idnits 2.17.1 draft-winter-radext-fancyaccounting-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (July 16, 2012) is 4301 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Downref: Normative reference to an Informational RFC: RFC 2866 == Outdated reference: A later version (-13) exists of draft-ietf-radext-radius-extensions-06 Summary: 1 error (**), 0 flaws (~~), 2 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 RADIUS Extensions Working Group S. Winter 3 Internet-Draft RESTENA 4 Intended status: Standards Track July 16, 2012 5 Expires: January 17, 2013 7 RADIUS Accounting for traffic classes 8 draft-winter-radext-fancyaccounting-02 10 Abstract 12 This document specifies new attributes for RADIUS Accounting to 13 enable NAS reporting of subsets of the total traffic in a user 14 session. 16 Status of This Memo 18 This Internet-Draft is submitted in full conformance with the 19 provisions of BCP 78 and BCP 79. 21 Internet-Drafts are working documents of the Internet Engineering 22 Task Force (IETF). Note that other groups may also distribute 23 working documents as Internet-Drafts. The list of current Internet- 24 Drafts is at http://datatracker.ietf.org/drafts/current/. 26 Internet-Drafts are draft documents valid for a maximum of six months 27 and may be updated, replaced, or obsoleted by other documents at any 28 time. It is inappropriate to use Internet-Drafts as reference 29 material or to cite them other than as "work in progress." 31 This Internet-Draft will expire on January 17, 2013. 33 Copyright Notice 35 Copyright (c) 2012 IETF Trust and the persons identified as the 36 document authors. All rights reserved. 38 This document is subject to BCP 78 and the IETF Trust's Legal 39 Provisions Relating to IETF Documents 40 (http://trustee.ietf.org/license-info) in effect on the date of 41 publication of this document. Please review these documents 42 carefully, as they describe your rights and restrictions with respect 43 to this document. Code Components extracted from this document must 44 include Simplified BSD License text as described in Section 4.e of 45 the Trust Legal Provisions and are provided without warranty as 46 described in the Simplified BSD License. 48 Table of Contents 50 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 51 1.1. Requirements Language . . . . . . . . . . . . . . . . . . . 3 52 2. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . 3 53 2.1. Acct-Traffic-Class attribute . . . . . . . . . . . . . . . 3 54 2.1.1. Acct-Traffic-Class-Name attribute . . . . . . . . . . . 4 55 2.1.2. Acct-Traffic-Class-Input-Octets attribute . . . . . . . 5 56 2.1.3. Acct-Traffic-Class-Output-Octets attribute . . . . . . 5 57 2.1.4. Acct-Traffic-Class-Input-Packets attribute . . . . . . 5 58 2.1.5. Acct-Traffic-Class-Output-Packets attribute . . . . . . 6 59 2.2. URN values for attribute Acct-Traffic-Class-Name . . . . . 6 60 3. Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 61 4. Attribute Occurence Table . . . . . . . . . . . . . . . . . . . 8 62 5. Security Considerations . . . . . . . . . . . . . . . . . . . . 9 63 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 9 64 7. Normative References . . . . . . . . . . . . . . . . . . . . . 9 66 1. Introduction 68 RADIUS Accounting [RFC2866] defines counters for octets and packets, 69 both in the incoming and outgoing direction. Usage of these counters 70 enables an operator create volume-based billing models and to execute 71 proper capacity planning on its infrastructure. 73 The Accounting model is based on the assumption that all traffic in a 74 user session is treated equally; i.e. that there are no differences 75 in the billing model of one class of traffic over another. 77 Actual deployments suggest that this assumption is no longer valid. 78 In particular, different traffic classes are defined with DSCP; and 79 billing the use of these traffic classes separately is an 80 understandable request. 82 Plus, the introduction of dual-stack operation on links creates an 83 understandable interest of getting separate statistics about the 84 amount of IPv4 vs. IPv6 usage on a link; be it for billing or 85 statistical reasons. 87 This document defines Accounting attributes that supplement (but not 88 replace) the accounting counters in RFC2866. It utilizes the new 89 "extended attributes" in RADIUS ([I-D.ietf-radext-radius-extensions]) 90 to a) group accounting reports about traffic classes together and b) 91 enable 64-Bit counts in a single attribute with the Integer64 92 datatype. 94 1.1. Requirements Language 96 In this document, several words are used to signify the requirements 97 of the specification. The key words "MUST", "MUST NOT", "REQUIRED", 98 "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT 99 RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be 100 interpreted as described in RFC 2119. [RFC2119] 102 2. Definitions 104 2.1. Acct-Traffic-Class attribute 106 The attribute Acct-Traffic-Class is a TLV container for a group of 107 sub-attributes which specify the class of traffic that is being 108 reported about, and the amount of traffic in a user session that 109 falls into this class. 111 Attribute: 245.1 Acct-Traffic-Class 112 Type: TLV 114 Length: >3 octets 116 There can be multiple instances of this attribute in a Accounting- 117 Interim-Update or a Accounting-Stop packet. The attribute MUST NOT 118 be present in an Accounting-Start packet. 120 It is not required that the sum of all traffic in all instances is 121 the total sum of octets and packets in the user's session. I.e. the 122 traffic classes used in the Accounting packet do not need to 123 partition the total traffic in non-overlapping segments. 125 The total number of octets and packets in a user session continues to 126 be sent in the RFC2866 attributes. 128 2.1.1. Acct-Traffic-Class-Name attribute 130 The attribute Acct-Traffic-Class-Name, sub-attribute in the group 131 Acct-Traffic-Class, defines the class of traffic for which the other 132 attributes in the instance of Acct-Traffic-Class count octets and 133 packets. Every group instance MUST contain exactly one Acct-Traffic- 134 Class-Name. 136 Attribute: 245.1.2 Acct-Traffic-Class-Name 138 Type: STRING 140 Value: 1-250 octets 142 There are two options for the value of this attribute. 144 Option 1: Acct-Traffic-Class-Name string starting with the substring 145 "urn:". Usage of this option implies that the traffic name is in the 146 form of a URN and requires that a public specification of this URN 147 exists. That specification must include the type of traffic being 148 counted with this traffic class, and the exact definition of where in 149 the network packets the byte-count starts and ends. This document 150 defines a set of known, well-defined traffic accounting classes in an 151 IANA-managed registry in Section 2.2. New values for this registry 152 are assigned on expert review basis. 154 Option 2: Acct-Traffic-Class-Name string not starting with "urn:". 155 This option is for local use of special-purpose accounting as defined 156 by the NAS administrator, where no defined URN matches the meaning of 157 the traffic to be counted. The meaning of the content needs to be 158 communicated out-of-band between the NAS and RADIUS Server operator. 159 Example: Acct-Traffic-Class-Name = "UDP traffic to AS2606". 161 2.1.2. Acct-Traffic-Class-Input-Octets attribute 163 The attribute Acct-Traffic-Class-Input-Octets, sub-attribute in the 164 group Acct-Traffic-Class, carries the number of octets that belong to 165 the class of traffic indicated by Acct-Traffic-Class-Name and have 166 been sent to the entity for which the accounting packet was 167 generated. It MUST occur at most once inside every instance of the 168 Acct-Traffic-Class TLV. If a traffic parameter value is transmitted 169 in this attribute in an Accouting-Request "Interim Update", then the 170 final value of that traffic parameter MUST be reported in the 171 corresponding Accounting-Request "Stop". 173 Attribute: 245.1.3 Acct-Traffic-Class-Input-Octets 175 Type: Integer64 177 Value: number of octets sent to entity, matching the class of 178 traffic 180 2.1.3. Acct-Traffic-Class-Output-Octets attribute 182 The attribute Acct-Traffic-Class-Output-Octets, sub-attribute in the 183 group Acct-Traffic-Class, carries the number of octets that belong to 184 the class of traffic indicated by Acct-Traffic-Class-Name and have 185 been sent from the entity for which the accounting packet was 186 generated. It MUST occur at most once inside every instance of the 187 Acct-Traffic-Class TLV. If a traffic parameter value is transmitted 188 in this attribute in an Accouting-Request "Interim Update", then the 189 final value of that traffic parameter MUST be reported in the 190 corresponding Accounting-Request "Stop". 192 Attribute: 245.1.4 Acct-Traffic-Class-Output-Octets 194 Type: Integer64 196 Value: number of octets sent from entity, matching the class of 197 traffic 199 2.1.4. Acct-Traffic-Class-Input-Packets attribute 201 The attribute Acct-Traffic-Class-Input-Packets, sub-attribute in the 202 group Acct-Traffic-Class, carries the number of packets that belong 203 to the class of traffic indicated by Acct-Traffic-Class-Name and have 204 been sent to the entity for which the accounting packet was 205 generated. It MUST occur at most once inside every instance of the 206 Acct-Traffic-Class TLV. If a traffic parameter value is transmitted 207 in this attribute in an Accouting-Request "Interim Update", then the 208 final value of that traffic parameter MUST be reported in the 209 corresponding Accounting-Request "Stop". 211 Attribute: 245.1.5 Acct-Traffic-Class-Input-Packets 213 Type: Integer64 215 Value: number of packets sent to entity, matching the class of 216 traffic 218 2.1.5. Acct-Traffic-Class-Output-Packets attribute 220 The attribute Acct-Traffic-Class-Output-Packets, sub-attribute in the 221 group Acct-Traffic-Class, carries the number of packets that belong 222 to the class of traffic indicated by Acct-Traffic-Class-Name and have 223 been sent from the entity for which the accounting packet was 224 generated. It MUST occur at most once inside every instance of the 225 Acct-Traffic-Class TLV. If a traffic parameter value is transmitted 226 in this attribute in an Accouting-Request "Interim Update", then the 227 final value of that traffic parameter MUST be reported in the 228 corresponding Accounting-Request "Stop". 230 Attribute: 245.1.6 Acct-Traffic-Class-Output-Packets 232 Type: Integer64 234 Value: number of packets sent from entity, matching the class of 235 traffic 237 2.2. URN values for attribute Acct-Traffic-Class-Name 239 The following URN values are defined for RADIUS Accounting Traffic 240 Classes: 242 Name: "urn:ietf:radius-accounting:ip:4" 244 Purpose: volume count of IPv4 payloads 246 Start of byte count: 1st byte of the IP header of the packet 248 End of byte count: last byte of IP layer of the packet 250 Name: "urn:ietf:radius-accounting:ip:6" 252 Purpose: volume count of IPv6 payloads 254 Start of byte count: 1st byte of the IP header of the packet 255 End of byte count: last byte of IP layer of the packet 257 Name: "urn:ietf:radius-accounting:dscp:0" 259 Purpose: volume count of packet payloads with DSCP = 0 261 Start of byte count: 1st byte of the IP header of the packet 263 End of byte count: last byte of IP layer of the packet 265 Name: "urn:ietf:radius-accounting:tcp" 267 Purpose: volume count of TCP packets 269 Start of byte count: 1st byte of the TCP header of the packet 271 End of byte count: last byte of TCP layer of the packet 273 Name: "urn:ietf:radius-accounting:udp" 275 Purpose: volume count of UDP payloads 277 Start of byte count: 1st byte of the UDP header of the packet 279 End of byte count: last byte of UDP layer of the packet 281 (more values to be added...) 283 3. Example 285 A NAS is configured to create statistics regarding IPv6 usage of CPE 286 for statistical reasons, and of the amount of HTTP traffic sent to 287 the example.com web site for billing reasons. 289 User john@example.com starts a user session, transfers 1200 Bytes in 290 10 packets via IPv6 to the internet, and receives 4500 Bytes in 30 291 packets over IPv6 from the internet. 293 In the same session, The user visits the IPv4-only example.com web 294 site by sending 6000 bytes in 4 packets to the web site, and 295 receiving 450000 Bytes in 35 packets from the web site. 297 Then, the user terminates the session and an Accounting-Stop packet 298 is generated. 300 The NAS sends the recorded octet and packet values to his RADIUS 301 Accounting server. Since there is no URN value for "Traffic on 302 TCP/80 to example.com, all IP versions" for use in the Acct-Traffic- 303 Class-Name attribute, the NAS has been configured to indicate this 304 class of traffic in a corresponding custom string. The relevant 305 attributes in the Accounting-Stop packet are: 307 Acct-Traffic-Class 309 Acct-Traffic-Class-Name = "urn:ietf:radius-accunting:ip:6" 311 Acct-Traffic-Class-Input-Octets = 4500 313 Acct-Traffic-Class-Output-Octets = 1200 315 Acct-Traffic-Class-Input-Packets = 30 317 Acct-Traffic-Class-Output-Packets = 10 319 Acct-Traffic-Class 321 Acct-Traffic-Class-Name = "Traffic on TCP/80 to example.com, all 322 IP versions" 324 Acct-Traffic-Class-Input-Octets = 450000 326 Acct-Traffic-Class-Output-Octets = 6000 328 Acct-Traffic-Class-Input-Packets = 35 330 Acct-Traffic-Class-Output-Packets = 4 332 4. Attribute Occurence Table 334 This table lists the allowed occurences of the previously defined 335 attributes in Accounting packets. 337 Start Interim Stop Reply Attribute 338 ----- ------- ---- ----- --------------------------------- 339 0 0-n 0-s 0 Acct-Traffic-Class 340 0 0-m 0-t 0 Acct-Traffic-Class-Name 341 0 0-o 0-u 0 Acct-Traffic-Class-Input-Octets 342 0 0-p 0-v 0 Acct-Traffic-Class-Output-Octets 343 0 0-q 0-w 0 Acct-Traffic-Class-Input-Packets 344 0 0-r 0-x 0 Acct-Traffic-Class-Output-Packets 346 Figure 1: Attribute Occurence 348 Note 1: since all sub-attributes occur at most once inside any given 349 Acct-Traffic-Class TLV, the sub-attributes can not occur more often 350 than the TLV itself. I.e. m=n, t>=m, u>=o, 356 v>=p,w>=q, and x>=r. 358 5. Security Considerations 360 Reveals user's traffic usage patterns. Shouldn't be sent 361 unencrpyptedly. 363 6. IANA Considerations 365 This document has actions for IANA. TBD later. 367 7. Normative References 369 [RFC2866] Rigney, C., "RADIUS Accounting", 370 RFC 2866, June 2000. 372 [RFC2119] Bradner, S., "Key words for use 373 in RFCs to Indicate Requirement 374 Levels", BCP 14, RFC 2119, 375 March 1997. 377 [I-D.ietf-radext-radius-extensions] DeKok, A. and A. Lior, "Remote 378 Authentication Dial In User 379 Service (RADIUS) Protocol 380 Extensions", draft-ietf-radext- 381 radius-extensions-06 (work in 382 progress), June 2012. 384 Author's Address 386 Stefan Winter 387 Fondation RESTENA 388 6, rue Richard Coudenhove-Kalergi 389 Luxembourg 1359 390 LUXEMBOURG 392 Phone: +352 424409 1 393 Fax: +352 422473 394 EMail: stefan.winter@restena.lu 395 URI: http://www.restena.lu.