual-stack for Internet access service, has explicitly expressed in its Section 9.4, that the BNG must be able to support separate queues, input and output counters for IPv4 or IPv6 traffic. Note that BNG of BBF is a kind of broadband NAS of IETF. Meanwhile [BBF TR-187] suggested to use the RADIUS attributes (eg. Acct-Input- Octets (42), Acct-Output-Octets (43), Acct-Input-Packets (47), Acct- Output-Packets (48)) for the combination of IPv6 and IPv4 traffic. That means the new RADIUS attributes for reporting the separated IPv4 or IPv6 traffic statistics are required to be defined. [I-D.hu-v6ops-radius-issues-ipv6-00] presented the same issue on 'protocol specific accounting' for the dual-stack traffic statistics, but it also limits to the PPP case. [I-D.maglione-radext-ipv6-acct-extensions-01] and [I-D.yeh-radext-dual-stack-access-02] tried to defined a batch of attributes on the traffic statistics respectively for the IPv6-only access and dual-stack access in the traditional type space with the flat mode , while [I-D.winter-radext-fancyaccounting] indicated that the accounting attributes of Input-Octets, Output-Octets, Input- Packets and Output-Packets can be grouped in the new basic data type of TLV-nesting defined in Section 2.3 of [I-D.ietf-radext-radius-extensions] for the extended type space. According to [RFC6158] and Section 6.3 of [I-D.ietf-radext-radius-extensions], Nesting-TLV is the only recommendation for the new attribute design which intends to employ multiple fields in the complex data type now. Based on the judge of the quickly-exhausted traditional type space, the Radext Working Group tends to adopt the new data type of nesting-TLV defined for the extended type space to report the traffic statistics for the accounting extension. This document specifies new attributes of the traffic statistics with different types for the extension of RADIUS accounting to support the Yeh & Boucadair Expires April 18, 2013 [Page 3] Internet-Draft RADIUS Accounting Extensions October 2012 differentiated accounting policies and traffic recording on the AAA server. The reporting traffic types include the combination of stack types and the optional DSCP types. Note: This document tries to narrow the scope of the solution space just to meet the requirements explicitly expressed by the industry without defining new RADIUS messages or introducing a new namespace for the additional interoperability. 2. Terminology and Conventions Definitions for terms and acronyms not specifically defined in this document are defined in [RFC2865], [RFC2866], [RFC2869], [RFC3575], [RFC6158], and [I-D.ietf-radext-radius-extensions]. The keywords MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD, SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL, when they appear in this document, are to be interpreted as described in BCP 14, [RFC2119]. 3. Deployment Scenarios Figure 1 shows the typical use case of the traffic statistics reporting for the dual-stack users. +----------+ +----------+ +----------+ | Host / | PPPoE | | RADIUS | AAA | | Customer | ------------ | NAS | ------------ | Server | | Router | IPoE | | Accounting | | +----------+ +----------+ +----------+ Dual-Stack Separated queues and counter for IPv4 and IPv6 traffic Figure 1: Traffic Statistics of Dual-Stack Users for RADIUS Accounting Note that traffic statistics reporting is also needed in the IPv6 transition cases, such as DS-Lite, 6rd or MAP, where AFTR (Address Family Transition Router) or BR (Border Router) may act as the broadband NAS. 4. Acct-Traffic-Statistics attribute Acct-traffic-statistics attribute is designed according to the guidelines described in [RFC6158] and Section 6 of [I-D.ietf-radext-radius-extensions]. It adopts the data structure of Yeh & Boucadair Expires April 18, 2013 [Page 4] Internet-Draft RADIUS Accounting Extensions October 2012 the TLV nesting, has 1 container attribute, Acct-Traffic-Statistics, and 6 contained sub-attributes, Stack-Type, Input-Octets, Output- Octets, Input-Packets, Output-Packets, DSCP-Type (Differentiated Services CodePoint), and possible support the extensible types of traffic statistics in the future. The sub-attribute of Stack-Type MUST be included, one or more sub-attribute of Input-Octets, Output- Octets, Input-Packets or Output-Packets sub-attributes MUST be included and sub-attribute of DSCP-Type MAY be included in the container attribute, Acct-Traffic-Statistics. Because each of the sub-attributes has its own type code, the appearance of the contained sub-attributes is not necessary in a fixed order. 4.1. Container attribute of Acct-Traffic-Statistics Description The container attribute of Acct-Traffic-Statistics, which includes sub-attributes of Stack-Type, or DSCP-Type, and Input-Octets, Output-Octets, Input-Packets or Output-Packets, reports how many octets or packets of the specified traffic type, from the user or sent to the user, from the starting of the associated service provided. The sub-attributes of Stack-Type or DSCP-Type indicates the specified traffic type. One or more Acct-traffic-statistics attribute can be presented in Accounting-Request(4) message while the Acct-Status-Type(40) is set to Interim-Update or Stop. The format of Acct-Traffic-Statistics attribute format is shown as below. The fields are transmitted from left to right. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Extended-Type | Value | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Value (cont.)... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type 241, which indicates the extended type space. Length The length of the whole attribute in octet. Extended-Type Yeh & Boucadair Expires April 18, 2013 [Page 5] Internet-Draft RADIUS Accounting Extensions October 2012 TBA for Acct-Traffic-Statistics (See Section 8) Value The Value of the container attribute are the sub-attributes defined in Section 4.2 in TLV nesting mode. At least the sub- attribute of Stack-Type, and one of Input-Octets, Output-Octets, Input-Packets or Output-Packets sub-attributes MUST be included. 4.2. Contained attribute of Acct-Traffic-Statistics 4.2.1. Acct-Traffic-Statistics.Stack-Type Description Acct-Traffic-Statistics.Stack-Type sub-attribute indicates the type of the separated and combined traffic for IPv4 and IPv6. The format of Acct-Traffic-Statistics.Stack-Type sub-attribute is shown as below. The fields are transmitted from left to right. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Value | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Value (cont.) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type TBA.1 for Acct-Traffic-Statistics.Stack-Type (See Section 8) Length 6 Value Enumerated Data Type in 4-Octet unsigned integer defined in [RFC6158]. The beginning 3 Octets are reserved for future use, and are set to 0x00 now. The decimal value of the last octet is defined as follows: 0 Combined traffic of IPv4 and IPv6 Yeh & Boucadair Expires April 18, 2013 [Page 6] Internet-Draft RADIUS Accounting Extensions October 2012 1 IPv4-only traffic 2 IPv6-only traffic 4.2.2. Acct-Traffic-Statistics.Input-Octets Description Acct-Traffic-Statistics.Input-Octets sub-attribute indicates how many octets in IP layer received from the user (or subscriber device) from the starting of the service authorized. The format of Acct-Traffic-Statistics.Input-Octets sub-attribute is shown as below. The fields are transmitted from left to right. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Value | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Value (cont.) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Value (cont.) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type TBA.2 for Acct-Traffic-Statistics.Input-Octets (See Section 8) Length 10 Value Integer64 data type in 8-Octet unsigned integer defined in [I-D.ietf-radext-radius-extensions]. 4.2.3. Acct-Traffic-Statistics.Output-Octets Description Acct-Traffic-Statistics.Output-Octets sub-attribute indicates how many octets in IP layer forwarded to the user (or subscriber device) from the starting of the service authorized. Yeh & Boucadair Expires April 18, 2013 [Page 7] Internet-Draft RADIUS Accounting Extensions October 2012 The format of Acct-Traffic-Statistics.Output-Octets sub-attribute is shown as below. The fields are transmitted from left to right. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Value | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Value (cont.) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Value (cont.) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type TBA.3 for Acct-Traffic-Statistics.Output-Octets (See Section 8) Length 10 Value Integer64 data type in 8-Octet unsigned integer defined in [I-D.ietf-radext-radius-extensions]. 4.2.4. Acct-Traffic-Statistics.Input-Packets Description Acct-Traffic-Statistics.Input-Packets sub-attribute indicates how many packets in IP layer received from the user (or subscriber device) from the starting of the service authorized. The format of Acct-Traffic-Statistics.Input-Packets sub-attribute is shown as below. The fields are transmitted from left to right. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Value | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Value (cont.) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Value (cont.) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Yeh & Boucadair Expires April 18, 2013 [Page 8] Internet-Draft RADIUS Accounting Extensions October 2012 Type TBA.4 for Acct-Traffic-Statistics.Input-Packets (See Section 8) Length 10 Value Integer64 data type in 8-Octet unsigned integer defined in [I-D.ietf-radext-radius-extensions]. 4.2.5. Acct-Traffic-Statistics.Output-Packets Description Acct-Traffic-Statistics.Input-Packets sub-attribute indicates how many packets in IP layer forwarded to the user (or subscriber device) from the starting of the service authorized. The format of Acct-Traffic-Statistics.Output-Packets sub-attribute is shown as below. The fields are transmitted from left to right. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Value | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Value (cont.) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Value (cont.) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type TBA.5 for Acct-Traffic-Statistics.Output-Packets (See Section 8) Length 10 Value Integer64 data type in 8-Octet unsigned integer defined in [I-D.ietf-radext-radius-extensions]. Yeh & Boucadair Expires April 18, 2013 [Page 9] Internet-Draft RADIUS Accounting Extensions October 2012 4.2.6. Acct-Traffic-Statistics.DSCP-Type Description Acct-Traffic-Statistics.DSCP-Type sub-attribute indicates the DSCP type of the separated or combined IPv4 and IPv6 traffic. The format of Acct-Traffic-Statistics.DSCP-Type sub-attribute is shown as below. The fields are transmitted from left to right. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Value | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Value (cont.) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type TBA.6 for Acct-Traffic-Statistics.DSCP-Type (See Section 8) Length 6 Value Enumerated Data Type in 4-Octet unsigned integer defined in [RFC6158]. The beginning 3 Octets are reserved for future use, and are set to 0x00 now. The first 2 bits of the last octet are reserved for future use, and are set to 00 now. The last 6 bits of the last octet is used to contain the DSCP value as per [RFC2474]. 5. Table of Attribute The following table provides a guide to which attributes may be found in which kinds of packets, and in what quantity. Req- Acc- Rej- Chall Accounting # Attribute uest ept ect -enge Request 0 0 0 0 0+ TBA Acct-Traffic-Statistics The meaning of the above table entries is as follows: Yeh & Boucadair Expires April 18, 2013 [Page 10] Internet-Draft RADIUS Accounting Extensions October 2012 0 This attribute MUST NOT be present. 0+ Zero or more instances of this attribute MAY be present. 0-1 Zero or one instance of this attribute MAY be present. 1 Exactly one instance of this attribute MUST be present. 1+ One or more of these attributes MUST be present. 6. Diameter Considerations Given that the Attributes defined in this document are allocated from the RADIUS extended type space (see Section 8), no special handling is required by Diameter entities. 7. Security Considerations Security issues related RADIUS are described in Section 8 of [RFC2865] and Section 5 of [RFC3162]. 8. IANA Considerations The authors of this document request to assign new Radius type codes for Acct-Traffic-Statistics and its following sub-attributes. Acct-Traffic-Statistics.Stack-Type Acct-Traffic-Statistics.Input-Octets Acct-Traffic-Statistics.Output-Octets Acct-Traffic-Statistics.Input-Packets Acct-Traffic-Statistics.Output-Packets Acct-Traffic-Statistics.DSCP-Type These type codes should be allocated from the RADIUS extended type space based on Section 10 of [I-D.ietf-radext-radius-extensions] and "IETF Review" policy [RFC5226]. 9. Acknowledgements Thanks to Roberta Maglione, Jie Hu for their efforts in the history to bring this problem to IETF, to Stefan Winter, Alan DeKok, Peter Deacon for their valuable comments in the mailing list of Radext. 10. References Yeh & Boucadair Expires April 18, 2013 [Page 11] Internet-Draft RADIUS Accounting Extensions October 2012 10.1. Normative References [I-D.ietf-radext-radius-extensions] DeKok, A. and A. Lior, "Remote Authentication Dial In User Service (RADIUS) Protocol Extensions", draft-ietf-radext-radius-extensions-06 (work in progress), June 2012. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC2474] Nichols, K., Blake, S., Baker, F., and D. Black, "Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers", RFC 2474, December 1998. [RFC2865] Rigney, C., Willens, S., Rubens, A., and W. Simpson, "Remote Authentication Dial In User Service (RADIUS)", RFC 2865, June 2000. [RFC2866] Rigney, C., "RADIUS Accounting", RFC 2866, June 2000. [RFC2869] Rigney, C., Willats, W., and P. Calhoun, "RADIUS Extensions", RFC 2869, June 2000. [RFC3162] Aboba, B., Zorn, G., and D. Mitton, "RADIUS and IPv6", RFC 3162, August 2001. [RFC3575] Aboba, B., "IANA Considerations for RADIUS (Remote Authentication Dial In User Service)", RFC 3575, July 2003. [RFC4818] Salowey, J. and R. Droms, "RADIUS Delegated-IPv6-Prefix Attribute", RFC 4818, April 2007. [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 5226, May 2008. [RFC6158] DeKok, A. and G. Weber, "RADIUS Design Guidelines", BCP 158, RFC 6158, March 2011. 10.2. Informative References [BBF TR-187] Broadband Forum, "IPv6 for PPP Broadband Access, Issue 1", May 2010. Yeh & Boucadair Expires April 18, 2013 [Page 12] Internet-Draft RADIUS Accounting Extensions October 2012 [I-D.hu-v6ops-radius-issues-ipv6-00] Hu, J., Yan, L., Wang, Q., and J. Qin, "RADIUS issues in IPv6 deployments", February 2011. [I-D.ietf-radext-ipv6-access] Dec, W., Sarikaya, B., Zorn, G., Miles, D., and B. Lourdelet, "RADIUS attributes for IPv6 Access Networks", draft-ietf-radext-ipv6-access-11 (work in progress), August 2012. [I-D.maglione-radext-ipv6-acct-extensions-01] Maglione, R., Krishnan, S., Kavanagh, A., Varga, B., and J. Kaippallimalil, "RADIUS Accounting Extensions for IPv6", January 2011. [I-D.winter-radext-fancyaccounting] Winter, S., "RADIUS Accounting for traffic classes", draft-winter-radext-fancyaccounting-02 (work in progress), July 2012. [I-D.yeh-radext-dual-stack-access-02] Yeh, L. and T. Tsou, "RADIUS Attributes for Dual Stack Access", March 2011. Authors' Addresses Leaf Y. Yeh Huawei Technologies Shenzhen P. R. China Email: leaf.y.yeh@huawei.com Mohamed Boucadair France Telecom Rennes, France Email: mohamed.boucadair@orange.com Yeh & Boucadair Expires April 18, 2013 [Page 13]