Network Working Group B. Lourdelet Internet-Draft Cisco Systems, Inc. Intended status: Standards Track June 12, 2008 Expires: December 14, 2008 IPv6 RADIUS attributes for DHCP based networks draft-lourdelet-radext-ipv6-dhcp-00.txt Status of this Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on December 14, 2008. Abstract This document specifies RADIUS [RFC2865] attributes supporting IPv6 network access to complement [RFC3162] in DHCP environments. It addresses the need to dynamically advertise DNS Server addresses and one or multiple IPv6 addresses via DHCPv6. Lourdelet Expires December 14, 2008 [Page 1] Internet-Draft IPv6 RADIUS attributes for DHCP June 2008 Table of Contents 1. Requirements notation . . . . . . . . . . . . . . . . . . . . . 3 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Deployment scenario . . . . . . . . . . . . . . . . . . . . . . 3 4. IPv6-Address Attribute . . . . . . . . . . . . . . . . . . . . 4 5. IPv6-DNS Attribute . . . . . . . . . . . . . . . . . . . . . . 5 6. Table of attributes . . . . . . . . . . . . . . . . . . . . . . 6 7. Security Considerations . . . . . . . . . . . . . . . . . . . . 6 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 6 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 7 9.1. Normative References . . . . . . . . . . . . . . . . . . . 7 9.2. Informative References . . . . . . . . . . . . . . . . . . 7 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 7 Intellectual Property and Copyright Statements . . . . . . . . . . 8 Lourdelet Expires December 14, 2008 [Page 2] Internet-Draft IPv6 RADIUS attributes for DHCP June 2008 1. Requirements notation The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. 2. Introduction This document specifies RADIUS attributes used to support DHCP based IPv6 access networks : DNS Server IPv6 address and IPv6 addresses. 3. Deployment scenario The attributes defined in this document are targeted at enhancing the IPv6 access deployment scenarios involving DHCPv6 [RFC3315]. The IPv6-Address attribute is used by a router fulfilling DHCPv6 Server function for individual addresses when it receives configuration information from a RADIUS server, as illustrated in the following message sequence. Router/Host (DHCPv6 Client) Router (DHCPv6 Server) RADIUS Server | | | |--Solicit(Address)-------->| | | |-----Request------------------->| | |<---------Accept(IPv6-Address)--| |<-Advertise(Address)-------| | |---Request(Address)------->| | |<---Reply(Address)---------| | This attributes offers an entire IPv6 address to the DHCPv6 Server in contrast to Interface-id [RFC3162] that offers only 64 bits. Even concatenated with Framed-IPv6 prefix [RFC3162] to make a 128 bit IPv6 address, this does not address scenarios where there is a need to offer multiple addresses or off-link IPv6 addresses that are not part of the prefix stored in the Framed-IPv6-Prefix attribute. Storing the IPv6 address in the subscriber RADIUS profile is particularly useful as the Service Provider will know in advance the customers uplink IPv6 address, hence facilitating management or security policy implementation. The IPv6-DNS attribute is used by a router fulfilling DHCPv6 Server function for individual addresses when it receives configuration information from a RADIUS server, as illustrated in the following Lourdelet Expires December 14, 2008 [Page 3] Internet-Draft IPv6 RADIUS attributes for DHCP June 2008 message sequence. Router/Host (DHCPv6 Client) Router (DHCPv6 Server) RADIUS Server | | | |--Solicit (DNS)------------>| | | |-Request----------------------->| | |<-------Accept(Ipv6-DNS)--------| |<-Advertise(DNS)------------| | |-Request(DNS)-------------->| | |<--Reply(DNS)---------------| | The attributes offer the capability to specify IPv6 DNS Server address on a subscriber basis instead of hardcoding the value on the DHCP Server on a pool basis. This is particularly useful in wholesale scenarios where the list of DNS Servers to provide depends on the subscriber itself. 4. IPv6-Address Attribute This Attribute indicates an IPv6 Address that is assigned to the uplink of the user equipment. This attribute will be mapped to Non- temporary Addresses option in DHCPv6. It MAY be used in Access- Accept packets, and can appear multiple times. It MAY be used in an Access-Request packet as a hint by the NAS to the server that it would prefer these IPv6 address(es), but the server is not required to honor the hint. Since it is assumed that the NAS, when necessary will add a route corresponding to the address, it is not necessary for the server to also send a host Framed-IPv6-Route attribute for the same address. A summary of the IPv6-Address Attribute format is shown below. The fields are transmitted from left to right. Lourdelet Expires December 14, 2008 [Page 4] Internet-Draft IPv6 RADIUS attributes for DHCP June 2008 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | IPv6-Address +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ IPv6-Address +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ IPv6-Address +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ IPv6-Address +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ IPv6-Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type x for IPv6-Address Length 18 IPv6-Address The IPv6-Address field is 16 octets. 5. IPv6-DNS Attribute The IPv6-DNS Attribute contains an ordered list of addresses of the Domain Name Service (DNS) Servers to be used by the DHCPv6 Client. This attribute is mapped into the DNS Recursive Name Server option [RFC3646]. This attribute MAY be included in both Access-Accept and Accounting-Request packets. A summary of the IPv6-DNS Attribute format is given below. The fields are transmitted left to right. Lourdelet Expires December 14, 2008 [Page 5] Internet-Draft IPv6 RADIUS attributes for DHCP June 2008 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | IPv6-Address-1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ IPv6-Address-1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ IPv6-Address-1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ IPv6-Address-1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ IPv6-Address-1 | IPv6-Address-2 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ IPv6-Address-2 .................... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type y for IPv6-DNS Length 2 + number of DNS Servers IPv6-Address(es) Each IPv6-Address in the list is 16 octets in length. It contains the IPv6 addresses of the DNS servers. 6. Table of attributes The following table provides a guide to which attributes may be found in which kinds of packets, and in what quantity. Request Accept Reject Challenge Accounting # Attribute Request 0-1 0-1 0 0 0-1 x IPv6-Address 0 0-1 0 0 0-1 y IPv6-DNS 7. Security Considerations Security considerations do not differ from the one expressed in RFC3162. 8. IANA Considerations This document requires the assignment of two new RADIUS attribute numbers for the following attributes: Lourdelet Expires December 14, 2008 [Page 6] Internet-Draft IPv6 RADIUS attributes for DHCP June 2008 IPv6-Address IPv6-DNS 9. References 9.1. Normative References [RFC3162] Aboba, B., Zorn, G., and D. Mitton, "RADIUS and IPv6", RFC 3162, August 2001. [RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., and M. Carney, "Dynamic Host Configuration Protocol for IPv6 (DHCPv6)", RFC 3315, July 2003. [RFC3646] Droms, R., "DNS Configuration options for Dynamic Host Configuration Protocol for IPv6 (DHCPv6)", RFC 3646, December 2003. 9.2. Informative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC2865] Rigney, C., Willens, S., Rubens, A., and W. Simpson, "Remote Authentication Dial In User Service (RADIUS)", RFC 2865, June 2000. Author's Address Benoit Lourdelet Cisco Systems, Inc. Village ent. GreenSide, Bat T3, 400, Av de Roumanille, 06410 BIOT - Sophia-Antipolis Cedex France Phone: +33 4 97 23 26 23 Email: blourdel@cisco.com Lourdelet Expires December 14, 2008 [Page 7] Internet-Draft IPv6 RADIUS attributes for DHCP June 2008 Full Copyright Statement Copyright (C) The IETF Trust (2008). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Intellectual Property The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org. Lourdelet Expires December 14, 2008 [Page 8]