| < draft-ietf-softwire-map-radius-25.txt | draft-ietf-softwire-map-radius-26.txt > | |||
|---|---|---|---|---|
| Softwire S. Jiang, Ed. | Softwire S. Jiang, Ed. | |||
| Internet-Draft Huawei Technologies Co., Ltd | Internet-Draft Huawei Technologies Co., Ltd | |||
| Intended status: Standards Track Y. Fu, Ed. | Intended status: Standards Track Y. Fu, Ed. | |||
| Expires: December 15, 2019 CNNIC | Expires: December 16, 2019 CNNIC | |||
| C. Xie | C. Xie | |||
| China Telecom | China Telecom | |||
| T. Li | T. Li | |||
| Tsinghua University | Tsinghua University | |||
| M. Boucadair, Ed. | M. Boucadair, Ed. | |||
| Orange | Orange | |||
| June 13, 2019 | June 14, 2019 | |||
| RADIUS Attributes for Address plus Port (A+P) based Softwire Mechanisms | RADIUS Attributes for Address plus Port (A+P) based Softwire Mechanisms | |||
| draft-ietf-softwire-map-radius-25 | draft-ietf-softwire-map-radius-26 | |||
| Abstract | Abstract | |||
| IPv4-over-IPv6 transition mechanisms provide IPv4 connectivity | IPv4-over-IPv6 transition mechanisms provide IPv4 connectivity | |||
| services over IPv6 native networks during the IPv4/IPv6 co-existence | services over IPv6 native networks during the IPv4/IPv6 co-existence | |||
| period. DHCPv6 options have been defined for configuring clients for | period. DHCPv6 options have been defined for configuring clients for | |||
| Lightweight 4over6, Mapping of Address and Port with Encapsulation, | Lightweight 4over6, Mapping of Address and Port with Encapsulation, | |||
| and Mapping of Address and Port using Translation unicast softwire | and Mapping of Address and Port using Translation unicast softwire | |||
| mechanisms, and also multicast softwires. However, in many networks, | mechanisms, and also multicast softwires. However, in many networks, | |||
| configuration information is stored in an Authentication, | configuration information is stored in an Authentication, | |||
| skipping to change at page 2, line 7 ¶ | skipping to change at page 2, line 7 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on December 15, 2019. | This Internet-Draft will expire on December 16, 2019. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2019 IETF Trust and the persons identified as the | Copyright (c) 2019 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (https://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 3, line 12 ¶ | skipping to change at page 3, line 12 ¶ | |||
| 3.1.6.2. PSID-Len Attribute . . . . . . . . . . . . . . . 20 | 3.1.6.2. PSID-Len Attribute . . . . . . . . . . . . . . . 20 | |||
| 3.1.6.3. PSID Attribute . . . . . . . . . . . . . . . . . 20 | 3.1.6.3. PSID Attribute . . . . . . . . . . . . . . . . . 20 | |||
| 3.2. Softwire46-Priority Attribute . . . . . . . . . . . . . . 21 | 3.2. Softwire46-Priority Attribute . . . . . . . . . . . . . . 21 | |||
| 3.2.1. Softwire46-Option-Code . . . . . . . . . . . . . . . 22 | 3.2.1. Softwire46-Option-Code . . . . . . . . . . . . . . . 22 | |||
| 3.3. Softwire46-Multicast Attribute . . . . . . . . . . . . . 23 | 3.3. Softwire46-Multicast Attribute . . . . . . . . . . . . . 23 | |||
| 3.3.1. ASM-Prefix64 Attribute . . . . . . . . . . . . . . . 24 | 3.3.1. ASM-Prefix64 Attribute . . . . . . . . . . . . . . . 24 | |||
| 3.3.2. SSM-Prefix64 Attribute . . . . . . . . . . . . . . . 25 | 3.3.2. SSM-Prefix64 Attribute . . . . . . . . . . . . . . . 25 | |||
| 3.3.3. U-Prefix64 Attribute . . . . . . . . . . . . . . . . 25 | 3.3.3. U-Prefix64 Attribute . . . . . . . . . . . . . . . . 25 | |||
| 4. A Sample Configuration Process with RADIUS . . . . . . . . . 25 | 4. A Sample Configuration Process with RADIUS . . . . . . . . . 25 | |||
| 5. Table of Attributes . . . . . . . . . . . . . . . . . . . . . 28 | 5. Table of Attributes . . . . . . . . . . . . . . . . . . . . . 29 | |||
| 6. Security Considerations . . . . . . . . . . . . . . . . . . . 29 | 6. Security Considerations . . . . . . . . . . . . . . . . . . . 30 | |||
| 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 29 | 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 30 | |||
| 7.1. New RADIUS Attributes . . . . . . . . . . . . . . . . . . 30 | 7.1. New RADIUS Attributes . . . . . . . . . . . . . . . . . . 30 | |||
| 7.2. RADIUS Softwire46 Configuration and Multicast Attributes 30 | 7.2. RADIUS Softwire46 Configuration and Multicast Attributes 31 | |||
| 7.3. Softwire46 Mechanisms and Their Identifying Option Codes 31 | 7.3. Softwire46 Mechanisms and Their Identifying Option Codes 32 | |||
| 8. Contributing Authors . . . . . . . . . . . . . . . . . . . . 32 | 8. Contributing Authors . . . . . . . . . . . . . . . . . . . . 32 | |||
| 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 33 | 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 34 | |||
| 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 34 | 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 34 | |||
| 10.1. Normative References . . . . . . . . . . . . . . . . . . 34 | 10.1. Normative References . . . . . . . . . . . . . . . . . . 34 | |||
| 10.2. Informative References . . . . . . . . . . . . . . . . . 35 | 10.2. Informative References . . . . . . . . . . . . . . . . . 36 | |||
| Appendix A. DHCPv6 to RADIUS Field Mappings . . . . . . . . . . 37 | Appendix A. DHCPv6 to RADIUS Field Mappings . . . . . . . . . . 37 | |||
| A.1. OPTION_S46_RULE (89) to Softwire46-Rule Sub-TLV Field | A.1. OPTION_S46_RULE (89) to Softwire46-Rule Sub-TLV Field | |||
| Mappings . . . . . . . . . . . . . . . . . . . . . . . . 37 | Mappings . . . . . . . . . . . . . . . . . . . . . . . . 37 | |||
| A.2. OPTION_S46_BR (90) to Softwire46-BR Field Mappings . . . 37 | A.2. OPTION_S46_BR (90) to Softwire46-BR Field Mappings . . . 38 | |||
| A.3. OPTION_S46_DMR (91) to Softwire46-DMR . . . . . . . . . . 37 | A.3. OPTION_S46_DMR (91) to Softwire46-DMR . . . . . . . . . . 38 | |||
| A.4. OPTION_S46_V4V6BIND (92) to Softwire46-V4V6Bind . . . . . 38 | A.4. OPTION_S46_V4V6BIND (92) to Softwire46-V4V6Bind . . . . . 38 | |||
| A.5. OPTION_S46_PORTPARAMS (93) to Softwire46-PORTPARAMS Field | A.5. OPTION_S46_PORTPARAMS (93) to Softwire46-PORTPARAMS Field | |||
| Mappings . . . . . . . . . . . . . . . . . . . . . . . . 38 | Mappings . . . . . . . . . . . . . . . . . . . . . . . . 38 | |||
| A.6. OPTION_S46_PRIORITY (111) to Softwire46-PORTPARAMS Field | A.6. OPTION_S46_PRIORITY (111) to Softwire46-PORTPARAMS Field | |||
| Mappings . . . . . . . . . . . . . . . . . . . . . . . . 38 | Mappings . . . . . . . . . . . . . . . . . . . . . . . . 39 | |||
| A.7. OPTION_V6_PREFIX64 (113) to Softwire46-Multicast | A.7. OPTION_V6_PREFIX64 (113) to Softwire46-Multicast | |||
| Attribute Field Mappings . . . . . . . . . . . . . . . . 38 | Attribute Field Mappings . . . . . . . . . . . . . . . . 39 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 39 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 39 | |||
| 1. Introduction | 1. Introduction | |||
| Providers have started deploying and transitioning to IPv6. Several | Providers have started deploying and transitioning to IPv6. Several | |||
| IPv4 service continuity mechanisms based on the Address plus Port | IPv4 service continuity mechanisms based on the Address plus Port | |||
| (A+P) [RFC6346] have been proposed for providing unicast IPv4 over | (A+P) [RFC6346] have been proposed for providing unicast IPv4 over | |||
| IPv6-only infrastructure, such as Mapping of Address and Port with | IPv6-only infrastructure, such as Mapping of Address and Port with | |||
| Encapsulation (MAP-E) [RFC7597], Mapping of Address and Port using | Encapsulation (MAP-E) [RFC7597], Mapping of Address and Port using | |||
| Translation (MAP-T) [RFC7599], and Lightweight 4over6 [RFC7596]. | Translation (MAP-T) [RFC7599], and Lightweight 4over6 [RFC7596]. | |||
| skipping to change at page 28, line 32 ¶ | skipping to change at page 28, line 32 ¶ | |||
| or on-demand whereby the AAA server updates the lwAFTR with the | or on-demand whereby the AAA server updates the lwAFTR with the | |||
| CE's binding state as it is created or deleted. | CE's binding state as it is created or deleted. | |||
| In some deployments, the DHCP server may use the Accounting-Request | In some deployments, the DHCP server may use the Accounting-Request | |||
| to report to a AAA server the softwire configuration returned to a | to report to a AAA server the softwire configuration returned to a | |||
| requesting host. It is the responsibility of the DHCP server to | requesting host. It is the responsibility of the DHCP server to | |||
| ensure the consistency of the configuration provided to requesting | ensure the consistency of the configuration provided to requesting | |||
| hosts. Reported data to a AAA server may be required for various | hosts. Reported data to a AAA server may be required for various | |||
| operational purposes (e.g., regulatory). | operational purposes (e.g., regulatory). | |||
| A configuration change (e.g., BR address) may result in an exchange | ||||
| of CoA-Requests between the BNG and the AAA server as shown in | ||||
| Figure 3. Concretely, when the BNG receives a CoA-Request message | ||||
| containing Softwire46 attributes, it sends a DHCPv6 Reconfigure | ||||
| message to the appropriate CE to inform that CE that an updated | ||||
| configuration is available. Upon receipt of such message, the CE | ||||
| sends a DHCPv6 Renew or Information-Request in order to receive the | ||||
| updated Softwire46 configuration. In deployments where the BNG | ||||
| embeds a DHCPv6 relay, CoA-Requests can be used following the | ||||
| procedure specified in [RFC6977]. | ||||
| CE BNG AAA Server | ||||
| | | | | ||||
| |---DHCPv6 Solicit--------->| | | ||||
| | |---Access-Request---------->| | ||||
| | |<--Access-Accept------------| | ||||
| | |(Softwire46-Configuration | | ||||
| | | Attribute ...) | | ||||
| .... | ||||
| | | | | ||||
| | |<-----CoA-Request-----------| | ||||
| | |(Softwire46-Configuration | | ||||
| | | Attribute ...) | | ||||
| | |------CoA-Response--------->| | ||||
| |<--DHCPv6 Reconfigure------| | | ||||
| | | | | ||||
| .... | ||||
| Figure 3: Change of Configuration Example | ||||
| 5. Table of Attributes | 5. Table of Attributes | |||
| This document specifies three new RADIUS attributes, and their | This document specifies three new RADIUS attributes, and their | |||
| formats are as follows: | formats are as follows: | |||
| o Softwire46-Configuration Attribute: 241.TBD1 | o Softwire46-Configuration Attribute: 241.TBD1 | |||
| o Softwire46-Priority Attribute: 241.TBD5 | o Softwire46-Priority Attribute: 241.TBD5 | |||
| o Softwire46-Multicast Attribute: 241.TBD6 | o Softwire46-Multicast Attribute: 241.TBD6 | |||
| skipping to change at page 29, line 25 ¶ | skipping to change at page 30, line 14 ¶ | |||
| 6. Security Considerations | 6. Security Considerations | |||
| Section 9 of [RFC7596] discusses security issues related to | Section 9 of [RFC7596] discusses security issues related to | |||
| Lightweight 4over6, Section 10 of [RFC7597] discusses security issues | Lightweight 4over6, Section 10 of [RFC7597] discusses security issues | |||
| related to MAP-E, Section 13 of [RFC7599] discusses security issues | related to MAP-E, Section 13 of [RFC7599] discusses security issues | |||
| related to MAP-T, and Section 9 of [RFC8114] discusses security | related to MAP-T, and Section 9 of [RFC8114] discusses security | |||
| issues related to the delivery of IPv4 multicast services to IPv4 | issues related to the delivery of IPv4 multicast services to IPv4 | |||
| clients over an IPv6 multicast network. | clients over an IPv6 multicast network. | |||
| Generic RADIUS security considerations are discussed in Section 8 of | This document does not introduce any security issues inherently | |||
| [RFC2865] and Section 6 of [RFC5176] for CoA messages. Known | different from those already identified in Section 8 of [RFC2865] and | |||
| security vulnerabilities of the RADIUS protocol discussed in | Section 6 of [RFC5176] for CoA messages. Known security | |||
| Section 7 of [RFC2607] and Section 7 of [RFC2869] apply to this | vulnerabilities of the RADIUS protocol discussed in Section 7 of | |||
| specification. | [RFC2607] and Section 7 of [RFC2869] apply to this specification. | |||
| These well-established properties of the RADIUS protocol place some | ||||
| limitations on how it can safely be used, since there is some | ||||
| inherent requirement to trust the counterparty to not misbehave. | ||||
| This document targets deployments where a trusted relationship is in | Accordingly, this document targets deployments where a trusted | |||
| place between the RADIUS client and server with communication | relationship is in place between the RADIUS client and server with | |||
| optionally secured by IPsec or Transport Layer Security (TLS) | communication optionally secured by IPsec or Transport Layer Security | |||
| [RFC6614]. The use of IPsec [RFC4301] for providing security when | (TLS) [RFC6614]. The use of IPsec [RFC4301] for providing security | |||
| RADIUS is carried in IPv6 is discussed in [RFC3162]. | when RADIUS is carried in IPv6 is discussed in [RFC3162]. | |||
| Security considerations for interactions between a Softwire46 CE and | Security considerations for interactions between a Softwire46 CE and | |||
| the BNG are discussed in Section 9 of [RFC7598] (DHCPv6 options for | the BNG are discussed in Section 9 of [RFC7598] (DHCPv6 options for | |||
| configuration of softwire46 address and port-mapped clients), | configuration of softwire46 address and port-mapped clients), | |||
| Section 3 of [RFC8026] (DHCPv6-based Softwire46 prioritization | Section 3 of [RFC8026] (DHCPv6-based Softwire46 prioritization | |||
| mechanism), and Section 5 of [RFC8115] (DHCPv6 options for | mechanism), and Section 5 of [RFC8115] (DHCPv6 options for | |||
| configuration of IPv4-embedded IPv6 prefixes). | configuration of IPv4-embedded IPv6 prefixes). | |||
| 7. IANA Considerations | 7. IANA Considerations | |||
| skipping to change at page 36, line 32 ¶ | skipping to change at page 37, line 5 ¶ | |||
| [RFC6519] Maglione, R. and A. Durand, "RADIUS Extensions for Dual- | [RFC6519] Maglione, R. and A. Durand, "RADIUS Extensions for Dual- | |||
| Stack Lite", RFC 6519, DOI 10.17487/RFC6519, February | Stack Lite", RFC 6519, DOI 10.17487/RFC6519, February | |||
| 2012, <https://www.rfc-editor.org/info/rfc6519>. | 2012, <https://www.rfc-editor.org/info/rfc6519>. | |||
| [RFC6614] Winter, S., McCauley, M., Venaas, S., and K. Wierenga, | [RFC6614] Winter, S., McCauley, M., Venaas, S., and K. Wierenga, | |||
| "Transport Layer Security (TLS) Encryption for RADIUS", | "Transport Layer Security (TLS) Encryption for RADIUS", | |||
| RFC 6614, DOI 10.17487/RFC6614, May 2012, | RFC 6614, DOI 10.17487/RFC6614, May 2012, | |||
| <https://www.rfc-editor.org/info/rfc6614>. | <https://www.rfc-editor.org/info/rfc6614>. | |||
| [RFC6977] Boucadair, M. and X. Pougnard, "Triggering DHCPv6 | ||||
| Reconfiguration from Relay Agents", RFC 6977, | ||||
| DOI 10.17487/RFC6977, July 2013, | ||||
| <https://www.rfc-editor.org/info/rfc6977>. | ||||
| [RFC7596] Cui, Y., Sun, Q., Boucadair, M., Tsou, T., Lee, Y., and I. | [RFC7596] Cui, Y., Sun, Q., Boucadair, M., Tsou, T., Lee, Y., and I. | |||
| Farrer, "Lightweight 4over6: An Extension to the Dual- | Farrer, "Lightweight 4over6: An Extension to the Dual- | |||
| Stack Lite Architecture", RFC 7596, DOI 10.17487/RFC7596, | Stack Lite Architecture", RFC 7596, DOI 10.17487/RFC7596, | |||
| July 2015, <https://www.rfc-editor.org/info/rfc7596>. | July 2015, <https://www.rfc-editor.org/info/rfc7596>. | |||
| [RFC7597] Troan, O., Ed., Dec, W., Li, X., Bao, C., Matsushima, S., | [RFC7597] Troan, O., Ed., Dec, W., Li, X., Bao, C., Matsushima, S., | |||
| Murakami, T., and T. Taylor, Ed., "Mapping of Address and | Murakami, T., and T. Taylor, Ed., "Mapping of Address and | |||
| Port with Encapsulation (MAP-E)", RFC 7597, | Port with Encapsulation (MAP-E)", RFC 7597, | |||
| DOI 10.17487/RFC7597, July 2015, | DOI 10.17487/RFC7597, July 2015, | |||
| <https://www.rfc-editor.org/info/rfc7597>. | <https://www.rfc-editor.org/info/rfc7597>. | |||
| End of changes. 15 change blocks. | ||||
| 25 lines changed or deleted | 63 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||