idnits 2.17.1 draft-ietf-softwire-map-radius-18.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 1251 has weird spacing: '...uration tlv ...' -- The document date (January 21, 2019) is 1921 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 3315 (Obsoleted by RFC 8415) ** Obsolete normative reference: RFC 5226 (Obsoleted by RFC 8126) Summary: 2 errors (**), 0 flaws (~~), 2 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Softwire S. Jiang, Ed. 3 Internet-Draft Huawei Technologies Co., Ltd 4 Intended status: Standards Track Y. Fu, Ed. 5 Expires: July 25, 2019 CNNIC 6 B. Liu 7 Huawei Technologies Co., Ltd 8 P. Deacon 9 IEA Software, Inc. 10 C. Xie 11 China Telecom 12 T. Li 13 Tsinghua University 14 M. Boucadair, Ed. 15 Orange 16 January 21, 2019 18 RADIUS Attributes for Address plus Port (A+P) based Softwire Mechanisms 19 draft-ietf-softwire-map-radius-18 21 Abstract 23 IPv4-over-IPv6 transition mechanisms provide IPv4 connectivity 24 services over IPv6 native networks during the IPv4/IPv6 co-existence 25 period. DHCPv6 options have been defined for configuring clients for 26 Lightweight 4over6, Mapping of Address and Port with Encapsulation, 27 and Mapping of Address and Port using Translation unicast softwire 28 mechanisms, and also multicast softwires. However, in many networks, 29 configuration information is stored in an Authentication, 30 Authorization, and Accounting server which utilizes the RADIUS 31 protocol to provide centralized management for users. When a new 32 transition mechanism is developed, new RADIUS attributes need to be 33 defined correspondingly. 35 This document defines new RADIUS attributes to carry Address plus 36 Port based softwire configuration parameters from an Authentication, 37 Authorization, and Accounting server to a Broadband Network Gateway. 38 Both unicast and multicast attributes are covered. 40 Status of This Memo 42 This Internet-Draft is submitted in full conformance with the 43 provisions of BCP 78 and BCP 79. 45 Internet-Drafts are working documents of the Internet Engineering 46 Task Force (IETF). Note that other groups may also distribute 47 working documents as Internet-Drafts. The list of current Internet- 48 Drafts is at https://datatracker.ietf.org/drafts/current/. 50 Internet-Drafts are draft documents valid for a maximum of six months 51 and may be updated, replaced, or obsoleted by other documents at any 52 time. It is inappropriate to use Internet-Drafts as reference 53 material or to cite them other than as "work in progress." 55 This Internet-Draft will expire on July 25, 2019. 57 Copyright Notice 59 Copyright (c) 2019 IETF Trust and the persons identified as the 60 document authors. All rights reserved. 62 This document is subject to BCP 78 and the IETF Trust's Legal 63 Provisions Relating to IETF Documents 64 (https://trustee.ietf.org/license-info) in effect on the date of 65 publication of this document. Please review these documents 66 carefully, as they describe your rights and restrictions with respect 67 to this document. Code Components extracted from this document must 68 include Simplified BSD License text as described in Section 4.e of 69 the Trust Legal Provisions and are provided without warranty as 70 described in the Simplified BSD License. 72 Table of Contents 74 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 75 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5 76 3. New RADIUS Attributes . . . . . . . . . . . . . . . . . . . . 6 77 3.1. Softwire46-Configuration Attribute . . . . . . . . . . . 7 78 3.1.1. Softwire46 Attributes . . . . . . . . . . . . . . . . 8 79 3.1.1.1. Softwire46-MAP-E Attribute . . . . . . . . . . . 10 80 3.1.1.2. Softwire46-MAP-T Attribute . . . . . . . . . . . 10 81 3.1.1.3. Softwire46-Lightweight-4over6 Attribute . . . . . 11 82 3.1.2. Softwire46 Sub-Attributes . . . . . . . . . . . . . . 11 83 3.1.3. Specification of the Softwire46 Sub-Attributes . . . 12 84 3.1.3.1. Softwire46-Rule Attribute . . . . . . . . . . . . 12 85 3.1.3.2. Softwire46-BR Attribute . . . . . . . . . . . . . 13 86 3.1.3.3. Softwire46-DMR Attribute . . . . . . . . . . . . 14 87 3.1.3.4. Softwire46-V4V6Bind Attribute . . . . . . . . . . 14 88 3.1.3.5. Softwire46-PORTPARAMS Attribute . . . . . . . . . 15 89 3.1.4. Sub-Attributes for Sofwtire46-Rule . . . . . . . . . 16 90 3.1.4.1. Rule-IPv6-Prefix Attribute . . . . . . . . . . . 16 91 3.1.4.2. Rule-IPv4-Prefix Attribute . . . . . . . . . . . 17 92 3.1.4.3. EA-Length Attribute . . . . . . . . . . . . . . . 17 93 3.1.5. Attributes for Softwire46-v4v6Bind . . . . . . . . . 18 94 3.1.5.1. IPv4-address Attribute . . . . . . . . . . . . . 18 95 3.1.5.2. Bind-IPv6-Prefix Attribute . . . . . . . . . . . 18 96 3.1.6. Attributes for S46-PORTPARAMS . . . . . . . . . . . . 19 97 3.1.6.1. PSID-offset Attribute . . . . . . . . . . . . . . 19 98 3.1.6.2. PSID-len Attribute . . . . . . . . . . . . . . . 20 99 3.1.6.3. PSID Attribute . . . . . . . . . . . . . . . . . 20 100 3.2. Softwire46-Priority Attribute . . . . . . . . . . . . . . 21 101 3.3. Softwire46-Multicast Attribute . . . . . . . . . . . . . 22 102 3.3.1. ASM-Prefix64 Attribute . . . . . . . . . . . . . . . 24 103 3.3.2. SSM-Prefix64 Attribute . . . . . . . . . . . . . . . 25 104 3.3.3. U-Prefix64 Attribute . . . . . . . . . . . . . . . . 25 105 4. A Sample Configuration Process with RADIUS . . . . . . . . . 25 106 5. Table of Attributes . . . . . . . . . . . . . . . . . . . . . 28 107 6. Security Considerations . . . . . . . . . . . . . . . . . . . 29 108 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 29 109 7.1. New RADIUS Attributes . . . . . . . . . . . . . . . . . . 29 110 7.2. RADIUS Softwire46 Configuration and Multicast Attributes 30 111 7.3. Softwire46 Mechanisms and Their Identifying Option Codes 30 112 8. Contributing Authors . . . . . . . . . . . . . . . . . . . . 31 113 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 32 114 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 33 115 10.1. Normative References . . . . . . . . . . . . . . . . . . 33 116 10.2. Informative References . . . . . . . . . . . . . . . . . 34 117 Appendix A. DHCPv6 to RADIUS Field Mappings . . . . . . . . . . 35 118 A.1. OPTION_S46_RULE (89) to Softwire46-Rule Sub-TLV Field 119 Mappings . . . . . . . . . . . . . . . . . . . . . . . . 36 120 A.2. OPTION_S46_BR (90) to Softwire46-BR Field Mappings . . . 36 121 A.3. OPTION_S46_DMR (91) to Softwire46-DMR . . . . . . . . . . 36 122 A.4. OPTION_S46_V4V6BIND (92) to Softwire46-V4V6Bind . . . . . 36 123 A.5. OPTION_S46_PORTPARAMS (93) to Softwire46-PORTPARAMS Field 124 Mappings . . . . . . . . . . . . . . . . . . . . . . . . 36 125 A.6. OPTION_S46_PRIORITY (111) to Softwire46-PORTPARAMS Field 126 Mappings . . . . . . . . . . . . . . . . . . . . . . . . 37 127 A.7. OPTION_V6_PREFIX64 (113) to Softwire46-Multicast 128 Attribute Field Mappings . . . . . . . . . . . . . . . . 37 129 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 37 131 1. Introduction 133 Providers have started deploying and transitioning to IPv6. Several 134 IPv4 service continuity mechanisms based on the Address plus Port 135 (A+P) [RFC6346] have been proposed for providing unicast IPv4 over 136 IPv6-only infrastructure, such as Mapping of Address and Port with 137 Encapsulation (MAP-E) [RFC7597], Mapping of Address and Port using 138 Translation (MAP-T) [RFC7599], and Lightweight 4over6 [RFC7596]. 139 Also, [RFC8114] specifies a generic solution for the delivery of IPv4 140 multicast services to IPv4 clients over an IPv6 multicast network. 141 For each of these mechanisms, DHCPv6 options have been specified for 142 client configuration. 144 In many networks, user configuration information is stored in an 145 Authentication, Authorization, and Accounting (AAA) server. AAA 146 servers generally communicate using the Remote Authentication Dial In 147 User Service (RADIUS) [RFC2865] protocol. In a fixed broadband 148 network, a Broadband Network Gateway (BNG) acts as the access gateway 149 for users. That is, the BNG acts as both an AAA client to the AAA 150 server, and a DHCPv6 server for DHCPv6 messages sent by clients. 151 Throughout this document, the term BNG describes a device 152 implementing both the AAA client and DHCPv6 server functions. 154 Since IPv4-in-IPv6 softwire configuration information is stored in an 155 AAA server, and user configuration information is mainly transmitted 156 through DHCPv6 protocol between the BNGs and Customer Premises 157 Equipment (CEs, a.k.a., CPE), new RADIUS attributes are needed to 158 propagate the information from the AAA servers to BNGs. 160 The RADIUS attributes defined in this document provide configuration 161 to populate the corresponding DHCPv6 options for unicast and 162 multicast softwire configuration, specifically: 164 o "Mapping of Address and Port with Encapsulation (MAP-E)" [RFC7597] 165 (DHCPv6 options defined in [RFC7598]. 167 o "Mapping of Address and Port using Translation (MAP-T)" [RFC7599] 168 (DHCPv6 options defined in [RFC7598]. 170 o "Lightweight 4over6: An Extension to the Dual-Stack Lite 171 Architecture" [RFC7596] (DHCPv6 options defined in [RFC7598]. 173 o "Unified IPv4-in-IPv6 Softwire Customer Premises Equipment (CPE): 174 A DHCPv6-Based Prioritization Mechanism" [RFC8026]. 176 o "Delivery of IPv4 Multicast Services to IPv4 Clients over an IPv6 177 Multicast Network" [RFC8114] (DHCPv6 options defined in [RFC8115]. 179 The contents of the attributes defined in this document have a 1:1 180 mapping into the fields of the various DHCPv6 options in [RFC7598], 181 [RFC8026], and [RFC8115]. Table 1 shows how the DHCPv6 options map 182 to the corresponding RADIUS attribute. For detailed mappings between 183 each DHCPv6 option field and the corresponding RADIUS Attribute or 184 field, see Appendix A. 186 +----------------------------+--------------------------------+ 187 | DHCPv6 Option | RADIUS Attribute | 188 +----------------------------+--------------------------------+ 189 | OPTION_S46_RULE (89) | Softwire46-Rule | 190 | OPTION_S46_BR (90) | Softwire46-BR | 191 | OPTION_S46_DMR (91) | Softwire46-DMR | 192 | OPTION_S46_V4V6BIND (92) | Softwire46-v4v6Bind | 193 | OPTION_S46_PORTPARAMS (93) | Softwire46-PORTPARAMS | 194 | OPTION_S46_PRIORITY (111) | Softwire46-Priority Attribute | 195 | OPTION_V6_PREFIX64 (113) | Softwire46-Multicast Attribute | 196 +----------------------------+--------------------------------+ 198 Table 1: Mapping between DHCPv6 Options and RADIUS Attributes 200 A RADIUS attribute for Dual-Stack Lite [RFC6333] is defined in 201 [RFC6519]. 203 2. Terminology 205 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 206 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 207 "OPTIONAL" in this document are to be interpreted as described in 208 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, 209 as shown here. 211 The reader should be familiar with the concepts and terms defined in 212 [RFC7596], [RFC7597], [RFC7599], and [RFC8026]. 214 The terms "multicast Basic Bridging BroadBand" element (mB4) and 215 "multicast Address Family Transition Router" element (mAFTR) are 216 defined in [RFC8114]. 218 Softwire46 (S46) is used throughout to denote any of the IPv4-in-IPv6 219 softwire mechanisms listed above. Additionally, the following 220 abbreviations are used within the document: 222 o BMR: Basic Mapping Rule 224 o BNG: Broadband Network Gateway 226 o BR: Border Relay 228 o CE: Customer Edge 230 o DMR: Default Mapping Rule 232 o EA: Embedded Address 233 o FMR: Forwarding Mapping Rule 235 o PSID: Port Set Identifier 237 o TLV: Type, Length, Value 239 o MAP-E: Mapping of Address and Port with Encapsulation 241 o MAP-T: Mapping of Address and Port using Translation 243 3. New RADIUS Attributes 245 This section defines the following attributes: 247 1. Softwire46-Configuration Attribute (Section 3.1): 249 This attribute carries the configuration information for MAP-E, 250 MAP-T, and Lightweight 4over6. The configuration information for 251 each Softwire46 mechanism is carried in the corresponding 252 Softwire46 attributes. Different attributes are required for 253 each Softwire46 mechanism. 255 2. Softwire46-Priority Attribute (Section 3.2): 257 Depending on the deployment scenario, a client may support 258 several different Softwire46 mechanisms and so request 259 configuration for more than one Softwire46 mechanism at a time. 260 The Softwire46-Priority Attribute contains information allowing 261 the client to prioritize which mechanism to use, corresponding to 262 OPTION_S46_PRIORITY defined in [RFC8026]. 264 3. Softwire46-Multicast Attribute (Section 3.3): 266 This attribute conveys the IPv6 prefixes to be used in [RFC8114] 267 to synthesize IPv4-embedded IPv6 addresses. The BNG uses the 268 IPv6 prefixes returned in the RADIUS Softwire46-Multicast 269 Attribute to populate the DHCPv6 PREFIX64 Option [RFC8115]. 271 All of these attributes are allocated from the RADIUS "Extended Type" 272 code space per [RFC6929]. 274 All of these attribute designs follow [RFC6158] and [RFC6929]. 276 This document adheres to [RFC8044] for defining the new attributes. 278 3.1. Softwire46-Configuration Attribute 280 This attribute is of type "tlv", as defined in the RADIUS Protocol 281 Extensions [RFC6929]. It contains some sub-attributes, with the 282 following requirements: 284 The Softwire46-Configuration Attribute MUST contain one or more of 285 the following attributes: Softwire46-MAP-E, Softwire46-MAP-T, and/ 286 or Softwire46-Lightweight-4over6. 288 The Softwire46-Configuration Attribute conveys the configuration 289 information for MAP-E, MAP-T, or Lightweight 4over6. The BNG 290 SHALL use the configuration information returned in the RADIUS 291 attribute to populate the DHCPv6 Softwire46 Container Option 292 defined in Section 5 of [RFC7598]. 294 The Softwire46-Configuration Attribute MAY appear in an Access- 295 Accept packet. It MAY also appear in an Access-Request packet. 297 The Softwire46-Configuration Attribute MAY appear in a CoA-Request 298 packet. 300 The Softwire46-Configuration Attribute MAY appear in an 301 Accounting-Request packet. 303 The Softwire46-Configuration Attribute MUST NOT appear in any 304 other RADIUS packet. 306 The Softwire46-Configuration Attribute MUST only encapsulate one 307 or more of the Softwire46 attributes defined in this document. 309 The Softwire46-Configuration Attribute is structured as follows: 311 Type 312 241 (To be confirmed by IANA). 314 Length 315 Indicates the total length, in bytes, of all fields of 316 this attribute, including the Type, Length, Extended-Type, 317 and the entire length of the embedded attributes. 319 Extended-Type 320 TBD1 322 Value 323 Contains one or more of the following attributes. Each attribute 324 type may appear at most once: 326 Softwire46-MAP-E 327 For configuring MAP-E clients. For the construction of 328 this attribute, Refer to Section 3.1.1.1. 330 Softwire46-MAP-T 331 For configuring MAP-T clients. For the construction of 332 this attribute, Refer to Section 3.1.1.2. 334 Softwire46-Lightweight-4over6 335 For configuring Lightweight 4over6 clients. For the 336 construction of this attribute, Refer to Section 3.1.1.3. 338 The Softwire46-Configuration Attribute is associated with the 339 following identifier: 241.Extended-Type(TBD1). 341 3.1.1. Softwire46 Attributes 343 The Softwire46 attributes can only be encapsulated in the 344 Softwire46-Configuration Attribute. Depending on the deployment 345 scenario, a client might request for more than one transition 346 mechanism at a time. There MUST be at least one Softwire46 attribute 347 encapsulated in one Softwire46-Configuration Attribute. There MUST 348 be at most one instance of each type of Softwire46 attribute 349 encapsulated in one Softwire46-Configuration Attribute. 351 There are three types of Softwire46 attributes, namely: 353 1. Softwire46-MAP-E (Section 3.1.1.1) 355 2. Softwire46-MAP-T (Section 3.1.1.2) 357 3. Softwire46-Lightweight 4over6 (Section 3.1.1.3) 358 Each type of Softwire46 attribute contains a number of sub- 359 attributes, defined in Section 3.1.3. The hierarchy of the 360 Softwire46 attributes is shown in Figure 1. Section 3.1.2 describes 361 which sub-attributes are mandatory, optional, or not permitted for 362 each defined Softwire46 attribute. 364 /1.Rule-IPv6-Prefix 365 S / | 366 o / | 1.Softwire46-Rule -----+ 2.Rule-IPv4-Prefix 367 f | Softwire46-MAP-E--+ | 368 t | | 2.Softwire46-BR | 3.EA Length 369 w | | \ 370 i | | /1.PSID-offset 371 r | | | 372 e | | 5.Softwire46-PORTPARAMS -----+ 2.PSID-len 373 - | \ | 374 C | | 3.PSID 375 o | \ 376 n | 377 f | /1.Rule-IPv6-Prefix 378 i | / | 379 g | | 1.Softwire46-Rule------+ 2.Rule-IPv4-Prefix 380 u | Softwire46-MAP-T--+ | 381 r | | 3.Softwire46-DMR | 3.EA Length 382 a | | \ 383 t | | /1.PSID-offset 384 i | | | 385 o | | 5.Softwire46-PORTPARAMS------+ 2.PSID-len 386 n | \ | 387 | | 3.PSID 388 A | \ 389 t | 390 t | /1.IPv4-address 391 r | / | 392 i | | 4.Softwire46-v4v6Bind -----+ 2.Bind-IPv6-Prefix 393 b | Softwire46- | \ 394 u | Lightweight-4over6+ /1.PSID-offset 395 t \ | | 396 e | 5.Softwire46-PORTPARAMS ----+ 2.PSID-len 397 \ | 398 | 3.PSID 399 \ 401 Figure 1: Softwire46 Attributes Hierarchy 403 3.1.1.1. Softwire46-MAP-E Attribute 405 Softwire46-MAP-E attribute is designed for carrying the configuration 406 information for MAP-E. The structure of the Softwire46-MAP-E is 407 shown below: 409 TLV-Type 410 1 412 TLV-Length 413 Indicates the length of this attribute, including 414 the TLV-Type, TLV-Length, and TLV-Value fields. 416 TLV-Value 417 Contains a set of sub-attributes, with the following requirements: 419 It MUST contain the Softwire46-Rule, defined in Section 3.1.3.1. 421 It MUST contain the Softwire46-BR, defined in Section 3.1.3.2. 423 It MAY contain the Softwire46-PORTPARAMS, defined in 424 Section 3.1.3.5. 426 3.1.1.2. Softwire46-MAP-T Attribute 428 Softwire46-MAP-T attribute is designed for carrying the configuration 429 information for MAP-T. The structure of the Softwire46-MAP-T is 430 shown below: 432 TLV-Type 433 2 435 TLV-Length 436 Indicates the length of this attribute, including 437 the TLV-Type, TLV-Length, and TLV-Value fields. 439 TLV-Value 440 Contains a set of sub-attributes, with the following requirements: 442 It MUST contain the Softwire46-Rule, defined in 443 Section 3.1.3.1. 445 It MUST contain the Softwire46-DMR, defined in 446 Section 3.1.3.3. 448 It MAY contain the Softwire46-PORTPARAMS, defined in 449 Section 3.1.3.5. 451 3.1.1.3. Softwire46-Lightweight-4over6 Attribute 453 Softwire46-Lightweight-4over6 attribute is designed for carrying the 454 configuration information for Lightweight 4over6. The structure of 455 the Softwire46-Lightweight-4over6 is shown below: 457 TLV-Type 458 3 460 TLV-Length 461 Indicates the length of this attribute, including 462 the TLV-Type, TLV-Length, and TLV-Value fields. 464 TLV-Value 465 Contains a set of sub-attributes as follows: 467 It MUST contain the Softwire46-BR, defined in 468 Section 3.1.3.2. 470 It MUST contain the Softwire46-V4V6Bind, defined in 471 Section 3.1.3.4. 473 It MAY contain the Softwire46-PORTPARAMS, defined in 474 Section 3.1.3.5. 476 3.1.2. Softwire46 Sub-Attributes 478 Table 2 shows which encapsulated sub-attributes are mandatory, 479 optional, or not permitted for each defined Softwire46 attribute. 481 +-----------------------+-------+-------+--------------------+ 482 | Sub-Attributes | MAP-E | MAP-T | Lightweight 4over6 | 483 +-----------------------+-------+-------+--------------------+ 484 | Softwire46-BR | 1 | 0 | 1 | 485 | Softwire46-Rule | 1 | 1 | 0 | 486 | Softwire46-DMR | 0 | 1 | 0 | 487 | Softwire46-V4V6Bind | 0 | 0 | 1 | 488 | Softwire46-PORTPARAMS | 0-1 | 0-1 | 0-1 | 489 +-----------------------+-------+-------+--------------------+ 491 Table 2: Softwire46 Sub-Attributes 493 The following table defines the meaning of the above table entries. 495 0 Not Permitted 496 0+ Optional, zero or more instances of the attribute 497 may be present. 498 0-1 Optional, zero or one instance of the attribute 499 may be present. 500 1 Mandatory 502 3.1.3. Specification of the Softwire46 Sub-Attributes 504 3.1.3.1. Softwire46-Rule Attribute 506 The Softwire46-Rule can only be encapsulated in the Softwire46-MAP-E 507 (Section 3.1.1.1) or the Softwire46-MAP-T (Section 3.1.1.2). 508 Depending on the deployment scenario, one Basic Mapping Rule (BMR) 509 and zero or more Forwarding Mapping Rules (FMRs) MUST be included in 510 one Softwire46-MAP-E or Softwire46-MAP-T. 512 Each type of Softwire46-Rule also contains a number of sub- 513 attributes, including Rule-IPv6-Prefix, Rule-IPv4-Prefix, and EA- 514 Length. The structure of the sub-attributes for the Softwire46-Rule 515 is defined in Section 3.1.4. 517 Defining multiple TLV-types achieves the same design goals as the 518 "Softwire46 Rule Flags" defined in Section 4.1 of [RFC7598]. Using 519 TLV-type set to 4 is equivalent to setting the F-flag in the 520 OPTION_S46_RULE S46 Rule Flags field. 522 TLV-Type 523 4 Basic Mapping Rule only (not to be used for forwarding) 524 5 Forwarding Permitted Mapping Rule (may be used for 525 forwarding. Can also be a Basic Mapping Rule) 527 TLV-Length 528 Indicates the length of this attribute, including 529 the TLV-Type, TLV-Length, and TLV-Value fields. 531 Data Type 532 The attribute Softwire46-Rule is of type tlv (Section 3.13 of 533 [RFC8044]). 535 TLV-Value 536 This field contains a set of attributes as follows: 538 Rule-IPv6-Prefix 539 This attribute contains the IPv6 prefix for use in the MAP rule. 540 Refer to Section 3.1.4.1. 542 Rule-IPv4-Prefix 543 This attribute contains the IPv4 prefix for use in the MAP rule. 544 Refer to Section 3.1.4.2. 546 EA-Length 547 This attribute contains the Embedded-Address (EA) bit length. 548 Refer to Section 3.1.4.1. 550 3.1.3.2. Softwire46-BR Attribute 552 The Softwire46-BR can only be encapsulated in the Softwire46-MAP-E 553 (Section 3.1.1.1) or Softwire46-Lightweight-4over6 (Section 3.1.1.3). 555 There MUST be at least one Softwire46-BR included in each 556 Softwire46-MAP-E or Softwire46-Lightweight-4over6. 558 The structure of the Softwire46-BR is shown below: 560 TLV-Type 561 6 563 TLV-Length 564 18 octets 566 Data Type 567 The attribute Softwire46-BR is of type ip6addr (Section 3.9 of 568 [RFC8044]). 570 TLV-Value 571 br-ipv6-address. A fixed-length field of 16 octets that 572 specifies the IPv6 address for the Softwire46 Border Relay (BR). 574 3.1.3.3. Softwire46-DMR Attribute 576 The Softwire46-DMR may only appear in the Softwire46-MAP-T 577 (Section 3.1.1.2). There MUST be exactly one Softwire46-DMR included 578 in one Softwire46-MAP-T. 580 The structure of the Softwire46-DMR is shown below: 582 TLV-Type 583 7 585 TLV-Length 586 4 + length of dmr-ipv6-prefix specified in octets. 588 Data Type 589 The attribute Softwire46-DMR is of type ip6pref (Section 3.10 of 590 [RFC8044]). 592 TLV-Value 593 dmr-ipv6-prefix. A variable-length field specifying the IPv6 594 prefix for the BR. This field is right-padded with zeros to 595 the nearest octet boundary when dmr-prefix6-len is not 596 divisible by 8. Prefixes with from 0 to 96 are allowed. 598 3.1.3.4. Softwire46-V4V6Bind Attribute 600 The Softwire46-V4V6Bind may only be encapsulated in the Softwire46- 601 Lightweight-4over6 (Section 3.1.1.3). There MUST be exactly one 602 Softwire46-V4V6Bind included in each Softwire46-Lightweight-4over6. 604 The structure of the Softwire46-V4V6Bind is shown below: 606 TLV-Type 607 8 609 TLV-Length 610 Indicates the length of this attribute, including 611 the TLV-Type, TLV-Length, and TLV-Value fields. 613 Data Type 614 The attribute Softwire46-V4V6Bind is of type tlv (Section 3.13 of 615 [RFC8044]). 617 TLV-Value 618 This field contains a set of attributes as follows: 620 IPv4-address 621 This attribute contains an IPv4 address, used to specify 622 the full or shared IPv4 address of the CE. Refer to 623 Section 3.1.5.1. 625 Bind-IPv6-Prefix 626 This attribute contains an IPv6 prefix used to indicate which 627 configured prefix the Softwire46 CE should use for constructing 628 the softwire. Refer to Section 3.1.5.2. 630 3.1.3.5. Softwire46-PORTPARAMS Attribute 632 The Softwire46-PORTPARAMS is optional. It is used to specify port 633 set information for IPv4 address sharing between clients. The 634 Softwire46-PORTPARAMS MAY be included in any of the Softwire46 635 attributes. 637 The structure of the Softwire46-PORTPARAMS is shown below: 639 TLV-Type 640 9 642 TLV-Length 643 Indicates the length of this attribute, including 644 the TLV-Type, TLV-Length, and TLV-Value fields. 646 Data Type 647 The attribute Softwire46-PORTPARAMS is of type tlv (Section 3.13 648 of [RFC8044]). 650 TLV-Value 651 This field contains a set of attributes as follows: 653 PSID-offset 654 This attribute specifies the numeric value for the Softwire46 655 algorithm's excluded port range/offset bits (a bits). Refer to 656 Section 3.1.6.1. 658 PSID-len 659 This attribute specifies the number of significant bits in the 660 PSID field (also known as 'k'). Refer to Section 3.1.6.2. 662 PSID 663 This attribute specifies PSID value. Refer to Section 3.1.6.3. 665 3.1.4. Sub-Attributes for Sofwtire46-Rule 667 There are two types of Softwire46-Rule: the Basic Mapping Rule and 668 the Forwarding Mapping Rule, indicated by the value in the TLV-Type 669 field of the Softwire46-Rule (see Section 3.1.3.1). 671 Each type of Softwire46-Rule also contains a number of Sub-attributes 672 as detailed in the following sub-sections. 674 3.1.4.1. Rule-IPv6-Prefix Attribute 676 The Rule-IPv6-Prefix is REQUIRED for every Softwire46-Rule. There 677 MUST be exactly one Rule-IPv6-Prefix encapsulated in each type of 678 Softwire46-Rule. 680 The Rule-IPv6-Prefix follows the framed IPv6 prefix designed in 681 [RFC3162] and [RFC8044]. 683 The structure of the Rule-IPv6-Prefix is shown below: 685 TLV-Type 686 10 688 TLV-Length 689 20 octets 691 Data Type 692 The attribute Rule-IPv6-Prefix is of type ipv6pref (Section 3.10 693 of [RFC8044]). 695 TLV-Value 696 rule-ipv6-prefix. 128-bits long field that specifies an IPv6 697 prefix appearing in the MAP rule. 699 3.1.4.2. Rule-IPv4-Prefix Attribute 701 This attribute is used to convey the MAP Rule IPv4 prefix. The 702 structure of the Rule-IPv4-Prefix is shown below: 704 TLV-Type 705 11 707 TLV-Length 708 8 octets 710 Data Type 711 The attribute Rule-IPv4-Prefix is of type ipv4pref (Section 3.11 712 of [RFC8044]). 714 TLV-Value 715 rule-ipv4-prefix. 32-bits long. Specifies the IPv4 prefix 716 appearing in the MAP rule. 718 3.1.4.3. EA-Length Attribute 720 This attribute is used to convey the Embedded-Address(EA) bit length. 721 The structure of the EA-Length is shown below: 723 TLV-Type 724 12 726 TLV-Length 727 6 octets 729 Data Type 730 The attribute EA-Length is of type integer (Section 3.1 of 731 [RFC8044]). 733 TLV-Value 734 EA-len; 32-bits long. Specifies the Embedded-Address(EA) bit 735 length. Allowed values range from 0 to 48. 737 3.1.5. Attributes for Softwire46-v4v6Bind 739 3.1.5.1. IPv4-address Attribute 741 The IPv4-address MAY be used to specify the full or shared IPv4 742 address of the CE. 744 The structure of the IPv4-address is shown below: 746 TLV-Type 747 13 749 TLV-Length 750 6 octets 752 Data Type 753 The attribute IPv4-address is of type ipv4addr (Section 3.8 754 of [RFC8044]). 756 TLV-Value 757 32-bits long. Specifies the IPv4 address to appear in the 758 Softwire46-V4V6Bind (Section 3.1.3.4). 760 3.1.5.2. Bind-IPv6-Prefix Attribute 762 The Bind-IPv6-Prefix is used by the CE to identify the correct IPv6 763 prefix to be used as the tunnel source. 765 The structure of the Bind-IPv6-Prefix is shown below: 767 TLV-Type 768 14 770 TLV-Length 771 4 + length of bind-ipv6-prefix specified in octets. 773 Data Type 774 The attribute Bind-IPv6-Prefix is of type ipv6pref (Section 3.10 775 of [RFC8044]). 777 TLV-Value 778 bind-ipv6-prefix. A variable-length field specifying the IPv6 779 prefix or address for the Softwire46 CE. This field is 780 right-padded with zeros to the nearest octet boundary 781 when bindprefix6-len is not divisible by 8. 783 3.1.6. Attributes for S46-PORTPARAMS 785 3.1.6.1. PSID-offset Attribute 787 This attribute is used to convey the Port Set Identifier offset as 788 defined in [RFC7597]. This attribute is encoded 32 bits as per the 789 recommendation in Appendix A.2.1 of [RFC6158]. 791 The structure of the PSID-offset is shown below: 793 TLV-Type 794 15 796 TLV-Length 797 6 octets 799 Data Type 800 The attribute PSID-offset is of type integer (Section 3.1 801 of [RFC8044]). 803 TLV-Value 804 Contains the PSID-Offset (8-bits) right 805 justified, and the unused bits in this field MUST 806 be set to zero. This field that specifies the 807 numeric value for the Softwire46 algorithm's excluded 808 port range/offset bits (a bits), as per Section 5.1 809 of RFC7597. Allowed values are between 0 and 15. 810 Default values for this field are specific to the 811 Softwire mechanism being implemented and are defined 812 in the relevant specification document. 814 3.1.6.2. PSID-len Attribute 816 This attribute is used to convey the PSID length as defined in 817 [RFC7597]. This attribute is encoded 32 bits as per the 818 recommendation in Appendix A.2.1 of [RFC6158]. 820 The structure of the PSID-len is shown below: 822 TLV-Type 823 16 825 TLV-Length 826 6 octets 828 Data Type 829 The attribute PSID-len is of type integer (Section 3.1 830 of [RFC8044]). 832 TLV-Value 833 Contains the PSID-len (8-bits) right 834 justified, and the unused bits in this field MUST 835 be set to zero. This field specifies the number of 836 significant bits in the PSID field (also known as 837 'k'). When set to 0, the PSID field is to be ignored. 838 After the first 'a' bits, there are k bits in the 839 port number representing the value of the PSID. 840 Subsequently, the address sharing ratio would be 841 2^k. 843 3.1.6.3. PSID Attribute 845 This attribute is used to convey the PSID as defined in [RFC7597]. 846 This attribute is encoded 32 bits as per the recommendation in 847 Appendix A.2.1 of [RFC6158]. 849 The structure of the PSID is shown below: 851 TLV-Type 852 17 854 TLV-Length 855 6 octets 857 Data Type 858 The attribute Bind-IPv6-Prefix is of type integer (Section 3.1 859 of [RFC8044]). 861 TLV-Value 862 Contains the PSID (16-bits) right justified, and the unused bits 863 in this field MUST be set to zero. 864 The PSID value algorithmically identifies a set of ports 865 assigned to a CE. The first k bits on the left of this 866 2-octet field is the PSID value. The remaining (16-k) bits 867 on the right are padding zeros. 869 3.2. Softwire46-Priority Attribute 871 The Softwire46-Priority Attribute defines a 32-bit Softwire46-option- 872 code field to contain the information allowing the client to 873 prioritize which mechanism to use, corresponding to 874 OPTION_S46_PRIORITY defined in [RFC8026]. The following requirements 875 apply: 877 The Softwire46-Priority Attribute MAY appear in an Access-Accept 878 packet. It MAY also appear in an Access-Request packet. 880 The Softwire46-Priority Attribute MAY appear in a CoA-Request 881 packet. 883 The Softwire46-Priority Attribute MAY appear in an Accounting- 884 Request packet. 886 The Softwire46-Priority Attribute MUST NOT appear in any other 887 RADIUS packet. 889 The Softwrie46-Priority Attribute is structured as follows: 891 0 1 2 3 892 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 893 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 894 | Type | Length | Extended-Type | ... . 895 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 896 . Softwire46-option-code | 897 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 898 Softwire46-option-code | 899 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 900 Type 901 241 (To be confirmed by IANA) 903 Length 904 Indicates the length of this attribute, 905 including the Type, Length, Extended-Type and Value fields. 907 Extended-Type 908 TBD5 910 Softwire46-option-code 911 Integer. A 32-bit IANA-registered option code representing 912 an Softwire46 mechanism. The option codes and their 913 corresponding Softwire46 mechanisms are listed in Section 7.3. 915 Softwire46 mechanisms are prioritized in the appearance order 916 of the Softwire46-option-code(s) in the Softwire46-Priority 917 Attribute. 919 A Softwire46-Priority Attribute MUST contain at least one 920 Softwire46-option-code. 922 The Softwire46-Priority Attribute is associated with the following 923 identifier: 241.Extended-Type (TBD5). 925 3.3. Softwire46-Multicast Attribute 927 The Softwire46-Multicast Attribute conveys the IPv6 prefixes to be 928 used to synthesize multicast and unicast IPv4-embedded IPv6 addresses 929 as per [RFC8114]. This attribute is of type "tlv" and contains 930 additional TLVs. The following requirements apply: 932 The BNG SHALL use the IPv6 prefixes returned in the RADIUS 933 Softwire46-Multicast Attribute to populate the DHCPv6 PREFIX64 934 Option [RFC8115]. 936 This attribute MAY be used in Access-Request packets as a hint to 937 the RADIUS server. For example, if the BNG is pre-configured for 938 Softwire46-Multicast, these prefixes MAY be inserted in the 939 attribute. The RADIUS server MAY ignore the hint sent by the BNG, 940 and it MAY assign a different Softwire46-Multicast Attribute. 942 The Softwire46-Multicast Attribute MAY appear in an Access-Request 943 packet. 945 The Softwire46-Multicast Attribute MAY appear in an Access-Accept 946 packet. 948 The Softwire46-Multicast Attribute MAY appear in a CoA-Request 949 packet. 951 The Softwire46-Multicast Attribute MAY appear in an Accounting- 952 Request packet. 954 The Softwire46-Multicast Attribute MUST NOT appear in any other 955 RADIUS packet. 957 The Softwire46-Multicast Attribute MAY contain the ASM-Prefix64 958 (see Section 3.3.1). 960 The Softwire46-Multicast Attribute MAY contain the SSM-Prefix64 961 (see Section 3.3.2). 963 The Softwire46-Multicast Attribute MAY contain the U-Prefix64 (see 964 Section 3.3.3). 966 The Softwire46-Multicast Attribute MUST include the ASM-Prefix64 967 or the SSM-Prefix64, and it MAY include both. 969 The U-Prefix64 MUST be present when the SSM-Prefix64 is present. 970 The U-Prefix64 MAY be present when the ASM-Prefix64 is present. 972 The the Softwire46-Multicast Attribute is structured as follows: 974 Type 975 241 (To be confirmed by IANA) 977 Length 978 This field indicates the total length in bytes of all fields of 979 this attribute, including the Type, Length, Extended-Type, and the 980 entire length of the embedded attributes. 982 Extended-Type 983 TBD6 985 Value 986 This field contains a set of attributes as follows: 988 ASM-Prefix64 989 This attribute contains the ASM IPv6 prefix. Refer to 990 Section 3.3.1. 992 SSM-Prefix64 993 This attribute contains the SSM IPv6 prefix. Refer to 994 Section 3.3.2. 996 U-Prefix64 997 This attribute contains the IPv4 prefix used for address 998 translation. Refer to Section 3.3.3. 1000 The Softwire46-Multicast Attribute is associated with the following 1001 identifier: 241.Extended-Type(TBD6). 1003 3.3.1. ASM-Prefix64 Attribute 1005 The ASM-Prefix64 is structured as follows: 1007 TLV-Type 1008 18 1010 TLV-Length 1011 16 octets. The length of ssm-prefix64 must be to 96 [RFC8115]. 1013 Data Type 1014 The attribute ASM-Prefix64 is of type ipv6prefix (Section 3.10 of 1015 [RFC8044]). 1017 TLV-Value 1018 This field specifies the IPv6 multicast prefix (asm-prefix64) 1019 to be used to synthesize the IPv4-embedded IPv6 addresses of the 1020 multicast groups in the ASM mode. The conveyed multicast IPv6 1021 prefix MUST belong to the ASM range. 1023 3.3.2. SSM-Prefix64 Attribute 1025 The SSM-Prefix64 attribute is structured as follows: 1027 Type 1028 19 1030 TLV-Length 1031 16 octets. The length of ssm-prefix64 must be to 96 [RFC8115]. 1033 Data Type 1034 The attribute SSM-Prefix64 is of type ipv6prefix (Section 3.10 of 1035 [RFC8044]). 1037 TLV-Type 1038 This field specifies the IPv6 multicast prefix (ssm-prefix64) 1039 to be used to synthesize the IPv4-embedded IPv6 addresses of the 1040 multicast groups in the SSM mode. The conveyed multicast IPv6 1041 prefix MUST belong to the SSM range. 1043 3.3.3. U-Prefix64 Attribute 1045 The structure of the U-Prefix64 attribute is shown below: 1047 TLV-Type 1048 20 1050 TLV-Length 1051 4 + length of unicast-prefix. As specified in [RFC6052], 1052 the unicast-prefix prefix-length MUST be set to 32, 40, 48, 1053 56, 64, or 96. 1055 Data Type 1056 The attribute U-Prefix64 is of type ipv6prefix (Section 3.10 of 1057 [RFC8044]). 1059 TLV-Value 1060 This field identifies the IPv6 unicast prefix to 1061 be used in SSM mode for constructing the IPv4-embedded IPv6 1062 addresses representing the IPv4 multicast sources in the IPv6 1063 domain. It may also be used to extract the IPv4 address from the 1064 received multicast data flows. 1066 4. A Sample Configuration Process with RADIUS 1068 Figure 2 illustrates how the RADIUS and DHCPv6 protocols interwork to 1069 provide CE with softwire configuration information. 1071 CE BNG AAA Server 1072 | | | 1073 |-------1.DHCPv6 Solicit------->| | 1074 |(ORO with unicast and/or m'cast| | 1075 | container option code(s)) | | 1076 | | | 1077 | |-------2.Access-Request------->| 1078 | | (Softwire46-Configuration | 1079 | | Attribute and/or | 1080 | |Softwire46-Multicast Attribute)| 1081 | | | 1082 | |<------3.Access-Accept---------| 1083 | | (Softwire46-Configuration | 1084 | | Attribute and/or | 1085 | |Softwire46-Multicast Attribute)| 1086 | | | 1087 |<----4.DHCPv6 Advertisement----| | 1088 | (container option(s)) | | 1089 | | | 1090 |-------5.DHCPv6 Request------>| | 1091 | (container Option(s)) | | 1092 | | | 1093 |<--------6.DHCPv6 Reply--------| | 1094 | (container option(s)) | | 1095 | | | 1096 DHCPv6 RADIUS 1098 Figure 2: Interaction between DHCPv6 and AAA Server with RADIUS 1099 authentication 1101 1. The CE creates a DHCPv6 Solicit message. For unicast softwire 1102 configuration, the message includes an OPTION_REQUEST_OPTION (6) 1103 with the Softwire46 Container option codes as defined in 1104 [RFC7598]. OPTION_S46_CONT_MAPE (94) should be included for MAP- 1105 E, OPTION_S46_CONT_MAPT (95) for MAP-T, and OPTION_S46_CONT_LW 1106 (96) for Lightweight 4over6. For multicast configuration, the 1107 option number for OPTION_V6_PREFIX64 (113) is included in the 1108 client's ORO. The message is sent to the BNG. 1110 2. On receipt of the Solicit message, the BNG constructs a RADIUS 1111 Access-Request message containing a User-Name Attribute (1) 1112 (containing either a CE MAC address, interface-id or both), a 1113 User-Password Attribute (2) (with a pre-configured shared 1114 password as defined in [RFC2865]. The Softwire46-Configuration 1115 Attribute and/or Softwire46-Multicast Attribute are also included 1116 (as requested by the client). The resulting message is sent to 1117 the AAA server. 1119 3. The AAA server authenticates the request. If this is successful, 1120 and suitable configuration is available, an Access-Accept message 1121 is sent to the BNG containing the requested 1122 Softwire46-Configuration Attribute or Softwire46-Multicast 1123 Attribute. 1125 4. The BNG maps the received softwire configuration into the 1126 corresponding fields in the DHCPv6 softwire configuration 1127 option(s). Theses are included in the DHCPv6 Advertise message 1128 which is sent to the CE. 1130 5. The CE send a DHCPv6 Request message. In the ORO, the option 1131 code(s) of any of the required softwire options that were 1132 received in the Advertise message are included. 1134 6. The BNG sends a Reply message to the client containing the 1135 softwire container options enumerated in the ORO. 1137 The authorization operation could also be done independently, after 1138 the authentication process. In this case, steps 1-5 are completed as 1139 above, then the following steps are performed: 1141 6a. When the BNG receives the DHCPv6 Request, it constructs a RADIUS 1142 Access-Request message, which contains a Service-Type Attribute 1143 (6) with the value "Authorize Only" (17), the corresponding 1144 Softwire46-Configuration Attribute, and a State Attribute 1145 obtained from the previous authentication process according to 1146 [RFC5080]. The resulting message is sent to the AAA server. 1148 7a. The AAA checks the authorization request. If it is approved, an 1149 Access-Accept message is returned to the BNG with the 1150 corresponding Softwire46-Configuration Attribute. 1152 8a. The BNG sends a Reply message to the client containing the 1153 softwire container options enumerated in the ORO. 1155 In addition to the above, the following points need to be considered: 1157 o In both the configuration message flows described above the 1158 Message-authenticator (type 80) [RFC2869] SHOULD be used to 1159 protect both Access-Request and Access-Accept messages. 1161 o If the BNG does not receive the corresponding 1162 Softwire46-Configuration Attribute in the Access-Accept message it 1163 MAY fallback to creating the DHCPv6 softwire configuration options 1164 using pre-configured Softwire46 configuration, if this is present. 1166 o If the BNG receives an Access-Reject from the AAA server, then 1167 Softwire46 configuration MUST NOT be supplied to the client. 1169 o As specified in [RFC3315], Section 18.1.4, "Creation and 1170 Transmission of Rebind Messages", if the DHCPv6 server to which 1171 the DHCPv6 Renew message was sent at time T1 has not responded by 1172 time T2, the CE (DHCPv6 client) SHOULD enter the Rebind state and 1173 attempt to contact any available server. In this situation, a 1174 secondary BNG receiving the DHCPv6 message MUST initiate a new 1175 Access-Request message towards the AAA server. The secondary BNG 1176 includes the Softwire46-Configuration Attribute in this Access- 1177 Request message. 1179 o For Lightweight 4over6, the subscriber's binding state needs to be 1180 synchronized between the clients and the lwAFTR/BR. This can be 1181 achieved in two ways: static pre-configuring of the bindings on 1182 both the AAA server and lwAFTR, or on-demand whereby the AAA 1183 server updates the lwAFTR with the subscriber's binding state as 1184 it is created or deleted. 1186 In some deployments, the DHCP server may use the Accounting-Request 1187 to report to a AAA server the softwire configuration returned to a 1188 requesting host. It is the responsibility of the DHCP server to 1189 ensure the consistency of the configuration provided to requesting 1190 hosts. Reported data to a AAA server may be required for various 1191 operational purposes (e.g., regulatory). 1193 5. Table of Attributes 1195 This document specifies three new RADIUS attributes, and their 1196 formats are as follows: 1198 o Softwire46-Configuration Attribute: 241.TBD1 1200 o Softwire46-Priority Attribute: 241.TBD5 1202 o Softwire46-Multicast Attribute: 241.TBD6 1204 The following table describes which attributes may be found, in which 1205 kinds of packets and in what quantity. 1207 Request Accept Reject Challenge Accounting # Attribute 1208 Request 1209 0-1 0-1 0 0 0-1 241.TBD1 Softwire46- 1210 Configuration 1211 0-1 0-1 0 0 0-1 241.TBD5 Softwire46- 1212 Priority 1213 0-1 0-1 0 0 0-1 241.TBD6 Softwire46- 1214 Multicast 1216 6. Security Considerations 1218 Known security vulnerabilities of the RADIUS protocol are discussed 1219 in [RFC2607], [RFC2865], and[RFC2869]. Use of IPsec [RFC4301] for 1220 providing security when RADIUS is carried in IPv6 is discussed in 1221 [RFC3162]. 1223 Specific security considerations for interactions between the MAP CE 1224 and the BNG are discussed in [RFC7597] and [RFC7599]. Security 1225 considerations for Lightweight 4over6 are discussed in [RFC7596]. 1226 Security considerations for DHCPv6-Based Softwire46 Prioritization 1227 Mechanism are discussed in [RFC8026]. Security considerations for 1228 multicast scenarios are discussed in [RFC8114]. Furthermore, generic 1229 DHCPv6 security mechanisms can be applied to DHCPv6 1230 intercommunication between the CE and the BNG. 1232 7. IANA Considerations 1234 IANA is requested to make new code point assignments for RADIUS 1235 attributes as described in the following subsections. 1237 7.1. New RADIUS Attributes 1239 This document requests IANA to assign the Attribute Types defined in 1240 this document from the RADIUS namespace as described in the "IANA 1241 Considerations" section of [RFC3575], in accordance with BCP 26 1242 [RFC5226]. 1244 This document requests that IANA register three new RADIUS 1245 attributes, from the "Short Extended Space" of [RFC6929]. The 1246 attributes are: Softwire46-Configuration Attribute, 1247 Softwire46-Priority Attribute, and Softwire46-Multicast Attribute: 1249 Type Description Data Type Reference 1250 ---- ----------- --------- --------- 1251 241.TBD1 Softwire46-Configuration tlv Section 4.1 1252 241.TBD5 Softwire46-Priority integer Section 4.2 1253 241.TBD6 Softwire46-Multicast tlv Section 4.3 1255 7.2. RADIUS Softwire46 Configuration and Multicast Attributes 1257 IANA is requested to create a new registry called "RADIUS Softwire46 1258 Configuration and Multicast Attributes". 1260 All attributes in this registry have one or more parent RADIUS 1261 attributes in nesting (refer to [RFC6929]). 1263 This registry must be initially populated with the following values: 1265 Value Description Data Type Reference 1266 ----- ----------- --------- --------- 1267 0 Reserved 1268 1 Softwire46-MAP-E tlv Section 3.1.1.1 1269 2 Softwire46-MAP-T tlv Section 3.1.1.2 1270 3 Softwire46-Lightweight-4over6 tlv Section 3.1.1.3 1271 4 Softwire46-Rule tlv Section 3.1.3.1 1272 5 Softwire46-Rule tlv Section 3.1.3.1 1273 6 Softwire46-BR ipv6addr Section 3.1.3.2 1274 7 Softwire46-DMR ipv6prefix Section 3.1.3.3 1275 8 Softwire46-V4V6Bind tlv Section 3.1.3.4 1276 9 Softwire46-PORTPARAMS tlv Section 3.1.3.5 1277 10 Rule-IPv6-Prefix ipv6prefix Section 3.1.4.1 1278 11 Rule-IPv4-Prefix ipv4prefix Section 3.1.4.2 1279 12 EA-Length integer Section 3.1.4.3 1280 13 IPv4-address ipv4addr Section 3.1.5.1 1281 14 Bind-IPv6-Prefix ipv6prefix Section 3.1.5.2 1282 15 PSID-offset integer Section 3.1.6.1 1283 16 PSID-len integer Section 3.1.6.2 1284 17 PSID integer Section 3.1.6.3 1285 18 ASM-Prefix64 ipv6prefix Section 3.3.1 1286 19 SSM-Prefix64 ipv6prefix Section 3.3.2 1287 20 U-Prefix64 ipv6prefix Section 3.3.3 1288 21-255 Unassigned 1290 The registration procedure for this registry is Standards Action as 1291 defined in [RFC5226]. The registry may be added to using the IETF 1292 Review process described in Section 4.1 of [RFC5226]. 1294 7.3. Softwire46 Mechanisms and Their Identifying Option Codes 1296 The Softwire46-Priority Attribute defines a 16-bit Softwire46-option- 1297 code field, for which IANA is requested to create and maintain a new 1298 registry entitled "Option Codes Permitted in the Softwire46-Priority 1299 Attribute". The registration procedure for this registry is 1300 Standards Action as defined in [RFC5226]. 1302 This document requests IANA to register the three option codes of the 1303 Softwire46 mechanisms permitted to be included in the 1304 Softwire46-Priority Attribute. The value of option code corresponds 1305 to the TLV-Type defined in the Section 3.1.1. Additional options may 1306 be added to this list in the future using the IETF Review process 1307 described in Section 4.1 of [RFC5226]. 1309 Table 3 shows the option codes required, and the Softwire46 1310 mechanisms that they represent. The option code for DS-Lite is 1311 derived from the IANA allocated RADIUS Attribute Type value for DS- 1312 Lite [RFC6519]. The option codes for MAP-E, MAP-T, and Lightweight 1313 4over6 need to be assigned. The option codes for MAP-E, MAP-T, and 1314 Lightweight 4over6 should also be used as the TLV-Type values for the 1315 MAP-E, MAP-T, and Lightweight 4over6 TLV defined in Section 3.1.1. 1317 +-----------+--------------------+-----------+ 1318 |Option Code|Softwire46 Mechanism| Reference | 1319 +-----------+--------------------+-----------+ 1320 | TBD2 | MAP-E | RFC7597 | 1321 | TBD3 | MAP-T | RFC7599 | 1322 | TBD4 | Lightweight 4over6 | RFC7596 | 1323 | 144 | DS-Lite | RFC6519 | 1324 +--------------------------------+-----------+ 1326 Table 3: Option Codes to S46 Mechanisms 1328 8. Contributing Authors 1329 Qiong Sun 1330 China Telecom 1331 Beijing China 1332 Email: sunqiong@ctbri.com.cn 1334 Qi Sun 1335 Tsinghua University 1336 Department of Computer Science, Tsinghua University 1337 Beijing 100084 1338 P.R.China 1339 Phone: +86-10-6278-5822 1340 Email: sunqibupt@gmail.com 1342 Cathy Zhou 1343 Huawei Technologies 1344 Bantian, Longgang District 1345 Shenzhen 518129 1346 Email: cathy.zhou@huawei.com 1348 Tina Tsou 1349 Huawei Technologies(USA) 1350 2330 Central Expressway 1351 Santa Clara, CA 95050 1352 USA 1353 Email: Tina.Tsou.Zouting@huawei.com 1355 ZiLong Liu 1356 Tsinghua University 1357 Beijing 100084 1358 P.R.China 1359 Phone: +86-10-6278-5822 1360 Email: liuzilong8266@126.com 1362 Yong Cui 1363 Tsinghua University 1364 Beijing 100084 1365 P.R.China 1366 Phone: +86-10-62603059 1367 Email: yong@csnet1.cs.tsinghua.edu.cn 1369 9. Acknowledgements 1371 The authors would like to thank the valuable comments made by Peter 1372 Lothberg, Wojciech Dec, Ian Farrer, Suresh Krishnan, Qian Wang, Wei 1373 Meng, Cui Wang, Alan Dekok, and Stefan Winter to this document. 1375 This document was merged with draft-sun-softwire-lw4over6-radext-01 1376 and draft-wang-radext-multicast-radius-ext-00, thanks to everyone who 1377 contributed to this document. 1379 This document was produced using the xml2rfc tool [RFC7991]. 1381 10. References 1383 10.1. Normative References 1385 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1386 Requirement Levels", BCP 14, RFC 2119, 1387 DOI 10.17487/RFC2119, March 1997, 1388 . 1390 [RFC2865] Rigney, C., Willens, S., Rubens, A., and W. Simpson, 1391 "Remote Authentication Dial In User Service (RADIUS)", 1392 RFC 2865, DOI 10.17487/RFC2865, June 2000, 1393 . 1395 [RFC3162] Aboba, B., Zorn, G., and D. Mitton, "RADIUS and IPv6", 1396 RFC 3162, DOI 10.17487/RFC3162, August 2001, 1397 . 1399 [RFC3315] Droms, R., Ed., Bound, J., Volz, B., Lemon, T., Perkins, 1400 C., and M. Carney, "Dynamic Host Configuration Protocol 1401 for IPv6 (DHCPv6)", RFC 3315, DOI 10.17487/RFC3315, July 1402 2003, . 1404 [RFC3575] Aboba, B., "IANA Considerations for RADIUS (Remote 1405 Authentication Dial In User Service)", RFC 3575, 1406 DOI 10.17487/RFC3575, July 2003, 1407 . 1409 [RFC5080] Nelson, D. and A. DeKok, "Common Remote Authentication 1410 Dial In User Service (RADIUS) Implementation Issues and 1411 Suggested Fixes", RFC 5080, DOI 10.17487/RFC5080, December 1412 2007, . 1414 [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an 1415 IANA Considerations Section in RFCs", RFC 5226, 1416 DOI 10.17487/RFC5226, May 2008, 1417 . 1419 [RFC6052] Bao, C., Huitema, C., Bagnulo, M., Boucadair, M., and X. 1420 Li, "IPv6 Addressing of IPv4/IPv6 Translators", RFC 6052, 1421 DOI 10.17487/RFC6052, October 2010, 1422 . 1424 [RFC6158] DeKok, A., Ed. and G. Weber, "RADIUS Design Guidelines", 1425 BCP 158, RFC 6158, DOI 10.17487/RFC6158, March 2011, 1426 . 1428 [RFC6929] DeKok, A. and A. Lior, "Remote Authentication Dial In User 1429 Service (RADIUS) Protocol Extensions", RFC 6929, 1430 DOI 10.17487/RFC6929, April 2013, 1431 . 1433 [RFC8026] Boucadair, M. and I. Farrer, "Unified IPv4-in-IPv6 1434 Softwire Customer Premises Equipment (CPE): A DHCPv6-Based 1435 Prioritization Mechanism", RFC 8026, DOI 10.17487/RFC8026, 1436 November 2016, . 1438 [RFC8044] DeKok, A., "Data Types in RADIUS", RFC 8044, 1439 DOI 10.17487/RFC8044, January 2017, 1440 . 1442 [RFC8114] Boucadair, M., Qin, C., Jacquenet, C., Lee, Y., and Q. 1443 Wang, "Delivery of IPv4 Multicast Services to IPv4 Clients 1444 over an IPv6 Multicast Network", RFC 8114, 1445 DOI 10.17487/RFC8114, March 2017, 1446 . 1448 [RFC8115] Boucadair, M., Qin, J., Tsou, T., and X. Deng, "DHCPv6 1449 Option for IPv4-Embedded Multicast and Unicast IPv6 1450 Prefixes", RFC 8115, DOI 10.17487/RFC8115, March 2017, 1451 . 1453 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 1454 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 1455 May 2017, . 1457 10.2. Informative References 1459 [RFC2607] Aboba, B. and J. Vollbrecht, "Proxy Chaining and Policy 1460 Implementation in Roaming", RFC 2607, 1461 DOI 10.17487/RFC2607, June 1999, 1462 . 1464 [RFC2869] Rigney, C., Willats, W., and P. Calhoun, "RADIUS 1465 Extensions", RFC 2869, DOI 10.17487/RFC2869, June 2000, 1466 . 1468 [RFC4301] Kent, S. and K. Seo, "Security Architecture for the 1469 Internet Protocol", RFC 4301, DOI 10.17487/RFC4301, 1470 December 2005, . 1472 [RFC6333] Durand, A., Droms, R., Woodyatt, J., and Y. Lee, "Dual- 1473 Stack Lite Broadband Deployments Following IPv4 1474 Exhaustion", RFC 6333, DOI 10.17487/RFC6333, August 2011, 1475 . 1477 [RFC6346] Bush, R., Ed., "The Address plus Port (A+P) Approach to 1478 the IPv4 Address Shortage", RFC 6346, 1479 DOI 10.17487/RFC6346, August 2011, 1480 . 1482 [RFC6519] Maglione, R. and A. Durand, "RADIUS Extensions for Dual- 1483 Stack Lite", RFC 6519, DOI 10.17487/RFC6519, February 1484 2012, . 1486 [RFC7596] Cui, Y., Sun, Q., Boucadair, M., Tsou, T., Lee, Y., and I. 1487 Farrer, "Lightweight 4over6: An Extension to the Dual- 1488 Stack Lite Architecture", RFC 7596, DOI 10.17487/RFC7596, 1489 July 2015, . 1491 [RFC7597] Troan, O., Ed., Dec, W., Li, X., Bao, C., Matsushima, S., 1492 Murakami, T., and T. Taylor, Ed., "Mapping of Address and 1493 Port with Encapsulation (MAP-E)", RFC 7597, 1494 DOI 10.17487/RFC7597, July 2015, 1495 . 1497 [RFC7598] Mrugalski, T., Troan, O., Farrer, I., Perreault, S., Dec, 1498 W., Bao, C., Yeh, L., and X. Deng, "DHCPv6 Options for 1499 Configuration of Softwire Address and Port-Mapped 1500 Clients", RFC 7598, DOI 10.17487/RFC7598, July 2015, 1501 . 1503 [RFC7599] Li, X., Bao, C., Dec, W., Ed., Troan, O., Matsushima, S., 1504 and T. Murakami, "Mapping of Address and Port using 1505 Translation (MAP-T)", RFC 7599, DOI 10.17487/RFC7599, July 1506 2015, . 1508 [RFC7991] Hoffman, P., "The "xml2rfc" Version 3 Vocabulary", 1509 RFC 7991, DOI 10.17487/RFC7991, December 2016, 1510 . 1512 Appendix A. DHCPv6 to RADIUS Field Mappings 1514 The following sections detail the mappings between the softwire 1515 DHCPv6 option fields and the relevant RADIUS attributes as defined in 1516 this document. 1518 A.1. OPTION_S46_RULE (89) to Softwire46-Rule Sub-TLV Field Mappings 1520 +---------------------+----------------------+----------------------+ 1521 | OPTION_S46_RULE | Softwire46-Rule Name | TLV Field | 1522 | Field | | | 1523 +---------------------+----------------------+----------------------+ 1524 | flags | N/A | TLV-type (TBD7, | 1525 | | | TBD8) | 1526 | ea-len | EA-Length | EA-len | 1527 | prefix4-len | Rule-IPv4-Prefix | ruleprefix4-len | 1528 | ipv4-prefix | Rule-IPv4-Prefix | rule-ipv4-prefix | 1529 | prefix6-len | Rule-IPv6-Prefix | ruleprefix6-len | 1530 | ipv6-prefix | Rule-IPv6-Prefix | rule-ipv6-prefix | 1531 +---------------------+----------------------+----------------------+ 1533 A.2. OPTION_S46_BR (90) to Softwire46-BR Field Mappings 1535 +---------------------+---------------------+ 1536 | OPTION_S46_BR Field | Softwire46-BR Field | 1537 +---------------------+---------------------+ 1538 | br-ipv6-address | br-ipv6-address | 1539 +---------------------+---------------------+ 1541 A.3. OPTION_S46_DMR (91) to Softwire46-DMR 1543 +---------------------+----------------------+ 1544 | OPTION_S46_BR Field | Softwire46-DMR Field | 1545 +---------------------+----------------------+ 1546 | dmr-prefix6-len | dmr-prefix6-len | 1547 | dmr-ipv6-prefix | dmr-ipv6-prefix | 1548 +---------------------+----------------------+ 1550 A.4. OPTION_S46_V4V6BIND (92) to Softwire46-V4V6Bind 1552 +-----------------------+------------------------+------------------+ 1553 | OPTION_S46_V4V6BIND | Softwire46-V4V6Bind | TLV Field | 1554 | Field | Name | | 1555 +-----------------------+------------------------+------------------+ 1556 | ipv4-address | IPv4-address | ipv4-address | 1557 | bindprefix6-len | Bind-IPv6-Prefix | bind6prefix-len | 1558 | bind-ipv6-prefix | Bind-IPv6-Prefix | bind-ipv6-prefix | 1559 +-----------------------+------------------------+------------------+ 1561 A.5. OPTION_S46_PORTPARAMS (93) to Softwire46-PORTPARAMS Field Mappings 1562 +--------------------------+--------------------------+-------------+ 1563 | OPTION_S46_PORTPARAMS | Softwire46-PORTPARAMS | TLV Field | 1564 | Field | Name | | 1565 +--------------------------+--------------------------+-------------+ 1566 | offset | PSID-offset | PSID-Offset | 1567 | PSID-len | PSID-len | PSID-len | 1568 | PSID | PSID | PSID | 1569 +--------------------------+--------------------------+-------------+ 1571 A.6. OPTION_S46_PRIORITY (111) to Softwire46-PORTPARAMS Field Mappings 1573 +---------------------------+-------------------------------------+ 1574 | OPTION_S46_PRIORITY Field | Softwire46-Priority Attribute Field | 1575 +---------------------------+-------------------------------------+ 1576 | s46-option-code | Softwire46-option-code | 1577 +---------------------------+-------------------------------------+ 1579 A.7. OPTION_V6_PREFIX64 (113) to Softwire46-Multicast Attribute Field 1580 Mappings 1582 +--------------------+------------------------------+---------------+ 1583 | OPTION_V6_PREFIX64 | Softwire46-Multicast | TLV Field | 1584 | Field | Attribute TLV Name | | 1585 +--------------------+------------------------------+---------------+ 1586 | asm-length | ASM-Prefix64 | Prefix-Length | 1587 | ASM_mPrefix64 | ASM-Prefix64 | ASM Prefix64 | 1588 | ssm-length | SSM-Prefix64 | Prefix-Length | 1589 | SSM_mPrefix64 | SSM-Prefix64 | SSM Prefix64 | 1590 | unicast-length | U-Prefix64 | Prefix-Length | 1591 | uPrefix64 | U-Prefix64 | Unicast | 1592 | | | Prefix64 | 1593 +--------------------+------------------------------+---------------+ 1595 Authors' Addresses 1597 Sheng Jiang 1598 Huawei Technologies Co., Ltd 1599 Q14, Huawei Campus, No.156 Beiqing Road 1600 Hai-Dian District, Beijing, 100095 1601 P.R. China 1603 Email: jiangsheng@huawei.com 1604 Yu Fu 1605 CNNIC 1606 No.4 South 4th Street, Zhongguancun 1607 Hai-Dian District, Beijing, 100190 1608 P.R. China 1610 Email: eleven711711@foxmail.com 1612 Bing Liu 1613 Huawei Technologies Co., Ltd 1614 Q14, Huawei Campus, No.156 Beiqing Road 1615 Hai-Dian District, Beijing, 100095 1616 P.R. China 1618 Email: leo.liubing@huawei.com 1620 Peter Deacon 1621 IEA Software, Inc. 1622 P.O. Box 1170 1623 Veradale, WA 99037 1624 USA 1626 Email: peterd@iea-software.com 1628 Chongfeng Xie 1629 China Telecom 1630 Beijing 1631 P.R. China 1633 Email: xiechf.bri@chinatelecom.cn 1635 Tianxiang Li 1636 Tsinghua University 1637 Beijing 100084 1638 P.R.China 1640 Email: peter416733@gmail.com 1641 Mohamed Boucadair (editor) 1642 Orange 1643 Rennes, 35000 1644 France 1646 Email: mohamed.boucadair@orange.com