idnits 2.17.1 draft-ietf-radext-ipv6-access-16.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (February 12, 2013) is 4062 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Obsolete informational reference (is this intentional?): RFC 3315 (Obsoleted by RFC 8415) -- Obsolete informational reference (is this intentional?): RFC 3633 (Obsoleted by RFC 8415) -- Obsolete informational reference (is this intentional?): RFC 6106 (Obsoleted by RFC 8106) Summary: 0 errors (**), 0 flaws (~~), 1 warning (==), 4 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group W. Dec, Ed. 3 Internet-Draft Cisco Systems, Inc. 4 Intended status: Standards Track B. Sarikaya 5 Expires: August 16, 2013 Huawei USA 6 G. Zorn 7 Network Zen 8 D. Miles 9 Google 10 B. Lourdelet 11 Juniper Networks 12 February 12, 2013 14 RADIUS attributes for IPv6 Access Networks 15 draft-ietf-radext-ipv6-access-16 17 Abstract 19 This document specifies additional IPv6 RADIUS attributes useful in 20 residential broadband network deployments. The attributes, which are 21 used for authorization and accounting, enable assignment of a host 22 IPv6 address and IPv6 DNS server address via DHCPv6; assignment of an 23 IPv6 route announced via router advertisement; assignment of a named 24 IPv6 delegated prefix pool; and assignment of a named IPv6 pool for 25 host DHCPv6 addressing. 27 Requirements Language 29 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 30 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 31 document are to be interpreted as described in RFC 2119 [RFC2119]. 33 Status of this Memo 35 This Internet-Draft is submitted in full conformance with the 36 provisions of BCP 78 and BCP 79. 38 Internet-Drafts are working documents of the Internet Engineering 39 Task Force (IETF). Note that other groups may also distribute 40 working documents as Internet-Drafts. The list of current Internet- 41 Drafts is at http://datatracker.ietf.org/drafts/current/. 43 Internet-Drafts are draft documents valid for a maximum of six months 44 and may be updated, replaced, or obsoleted by other documents at any 45 time. It is inappropriate to use Internet-Drafts as reference 46 material or to cite them other than as "work in progress." 48 This Internet-Draft will expire on August 16, 2013. 50 Copyright Notice 52 Copyright (c) 2013 IETF Trust and the persons identified as the 53 document authors. All rights reserved. 55 This document is subject to BCP 78 and the IETF Trust's Legal 56 Provisions Relating to IETF Documents 57 (http://trustee.ietf.org/license-info) in effect on the date of 58 publication of this document. Please review these documents 59 carefully, as they describe your rights and restrictions with respect 60 to this document. Code Components extracted from this document must 61 include Simplified BSD License text as described in Section 4.e of 62 the Trust Legal Provisions and are provided without warranty as 63 described in the Simplified BSD License. 65 Table of Contents 67 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 68 2. Deployment Scenarios . . . . . . . . . . . . . . . . . . . . . 3 69 2.1. IPv6 Address Assignment . . . . . . . . . . . . . . . . . 4 70 2.2. DNS Servers . . . . . . . . . . . . . . . . . . . . . . . 4 71 2.3. IPv6 Route Information . . . . . . . . . . . . . . . . . . 5 72 2.4. Delegated IPv6 Prefix Pool . . . . . . . . . . . . . . . . 5 73 2.5. Stateful IPv6 address pool . . . . . . . . . . . . . . . . 5 74 3. Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . 6 75 3.1. Framed-IPv6-Address . . . . . . . . . . . . . . . . . . . 6 76 3.2. DNS-Server-IPv6-Address . . . . . . . . . . . . . . . . . 7 77 3.3. Route-IPv6-Information . . . . . . . . . . . . . . . . . . 8 78 3.4. Delegated-IPv6-Prefix-Pool . . . . . . . . . . . . . . . . 9 79 3.5. Stateful-IPv6-Address-Pool . . . . . . . . . . . . . . . . 10 80 3.6. Table of attributes . . . . . . . . . . . . . . . . . . . 10 81 4. Diameter Considerations . . . . . . . . . . . . . . . . . . . 11 82 5. Security Considerations . . . . . . . . . . . . . . . . . . . 11 83 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 84 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 12 85 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 12 86 8.1. Normative References . . . . . . . . . . . . . . . . . . . 12 87 8.2. Informative References . . . . . . . . . . . . . . . . . . 12 88 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 13 90 1. Introduction 92 This document specifies additional RADIUS attributes used to support 93 configuration of DHCPv6 and/or ICMPv6 Router Advertisement (RA) 94 parameters on a per-user basis. The attributes, which complement 95 those defined in [RFC3162] and [RFC4818], support the following: 97 o Assignment of specific IPv6 addresses to hosts via DHCPv6. 99 o Assignment of an IPv6 DNS server address, via DHCPv6 or Router 100 Advertisement [RFC6106]. 102 o Configuration of more specific routes to be announced to the user 103 via the Route Information Option defined in [RFC4191] Section 2.3. 105 o The assignment of a named delegated prefix pool for use with "IPv6 106 Prefix Options for DHCPv6" [RFC3633]. 108 o The assignment of a named stateful address pool for use with 109 DHCPv6 stateful address assignment [RFC3315]. 111 2. Deployment Scenarios 113 The extensions in this draft are intended to be applicable across a 114 wide variety of network access scenarios where RADIUS is involved. 115 One such typical network scenario is illustrated in Figure 1. It is 116 composed of a IP Routing Residential Gateway (RG) or host, a Layer 2 117 Access-Node (AN) e.g. a Digital Subscriber Line Access Multiplexer - 118 DSLAM, an IP Network Access Servers (NASes), and an Authentication 119 Authorization & Accounting (AAA) server. 121 +-----+ 122 | AAA | 123 | | 124 +--+--+ 125 ^ 126 . 127 .(Radius) 128 . 129 v 130 +------+ +---+---+ 131 +------+ | AN | | NAS | 132 | RG/ +-------| +-----------+----------+ | 133 | host | | | | | 134 +------+ (DSL) +------+ (Ethernet) +-------+ 136 Figure 1 138 In the depicted scenario the NAS may utilize an IP address 139 configuration protocol (e.g. a DHCPv6 server) to handle address 140 assignment to RGs/hosts. The RADIUS server authenticates each RG/ 141 host and returns to the attributes used for authorization and 142 accounting. These attributes can include a host's IPv6 address, a 143 DNS server address and a set of IPv6 routes to be advertised via any 144 suitable protocol, eg ICMPv6 (Neighbour Discovery). The name of a 145 prefix pool to be used for DHCPv6 Prefix Delegation, or the name of 146 an address pool to be used for DHCPv6 address assignment can also be 147 attributes provided to the NAS by the RADIUS AAA server. 149 The following sub-sections discuss how these attributes are used in 150 more detail. 152 2.1. IPv6 Address Assignment 154 DHCPv6 [RFC3315] provides a mechanism to assign one or more non- 155 temporary IPv6 addresses to hosts. To provide a DHCPv6 server 156 residing on a NAS with one or more IPv6 addresses to be assigned, 157 this document specifies the Framed-IPv6-Address Attribute. 159 While [RFC3162] permits an IPv6 address to be specified via the 160 combination of the Framed-Interface-Id and Framed-IPv6-Prefix 161 attributes, this separation is more natural for use with PPP's IPv6 162 Control Protocol than it is for use with DHCPv6, and the use of a 163 single IPv6 address attribute makes for easier processing of 164 accounting records. 166 Since DHCPv6 can be deployed on the same network as ICMPv6 stateless 167 (SLAAC) [RFC4862], it is possible that the NAS will require both 168 stateful and stateless configuration information. Therefore it is 169 possible for the Framed-IPv6-Address, Framed-IPv6-Prefix and Framed- 170 Interface-Id attributes [RFC3162] to be included within the same 171 packet. To avoid ambiguity in this case, the Framed-IPv6-Address 172 attribute is intended for authorization and accounting of DHCPv6- 173 assigned addresses and the Framed-IPv6-Prefix and Framed-Interface-Id 174 attributes used for authorization and accounting of addresses 175 assigned via SLAAC. 177 2.2. DNS Servers 179 DHCPv6 provides an option for configuring a host with the IPv6 180 address of a DNS server. The IPv6 address of a DNS server can also 181 be conveyed to the host using ICMPv6 with Router Advertisements, via 182 the [RFC6106] option. To provide the NAS with the IPv6 address of a 183 DNS server, this document specifies the DNS-Server-IPv6-Address 184 Attribute. 186 2.3. IPv6 Route Information 188 An IPv6 Route Information option, defined in [RFC4191] is intended to 189 be used to inform a host connected to the NAS that a specific route 190 is reachable via any given NAS. 192 This document specifies the RADIUS attribute that allows the AAA 193 server to provision the announcement by the NAS of a specific Route 194 Information Option to an accessing host. The NAS may advertise this 195 route using the method defined in [RFC4191], or using other 196 equivalent methods. Any other information, such as preference or 197 life-time values, that is to be present in the actual announcement 198 using a given method is assumed to be determined by the NAS using 199 means not scoped by this document (e.g. Local configuration on the 200 NAS). 202 While the Framed-IPv6-Prefix attribute defined in [RFC3162] Section 203 2.3 causes the route to be advertised in an RA, it cannot be used to 204 configure more specific routes. While the Framed-IPv6-Route 205 attribute defined in [RFC3162] Section 2.5 causes the route to be 206 configured on the NAS, and potentially announced via an IP routing 207 protocol, depending on the value of Framed-Routing, it does not 208 result in the route being announced in an RA. 210 2.4. Delegated IPv6 Prefix Pool 212 DHCPv6 Prefix Delegation (DHCPv6-PD) [RFC3633] involves a delegating 213 router selecting a prefix and delegating it on a temporary basis to a 214 requesting router. The delegating router may implement a number of 215 strategies as to how it chooses what prefix is to be delegated to a 216 requesting router, one of them being the use of a local named prefix 217 pool. The Delegated-IPv6-Prefix-Pool attribute allows the RADIUS 218 server to convey a prefix pool name to a NAS hosting a DHCPv6-PD 219 server and acting as a delegating router. 221 Since DHCPv6 Prefix Delegation can be used with SLAAC on the same 222 network, it is possible for the Delegated-IPv6-Prefix-Pool and 223 Framed-IPv6-Pool attributes to be included within the same packet. 224 To avoid ambiguity in this scenario, use of the Delegated-IPv6- 225 Prefix-Pool attribute should be restricted to authorization and 226 accounting of prefix pools used in DHCPv6 Prefix Delegation and the 227 Framed-IPv6-Pool attribute should be used for authorization and 228 accounting of prefix pools used in SLAAC. 230 2.5. Stateful IPv6 address pool 232 DHCPv6 [RFC3315] provides a mechanism to assign one or more non- 233 temporary IPv6 addresses to hosts. Section 3.1 introduces the 234 Framed-IPv6-Address attribute to be used for providing a DHCPv6 235 server residing on a NAS with one or more IPv6 addresses to be 236 assigned to the clients. An alternative way to achieve a similar 237 result is for the NAS to select the IPv6 address to be assigned from 238 an address pool configured for this purpose on the NAS. This 239 document specifies the Stateful-IPv6-Address-Pool attribute to allow 240 the RADIUS server to convey a pool name to be used for such stateful 241 DHCPv6 based addressing, and any subsequent accounting. 243 3. Attributes 245 The fields shown in the diagrams below are transmitted from left to 246 right. 248 3.1. Framed-IPv6-Address 250 This attribute indicates an IPv6 address that is assigned to the NAS- 251 facing interface of the RG/host. It MAY be used in Access-Accept 252 packets, and MAY appear multiple times. It MAY be used in an Access- 253 Request packet as a hint by the NAS to the RADIUS server that it 254 would prefer these IPv6 address(es), but the RADIUS server is not 255 required to honor the hint. Since it is assumed that the NAS will 256 add a route corresponding to the address, it is not necessary for the 257 RADIUS server to also send a host Framed-IPv6-Route attribute for the 258 same address. 260 This attribute can be used by a DHCPv6 process on the NAS to assign a 261 unique IPv6 address to the RG/host. 263 A summary of the Framed-IPv6-Address attribute format is shown below. 264 The format of the address is as per [RFC3162]. 266 0 1 2 3 267 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 268 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 269 | Type | Length | Address 270 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 271 Address (cont) 272 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 273 Address (cont) 274 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 275 Address (cont) 276 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 277 Address (cont) | 278 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 280 Type 282 TBA1 for Framed-IPv6-Address 284 Length 286 18 288 Address 290 The IPv6 address field contains a 128-bit IPv6 address. 292 3.2. DNS-Server-IPv6-Address 294 The DNS-Server-IPv6-Address attribute contains the IPv6 address of a 295 DNS server. This attribute MAY be included multiple times in Access- 296 Accept packets, when the intention is for a NAS to announce more than 297 one DNS server addresses to a RG/host. The same order of the 298 attributes is expected to be followed in the announcements to the 299 RADIUS client. The attribute MAY be used in an Access-Request packet 300 as a hint by the NAS to the RADIUS server regarding the DNS IPv6 301 address, but the RADIUS server is not required to honor the hint. 303 The content of this attribute can be inserted in a DHCPv6 option as 304 specified in [RFC3646] or in an IPv6 Router Advertisment as per 305 [RFC6106]. 307 A summary of the DNS-Server-IPv6-Address attribute format is given 308 below. The format of the address is as per [RFC3162]. 310 0 1 2 3 311 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 312 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 313 | Type | Length | Address 314 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 315 Address (cont) 316 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 317 Address (cont) 318 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 319 Address (cont) 320 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 321 Address (cont) | 322 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 324 Type 326 TBA2 for DNS-Server-IPv6-Address 328 Length 330 18 332 Address 334 The 128-bit IPv6 address of a DNS server. 336 3.3. Route-IPv6-Information 338 This attribute specifies a prefix (and corresponding route) for the 339 user on the NAS, which is to be announced using the Route Information 340 Option defined in "Default Router Preferences and More Specific 341 Routes" [RFC4191] Section 2.3. It is used in the Access-Accept 342 packet and can appear multiple times. It MAY be used in an Access- 343 Request packet as a hint by the NAS to the RADIUS server, but the 344 RADIUS server is not required to honor the hint. The Route-IPv6- 345 Information attribute format is depicted below. The format of the 346 prefix is as per [RFC3162]. 348 0 1 2 3 349 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 350 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 351 | Type | Length | Reserved | Prefix-Length | 352 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 353 | | 354 . Prefix (variable) . 355 . . 356 | | 357 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 359 Type 361 TBA3 for Route-IPv6-Information 363 Length 365 Length in bytes. At least 4 and no larger than 20; typically 12 366 or less. 368 Prefix Length 370 8-bit unsigned integer. The number of leading bits in the prefix 371 that are valid. The value ranges from 0 to 128. The prefix field 372 is 0, 8 or 16 octets depending on Length. 374 Prefix 376 Variable-length field containing an IP prefix. The prefix length 377 field contains the number of valid leading bits in the prefix. 378 The bits in the prefix after the prefix length (if any) are 379 reserved and MUST be initialized to zero. 381 3.4. Delegated-IPv6-Prefix-Pool 383 This attribute contains the name of an assigned pool that SHOULD be 384 used to select an IPv6 delegated prefix for the user on the NAS. If 385 a NAS does not support prefix pools, the NAS MUST ignore this 386 attribute. It MAY be used in an Access-Request packet as a hint by 387 the NAS to the RADIUS server regarding the pool, but the RADIUS 388 server is not required to honor the hint. 390 A summary of the Delegated-IPv6-Prefix-Pool attribute format is shown 391 below. 392 0 1 2 393 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 394 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 395 | Type | Length | String... 396 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 398 Type 400 TBA4 for Delegated-IPv6-Prefix-Pool 402 Length 404 Length in bytes. At least 3. 406 String 408 The string field contains the name of an assigned IPv6 prefix pool 409 configured on the NAS. The field is not NULL (hexadecimal 00) 410 terminated. 412 Note: The string data type is as documented in [RFC6158], and carries 413 binary data that is external to the Radius protocol, eg the name of a 414 pool of prefixes configured on the NAS. 416 3.5. Stateful-IPv6-Address-Pool 418 This attribute contains the name of an assigned pool that SHOULD be 419 used to select an IPv6 address for the user on the NAS. If a NAS 420 does not support address pools, the NAS MUST ignore this attribute. 421 A summary of the Stateful-IPv6-Address-Pool attribute format is shown 422 below. It MAY be used in an Access-Request packet as a hint by the 423 NAS to the RADIUS server regarding the pool, but the RADIUS server is 424 not required to honor the hint. 426 0 1 2 427 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 428 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 429 | Type | Length | String... 430 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 432 Type 434 TBA5 for Stateful-IPv6-Address-Pool 436 Length 438 Length in bytes. At least 3. 440 String 442 The string field contains the name of an assigned IPv6 stateful 443 address pool configured on the NAS. The field is not NULL 444 (hexadecimal 00) terminated. 446 Note: The string data type is as documented in [RFC6158], and carries 447 binary data that is external to the Radius protocol, eg the name of a 448 pool of addresses configured on the NAS. 450 3.6. Table of attributes 452 The following table provides a guide to which attributes may be found 453 in which kinds of packets, and in what quantity. The optional 454 inclusion of the options in Access Request messages is intended to 455 allow for a network access server (NAS) to provide the RADIUS server 456 with a hint of the attributes in advance of user authentication, 457 which may be useful in cases where a user re-connects or has a static 458 address. The server is under no obligation to honor such hints. 460 Request Accept Reject Challenge Accounting # Attribute 461 Request 462 0+ 0+ 0 0 0+ TBA1 Framed-IPv6-Address 463 0+ 0+ 0 0 0+ TBA2 DNS-Server-IPv6-Address 464 0+ 0+ 0 0 0+ TBA3 Route-IPv6-Information 465 0+ 0+ 0 0 0+ TBA4 Delegated-IPv6-Prefix-Pool 466 0+ 0+ 0 0 0+ TBA5 Stateful-IPv6-Address-Pool 468 4. Diameter Considerations 470 Given that the attributes defined in this document are allocated from 471 the standard RADIUS type space (see Section 6), no special handling 472 is required by Diameter entities. 474 5. Security Considerations 476 This document specifies additional IPv6 RADIUS attributes useful in 477 residential broadband network deployments. In such networks, the 478 RADIUS protocol may run either over IPv4 or over IPv6 and known 479 security vulnerabilities of the RADIUS protocol, e.g. [SECI], apply 480 to the attributes defined in this document. A trust relationship 481 between a NAS and RADIUS server is expected to be in place, with 482 communication optionally secured by IPSec or TLS [RFC6614] . 484 6. IANA Considerations 486 This document requires the assignment of five new RADIUS attribute 487 types in the "Radius Types" registry (currently located at 488 http://www.iana.org/assignments/radius-types for the following 489 attributes: 491 o Framed-IPv6-Address 493 o DNS-Server-IPv6-Address 495 o Route-IPv6-Information 497 o Delegated-IPv6-Prefix-Pool 499 o Stateful-IPv6-Address-Pool 501 7. Acknowledgements 503 The authors would like to thank Bernard Aboba, Benoit Claise, Peter 504 Deacon, Alan DeKok, Alfred Hines, Jouni Korhonen, Roberta Maglione, 505 Leaf Yeh, Mark Smith, Pete Resnik, Ralph Droms, Stephen Farrell, 506 Brian Haberman, for their help and comments in reviewing this 507 document. 509 8. References 511 8.1. Normative References 513 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 514 Requirement Levels", BCP 14, RFC 2119, March 1997. 516 [RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless 517 Address Autoconfiguration", RFC 4862, September 2007. 519 8.2. Informative References 521 [RFC3162] Aboba, B., Zorn, G., and D. Mitton, "RADIUS and IPv6", 522 RFC 3162, August 2001. 524 [RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., 525 and M. Carney, "Dynamic Host Configuration Protocol for 526 IPv6 (DHCPv6)", RFC 3315, July 2003. 528 [RFC3633] Troan, O. and R. Droms, "IPv6 Prefix Options for Dynamic 529 Host Configuration Protocol (DHCP) version 6", RFC 3633, 530 December 2003. 532 [RFC3646] Droms, R., "DNS Configuration options for Dynamic Host 533 Configuration Protocol for IPv6 (DHCPv6)", RFC 3646, 534 December 2003. 536 [RFC4191] Draves, R. and D. Thaler, "Default Router Preferences and 537 More-Specific Routes", RFC 4191, November 2005. 539 [RFC4818] Salowey, J. and R. Droms, "RADIUS Delegated-IPv6-Prefix 540 Attribute", RFC 4818, April 2007. 542 [RFC6106] Jeong, J., Park, S., Beloeil, L., and S. Madanapalli, 543 "IPv6 Router Advertisement Options for DNS Configuration", 544 RFC 6106, November 2010. 546 [RFC6158] DeKok, A. and G. Weber, "RADIUS Design Guidelines", 547 BCP 158, RFC 6158, March 2011. 549 [RFC6614] Winter, S., McCauley, M., Venaas, S., and K. Wierenga, 550 "Transport Layer Security (TLS) Encryption for RADIUS", 551 RFC 6614, May 2012. 553 [SECI] -, 554 "http://regul.uni-mb.si/~meolic/ptk-seminarske/ 555 radius.pdf", November 2001. 557 Authors' Addresses 559 Wojciech Dec (editor) 560 Cisco Systems, Inc. 561 Haarlerbergweg 13-19 562 Amsterdam , NOORD-HOLLAND 1101 CH 563 Netherlands 565 Email: wdec@cisco.com 567 Behcet Sarikaya 568 Huawei USA 569 1700 Alma Dr. Suite 500 570 Plano, TX 571 US 573 Phone: +1 972-509-5599 574 Email: sarikaya@ieee.org 576 Glen Zorn 577 Network Zen 578 1310 East Thomas Street 579 Seattle, WA 580 US 582 Email: gwz@net-zen.net 584 David Miles 585 Google 587 Phone: 588 Fax: 589 Email: david.miles@google.com 590 URI: 592 Benoit Lourdelet 593 Juniper Networks 594 France 596 Email: blourdel@juniper.net