idnits 2.17.1 draft-ietf-softwire-map-radius-15.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (March 21, 2018) is 2225 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 3315 (Obsoleted by RFC 8415) -- Obsolete informational reference (is this intentional?): RFC 5226 (Obsoleted by RFC 8126) Summary: 1 error (**), 0 flaws (~~), 1 warning (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Softwire S. Jiang, Ed. 3 Internet-Draft Huawei Technologies Co., Ltd 4 Intended status: Standards Track Y. Fu, Ed. 5 Expires: September 22, 2018 CNNIC 6 B. Liu 7 Huawei Technologies Co., Ltd 8 P. Deacon 9 IEA Software, Inc. 10 C. Xie 11 China Telecom 12 T. Li 13 Tsinghua University 14 M. Boucadair 15 Orange 16 March 21, 2018 18 RADIUS Attribute for Softwire Address plus Port based Mechanisms 19 draft-ietf-softwire-map-radius-15 21 Abstract 23 IPv4-over-IPv6 transition mechanisms provide both IPv4 and IPv6 24 connectivity services simultaneously during the IPv4/IPv6 co-existing 25 period. The Dynamic Host Configuration Protocol for IPv6 (DHCPv6) 26 options have been defined to configure Customer Edge (CE) in MAP-E, 27 MAP-T, Lightweight 4over6 and PREFIX64 option for Multicast Basic 28 Bridging BroadBand (mB4) in multicast scenarios. However, in many 29 networks, the configuration information may be stored in an 30 Authentication Authorization and Accounting (AAA) server, while user 31 configuration information is mainly provided by the Broadband Network 32 Gateway (BNG) through the DHCPv6 protocol. This document defines two 33 new Remote Authentication Dial In User Service (RADIUS) attributes 34 that carry CE or mB4 configuration information from an AAA server to 35 BNG. 37 Status of This Memo 39 This Internet-Draft is submitted in full conformance with the 40 provisions of BCP 78 and BCP 79. 42 Internet-Drafts are working documents of the Internet Engineering 43 Task Force (IETF). Note that other groups may also distribute 44 working documents as Internet-Drafts. The list of current Internet- 45 Drafts is at https://datatracker.ietf.org/drafts/current/. 47 Internet-Drafts are draft documents valid for a maximum of six months 48 and may be updated, replaced, or obsoleted by other documents at any 49 time. It is inappropriate to use Internet-Drafts as reference 50 material or to cite them other than as "work in progress." 52 This Internet-Draft will expire on September 22, 2018. 54 Copyright Notice 56 Copyright (c) 2018 IETF Trust and the persons identified as the 57 document authors. All rights reserved. 59 This document is subject to BCP 78 and the IETF Trust's Legal 60 Provisions Relating to IETF Documents 61 (https://trustee.ietf.org/license-info) in effect on the date of 62 publication of this document. Please review these documents 63 carefully, as they describe your rights and restrictions with respect 64 to this document. Code Components extracted from this document must 65 include Simplified BSD License text as described in Section 4.e of 66 the Trust Legal Provisions and are provided without warranty as 67 described in the Simplified BSD License. 69 Table of Contents 71 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 72 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 73 3. Configuration process with RADIUS . . . . . . . . . . . . . . 4 74 4. Attributes . . . . . . . . . . . . . . . . . . . . . . . . . 7 75 4.1. Softwire46-Configuration Attribute . . . . . . . . . . . 7 76 4.2. S46 Container Options . . . . . . . . . . . . . . . . . . 8 77 4.3. Sub Options for S46 Container Option . . . . . . . . . . 9 78 4.3.1. S46-Rule Sub Option . . . . . . . . . . . . . . . . . 9 79 4.3.2. S46-BR Sub Option . . . . . . . . . . . . . . . . . . 10 80 4.3.3. S46-DMR Sub Option . . . . . . . . . . . . . . . . . 11 81 4.3.4. S46-V4V6Bind Sub Option . . . . . . . . . . . . . . . 12 82 4.3.5. S46-PORTPARAMS Sub Option . . . . . . . . . . . . . . 13 83 4.4. Sub Options for S46-Rule Sub Option . . . . . . . . . . . 13 84 4.4.1. Rule-IPv6-Prefix Sub Option . . . . . . . . . . . . . 13 85 4.4.2. Rule-IPv4-Prefix Sub Option . . . . . . . . . . . . . 14 86 4.4.3. EA Length Sub Option . . . . . . . . . . . . . . . . 15 87 4.5. Sub Options for S46-v4v6Bind Sub Option . . . . . . . . . 15 88 4.5.1. The IPv4-address Sub Option . . . . . . . . . . . . . 15 89 4.5.2. The Bind-IPv6-Prefix Sub Option . . . . . . . . . . . 15 90 4.6. Sub Options for S46-PORTPARAMS Sub Option . . . . . . . . 16 91 4.6.1. The PSID-offset Sub Option . . . . . . . . . . . . . 16 92 4.6.2. The PSID-len Sub Option . . . . . . . . . . . . . . . 17 93 4.6.3. The PSID Sub Option . . . . . . . . . . . . . . . . . 17 94 4.7. Softwire46 Sub Options Encapsulation . . . . . . . . . . 17 95 4.8. Softwire46-Priority Attribute . . . . . . . . . . . . . . 18 96 4.9. Softwire46-Multicast Attribute . . . . . . . . . . . . . 18 97 4.9.1. ASM-Prefix64 TLV . . . . . . . . . . . . . . . . . . 20 98 4.9.2. SSM-Prefix64 TLV . . . . . . . . . . . . . . . . . . 21 99 4.9.3. U-Prefix64 TLV . . . . . . . . . . . . . . . . . . . 22 100 4.10. Table of attributes . . . . . . . . . . . . . . . . . . . 23 101 5. Diameter Considerations . . . . . . . . . . . . . . . . . . . 24 102 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 24 103 6.1. S46 Mechanisms and Their Identifying Option Codes . . . . 25 104 7. Security Considerations . . . . . . . . . . . . . . . . . . . 25 105 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 26 106 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 26 107 9.1. Normative References . . . . . . . . . . . . . . . . . . 26 108 9.2. Informative References . . . . . . . . . . . . . . . . . 27 109 Additional Authors . . . . . . . . . . . . . . . . . . . . . . . 29 110 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 30 112 1. Introduction 114 Recently providers have started to deploy IPv6 and consider how to 115 transit to IPv6. Many IPv4 service continuity mechanisms based on 116 the Address plus Port (A+P) [RFC6346] have been proposed for running 117 IPv4 over IPv6-only infrastructure. Mapping of Address and Port with 118 Encapsulation (MAP-E)[RFC7597] and Mapping of Address and Port using 119 Translation (MAP-T) [RFC7599] are stateless mechanisms for running 120 IPv4 over IPv6-only infrastructure. Lightweight 4over6 [RFC7596] is 121 a hub-and-spoke IPv4-over-IPv6 tunneling mechanism, with complete 122 independence of IPv4 and IPv6 addressing. MAP-E, MAP-T, and 123 Lightweight 4over6 Customer Edge (CE) devices may be provisioned by 124 means of Dynamic Host Configuration Protocol for IPv6 (DHCPv6) 125 [RFC3315]. In particualr, the CE uses DHCPv6 options to discover the 126 Border Relay (BR) and retrieve Softwire46 (S46) configurations. 128 [RFC8114] specifies a generic solution for delivery of IPv4 multicast 129 services to IPv4 clients over an IPv6 multicast network. The 130 solution applies also to lw4o6 and MAP-E. [RFC8115] defines a DHCPv6 131 PREFIX64 option to convey the IPv6 prefixes to be used for 132 constructing IPv4-embedded IPv6 addresses to inform the mB4 element 133 of the PREFIX64. The following lists the multicast-related 134 information that needs to be provisioned: 136 o ASM Multicast Prefix64: the IPv6 multicast prefix to be used to 137 synthesize the IPv4-embedded IPv6 addresses of the multicast 138 groups in the Any-Source Multicast (ASM) mode. 140 o SSM Multicast Prefix64: the IPv6 multicast prefix to be used to 141 synthesize the IPv4-embedded IPv6 addresses of the multicast 142 groups in the Source-Specific Multicast (SSM) [RFC4607] mode. 144 o Unicast Prefix64: the IPv6 unicast prefix to be used in SSM mode 145 for constructing the IPv4-embedded IPv6 addresses representing the 146 IPv4 multicast sources in the IPv6 domain. Unicast Prefix64 may 147 also be used to extract the IPv4 address from the received 148 multicast data flows. The address mapping follows the guidelines 149 documented in [RFC6052]. 151 In many networks, user configuration information may be stored in an 152 Authentication, Authorization, and Accounting (AAA) server. 153 Currently, the AAA servers communicate using the Remote 154 Authentication Dial In User Service (RADIUS) [RFC2865] protocol. In 155 a fixed line broadband network, a Broadband Network Gateway (BNG) 156 acts as the access gateway of users. A DHCPv6 server function is 157 assumed to be embedded in the BNG that allows it to locally handle 158 any DHCPv6 requests initiated by hosts. 160 Since the S46 configuration information is stored in an AAA servers 161 and user configuration information is mainly transmitted through 162 DHCPv6 protocol between the BNGs and hosts/CEs, new RADIUS attributes 163 are needed to propagate the information from the AAA servers to BNGs. 164 The RADIUS attributes designed in this document are especially for 165 the MAP-E[RFC7597], MAP-T[RFC7599] and Lightweight 4over6[RFC7596], 166 providing enough information to form the corresponding DHCPv6 167 configuration options[RFC7598]. At the Section 4.9, a new RADIUS 168 attribute is defined to be used for carrying the Multicast-Prefixes- 169 64, based on the equivalent DHCPv6 option already specified in 170 [RFC8115]. 172 2. Terminology 174 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 175 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 176 document are to be interpreted as described in [RFC2119]. 178 The terms DS-Lite multicast Basic Bridging BroadBand element (mB4) 179 and the DS-Lite multicast Address Family Transition Router element 180 (mAFTR) are defined in [RFC8114] . 182 3. Configuration process with RADIUS 184 The Figure 1 below illustrates how the RADIUS protocol and DHCPv6 co- 185 operate to provide CE with MAP configuration information. The BNG 186 acts as a RADIUS client and a DHCPv6 server. 188 CE BNG AAA Server 189 | | | 190 |-------1.DHCPv6 Solicit-------> | | 191 | (ORO w/container option code) | | 192 | |-------2.Access-Request------->| 193 | | (S46-Configuration attribute | 194 | |and/or S46-Multicast attribute)| 195 | |<------3.Access-Accept---------| 196 |<---4.DHCPv6 Advertisement----- | (S46-Configuration attribute | 197 | (container option) |and/or S46-Multicast attribute)| 198 |-------5.DHCPv6 Request------> | | 199 | (container Option) | | 200 |<------6.DHCPv6 Reply---------- | | 201 | (container option) | | 202 | | | 203 DHCPv6 RADIUS 205 Figure 1: the cooperation between DHCPv6 and RADIUS combined with 206 RADIUS authentication 208 1. First, the CE may initiate a DHCPv6 Solicit message that includes 209 an Option Request option(6) [RFC3315] with the S46 Container option 210 codes as defined in[RFC7598]. As described in [RFC7598], 211 OPTION_S46_CONT_MAPE should be included for MAP-E[RFC7597], 212 OPTION_S46_CONT_MAPT for MAP-T [RFC7599], and OPTION_S46_CONT_LW for 213 Lightweight 4over6 [RFC7596]. For the multicast case, 214 OPTION_V6_PREFIX64 should be included for the delivery of multicast 215 services in the context of transition to IPv6. Note however, that 216 the ORO (Option Request option) with the S46 Container option code 217 could be optional if the network was planned to be S46-enabled by 218 default. 220 2. When the BNG receives the Solicit message, it should initiate a 221 radius Access-Request message. In this message, a User-Name 222 attribute (1) should be filled by a CE MAC address or interface-id or 223 both. This message will be sent to the RADIUS server. In this 224 message, a User-password attribute (2) should be filled by the shared 225 password that has been preconfigured on the DHCPv6 server, requesting 226 authentication as defined in [RFC2865] with the corresponding 227 Softwire46-Configuration Attribute or Softwire46-Multicast Attribute. 228 The Softwire46-Configuration Attribute and Softwire46-Multicast 229 Attribute will be defined in the next Section. 231 3. If the authentication request is approved by the AAA server, an 232 Access-Accept message MUST be acknowledged with the corresponding 233 Softwire46-Configuration Attribute or Softwire46-Multicast Attribute. 235 4. After receiving the Access-Accept message with the corresponding 236 Attribute, the BNG SHOULD respond to the DHCPv6 Client (CE) with an 237 Advertisement message. 239 5. After receiving the Advertise message, the CE MAY request for the 240 corresponding S46 Container Option, by including the S46 Container 241 option in the Request message. 243 6. After receiving the client's Request message, containing the 244 corresponding S46 Container option, the BNG SHOULD reply to the CE 245 with the message containing the S46 Container option. The 246 recommended format of the MAC address is defined as Calling-Station- 247 Id (Section 3.20 in [RFC3580] without the SSID (Service Set 248 Identifier) portion. 250 For Lightweight 4over6 [RFC7596], the subscriber's binding state 251 should be synchronized between the AAA server and lwAFTR. If the 252 bindings are pre-configured statically in both the AAA server and 253 lwAFTR, an AAA server does not need to configure the lwAFTR anymore. 254 Otherwise, if the bindings are locally created on-demand in an AAA 255 server, it should inform the lwAFTR with the subscriber's binding 256 state, in order to synchronize the binding information of the lwB4 257 with the lwAFTR. 259 The authorization operation could also be done independently after 260 the authentication process. In such a scenario, after the 261 authentication operation, the client MAY initiate a DHCPv6 Request 262 message that includes the corresponding S46 Container options. 263 Similar to the above scenario, the ORO with the corresponding S46 264 Container option code in the initial DHCPv6 request could be optional 265 if the network was planned as being S46-enabled by default. When the 266 BNG receives the DHCPv6 Request, it SHOULD initiate the radius 267 Access-Request message, which MUST contain a Service-Type attribute 268 (6) with the value Authorize Only (17), the corresponding 269 Softwire46-Configuration Attribute, and a State attribute obtained 270 from the previous authentication process according to [RFC5080]. If 271 the authorization request is approved by an AAA server, an Access- 272 Accept message MUST be acknowledged with the corresponding 273 Softwire46-Configuration Attribute. The BNG SHOULD then send the 274 DHCPv6 Reply message containing the S46 Container option. 276 In both the above-mentioned scenarios, Message-authenticator (type 277 80) [RFC2869] SHOULD be used to protect both Access-Request and 278 Access-Accept messages. 280 If the BNG does not receive the corresponding 281 Softwire46-Configuration Attribute in the Access-Accept message it 282 MAY fallback to a pre-configured default S46 configuration, if any. 284 If the BNG does not have any pre-configured default S46 285 configuration, or if the BNG receives an Access-Reject, then S46 286 connection cannot be established. 288 As specified in [RFC3315], section 18.1.4, "Creation and Transmission 289 of Rebind Messages ", if the DHCPv6 server to which the DHCPv6 Renew 290 message was sent at time T1 has not responded by time T2, the CE 291 (DHCPv6 client) SHOULD enter the Rebind state and attempt to contact 292 any available server. In this situation, the secondary BNG receiving 293 the DHCPv6 message MUST initiate a new Access-Request message towards 294 the AAA server. The secondary BNG MAY include the 295 Softwire46-Configuration Attribute in its Access-Request message. 297 4. Attributes 299 This section defines the Softwire46-Configuration Attribute, 300 Softwire46-Priority Attribute, and Softwire46-Multicast Attribute. 301 The attribute design follows [RFC6158] and refers to [RFC6929]. 303 The Softwire46-Configuration Attribute carries the configuration 304 information for MAP-E, MAP-T, and Lightweight 4over6. The 305 configuration information for each S46 mechanism is carried in the 306 corresponding S46 Container option. Different sub options are 307 required for each type of S46 Container option. The RADIUS attribute 308 for Dual-Stack Lite [RFC6333] is defined in [RFC6519]. 310 A client may be capable of supporting several different S46 311 mechanisms. Depending on the deployment scenario, a client might 312 request for more than one S46 mechanism at a time. The 313 Softwire46-Priority Attribute contains information allowing the 314 client to prioritize which mechanism to use, corresponding to 315 OPTION_S46_PRIORITY defined in [RFC8026]. 317 The Softwire46-Multicast Attirbute conveys the IPv6 prefixes to be 318 used in [RFC8114] to synthesize IPv4-embedded IPv6 addresses. The 319 BNG SHALL use the IPv6 prefixes returned in the RADIUS 320 Softwire46-Multicast Attirbute to populate the DHCPv6 PREFIX64 Option 321 [RFC8115]. 323 4.1. Softwire46-Configuration Attribute 325 The Softwire46-Configuration Attribute can only encapsulate S46 326 Container Option(s). The Softwire46-Configuration Attribute is 327 structured as follows: 329 0 1 2 3 330 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 331 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 332 | Type | Length | | 333 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + 334 | | 335 + S46 Container Option(s) + 336 | | 337 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 338 Type 339 TBD 340 Length 341 2 + the length of the S46 Container option(s) 342 specified in octets 343 S46 Container Option (s) 344 A variable field that may contains one or more S46 Container 345 option(s), defined in Section 4.2. 347 4.2. S46 Container Options 349 The S46 Container Option can only be encapsulated in the 350 Softwire46-Configuration Attribute. Depending on the deployment 351 scenario, a client might request for more than one transition 352 mechanism at a time, there MUST be at least one S46 Container option 353 encapsulated in one Softwire46-Configuration Attribute. There MUST 354 be at most one instance of each type of S46 Container Option 355 encapsulated in one Softwire46-Configuration Attribute. 357 / 358 / | 1.Rule-IPv6-Prefix 359 | | Sub Option 360 | 1.S46-Rule Sub Option--+ 2.Rule-IPv4-Prefix 361 | | Sub Option 362 | 2.S46-BR Sub Option | 3.EA Length Sub 363 S46 Container Option--+ 3.S46-DMR Sub Option \ Option 364 | 365 | /1.IPv4-address 366 | | Sub Option 367 | 4.S46-v4v6Bind Sub Option--| 2.Bind-IPv6-Prefix 368 | \ Sub Option 369 | /1.PSID-offset 370 | | Sub Option 371 | 5.S46-PORTPARAMS Sub Option--| 2.PSID-len 372 | | Sub Option 373 \ \3.PSID Sub 374 Option 376 Figure 2: S46 Container Option Hierarchy 378 There are three types of S46 Container Options, namely MAP-E 379 Container Option, MAP-T Container Option, Lightweight 4over6 380 Container Option. Each type of S46 Container Option contains a 381 number of sub options, defined in Section 4.3. The hierarchy of the 382 S46 Container Option is shown in Figure 2. Section 4.5 describes 383 which Sub Options are mandatory, optional, or not permitted for each 384 defined S46 Container Option. 386 There are three types of S46-Rule Sub Options, namely Basic Mapping 387 Rule, Forwarding Mapping Rule, Basic and Forwarding Mapping Rule. 388 Each type of S46-Rule Sub Option also contains a number of Sub 389 Options. The Rule-IPv6-Prefix Sub Option is necessary for every type 390 of S46-Rule Sub Option. It should appear for once and only once. 392 0 1 2 3 393 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 394 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 395 | Type | Length | | 396 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + 397 | | 398 + Sub Options + 399 | | 400 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 401 Type 402 TBD1 MAP-E Container Option 403 TBD2 MAP-T Container Option 404 TBD3 Lightweight 4over6 Container Option 405 Length 406 2 + the length of the Sub Options specified in octets 407 Sub Option 408 A variable-length field that contains necessary sub options 409 defined in Section 4.3 and zero or several optional sub 410 options, defined in Section 4.4. 411 NOTE: The Type values for each S46 Container Option are the same 412 as the S46-option-code values of the corresponding S46 Mechanisms 413 specified in Section 6.1. 415 4.3. Sub Options for S46 Container Option 417 4.3.1. S46-Rule Sub Option 419 The S46-Rule Sub Option can only be encapsulated in the MAP-E 420 Container Option or the MAP-T Container Option. Depending on 421 deployment scenario, one Basic Mapping Rule and zero or more 422 Forwarding Mapping Rules MUST be included in one MAP-E Container 423 Option or MAP-T Container Option. 425 Each type of S46-Rule Sub Option also contains a number of sub 426 options, including Rule-IPv6-Prefix Sub Option, Rule-IPv4-Prefix Sub 427 Option, and EA Length Sub Option. The structure of the sub options 428 for S46-Rule Sub Option is defined in section 4.4. 430 0 1 2 3 431 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 432 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 433 | SubType | SubLen | | 434 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + 435 | | 436 + Sub Options + 437 | | 438 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 439 SubType 440 1 Basic Mapping Rule (Not Forwarding Mapping Rule) 441 2 Forwarding Mapping Rule (Not Basic Mapping Rule) 442 3 Basic & Forwarding Mapping Rule 443 SubLen 444 2 + the length of the Sub Options specified in octets 445 Sub Option 446 A variable-length field that contains sub options defined in 447 Section 4.4. 449 4.3.2. S46-BR Sub Option 451 The S46-BR Sub Option can only be encapsulated in the MAP-E Container 452 Option or the Lightweight 4over6 Container Option. There MUST be at 453 least one S46-BR Sub Option included in each MAP-E Container Option 454 or Lightweight 4over6 Container Option. 456 0 1 2 3 457 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 458 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 459 | SubType | SubLen | | 460 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + 461 | | 462 | BR-ipv6-address | 463 | | 464 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 465 | | 466 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 468 SubType 469 4 (SubType number, for the S46-BR sub option) 470 SubLen 471 18 (the length of the S46-BR sub option) 472 BR-ipv6-address 473 A fixed-length field of 16 octets that specifies the IPv6 474 address for the S46 BR. 476 4.3.3. S46-DMR Sub Option 478 The S46-DMR Sub Option can only appear in the MAP-T Container Option. 479 There MUST be exactly one S46-DMR Sub Option included in one MAP-T 480 Container Option. 482 0 1 2 3 483 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 484 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 485 | SubType | SubLen | Reserved |dmr-prefix6-len| 486 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 487 | dmr-ipv6-prefix | 488 | (variable length) | 489 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 491 SubType 492 5 (SubType number, for the S46-DMR Sub Option) 493 SubLen 494 4 + length of dmr-ipv6-prefix specified in octets 495 Reserved 496 This field is reserved. It should be set to all zero. 497 dmr-prefix6-len 498 An 8 bits long field that expresses the bitmask length of 499 the IPv6 prefix specified in the dmr-ipv6-prefix field. 500 Allowed values range from 0 to 96. 501 dmr-ipv6-prefix 502 A variable-length field specifying the IPv6 prefix or 503 address for the BR. This field is right-padded with zeros 504 to the nearest octet boundary when dmr-prefix6-len is not 505 divisible by 8. 507 4.3.4. S46-V4V6Bind Sub Option 509 The S46-V4V6Bind Sub Option can only be encapsulated in the 510 Lightweight 4over6 Container Option. There MUST be at most one 511 S46-V4V6Bind Sub Option included in each Lightweight 4over6 Container 512 Option. 514 0 1 2 3 515 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 516 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 517 | SubType | SubLen | | 518 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + 519 | | 520 + Sub Options + 521 | | 522 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 523 SubType 524 6 (SubType number, for the S46-V4V6Bind sub option) 525 SubLen 526 2 + the length of the Sub Options specified in octets 527 Sub Option 528 A variable-length field that contains sub options defined 529 in Section 4.5. 531 4.3.5. S46-PORTPARAMS Sub Option 533 The S46-PORTPARAMS Sub Option specifies optional port set information 534 that MAY be provided to CEs. The S46-PORTPARAMS sub option can be 535 included optionally by each type of S46 Container Option. 537 0 1 2 3 538 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 539 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 540 | SubType | SubLen | | 541 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + 542 | | 543 + Sub Options + 544 | | 545 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 546 SubType 547 7 (SubType number, for the S46-PORTPARAMS Sub Option) 548 SubLen 549 2 + the length of the Sub Options specified in octets 550 Sub Option 551 A variable-length field that contains sub options defined 552 in Section 4.6. 554 4.4. Sub Options for S46-Rule Sub Option 556 4.4.1. Rule-IPv6-Prefix Sub Option 558 The Rule-IPv6-Prefix Sub Option is necessary for every S46-RULE sub 559 option. There MUST be exactly one S46-IPv6-Prefix Sub Option 560 encapsulated in each type of S46-Rule Sub Option. 562 The IPv6 Prefix sub option follows the framed IPv6 prefix designed in 563 [RFC3162]. 565 0 1 2 3 566 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 567 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 568 | SubType | SubLen | Reserved |ruleprefix6-len| 569 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 570 | | 571 | rule-ipv6-prefix | 572 | | 573 | | 574 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 575 SubType 576 8 (SubType number, for the Rule-IPv6-Prefix Sub Option) 577 SubLen 578 20 (the length of the Rule-IPv6-Prefix Sub Option) 579 Reserved 580 This field is reserved. It is always set to zero. This field 581 is one octet in length. 582 ruleprefix6-len 583 The length of IPv6 prefix, specified in the rule-ipv6-prefix 584 field, expressed in bits. 585 rule-ipv6-prefix 586 A 128 bits long field that specifies an IPv6 prefix that 587 appears in a MAP rule. 589 4.4.2. Rule-IPv4-Prefix Sub Option 591 0 1 2 3 592 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 593 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 594 | SubType | SubLen | Reserved | prefix4-len | 595 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 596 | rule-ipv4-prefix | 597 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 598 SubType 599 9 (SubType number, for the Rule-IPv4-Prefix Sub Option) 600 SubLen 601 8 (the length of the Rule-IPv4-Prefix Sub Option) 602 Reserved 603 This field is reserved. It is always set to zero. This field 604 is one octet in length. 605 Prefix4-len 606 The length of IPv4 prefix, specified in the rule-ipv4-prefix 607 field, expressed in bits. 608 rule-ipv4-prefix 609 A 32 bits long field that specifies an IPv4 prefix that 610 appears in a MAP rule. 612 4.4.3. EA Length Sub Option 614 0 1 2 3 615 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 616 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 617 | SubType | SubLen | EA-len | 618 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 619 SubType 620 10 (SubType number, for the EA Length Sub Option) 621 SubLen 622 4 (the length of the EA Length Sub Option) 623 EA-len 624 A 16 bits long field that specifies the Embedded-Address(EA) 625 bit length. Allowed values range from 0 to 48. 627 4.5. Sub Options for S46-v4v6Bind Sub Option 629 4.5.1. The IPv4-address Sub Option 631 The IPv4-address Sub Option MAY be used to specify the full or shared 632 IPv4 address of the CE. 634 0 1 2 3 635 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 636 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 637 | SubType | SubLen | ipv4-address | 638 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 639 | ipv4-address | 640 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 641 SubType 642 11 (SubType number, for the IPv4-address Sub Option) 643 SubLen 644 6 (the length of the Rule-IPv4-Prefix Sub Option) 645 ipv4-address 646 A 32 bits long field that specifies an IPv4 address that 647 appears in the V4V6Bind Option. 649 4.5.2. The Bind-IPv6-Prefix Sub Option 651 The IPv6 prefix field specified in this field is used by the CE to 652 identify the correct prefix to be used for the tunnel source. 654 0 1 2 3 655 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 656 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 657 | SubType | SubLen | Reserved |bindprefix6-len| 658 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 659 | | 660 | bind-ipv6-prefix | 661 | (variable length) | 662 | | 663 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 664 SubType 665 12 (SubType number, for the Bind-IPv6-Prefix Sub Option) 666 SubLen 667 20 (the length of the Bind-IPv6-Prefix Sub Option) 668 Reserved 669 This field is reserved. It is always set to zero. This field 670 is one octet in length. 671 bindprefix6-len 672 An 8 bits long field that expresses the bitmask length of 673 the IPv6 prefix specified in the bind-ipv6-prefix field. 674 Allowed values range from 0 to 96. 675 bind-ipv6-prefix 676 A variable-length field specifying the IPv6 prefix or 677 address for the S46 CE. This field is right-padded with 678 zeros to the nearest octet boundary when bindprefix6-len 679 is not divisible by 8. 681 4.6. Sub Options for S46-PORTPARAMS Sub Option 683 4.6.1. The PSID-offset Sub Option 685 0 1 2 686 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 687 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 688 | SubType | SubLen | PSID-Offset | 689 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 690 SubType 691 13 (SubType number, for the PSID-offset Sub Option) 692 SubLen 693 3 (the length of the PSID-offset Sub Option) 694 PSID-Offset 695 An 8 bits long field that specifies the numeric value 696 for the S46 algorithm's excluded port range/offset 697 bits (a bits), as per Section 5.1 of RFC7597. Allowed 698 values are between 0 and 15. Default values for this 699 field are specific to the Softwire mechanism being 700 implemented and are defined in the relevant 701 specification document. 703 4.6.2. The PSID-len Sub Option 705 0 1 2 706 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 707 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 708 | SubType | SubLen | PSID-len | 709 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 710 SubType 711 14 (SubType number, for the PSID-len Sub Option) 712 SubLen 713 3 (the length of the PSID-len Sub Option) 714 PSID-len 715 An 8 bits long field that specifies the number of 716 significant bits in the PSID field (also known 717 as 'k'). When set to 0, the PSID field is to be 718 ignored. After the first 'a' bits, there are k bits 719 in the port number representing the value of the PSID. 720 Subsequently, the address sharing ratio would be 2 ^k. 722 4.6.3. The PSID Sub Option 724 0 1 2 3 725 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 726 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 727 | SubType | SubLen | PSID | 728 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 729 SubType 730 15 (SubType number, for the PSID Sub Option) 731 SubLen 732 4 (the length of the PSID Sub Option) 733 PSID (Port-set ID) 734 An explicit 16-bit (unsigned word) PSID value. The PSID 735 value algorithmically identifies a set of ports assigned 736 to a CE. The first k bits on the left of this 2-octet field 737 is the PSID value. The remaining (16-k) bits on the right 738 are padding zeros. 740 4.7. Softwire46 Sub Options Encapsulation 742 The table below shows which encapsulated Sub Options are mandatory, 743 optional, or not permitted for each defined S46 Container Option. 745 +----------------+-------+-------+--------------------+ 746 | Sub Option | MAP-E | MAP-T | Lightweight 4over6 | 747 +----------------+-------+-------+--------------------+ 748 | S46-BR | M | N/P | M | 749 +----------------+-------+-------+--------------------+ 750 | S46-Rule | M | M | N/P | 751 +----------------+-------+-------+--------------------+ 752 | S46-DMR | N/P | M | N/P | 753 +----------------+-------+-------+--------------------+ 754 | S46-V4V6Bind | N/P | N/P | O | 755 +----------------+-------+-------+--------------------+ 756 | S46-PORTPARAMS | O | O | O | 757 +----------------+-------+-------+--------------------+ 759 M - Mandatory, O - Optional, N/P - Not Permitted 761 4.8. Softwire46-Priority Attribute 763 The S46-Priority Attribute is structured as follows: 765 0 1 2 3 766 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 767 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 768 | Type | Length | S46-option-code | 769 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 770 | ... | S46-option-code | 771 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 773 Type 774 TBD 775 Length 776 2 + the length of the S46-option-code(s) specified in octets 777 S46-option-code 778 A 16-bit IANA-registered option code of the DHCPv6 option 779 that is used to identify the softwire mechanisms. S46 780 mechanisms are prioritized in the appearance order of the 781 S46-option-code(s) in the Softwire46-Priority Attribute. 782 A Softwire46-Priority Attribute MUST contain at least one 783 S46-option-code. The option codes of the corresponding S46 784 mechanisms are listed in Section 6.1. 786 4.9. Softwire46-Multicast Attribute 788 The Softwire46-Multicast attribute conveys the IPv6 prefixes to be 789 used in [RFC8114] to synthesize IPv4-embedded IPv6 addresses. The 790 BNG SHALL use the IPv6 prefixes returned in the RADIUS 791 Softwire46-Multicast attribute to populate the DHCPv6 PREFIX64 Option 792 [RFC8115]. 794 This attribute MAY be used in Access-Request packets as a hint to the 795 RADIUS server. For example, if the BNG is pre-configured with 796 Softwire46-Multicast, these prefixes MAY be inserted in the 797 attribute. The RADIUS server MAY ignore the hint sent by the BNG, 798 and it MAY assign a different Softwire46-Multicast attribute. 800 The Softwire46-Multicast Attribute MAY appear in an Access-Accept 801 packet. It MAY also appear in an Access-Request packet. 803 The Softwire46-Multicast Attribute MAY appear in a CoA-Request 804 packet. 806 The Softwire46-Multicast Attribute MAY appear in an Accounting- 807 Request packet. 809 The Softwire46-Multicast Attribute MUST NOT appear in any other 810 RADIUS packet. 812 This attribute is of type "TLV" as defined in the RADIUS Protocol 813 Extensions [RFC6929]. It contains some sub-attributes: 815 o The Softwire46-Multicast Attribute MAY contain the ASM-Prefix64 816 TLV (see Section 4.9.1). 818 o The Softwire46-Multicast Attribute MAY contain the SSM-Prefix64 819 TLV (see Section 4.9.2). 821 o The Softwire46-Multicast Attribute MAY contain the U-Prefix64 TLV 822 (see Section 4.9.3). 824 The Softwire46-Multicast Attribute MUST include the ASM-Prefix64 TLV 825 or the SSM-Prefix64 TLV, and it MAY include both. 827 The U-Prefix64 TLV MUST be present when the SSM-Prefix64 TLV is 828 present. The U-Prefix64 TLV MAY be present when the ASM-Prefix64 TLV 829 is present. 831 The format of the Softwire46-Multicast Attribute is shown in 832 Figure 3. 834 0 1 2 3 835 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 836 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 837 | Type | Length | Extended-Type | Value ... 838 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 840 Figure 3 842 Type 844 241 (To be confirmed by IANA). 846 Length 848 This field indicates the total length in bytes of all fields of 849 this attribute, including the Type, Length, Extended-Type, and the 850 entire length of the embedded TLVs. 852 Extended-Type 854 TBD1. 856 Value 858 This field contains a set of TLVs as follows: 860 ASM-Prefix64 TLV 862 This TLV contains the ASM IPv6 prefix. Refer to Section 4.9.1. 864 SSM-Prefix64 TLV 866 This TLV contains the SSM IPv6 prefix. Refer to Section 4.9.2. 868 U-Prefix64 TLV 870 This TLV contains the IPv4 prefix used for address translation 871 [RFC6052]. Refer to Section 4.9.3. 873 Softwire46-Multicast Attribute is associated with the following 874 identifier: 241.Extended-Type(TBDx). 876 4.9.1. ASM-Prefix64 TLV 878 The format of ASM-Prefix64 TLV is shown in Figure 4. 880 0 1 2 3 881 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 882 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 883 | TLV-Type | Reserved | Prefix-Length |ASM Prefix64 ... 884 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 885 ... ASM Prefix64 ... 886 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 887 ... ASM Prefix64 ... 888 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 889 ... ASM Prefix64 | 890 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 892 Figure 4 894 TLV-Type 896 1 898 Reserved 900 This field is reserved. It is always set to zero. This field is 901 one octet in length. 903 Length 905 The length of the prefix, in bits. 907 ASM Prefix64 909 IPv6 prefix. This field specifies the IPv6 multicast prefix to be 910 used to synthesize the IPv4-embedded IPv6 addresses of the 911 multicast groups in the ASM mode. The conveyed multicast IPv6 912 prefix MUST belong to the ASM range. 914 4.9.2. SSM-Prefix64 TLV 916 The format of SSM-Prefix64 TLV is shown in Figure 5. 918 0 1 2 3 919 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 920 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 921 | TLV-Type | Reserved |Prefix-Length | SSM Prefix64 ... 922 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 923 ... SSM Prefix64 ... 924 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 925 ... SSM Prefix64 ... 926 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 927 ... SSM Prefix64 | 928 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 930 Figure 5 932 TLV-Type 934 2 936 Reserved 938 This fiel is reserved. It is always set to zero. This field is 939 one octet in length. 941 Length 943 The length of the prefix, in bits. 945 SSM Prefix64 947 IPv6 prefix. This field specifies the IPv6 multicast prefix to be 948 used to synthesize the IPv4-embedded IPv6 addresses of the 949 multicast groups in the SSM mode. The conveyed multicast IPv6 950 prefix MUST belong to the SSM range. 952 4.9.3. U-Prefix64 TLV 954 The format of U-Prefix64 TLV is shown in Figure 6. 956 0 1 2 3 957 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 958 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 959 | TLV-Type | Reserved | Prefix-Length |Unicast Prefix64 960 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 961 ... Unicast Prefix64 ... 962 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 963 ... Unicast Prefix64 ... 964 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 965 ... Unicast Prefix64 | 966 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 968 Figure 6 970 TLV-Type 972 3 974 Reserved 976 This fiel is reserved. It is always set to zero. This field is 977 one octet in length. 979 Length 981 The length of the prefix, in bits. 983 Unicast Prefix64 985 IPv6 prefix. This field identifies the IPv6 unicast prefix to be 986 used in SSM mode for constructing the IPv4-embedded IPv6 addresses 987 representing the IPv4 multicast sources in the IPv6 domain. It 988 may also be used to extract the IPv4 address from the received 989 multicast data flows. 991 4.10. Table of attributes 993 The following table describes which attributes may be found, in which 994 kinds of packets and in what quantity. 996 Request Accept Reject Challenge Accounting # Attribute 997 Request 998 0-1 0-1 0 0 0-1 TBD1 Softwire46- 999 Configuration 1000 0-1 0-1 0 0 0-1 TBD2 Softwire46- 1001 Priority 1002 0-1 0-1 0 0 0-1 TBD3 Softwire46- 1003 Multicast 1004 0-1 0-1 0 0 0-1 1 User-Name 1005 0-1 0 0 0 0 2 User-Password 1006 0-1 0-1 0 0 0-1 6 Service-Type 1007 0-1 0-1 0-1 0-1 0-1 80 Message- 1008 Authenticator 1010 The following table defines the meaning of the above table entries. 1012 0 This attribute MUST NOT be present in packet. 1013 0+ Zero or more instances of this attribute MAY be present in 1014 packet. 1015 0-1 Zero or one instance of this attribute MAY be present in 1016 packet. 1017 1 Exactly one instance of this attribute MUST be present in 1018 packet. 1020 5. Diameter Considerations 1022 S46 Configuration using Diameter [RFC6733] is specified in [RFC7678]. 1024 6. IANA Considerations 1026 This document requires the assignment of two new RADIUS Attribute 1027 Type in the "Radius Types" registry (currently located at 1028 http://www.iana.org/assignments/radius-types for the following 1029 attributes: 1031 o Softwire46-Configuration Attribute TBD1 1033 o Softwire46-Priority Attribute TBD2 1035 o Softwire46-Multicast Attribute TBD3 1037 IANA should allocate the numbers from the standard RADIUS Attributes 1038 space using the "IETF Review" policy [RFC5226]. 1040 6.1. S46 Mechanisms and Their Identifying Option Codes 1042 The Softwire46-Priority Attribute defines a 16-bit S46-option-code 1043 field, for which IANA is to create and maintain a new registry 1044 entitled "Option Codes Permitted in the Softwire46-Priority 1045 Attribute". This document requires IANA to register four option 1046 codes of the Softwire46 mechanisms permitted to be included in the 1047 Softwire46-Priority Attribute. Additional options may be added to 1048 this list in the future using the IETF Review process described in 1049 Section 4.1 of [RFC5226]. 1051 The following table shows the option codes that are required and the 1052 S46 mechanisms that they represent. The option code for DS-Lite is 1053 derived from the IANA allocated RADIUS Attribute Type value for DS- 1054 Lite [RFC6519]. The option codes for MAP-E, MAP-T and Lightweight 1055 4over6 need to be determined. The option codes for MAP-E, MAP-T, and 1056 Lightweight 4over6 should also be used as the option Type values for 1057 the MAP-E, MAP-T, and Lightweight 4over6 Container Options defined in 1058 Section 4.2. 1060 +-------------+------------------+-----------+ 1061 | Option Code | S46 Mechanism | Reference | 1062 +-------------+------------------+-----------+ 1063 | TBD1 | MAP-E | RFC7597 | 1064 +-------------+------------------+-----------+ 1065 | TBD2 | MAP-T | RFC7599 | 1066 +-------------+------------------+-----------+ 1067 | TBD3 |Lightweight 4over6| RFC7596 | 1068 +-------------+------------------+-----------+ 1069 | 144 | DS-Lite | RFC6519 | 1070 +--------------------------------+-----------+ 1072 Table 1: Option Codes to S46 Mechanisms 1074 7. Security Considerations 1076 Known security vulnerabilities of the RADIUS protocol are discussed 1077 in [RFC2607], [RFC2865], and[RFC2869]. Use of IPsec [RFC4301] for 1078 providing security when RADIUS is carried in IPv6 is discussed in 1079 [RFC3162]. 1081 A malicious user may use MAC address spoofing on the shared password 1082 that has been preconfigured on the DHCPv6 server to get unauthorized 1083 configuration information. 1085 Specific security considerations for interactions between the MAP CE 1086 and the BNG are discussed in [RFC7597]. Security considerations for 1087 Lightweight 4over6 are discussed in [RFC7596]. Security 1088 considerations for DHCPv6-Based S46 Prioritization Mechanism are 1089 discussed in [RFC8026]. Furthermore, generic DHCPv6 security 1090 mechanisms can be applied to DHCPv6 intercommunication between the CE 1091 and the BNG. 1093 Security considerations for the Diameter protocol are discussed in 1094 [RFC6733]. 1096 8. Acknowledgements 1098 The authors would like to thank the valuable comments made by Peter 1099 Lothberg, Wojciech Dec, Ian Farrer, Suresh Krishnan, Qian Wang, Wei 1100 Meng and Cui Wang for this document. This document was merged with 1101 draft-sun-softwire-lw4over6-radext-01 and draft-wang-radext- 1102 multicast-radius-ext-00, thanks to everyone who contributed to this 1103 draft. 1105 This document was produced using the xml2rfc tool [RFC7991]. 1107 9. References 1109 9.1. Normative References 1111 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1112 Requirement Levels", BCP 14, RFC 2119, 1113 DOI 10.17487/RFC2119, March 1997, 1114 . 1116 [RFC2865] Rigney, C., Willens, S., Rubens, A., and W. Simpson, 1117 "Remote Authentication Dial In User Service (RADIUS)", 1118 RFC 2865, DOI 10.17487/RFC2865, June 2000, 1119 . 1121 [RFC3162] Aboba, B., Zorn, G., and D. Mitton, "RADIUS and IPv6", 1122 RFC 3162, DOI 10.17487/RFC3162, August 2001, 1123 . 1125 [RFC3315] Droms, R., Ed., Bound, J., Volz, B., Lemon, T., Perkins, 1126 C., and M. Carney, "Dynamic Host Configuration Protocol 1127 for IPv6 (DHCPv6)", RFC 3315, DOI 10.17487/RFC3315, July 1128 2003, . 1130 [RFC4607] Holbrook, H. and B. Cain, "Source-Specific Multicast for 1131 IP", RFC 4607, DOI 10.17487/RFC4607, August 2006, 1132 . 1134 [RFC5080] Nelson, D. and A. DeKok, "Common Remote Authentication 1135 Dial In User Service (RADIUS) Implementation Issues and 1136 Suggested Fixes", RFC 5080, DOI 10.17487/RFC5080, December 1137 2007, . 1139 [RFC6052] Bao, C., Huitema, C., Bagnulo, M., Boucadair, M., and X. 1140 Li, "IPv6 Addressing of IPv4/IPv6 Translators", RFC 6052, 1141 DOI 10.17487/RFC6052, October 2010, 1142 . 1144 [RFC6158] DeKok, A., Ed. and G. Weber, "RADIUS Design Guidelines", 1145 BCP 158, RFC 6158, DOI 10.17487/RFC6158, March 2011, 1146 . 1148 [RFC6929] DeKok, A. and A. Lior, "Remote Authentication Dial In User 1149 Service (RADIUS) Protocol Extensions", RFC 6929, 1150 DOI 10.17487/RFC6929, April 2013, 1151 . 1153 [RFC8026] Boucadair, M. and I. Farrer, "Unified IPv4-in-IPv6 1154 Softwire Customer Premises Equipment (CPE): A DHCPv6-Based 1155 Prioritization Mechanism", RFC 8026, DOI 10.17487/RFC8026, 1156 November 2016, . 1158 [RFC8114] Boucadair, M., Qin, C., Jacquenet, C., Lee, Y., and Q. 1159 Wang, "Delivery of IPv4 Multicast Services to IPv4 Clients 1160 over an IPv6 Multicast Network", RFC 8114, 1161 DOI 10.17487/RFC8114, March 2017, 1162 . 1164 [RFC8115] Boucadair, M., Qin, J., Tsou, T., and X. Deng, "DHCPv6 1165 Option for IPv4-Embedded Multicast and Unicast IPv6 1166 Prefixes", RFC 8115, DOI 10.17487/RFC8115, March 2017, 1167 . 1169 9.2. Informative References 1171 [RFC2607] Aboba, B. and J. Vollbrecht, "Proxy Chaining and Policy 1172 Implementation in Roaming", RFC 2607, 1173 DOI 10.17487/RFC2607, June 1999, 1174 . 1176 [RFC2869] Rigney, C., Willats, W., and P. Calhoun, "RADIUS 1177 Extensions", RFC 2869, DOI 10.17487/RFC2869, June 2000, 1178 . 1180 [RFC3580] Congdon, P., Aboba, B., Smith, A., Zorn, G., and J. Roese, 1181 "IEEE 802.1X Remote Authentication Dial In User Service 1182 (RADIUS) Usage Guidelines", RFC 3580, 1183 DOI 10.17487/RFC3580, September 2003, 1184 . 1186 [RFC4301] Kent, S. and K. Seo, "Security Architecture for the 1187 Internet Protocol", RFC 4301, DOI 10.17487/RFC4301, 1188 December 2005, . 1190 [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an 1191 IANA Considerations Section in RFCs", RFC 5226, 1192 DOI 10.17487/RFC5226, May 2008, 1193 . 1195 [RFC6333] Durand, A., Droms, R., Woodyatt, J., and Y. Lee, "Dual- 1196 Stack Lite Broadband Deployments Following IPv4 1197 Exhaustion", RFC 6333, DOI 10.17487/RFC6333, August 2011, 1198 . 1200 [RFC6346] Bush, R., Ed., "The Address plus Port (A+P) Approach to 1201 the IPv4 Address Shortage", RFC 6346, 1202 DOI 10.17487/RFC6346, August 2011, 1203 . 1205 [RFC6519] Maglione, R. and A. Durand, "RADIUS Extensions for Dual- 1206 Stack Lite", RFC 6519, DOI 10.17487/RFC6519, February 1207 2012, . 1209 [RFC6733] Fajardo, V., Ed., Arkko, J., Loughney, J., and G. Zorn, 1210 Ed., "Diameter Base Protocol", RFC 6733, 1211 DOI 10.17487/RFC6733, October 2012, 1212 . 1214 [RFC7596] Cui, Y., Sun, Q., Boucadair, M., Tsou, T., Lee, Y., and I. 1215 Farrer, "Lightweight 4over6: An Extension to the Dual- 1216 Stack Lite Architecture", RFC 7596, DOI 10.17487/RFC7596, 1217 July 2015, . 1219 [RFC7597] Troan, O., Ed., Dec, W., Li, X., Bao, C., Matsushima, S., 1220 Murakami, T., and T. Taylor, Ed., "Mapping of Address and 1221 Port with Encapsulation (MAP-E)", RFC 7597, 1222 DOI 10.17487/RFC7597, July 2015, 1223 . 1225 [RFC7598] Mrugalski, T., Troan, O., Farrer, I., Perreault, S., Dec, 1226 W., Bao, C., Yeh, L., and X. Deng, "DHCPv6 Options for 1227 Configuration of Softwire Address and Port-Mapped 1228 Clients", RFC 7598, DOI 10.17487/RFC7598, July 2015, 1229 . 1231 [RFC7599] Li, X., Bao, C., Dec, W., Ed., Troan, O., Matsushima, S., 1232 and T. Murakami, "Mapping of Address and Port using 1233 Translation (MAP-T)", RFC 7599, DOI 10.17487/RFC7599, July 1234 2015, . 1236 [RFC7678] Zhou, C., Taylor, T., Sun, Q., and M. Boucadair, 1237 "Attribute-Value Pairs for Provisioning Customer Equipment 1238 Supporting IPv4-Over-IPv6 Transitional Solutions", 1239 RFC 7678, DOI 10.17487/RFC7678, October 2015, 1240 . 1242 [RFC7991] Hoffman, P., "The "xml2rfc" Version 3 Vocabulary", 1243 RFC 7991, DOI 10.17487/RFC7991, December 2016, 1244 . 1246 Additional Authors 1247 Qiong Sun 1248 China Telecom 1249 Beijing China 1250 Email: sunqiong@ctbri.com.cn 1252 Qi Sun 1253 Tsinghua University 1254 Department of Computer Science, Tsinghua University 1255 Beijing 100084 1256 P.R.China 1257 Phone: +86-10-6278-5822 1258 Email: sunqibupt@gmail.com 1260 Cathy Zhou 1261 Huawei Technologies 1262 Bantian, Longgang District 1263 Shenzhen 518129 1264 Email: cathy.zhou@huawei.com 1266 Tina Tsou 1267 Huawei Technologies(USA) 1268 2330 Central Expressway 1269 Santa Clara, CA 95050 1270 USA 1271 Email: Tina.Tsou.Zouting@huawei.com 1273 ZiLong Liu 1274 Tsinghua University 1275 Beijing 100084 1276 P.R.China 1277 Phone: +86-10-6278-5822 1278 Email: liuzilong8266@126.com 1280 Yong Cui 1281 Tsinghua University 1282 Beijing 100084 1283 P.R.China 1284 Phone: +86-10-62603059 1285 Email: yong@csnet1.cs.tsinghua.edu.cn 1287 Authors' Addresses 1288 Sheng Jiang 1289 Huawei Technologies Co., Ltd 1290 Q14, Huawei Campus, No.156 Beiqing Road 1291 Hai-Dian District, Beijing, 100095 1292 P.R. China 1294 Email: jiangsheng@huawei.com 1296 Yu Fu 1297 CNNIC 1298 No.4 South 4th Street, Zhongguancun 1299 Hai-Dian District, Beijing, 100190 1300 P.R. China 1302 Email: fuyu@cnnic.cn 1304 Bing Liu 1305 Huawei Technologies Co., Ltd 1306 Q14, Huawei Campus, No.156 Beiqing Road 1307 Hai-Dian District, Beijing, 100095 1308 P.R. China 1310 Email: leo.liubing@huawei.com 1312 Peter Deacon 1313 IEA Software, Inc. 1314 P.O. Box 1170 1315 Veradale, WA 99037 1316 USA 1318 Email: peterd@iea-software.com 1320 Chongfeng Xie 1321 China Telecom 1322 Beijing 1323 P.R. China 1325 Email: xiechf.bri@chinatelecom.cn 1326 Tianxiang Li 1327 Tsinghua University 1328 Beijing 100084 1329 P.R.China 1331 Email: peter416733@gmail.com 1333 Mohamed Boucadair 1334 Orange 1335 Rennes, 35000 1336 France 1338 Email: mohamed.boucadair@orange.com