idnits 2.17.1 draft-ietf-softwire-map-radius-22.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 1255 has weird spacing: '...uration tlv ...' -- The document date (April 5, 2019) is 1819 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) No issues found here. Summary: 0 errors (**), 0 flaws (~~), 2 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Softwire S. Jiang, Ed. 3 Internet-Draft Huawei Technologies Co., Ltd 4 Intended status: Standards Track Y. Fu, Ed. 5 Expires: October 7, 2019 CNNIC 6 B. Liu 7 Huawei Technologies Co., Ltd 8 P. Deacon 9 IEA Software, Inc. 10 C. Xie 11 China Telecom 12 T. Li 13 Tsinghua University 14 M. Boucadair, Ed. 15 Orange 16 April 5, 2019 18 RADIUS Attributes for Address plus Port (A+P) based Softwire Mechanisms 19 draft-ietf-softwire-map-radius-22 21 Abstract 23 IPv4-over-IPv6 transition mechanisms provide IPv4 connectivity 24 services over IPv6 native networks during the IPv4/IPv6 co-existence 25 period. DHCPv6 options have been defined for configuring clients for 26 Lightweight 4over6, Mapping of Address and Port with Encapsulation, 27 and Mapping of Address and Port using Translation unicast softwire 28 mechanisms, and also multicast softwires. However, in many networks, 29 configuration information is stored in an Authentication, 30 Authorization, and Accounting server which utilizes the RADIUS 31 protocol to provide centralized management for users. When a new 32 transition mechanism is developed, new RADIUS attributes need to be 33 defined correspondingly. 35 This document defines new RADIUS attributes to carry Address plus 36 Port based softwire configuration parameters from an Authentication, 37 Authorization, and Accounting server to a Broadband Network Gateway. 38 Both unicast and multicast attributes are covered. 40 Status of This Memo 42 This Internet-Draft is submitted in full conformance with the 43 provisions of BCP 78 and BCP 79. 45 Internet-Drafts are working documents of the Internet Engineering 46 Task Force (IETF). Note that other groups may also distribute 47 working documents as Internet-Drafts. The list of current Internet- 48 Drafts is at https://datatracker.ietf.org/drafts/current/. 50 Internet-Drafts are draft documents valid for a maximum of six months 51 and may be updated, replaced, or obsoleted by other documents at any 52 time. It is inappropriate to use Internet-Drafts as reference 53 material or to cite them other than as "work in progress." 55 This Internet-Draft will expire on October 7, 2019. 57 Copyright Notice 59 Copyright (c) 2019 IETF Trust and the persons identified as the 60 document authors. All rights reserved. 62 This document is subject to BCP 78 and the IETF Trust's Legal 63 Provisions Relating to IETF Documents 64 (https://trustee.ietf.org/license-info) in effect on the date of 65 publication of this document. Please review these documents 66 carefully, as they describe your rights and restrictions with respect 67 to this document. Code Components extracted from this document must 68 include Simplified BSD License text as described in Section 4.e of 69 the Trust Legal Provisions and are provided without warranty as 70 described in the Simplified BSD License. 72 Table of Contents 74 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 75 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5 76 3. New RADIUS Attributes . . . . . . . . . . . . . . . . . . . . 6 77 3.1. Softwire46-Configuration Attribute . . . . . . . . . . . 7 78 3.1.1. Softwire46 Attributes . . . . . . . . . . . . . . . . 8 79 3.1.1.1. Softwire46-MAP-E Attribute . . . . . . . . . . . 10 80 3.1.1.2. Softwire46-MAP-T Attribute . . . . . . . . . . . 10 81 3.1.1.3. Softwire46-Lightweight-4over6 Attribute . . . . . 11 82 3.1.2. Softwire46 Sub-Attributes . . . . . . . . . . . . . . 11 83 3.1.3. Specification of the Softwire46 Sub-Attributes . . . 12 84 3.1.3.1. Softwire46-Rule Attribute . . . . . . . . . . . . 12 85 3.1.3.2. Softwire46-BR Attribute . . . . . . . . . . . . . 13 86 3.1.3.3. Softwire46-DMR Attribute . . . . . . . . . . . . 13 87 3.1.3.4. Softwire46-V4V6Bind Attribute . . . . . . . . . . 14 88 3.1.3.5. Softwire46-PORTPARAMS Attribute . . . . . . . . . 14 89 3.1.4. Sub-Attributes for Sofwtire46-Rule . . . . . . . . . 15 90 3.1.4.1. Rule-IPv6-Prefix Attribute . . . . . . . . . . . 15 91 3.1.4.2. Rule-IPv4-Prefix Attribute . . . . . . . . . . . 16 92 3.1.4.3. EA-Length Attribute . . . . . . . . . . . . . . . 16 93 3.1.5. Attributes for Softwire46-v4v6Bind . . . . . . . . . 17 94 3.1.5.1. IPv4-address Attribute . . . . . . . . . . . . . 17 95 3.1.5.2. Bind-IPv6-Prefix Attribute . . . . . . . . . . . 17 96 3.1.6. Attributes for S46-PORTPARAMS . . . . . . . . . . . . 18 97 3.1.6.1. PSID-offset Attribute . . . . . . . . . . . . . . 18 98 3.1.6.2. PSID-len Attribute . . . . . . . . . . . . . . . 19 99 3.1.6.3. PSID Attribute . . . . . . . . . . . . . . . . . 19 100 3.2. Softwire46-Priority Attribute . . . . . . . . . . . . . . 20 101 3.2.1. Softwire46-Option-Code . . . . . . . . . . . . . . . 21 102 3.3. Softwire46-Multicast Attribute . . . . . . . . . . . . . 22 103 3.3.1. ASM-Prefix64 Attribute . . . . . . . . . . . . . . . 23 104 3.3.2. SSM-Prefix64 Attribute . . . . . . . . . . . . . . . 24 105 3.3.3. U-Prefix64 Attribute . . . . . . . . . . . . . . . . 24 106 4. A Sample Configuration Process with RADIUS . . . . . . . . . 24 107 5. Table of Attributes . . . . . . . . . . . . . . . . . . . . . 27 108 6. Security Considerations . . . . . . . . . . . . . . . . . . . 28 109 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 28 110 7.1. New RADIUS Attributes . . . . . . . . . . . . . . . . . . 28 111 7.2. RADIUS Softwire46 Configuration and Multicast Attributes 29 112 7.3. Softwire46 Mechanisms and Their Identifying Option Codes 29 113 8. Contributing Authors . . . . . . . . . . . . . . . . . . . . 30 114 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 31 115 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 32 116 10.1. Normative References . . . . . . . . . . . . . . . . . . 32 117 10.2. Informative References . . . . . . . . . . . . . . . . . 33 118 Appendix A. DHCPv6 to RADIUS Field Mappings . . . . . . . . . . 35 119 A.1. OPTION_S46_RULE (89) to Softwire46-Rule Sub-TLV Field 120 Mappings . . . . . . . . . . . . . . . . . . . . . . . . 35 121 A.2. OPTION_S46_BR (90) to Softwire46-BR Field Mappings . . . 35 122 A.3. OPTION_S46_DMR (91) to Softwire46-DMR . . . . . . . . . . 35 123 A.4. OPTION_S46_V4V6BIND (92) to Softwire46-V4V6Bind . . . . . 35 124 A.5. OPTION_S46_PORTPARAMS (93) to Softwire46-PORTPARAMS Field 125 Mappings . . . . . . . . . . . . . . . . . . . . . . . . 36 126 A.6. OPTION_S46_PRIORITY (111) to Softwire46-PORTPARAMS Field 127 Mappings . . . . . . . . . . . . . . . . . . . . . . . . 36 128 A.7. OPTION_V6_PREFIX64 (113) to Softwire46-Multicast 129 Attribute Field Mappings . . . . . . . . . . . . . . . . 36 130 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 36 132 1. Introduction 134 Providers have started deploying and transitioning to IPv6. Several 135 IPv4 service continuity mechanisms based on the Address plus Port 136 (A+P) [RFC6346] have been proposed for providing unicast IPv4 over 137 IPv6-only infrastructure, such as Mapping of Address and Port with 138 Encapsulation (MAP-E) [RFC7597], Mapping of Address and Port using 139 Translation (MAP-T) [RFC7599], and Lightweight 4over6 [RFC7596]. 140 Also, [RFC8114] specifies a generic solution for the delivery of IPv4 141 multicast services to IPv4 clients over an IPv6 multicast network. 142 For each of these mechanisms, DHCPv6 options have been specified for 143 client configuration. 145 In many networks, user configuration information is stored in an 146 Authentication, Authorization, and Accounting (AAA) server. AAA 147 servers generally communicate using the Remote Authentication Dial In 148 User Service (RADIUS) [RFC2865] protocol. In a fixed broadband 149 network, a Broadband Network Gateway (BNG) acts as the access gateway 150 for users. That is, the BNG acts as both an AAA client to the AAA 151 server, and a DHCPv6 server for DHCPv6 messages sent by clients. 152 Throughout this document, the term BNG describes a device 153 implementing both the AAA client and DHCPv6 server functions. 155 Since IPv4-in-IPv6 softwire configuration information is stored in an 156 AAA server, and user configuration information is mainly transmitted 157 through DHCPv6 protocol between the BNGs and Customer Premises 158 Equipment (CEs, a.k.a., CPE), new RADIUS attributes are needed to 159 propagate the information from the AAA servers to BNGs. 161 The RADIUS attributes defined in this document provide configuration 162 to populate the corresponding DHCPv6 options for unicast and 163 multicast softwire configuration, specifically: 165 o "Mapping of Address and Port with Encapsulation (MAP-E)" [RFC7597] 166 (DHCPv6 options defined in [RFC7598]. 168 o "Mapping of Address and Port using Translation (MAP-T)" [RFC7599] 169 (DHCPv6 options defined in [RFC7598]. 171 o "Lightweight 4over6: An Extension to the Dual-Stack Lite 172 Architecture" [RFC7596] (DHCPv6 options defined in [RFC7598]. 174 o "Unified IPv4-in-IPv6 Softwire Customer Premises Equipment (CPE): 175 A DHCPv6-Based Prioritization Mechanism" [RFC8026]. 177 o "Delivery of IPv4 Multicast Services to IPv4 Clients over an IPv6 178 Multicast Network" [RFC8114] (DHCPv6 options defined in [RFC8115]. 180 The contents of the attributes defined in this document have a 1:1 181 mapping into the fields of the various DHCPv6 options in [RFC7598], 182 [RFC8026], and [RFC8115]. Table 1 shows how the DHCPv6 options map 183 to the corresponding RADIUS attribute. For detailed mappings between 184 each DHCPv6 option field and the corresponding RADIUS Attribute or 185 field, see Appendix A. 187 +----------------------------+--------------------------------+ 188 | DHCPv6 Option | RADIUS Attribute | 189 +----------------------------+--------------------------------+ 190 | OPTION_S46_RULE (89) | Softwire46-Rule | 191 | OPTION_S46_BR (90) | Softwire46-BR | 192 | OPTION_S46_DMR (91) | Softwire46-DMR | 193 | OPTION_S46_V4V6BIND (92) | Softwire46-v4v6Bind | 194 | OPTION_S46_PORTPARAMS (93) | Softwire46-PORTPARAMS | 195 | OPTION_S46_PRIORITY (111) | Softwire46-Priority Attribute | 196 | OPTION_V6_PREFIX64 (113) | Softwire46-Multicast Attribute | 197 +----------------------------+--------------------------------+ 199 Table 1: Mapping between DHCPv6 Options and RADIUS Attributes 201 A RADIUS attribute for Dual-Stack Lite [RFC6333] is defined in 202 [RFC6519]. 204 2. Terminology 206 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 207 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 208 "OPTIONAL" in this document are to be interpreted as described in 209 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, 210 as shown here. 212 The reader should be familiar with the concepts and terms defined in 213 [RFC7596], [RFC7597], [RFC7599], and [RFC8026]. 215 The terms "multicast Basic Bridging BroadBand" element (mB4) and 216 "multicast Address Family Transition Router" element (mAFTR) are 217 defined in [RFC8114]. 219 Softwire46 (S46) is used throughout to denote any of the IPv4-in-IPv6 220 softwire mechanisms listed above. Additionally, the following 221 abbreviations are used within the document: 223 o BMR: Basic Mapping Rule 225 o BNG: Broadband Network Gateway 227 o BR: Border Relay 229 o CE: Customer Edge 231 o DMR: Default Mapping Rule 233 o EA: Embedded Address 234 o FMR: Forwarding Mapping Rule 236 o PSID: Port Set Identifier 238 o TLV: Type, Length, Value 240 o MAP-E: Mapping of Address and Port with Encapsulation 242 o MAP-T: Mapping of Address and Port using Translation 244 3. New RADIUS Attributes 246 This section defines the following attributes: 248 1. Softwire46-Configuration Attribute (Section 3.1): 250 This attribute carries the configuration information for MAP-E, 251 MAP-T, and Lightweight 4over6. The configuration information for 252 each Softwire46 mechanism is carried in the corresponding 253 Softwire46 attributes. Different attributes are required for 254 each Softwire46 mechanism. 256 2. Softwire46-Priority Attribute (Section 3.2): 258 Depending on the deployment scenario, a client may support 259 several different Softwire46 mechanisms and so request 260 configuration for more than one Softwire46 mechanism at a time. 261 The Softwire46-Priority Attribute contains information allowing 262 the client to prioritize which mechanism to use, corresponding to 263 OPTION_S46_PRIORITY defined in [RFC8026]. 265 3. Softwire46-Multicast Attribute (Section 3.3): 267 This attribute conveys the IPv6 prefixes to be used in [RFC8114] 268 to synthesize IPv4-embedded IPv6 addresses. The BNG uses the 269 IPv6 prefixes returned in the RADIUS Softwire46-Multicast 270 Attribute to populate the DHCPv6 PREFIX64 Option [RFC8115]. 272 All of these attributes are allocated from the RADIUS "Extended Type" 273 code space per [RFC6929]. 275 All of these attribute designs follow [RFC6158] and [RFC6929]. 277 This document adheres to [RFC8044] for defining the new attributes. 279 3.1. Softwire46-Configuration Attribute 281 This attribute is of type "tlv", as defined in the RADIUS Protocol 282 Extensions [RFC6929]. It contains some sub-attributes, with the 283 following requirements: 285 The Softwire46-Configuration Attribute MUST contain one or more of 286 the following attributes: Softwire46-MAP-E, Softwire46-MAP-T, and/ 287 or Softwire46-Lightweight-4over6. 289 The Softwire46-Configuration Attribute conveys the configuration 290 information for MAP-E, MAP-T, or Lightweight 4over6. The BNG 291 SHALL use the configuration information returned in the RADIUS 292 attribute to populate the DHCPv6 Softwire46 Container Option 293 defined in Section 5 of [RFC7598]. 295 The Softwire46-Configuration Attribute MAY appear in an Access- 296 Accept packet. It MAY also appear in an Access-Request packet. 298 The Softwire46-Configuration Attribute MAY appear in a CoA-Request 299 packet. 301 The Softwire46-Configuration Attribute MAY appear in an 302 Accounting-Request packet. 304 The Softwire46-Configuration Attribute MUST NOT appear in any 305 other RADIUS packet. 307 The Softwire46-Configuration Attribute MUST only encapsulate one 308 or more of the Softwire46 attributes defined in this document. 310 The Softwire46-Configuration Attribute is structured as follows: 312 Type 313 241 (To be confirmed by IANA). 315 Length 316 Indicates the total length, in bytes, of all fields of 317 this attribute, including the Type, Length, Extended-Type, 318 and the entire length of the embedded attributes. 320 Extended-Type 321 TBD1 323 Value 324 Contains one or more of the following attributes. Each attribute 325 type may appear at most once: 327 Softwire46-MAP-E 328 For configuring MAP-E clients. For the construction of 329 this attribute, efer to Section 3.1.1.1. 331 Softwire46-MAP-T 332 For configuring MAP-T clients. For the construction of 333 this attribute, refer to Section 3.1.1.2. 335 Softwire46-Lightweight-4over6 336 For configuring Lightweight 4over6 clients. For the 337 construction of this attribute, refer to Section 3.1.1.3. 339 The Softwire46-Configuration Attribute is associated with the 340 following identifier: 241.Extended-Type(TBD1). 342 3.1.1. Softwire46 Attributes 344 The Softwire46 attributes can only be encapsulated in the 345 Softwire46-Configuration Attribute. Depending on the deployment 346 scenario, a client might request for more than one transition 347 mechanism at a time. There MUST be at least one Softwire46 attribute 348 encapsulated in one Softwire46-Configuration Attribute. There MUST 349 be at most one instance of each type of Softwire46 attribute 350 encapsulated in one Softwire46-Configuration Attribute. 352 There are three types of Softwire46 attributes, namely: 354 1. Softwire46-MAP-E (Section 3.1.1.1) 356 2. Softwire46-MAP-T (Section 3.1.1.2) 358 3. Softwire46-Lightweight 4over6 (Section 3.1.1.3) 359 Each type of Softwire46 attribute contains a number of sub- 360 attributes, defined in Section 3.1.3. The hierarchy of the 361 Softwire46 attributes is shown in Figure 1. Section 3.1.2 describes 362 which sub-attributes are mandatory, optional, or not permitted for 363 each defined Softwire46 attribute. 365 /1.Rule-IPv6-Prefix 366 S / | 367 o / | 1.Softwire46-Rule -----+ 2.Rule-IPv4-Prefix 368 f | Softwire46-MAP-E--+ | 369 t | | 2.Softwire46-BR | 3.EA Length 370 w | | \ 371 i | | /1.PSID-offset 372 r | | | 373 e | | 5.Softwire46-PORTPARAMS -----+ 2.PSID-len 374 - | \ | 375 C | | 3.PSID 376 o | \ 377 n | 378 f | /1.Rule-IPv6-Prefix 379 i | / | 380 g | | 1.Softwire46-Rule------+ 2.Rule-IPv4-Prefix 381 u | Softwire46-MAP-T--+ | 382 r | | 3.Softwire46-DMR | 3.EA Length 383 a | | \ 384 t | | /1.PSID-offset 385 i | | | 386 o | | 5.Softwire46-PORTPARAMS------+ 2.PSID-len 387 n | \ | 388 | | 3.PSID 389 A | \ 390 t | 391 t | /1.IPv4-address 392 r | / | 393 i | | 4.Softwire46-v4v6Bind -----+ 2.Bind-IPv6-Prefix 394 b | Softwire46- | \ 395 u | Lightweight-4over6+ /1.PSID-offset 396 t \ | | 397 e | 5.Softwire46-PORTPARAMS ----+ 2.PSID-len 398 \ | 399 | 3.PSID 400 \ 402 Figure 1: Softwire46 Attributes Hierarchy 404 3.1.1.1. Softwire46-MAP-E Attribute 406 Softwire46-MAP-E attribute is designed for carrying the configuration 407 information for MAP-E. The structure of Softwire46-MAP-E is shown 408 below: 410 TLV-Type 411 1 413 TLV-Length 414 Indicates the length of this attribute, including 415 the TLV-Type, TLV-Length, and TLV-Value fields. 417 TLV-Value 418 Contains a set of sub-attributes, with the following requirements: 420 It MUST contain Softwire46-Rule, defined in Section 3.1.3.1. 422 It MUST contain Softwire46-BR, defined in Section 3.1.3.2. 424 It MAY contain Softwire46-PORTPARAMS, defined in Section 3.1.3.5. 426 3.1.1.2. Softwire46-MAP-T Attribute 428 Softwire46-MAP-T attribute is designed for carrying the configuration 429 information for MAP-T. The structure of Softwire46-MAP-T is shown 430 below: 432 TLV-Type 433 2 435 TLV-Length 436 Indicates the length of this attribute, including 437 the TLV-Type, TLV-Length, and TLV-Value fields. 439 TLV-Value 440 Contains a set of sub-attributes, with the following requirements: 442 It MUST contain Softwire46-Rule, defined in Section 3.1.3.1. 444 It MUST contain Softwire46-DMR, defined in Section 3.1.3.3. 446 It MAY contain Softwire46-PORTPARAMS, defined in Section 3.1.3.5. 448 3.1.1.3. Softwire46-Lightweight-4over6 Attribute 450 Softwire46-Lightweight-4over6 attribute is designed for carrying the 451 configuration information for Lightweight 4over6. The structure of 452 Softwire46-Lightweight-4over6 is shown below: 454 TLV-Type 455 3 457 TLV-Length 458 Indicates the length of this attribute, including 459 the TLV-Type, TLV-Length, and TLV-Value fields. 461 TLV-Value 462 Contains a set of sub-attributes as follows: 464 It MUST contain Softwire46-BR, defined in Section 3.1.3.2. 466 It MUST contain Softwire46-V4V6Bind, defined in Section 3.1.3.4. 468 It MAY contain Softwire46-PORTPARAMS, defined in Section 3.1.3.5. 470 3.1.2. Softwire46 Sub-Attributes 472 Table 2 shows which encapsulated sub-attributes are mandatory, 473 optional, or not permitted for each defined Softwire46 attribute. 475 +-----------------------+-------+-------+--------------------+ 476 | Sub-Attributes | MAP-E | MAP-T | Lightweight 4over6 | 477 +-----------------------+-------+-------+--------------------+ 478 | Softwire46-BR | 1 | 0 | 1 | 479 | Softwire46-Rule | 1 | 1 | 0 | 480 | Softwire46-DMR | 0 | 1 | 0 | 481 | Softwire46-V4V6Bind | 0 | 0 | 1 | 482 | Softwire46-PORTPARAMS | 0-1 | 0-1 | 0-1 | 483 +-----------------------+-------+-------+--------------------+ 485 Table 2: Softwire46 Sub-Attributes 487 The following table defines the meaning of the above table entries. 489 0 Not Permitted 490 0+ Optional, zero or more instances of the attribute 491 may be present. 492 0-1 Optional, zero or one instance of the attribute 493 may be present. 494 1 Mandatory 496 3.1.3. Specification of the Softwire46 Sub-Attributes 498 3.1.3.1. Softwire46-Rule Attribute 500 Softwire46-Rule can only be encapsulated in Softwire46-MAP-E 501 (Section 3.1.1.1) or Softwire46-MAP-T (Section 3.1.1.2). Depending 502 on the deployment scenario, one Basic Mapping Rule (BMR) and zero or 503 more Forwarding Mapping Rules (FMRs) MUST be included in one 504 Softwire46-MAP-E or Softwire46-MAP-T. 506 Each type of Softwire46-Rule also contains a number of sub- 507 attributes, including Rule-IPv6-Prefix, Rule-IPv4-Prefix, and EA- 508 Length. The structure of the sub-attributes for Softwire46-Rule is 509 defined in Section 3.1.4. 511 Defining multiple TLV-types achieves the same design goals as the 512 "Softwire46 Rule Flags" defined in Section 4.1 of [RFC7598]. Using 513 TLV-type set to 4 is equivalent to setting the F-flag in the 514 OPTION_S46_RULE S46 Rule Flags field. 516 TLV-Type 517 4 Basic Mapping Rule only (not to be used for forwarding) 518 5 Forwarding Permitted Mapping Rule (may be used for 519 forwarding. Can also be a Basic Mapping Rule) 521 TLV-Length 522 Indicates the length of this attribute, including 523 the TLV-Type, TLV-Length, and TLV-Value fields. 525 Data Type 526 The attribute Softwire46-Rule is of type tlv (Section 3.13 of 527 [RFC8044]). 529 TLV-Value 530 This field contains a set of attributes as follows: 532 Rule-IPv6-Prefix 533 This attribute contains the IPv6 prefix for use in the MAP rule. 534 Refer to Section 3.1.4.1. 536 Rule-IPv4-Prefix 537 This attribute contains the IPv4 prefix for use in the MAP rule. 538 Refer to Section 3.1.4.2. 540 EA-Length 541 This attribute contains the Embedded-Address (EA) bit length. 542 Refer to Section 3.1.4.1. 544 3.1.3.2. Softwire46-BR Attribute 546 Softwire46-BR can only be encapsulated in Softwire46-MAP-E 547 (Section 3.1.1.1) or Softwire46-Lightweight-4over6 (Section 3.1.1.3). 549 There MUST be at least one Softwire46-BR included in each 550 Softwire46-MAP-E or Softwire46-Lightweight-4over6. 552 The structure of Softwire46-BR is shown below: 554 TLV-Type 555 6 557 TLV-Length 558 18 octets 560 Data Type 561 The attribute Softwire46-BR is of type ip6addr (Section 3.9 of 562 [RFC8044]). 564 TLV-Value 565 br-ipv6-address. A fixed-length field of 16 octets that 566 specifies the IPv6 address for the Softwire46 Border Relay (BR). 568 3.1.3.3. Softwire46-DMR Attribute 570 Softwire46-DMR may only appear in Softwire46-MAP-T (Section 3.1.1.2). 571 There MUST be exactly one Softwire46-DMR included in one Softwire46- 572 MAP-T. 574 The structure of Softwire46-DMR is shown below: 576 TLV-Type 577 7 579 TLV-Length 580 4 + length of dmr-ipv6-prefix specified in octets. 582 Data Type 583 The attribute Softwire46-DMR is of type ip6pref (Section 3.10 of 584 [RFC8044]). 586 TLV-Value 587 dmr-ipv6-prefix. A variable-length field specifying the IPv6 588 prefix for the BR. This field is right-padded with zeros to 589 the nearest octet boundary when dmr-prefix6-len is not 590 divisible by 8. Prefixes with from 0 to 96 are allowed. 592 3.1.3.4. Softwire46-V4V6Bind Attribute 594 Softwire46-V4V6Bind may only be encapsulated in Softwire46- 595 Lightweight-4over6 (Section 3.1.1.3). There MUST be exactly one 596 Softwire46-V4V6Bind included in each Softwire46-Lightweight-4over6. 598 The structure of Softwire46-V4V6Bind is shown below: 600 TLV-Type 601 8 603 TLV-Length 604 Indicates the length of this attribute, including 605 the TLV-Type, TLV-Length, and TLV-Value fields. 607 Data Type 608 The attribute Softwire46-V4V6Bind is of type tlv (Section 3.13 of 609 [RFC8044]). 611 TLV-Value 612 This field contains a set of attributes as follows: 614 IPv4-address 615 This attribute contains an IPv4 address, used to specify 616 the full or shared IPv4 address of the CE. Refer to 617 Section 3.1.5.1. 619 Bind-IPv6-Prefix 620 This attribute contains an IPv6 prefix used to indicate which 621 configured prefix the Softwire46 CE should use for constructing 622 the softwire. Refer to Section 3.1.5.2. 624 3.1.3.5. Softwire46-PORTPARAMS Attribute 626 Softwire46-PORTPARAMS is optional. It is used to specify port set 627 information for IPv4 address sharing between clients. 628 Softwire46-PORTPARAMS MAY be included in any of the Softwire46 629 attributes. 631 The structure of Softwire46-PORTPARAMS is shown below: 633 TLV-Type 634 9 636 TLV-Length 637 Indicates the length of this attribute, including 638 the TLV-Type, TLV-Length, and TLV-Value fields. 640 Data Type 641 The attribute Softwire46-PORTPARAMS is of type tlv (Section 3.13 642 of [RFC8044]). 644 TLV-Value 645 This field contains a set of attributes as follows: 647 PSID-offset 648 This attribute specifies the numeric value for the Softwire46 649 algorithm's excluded port range/offset bits (a bits). Refer to 650 Section 3.1.6.1. 652 PSID-len 653 This attribute specifies the number of significant bits in the 654 PSID field (also known as 'k'). Refer to Section 3.1.6.2. 656 PSID 657 This attribute specifies PSID value. Refer to Section 3.1.6.3. 659 3.1.4. Sub-Attributes for Sofwtire46-Rule 661 There are two types of Softwire46-Rule: the Basic Mapping Rule and 662 the Forwarding Mapping Rule, indicated by the value in the TLV-Type 663 field of Softwire46-Rule (see Section 3.1.3.1). 665 Each type of Softwire46-Rule also contains a number of Sub-attributes 666 as detailed in the following sub-sections. 668 3.1.4.1. Rule-IPv6-Prefix Attribute 670 Rule-IPv6-Prefix is REQUIRED for every Softwire46-Rule. There MUST 671 be exactly one Rule-IPv6-Prefix encapsulated in each type of 672 Softwire46-Rule. 674 Rule-IPv6-Prefix follows the framed IPv6 prefix designed in [RFC3162] 675 and [RFC8044]. 677 The structure of Rule-IPv6-Prefix is shown below: 679 TLV-Type 680 10 682 TLV-Length 683 20 octets 685 Data Type 686 The attribute Rule-IPv6-Prefix is of type ipv6pref (Section 3.10 687 of [RFC8044]). 689 TLV-Value 690 rule-ipv6-prefix. 128-bits long field that specifies an IPv6 691 prefix appearing in the MAP rule. 693 3.1.4.2. Rule-IPv4-Prefix Attribute 695 This attribute is used to convey the MAP Rule IPv4 prefix. The 696 structure of Rule-IPv4-Prefix is shown below: 698 TLV-Type 699 11 701 TLV-Length 702 8 octets 704 Data Type 705 The attribute Rule-IPv4-Prefix is of type ipv4pref (Section 3.11 706 of [RFC8044]). 708 TLV-Value 709 rule-ipv4-prefix. 32-bits long. Specifies the IPv4 prefix 710 appearing in the MAP rule. 712 3.1.4.3. EA-Length Attribute 714 This attribute is used to convey the Embedded-Address(EA) bit length. 715 The structure of EA-Length is shown below: 717 TLV-Type 718 12 720 TLV-Length 721 6 octets 723 Data Type 724 The attribute EA-Length is of type integer (Section 3.1 of 725 [RFC8044]). 727 TLV-Value 728 EA-len; 32-bits long. Specifies the Embedded-Address(EA) bit 729 length. Allowed values range from 0 to 48. 731 3.1.5. Attributes for Softwire46-v4v6Bind 733 3.1.5.1. IPv4-address Attribute 735 The IPv4-address MAY be used to specify the full or shared IPv4 736 address of the CE. 738 The structure of IPv4-address is shown below: 740 TLV-Type 741 13 743 TLV-Length 744 6 octets 746 Data Type 747 The attribute IPv4-address is of type ipv4addr (Section 3.8 748 of [RFC8044]). 750 TLV-Value 751 32-bits long. Specifies the IPv4 address to appear in 752 Softwire46-V4V6Bind (Section 3.1.3.4). 754 3.1.5.2. Bind-IPv6-Prefix Attribute 756 The Bind-IPv6-Prefix is used by the CE to identify the correct IPv6 757 prefix to be used as the tunnel source. 759 The structure of Bind-IPv6-Prefix is shown below: 761 TLV-Type 762 14 764 TLV-Length 765 4 + length of bind-ipv6-prefix specified in octets. 767 Data Type 768 The attribute Bind-IPv6-Prefix is of type ipv6pref (Section 3.10 769 of [RFC8044]). 771 TLV-Value 772 bind-ipv6-prefix. A variable-length field specifying the IPv6 773 prefix or address for the Softwire46 CE. This field is 774 right-padded with zeros to the nearest octet boundary 775 when bindprefix6-len is not divisible by 8. 777 3.1.6. Attributes for S46-PORTPARAMS 779 3.1.6.1. PSID-offset Attribute 781 This attribute is used to convey the Port Set Identifier offset as 782 defined in [RFC7597]. This attribute is encoded 32 bits as per the 783 recommendation in Appendix A.2.1 of [RFC6158]. 785 The structure of PSID-offset is shown below: 787 TLV-Type 788 15 790 TLV-Length 791 6 octets 793 Data Type 794 The attribute PSID-offset is of type integer (Section 3.1 795 of [RFC8044]). 797 TLV-Value 798 Contains the PSID-Offset (8-bits) right 799 justified, and the unused bits in this field MUST 800 be set to zero. This field that specifies the 801 numeric value for the Softwire46 algorithm's excluded 802 port range/offset bits (a bits), as per Section 5.1 803 of RFC7597. Allowed values are between 0 and 15. 804 Default values for this field are specific to the 805 Softwire mechanism being implemented and are defined 806 in the relevant specification document. 808 3.1.6.2. PSID-len Attribute 810 This attribute is used to convey the PSID length as defined in 811 [RFC7597]. This attribute is encoded 32 bits as per the 812 recommendation in Appendix A.2.1 of [RFC6158]. 814 The structure of PSID-len is shown below: 816 TLV-Type 817 16 819 TLV-Length 820 6 octets 822 Data Type 823 The attribute PSID-len is of type integer (Section 3.1 824 of [RFC8044]). 826 TLV-Value 827 Contains the PSID-len (8-bits) right 828 justified, and the unused bits in this field MUST 829 be set to zero. This field specifies the number of 830 significant bits in the PSID field (also known as 831 'k'). When set to 0, the PSID field is to be ignored. 832 After the first 'a' bits, there are k bits in the 833 port number representing the value of the PSID. 834 Subsequently, the address sharing ratio would be 835 2^k. 837 3.1.6.3. PSID Attribute 839 This attribute is used to convey the PSID as defined in [RFC7597]. 840 This attribute is encoded 32 bits as per the recommendation in 841 Appendix A.2.1 of [RFC6158]. 843 The structure of PSID is shown below: 845 TLV-Type 846 17 848 TLV-Length 849 6 octets 851 Data Type 852 The attribute Bind-IPv6-Prefix is of type integer (Section 3.1 853 of [RFC8044]). 855 TLV-Value 856 Contains the PSID (16-bits) right justified, and the unused bits 857 in this field MUST be set to zero. 858 The PSID value algorithmically identifies a set of ports 859 assigned to a CE. The first k bits on the left of this 860 2-octet field is the PSID value. The remaining (16-k) bits 861 on the right are padding zeros. 863 3.2. Softwire46-Priority Attribute 865 The Softwire46-Priority Attribute includes an orderd list of 866 Softwire64 mechanisms allowing the client to prioritize which 867 mechanism to use, corresponding to OPTION_S46_PRIORITY defined in 868 [RFC8026]. The following requirements apply: 870 The Softwire46-Priority Attribute MAY appear in an Access-Accept 871 packet. It MAY also appear in an Access-Request packet. 873 The Softwire46-Priority Attribute MAY appear in a CoA-Request 874 packet. 876 The Softwire46-Priority Attribute MAY appear in an Accounting- 877 Request packet. 879 The Softwire46-Priority Attribute MUST NOT appear in any other 880 RADIUS packet. 882 The Softwrie46-Priority Attribute is structured as follows: 884 Type 885 241 (To be confirmed by IANA) 887 Length 888 Indicates the length of this attribute, 889 including the Type, Length, Extended-Type and Value fields. 891 Extended-Type 892 TBD5 894 TLV-Value 895 The attribute include one or more Softwire46-Option-Code TLVs: 896 A Softwire46-Priority Attribute MUST contain at least one 897 Softwire46-Option-Code TLV (Section 3.2.1). 899 Softwire46 mechanisms are prioritized in the appearance order 900 of the in the Softwire46-Priority Attribute. 902 The Softwire46-Priority Attribute is associated with the following 903 identifier: 241.Extended-Type (TBD5). 905 3.2.1. Softwire46-Option-Code 907 This attribute is used to convey an option code assigned to a 908 Softwire64 mechanism [RFC8026]. This attribute is encoded 32 bits as 909 per the recommendation in Appendix A.2.1 of [RFC6158]. 911 The structure of Softwire46-Option-Code is shown below: 913 TLV-Type 914 18 916 TLV-Length 917 6 octets 919 Data Type 920 The attribute Softwire46-Option-Code is of type integer 921 (Section 3.1 of [RFC8044]). 923 TLV-Value 924 A 32-bit IANA-registered option code representing a Softwire46 925 mechanism. The codes and their corresponding Softwire46 926 mechanisms are listed in Section 7.3. 928 3.3. Softwire46-Multicast Attribute 930 The Softwire46-Multicast Attribute conveys the IPv6 prefixes to be 931 used to synthesize multicast and unicast IPv4-embedded IPv6 addresses 932 as per [RFC8114]. This attribute is of type "tlv" and contains 933 additional TLVs. The following requirements apply: 935 The BNG SHALL use the IPv6 prefixes returned in the RADIUS 936 Softwire46-Multicast Attribute to populate the DHCPv6 PREFIX64 937 Option [RFC8115]. 939 This attribute MAY be used in Access-Request packets as a hint to 940 the RADIUS server. For example, if the BNG is pre-configured for 941 Softwire46-Multicast, these prefixes MAY be inserted in the 942 attribute. The RADIUS server MAY ignore the hint sent by the BNG, 943 and it MAY assign a different Softwire46-Multicast Attribute. 945 The Softwire46-Multicast Attribute MAY appear in an Access-Request 946 packet. 948 The Softwire46-Multicast Attribute MAY appear in an Access-Accept 949 packet. 951 The Softwire46-Multicast Attribute MAY appear in a CoA-Request 952 packet. 954 The Softwire46-Multicast Attribute MAY appear in an Accounting- 955 Request packet. 957 The Softwire46-Multicast Attribute MUST NOT appear in any other 958 RADIUS packet. 960 The Softwire46-Multicast Attribute MAY contain ASM-Prefix64 (see 961 Section 3.3.1). 963 The Softwire46-Multicast Attribute MAY contain SSM-Prefix64 (see 964 Section 3.3.2). 966 The Softwire46-Multicast Attribute MAY contain U-Prefix64 (see 967 Section 3.3.3). 969 The Softwire46-Multicast Attribute MUST include ASM-Prefix64 or 970 SSM-Prefix64, and it MAY include both. 972 The U-Prefix64 MUST be present when SSM-Prefix64 is present. 973 U-Prefix64 MAY be present when ASM-Prefix64 is present. 975 The Softwire46-Multicast Attribute is structured as follows: 977 Type 978 241 (To be confirmed by IANA) 980 Length 981 This field indicates the total length in bytes of all fields of 982 this attribute, including the Type, Length, Extended-Type, and the 983 entire length of the embedded attributes. 985 Extended-Type 986 TBD6 988 Value 989 This field contains a set of attributes as follows: 991 ASM-Prefix64 992 This attribute contains the ASM IPv6 prefix. Refer to 993 Section 3.3.1. 995 SSM-Prefix64 996 This attribute contains the SSM IPv6 prefix. Refer to 997 Section 3.3.2. 999 U-Prefix64 1000 This attribute contains the IPv4 prefix used for address 1001 translation. Refer to Section 3.3.3. 1003 The Softwire46-Multicast Attribute is associated with the following 1004 identifier: 241.Extended-Type(TBD6). 1006 3.3.1. ASM-Prefix64 Attribute 1008 The ASM-Prefix64 attribute is structured as follows: 1010 TLV-Type 1011 19 1013 TLV-Length 1014 16 octets. The length of ssm-prefix64 must be to 96 [RFC8115]. 1016 Data Type 1017 The attribute ASM-Prefix64 is of type ipv6prefix (Section 3.10 of 1018 [RFC8044]). 1020 TLV-Value 1021 This field specifies the IPv6 multicast prefix (asm-prefix64) 1022 to be used to synthesize the IPv4-embedded IPv6 addresses of the 1023 multicast groups in the ASM mode. The conveyed multicast IPv6 1024 prefix MUST belong to the ASM range. 1026 3.3.2. SSM-Prefix64 Attribute 1028 The SSM-Prefix64 attribute is structured as follows: 1030 Type 1031 20 1033 TLV-Length 1034 16 octets. The length of ssm-prefix64 must be to 96 [RFC8115]. 1036 Data Type 1037 The attribute SSM-Prefix64 is of type ipv6prefix (Section 3.10 of 1038 [RFC8044]). 1040 TLV-Type 1041 This field specifies the IPv6 multicast prefix (ssm-prefix64) 1042 to be used to synthesize the IPv4-embedded IPv6 addresses of the 1043 multicast groups in the SSM mode. The conveyed multicast IPv6 1044 prefix MUST belong to the SSM range. 1046 3.3.3. U-Prefix64 Attribute 1048 The structure of U-Prefix64 is shown below: 1050 TLV-Type 1051 21 1053 TLV-Length 1054 4 + length of unicast-prefix. As specified in [RFC6052], 1055 the unicast-prefix prefix-length MUST be set to 32, 40, 48, 1056 56, 64, or 96. 1058 Data Type 1059 The attribute U-Prefix64 is of type ipv6prefix (Section 3.10 of 1060 [RFC8044]). 1062 TLV-Value 1063 This field identifies the IPv6 unicast prefix to 1064 be used in SSM mode for constructing the IPv4-embedded IPv6 1065 addresses representing the IPv4 multicast sources in the IPv6 1066 domain. It may also be used to extract the IPv4 address from the 1067 received multicast data flows. 1069 4. A Sample Configuration Process with RADIUS 1071 Figure 2 illustrates how the RADIUS and DHCPv6 protocols interwork to 1072 provide CE with softwire configuration information. 1074 CE BNG AAA Server 1075 | | | 1076 |-------1.DHCPv6 Solicit------->| | 1077 |(ORO with unicast and/or m'cast| | 1078 | container option code(s)) | | 1079 | | | 1080 | |-------2.Access-Request------->| 1081 | | (Softwire46-Configuration | 1082 | | Attribute and/or | 1083 | |Softwire46-Multicast Attribute)| 1084 | | | 1085 | |<------3.Access-Accept---------| 1086 | | (Softwire46-Configuration | 1087 | | Attribute and/or | 1088 | |Softwire46-Multicast Attribute)| 1089 | | | 1090 |<----4.DHCPv6 Advertisement----| | 1091 | (container option(s)) | | 1092 | | | 1093 |-------5.DHCPv6 Request------>| | 1094 | (container Option(s)) | | 1095 | | | 1096 |<--------6.DHCPv6 Reply--------| | 1097 | (container option(s)) | | 1098 | | | 1099 DHCPv6 RADIUS 1101 Figure 2: Interaction between DHCPv6 and AAA Server with RADIUS 1102 authentication 1104 1. The CE creates a DHCPv6 Solicit message. For unicast softwire 1105 configuration, the message includes an OPTION_REQUEST_OPTION (6) 1106 with the Softwire46 Container option codes as defined in 1107 [RFC7598]. OPTION_S46_CONT_MAPE (94) should be included for MAP- 1108 E, OPTION_S46_CONT_MAPT (95) for MAP-T, and OPTION_S46_CONT_LW 1109 (96) for Lightweight 4over6. For multicast configuration, the 1110 option number for OPTION_V6_PREFIX64 (113) is included in the 1111 client's ORO. The message is sent to the BNG. 1113 2. On receipt of the Solicit message, the BNG constructs a RADIUS 1114 Access-Request message containing a User-Name Attribute (1) 1115 (containing either a CE MAC address, interface-id or both), a 1116 User-Password Attribute (2) (with a pre-configured shared 1117 password as defined in [RFC2865]. The Softwire46-Configuration 1118 Attribute and/or Softwire46-Multicast Attribute are also included 1119 (as requested by the client). The resulting message is sent to 1120 the AAA server. 1122 3. The AAA server authenticates the request. If this is successful, 1123 and suitable configuration is available, an Access-Accept message 1124 is sent to the BNG containing the requested 1125 Softwire46-Configuration Attribute or Softwire46-Multicast 1126 Attribute. It is the responsibility of the AAA server to ensure 1127 the consistency of the provided configuration. 1129 4. The BNG maps the received softwire configuration into the 1130 corresponding fields in the DHCPv6 softwire configuration 1131 option(s). Theses are included in the DHCPv6 Advertise message 1132 which is sent to the CE. 1134 5. The CE send a DHCPv6 Request message. In the ORO, the option 1135 code(s) of any of the required softwire options that were 1136 received in the Advertise message are included. 1138 6. The BNG sends a Reply message to the client containing the 1139 softwire container options enumerated in the ORO. 1141 The authorization operation could also be done independently, after 1142 the authentication process. In this case, steps 1-5 are completed as 1143 above, then the following steps are performed: 1145 6a. When the BNG receives the DHCPv6 Request, it constructs a RADIUS 1146 Access-Request message, which contains a Service-Type Attribute 1147 (6) with the value "Authorize Only" (17), the corresponding 1148 Softwire46-Configuration Attribute, and a State Attribute 1149 obtained from the previous authentication process according to 1150 [RFC5080]. The resulting message is sent to the AAA server. 1152 7a. The AAA checks the authorization request. If it is approved, an 1153 Access-Accept message is returned to the BNG with the 1154 corresponding Softwire46-Configuration Attribute. 1156 8a. The BNG sends a Reply message to the client containing the 1157 softwire container options enumerated in the ORO. 1159 In addition to the above, the following points need to be considered: 1161 o In both the configuration message flows described above the 1162 Message-authenticator (type 80) [RFC2869] SHOULD be used to 1163 protect both Access-Request and Access-Accept messages. 1165 o If the BNG does not receive the corresponding 1166 Softwire46-Configuration Attribute in the Access-Accept message it 1167 MAY fallback to creating the DHCPv6 softwire configuration options 1168 using pre-configured Softwire46 configuration, if this is present. 1170 o If the BNG receives an Access-Reject from the AAA server, then 1171 Softwire46 configuration MUST NOT be supplied to the client. 1173 o As specified in [RFC8415], Section 18.2.5, "Creation and 1174 Transmission of Rebind Messages", if the DHCPv6 server to which 1175 the DHCPv6 Renew message was sent at time T1 has not responded by 1176 time T2, the CE (DHCPv6 client) SHOULD enter the Rebind state and 1177 attempt to contact any available server. In this situation, a 1178 secondary BNG receiving the DHCPv6 message MUST initiate a new 1179 Access-Request message towards the AAA server. The secondary BNG 1180 includes the Softwire46-Configuration Attribute in this Access- 1181 Request message. 1183 o For Lightweight 4over6, the subscriber's binding state needs to be 1184 synchronized between the clients and the lwAFTR/BR. This can be 1185 achieved in two ways: static pre-configuring of the bindings on 1186 both the AAA server and lwAFTR, or on-demand whereby the AAA 1187 server updates the lwAFTR with the subscriber's binding state as 1188 it is created or deleted. 1190 In some deployments, the DHCP server may use the Accounting-Request 1191 to report to a AAA server the softwire configuration returned to a 1192 requesting host. It is the responsibility of the DHCP server to 1193 ensure the consistency of the configuration provided to requesting 1194 hosts. Reported data to a AAA server may be required for various 1195 operational purposes (e.g., regulatory). 1197 5. Table of Attributes 1199 This document specifies three new RADIUS attributes, and their 1200 formats are as follows: 1202 o Softwire46-Configuration Attribute: 241.TBD1 1204 o Softwire46-Priority Attribute: 241.TBD5 1206 o Softwire46-Multicast Attribute: 241.TBD6 1208 The following table describes which attributes may be found, in which 1209 kinds of packets and in what quantity. 1211 Request Accept Reject Challenge Accounting # Attribute 1212 Request 1213 0-1 0-1 0 0 0-1 241.TBD1 Softwire46- 1214 Configuration 1215 0-1 0-1 0 0 0-1 241.TBD5 Softwire46- 1216 Priority 1217 0-1 0-1 0 0 0-1 241.TBD6 Softwire46- 1218 Multicast 1220 6. Security Considerations 1222 Known security vulnerabilities of the RADIUS protocol are discussed 1223 in [RFC2607], [RFC2865], and[RFC2869]. Use of IPsec [RFC4301] for 1224 providing security when RADIUS is carried in IPv6 is discussed in 1225 [RFC3162]. 1227 Specific security considerations for interactions between the MAP CE 1228 and the BNG are discussed in [RFC7597] and [RFC7599]. Security 1229 considerations for Lightweight 4over6 are discussed in [RFC7596]. 1230 Security considerations for DHCPv6-Based Softwire46 Prioritization 1231 Mechanism are discussed in [RFC8026]. Security considerations for 1232 multicast scenarios are discussed in [RFC8114]. Furthermore, generic 1233 DHCPv6 security mechanisms can be applied to DHCPv6 1234 intercommunication between the CE and the BNG. 1236 7. IANA Considerations 1238 IANA is requested to make new code point assignments for RADIUS 1239 attributes as described in the following subsections. 1241 7.1. New RADIUS Attributes 1243 This document requests IANA to assign the Attribute Types defined in 1244 this document from the RADIUS namespace as described in the "IANA 1245 Considerations" section of [RFC3575], in accordance with BCP 26 1246 [RFC8126]. 1248 This document requests that IANA register three new RADIUS 1249 attributes, from the "Short Extended Space" of [RFC6929]. The 1250 attributes are: Softwire46-Configuration Attribute, 1251 Softwire46-Priority Attribute, and Softwire46-Multicast Attribute: 1253 Type Description Data Type Reference 1254 ---- ----------- --------- --------- 1255 241.TBD1 Softwire46-Configuration tlv Section 3.1 1256 241.TBD5 Softwire46-Priority tlv Section 3.2 1257 241.TBD6 Softwire46-Multicast tlv Section 3.3 1259 7.2. RADIUS Softwire46 Configuration and Multicast Attributes 1261 IANA is requested to create a new registry called "RADIUS Softwire46 1262 Configuration and Multicast Attributes". 1264 All attributes in this registry have one or more parent RADIUS 1265 attributes in nesting (refer to [RFC6929]). 1267 This registry must be initially populated with the following values: 1269 Value Description Data Type Reference 1270 ----- ----------- --------- --------- 1271 0 Reserved 1272 1 Softwire46-MAP-E tlv Section 3.1.1.1 1273 2 Softwire46-MAP-T tlv Section 3.1.1.2 1274 3 Softwire46-Lightweight-4over6 tlv Section 3.1.1.3 1275 4 Softwire46-Rule tlv Section 3.1.3.1 1276 5 Softwire46-Rule tlv Section 3.1.3.1 1277 6 Softwire46-BR ipv6addr Section 3.1.3.2 1278 7 Softwire46-DMR ipv6prefix Section 3.1.3.3 1279 8 Softwire46-V4V6Bind tlv Section 3.1.3.4 1280 9 Softwire46-PORTPARAMS tlv Section 3.1.3.5 1281 10 Rule-IPv6-Prefix ipv6prefix Section 3.1.4.1 1282 11 Rule-IPv4-Prefix ipv4prefix Section 3.1.4.2 1283 12 EA-Length integer Section 3.1.4.3 1284 13 IPv4-address ipv4addr Section 3.1.5.1 1285 14 Bind-IPv6-Prefix ipv6prefix Section 3.1.5.2 1286 15 PSID-offset integer Section 3.1.6.1 1287 16 PSID-len integer Section 3.1.6.2 1288 17 PSID integer Section 3.1.6.3 1289 18 Softwire64-Option-Code integer Section 3.2.1 1290 19 ASM-Prefix64 ipv6prefix Section 3.3.1 1291 20 SSM-Prefix64 ipv6prefix Section 3.3.2 1292 21 U-Prefix64 ipv6prefix Section 3.3.3 1293 22-255 Unassigned 1295 The registration procedure for this registry is Standards Action as 1296 defined in [RFC8126]. 1298 7.3. Softwire46 Mechanisms and Their Identifying Option Codes 1300 The Softwire46-Priority Attribute defines a 16-bit Softwire46-option- 1301 code field, for which IANA is requested to create and maintain a new 1302 registry entitled "Option Codes Permitted in the Softwire46-Priority 1303 Attribute". The registration procedure for this registry is 1304 Standards Action as defined in [RFC8126]. 1306 This document requests IANA to register the three option codes of the 1307 Softwire46 mechanisms permitted to be included in the 1308 Softwire46-Priority Attribute. The value of option code corresponds 1309 to the TLV-Type defined in Section 3.1.1. Additional options may be 1310 added to this list in the future using the IETF Review process 1311 described in Section 4.8 of [RFC8126]. 1313 Table 3 shows the option codes required, and the Softwire46 1314 mechanisms that they represent. The option code for DS-Lite is 1315 derived from the IANA allocated RADIUS Attribute Type value for DS- 1316 Lite [RFC6519]. The option codes for MAP-E, MAP-T, and Lightweight 1317 4over6 need to be assigned. The option codes for MAP-E, MAP-T, and 1318 Lightweight 4over6 should also be used as the TLV-Type values for the 1319 MAP-E, MAP-T, and Lightweight 4over6 attributes defined in 1320 Section 3.1.1. 1322 +-----------+--------------------+-----------+ 1323 |Option Code|Softwire46 Mechanism| Reference | 1324 +-----------+--------------------+-----------+ 1325 | TBD2 | MAP-E | RFC7597 | 1326 | TBD3 | MAP-T | RFC7599 | 1327 | TBD4 | Lightweight 4over6 | RFC7596 | 1328 | 144 | DS-Lite | RFC6519 | 1329 +--------------------------------+-----------+ 1331 Table 3: Option Codes to S46 Mechanisms 1333 8. Contributing Authors 1334 Qiong Sun 1335 China Telecom 1336 Beijing China 1337 Email: sunqiong@ctbri.com.cn 1339 Qi Sun 1340 Tsinghua University 1341 Department of Computer Science, Tsinghua University 1342 Beijing 100084 1343 P.R.China 1344 Phone: +86-10-6278-5822 1345 Email: sunqibupt@gmail.com 1347 Cathy Zhou 1348 Huawei Technologies 1349 Bantian, Longgang District 1350 Shenzhen 518129 1351 Email: cathy.zhou@huawei.com 1353 Tina Tsou 1354 Huawei Technologies(USA) 1355 2330 Central Expressway 1356 Santa Clara, CA 95050 1357 USA 1358 Email: Tina.Tsou.Zouting@huawei.com 1360 ZiLong Liu 1361 Tsinghua University 1362 Beijing 100084 1363 P.R.China 1364 Phone: +86-10-6278-5822 1365 Email: liuzilong8266@126.com 1367 Yong Cui 1368 Tsinghua University 1369 Beijing 100084 1370 P.R.China 1371 Phone: +86-10-62603059 1372 Email: yong@csnet1.cs.tsinghua.edu.cn 1374 9. Acknowledgements 1376 The authors would like to thank the valuable comments made by Peter 1377 Lothberg, Wojciech Dec, Ian Farrer, Suresh Krishnan, Qian Wang, Wei 1378 Meng, Cui Wang, Alan Dekok, Stefan Winter, and Yu Tianpeng to this 1379 document. 1381 This document was merged with draft-sun-softwire-lw4over6-radext-01 1382 and draft-wang-radext-multicast-radius-ext-00, thanks to everyone who 1383 contributed to this document. 1385 This document was produced using the xml2rfc tool [RFC7991]. 1387 10. References 1389 10.1. Normative References 1391 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1392 Requirement Levels", BCP 14, RFC 2119, 1393 DOI 10.17487/RFC2119, March 1997, 1394 . 1396 [RFC2865] Rigney, C., Willens, S., Rubens, A., and W. Simpson, 1397 "Remote Authentication Dial In User Service (RADIUS)", 1398 RFC 2865, DOI 10.17487/RFC2865, June 2000, 1399 . 1401 [RFC3162] Aboba, B., Zorn, G., and D. Mitton, "RADIUS and IPv6", 1402 RFC 3162, DOI 10.17487/RFC3162, August 2001, 1403 . 1405 [RFC3575] Aboba, B., "IANA Considerations for RADIUS (Remote 1406 Authentication Dial In User Service)", RFC 3575, 1407 DOI 10.17487/RFC3575, July 2003, 1408 . 1410 [RFC5080] Nelson, D. and A. DeKok, "Common Remote Authentication 1411 Dial In User Service (RADIUS) Implementation Issues and 1412 Suggested Fixes", RFC 5080, DOI 10.17487/RFC5080, December 1413 2007, . 1415 [RFC6052] Bao, C., Huitema, C., Bagnulo, M., Boucadair, M., and X. 1416 Li, "IPv6 Addressing of IPv4/IPv6 Translators", RFC 6052, 1417 DOI 10.17487/RFC6052, October 2010, 1418 . 1420 [RFC6158] DeKok, A., Ed. and G. Weber, "RADIUS Design Guidelines", 1421 BCP 158, RFC 6158, DOI 10.17487/RFC6158, March 2011, 1422 . 1424 [RFC6929] DeKok, A. and A. Lior, "Remote Authentication Dial In User 1425 Service (RADIUS) Protocol Extensions", RFC 6929, 1426 DOI 10.17487/RFC6929, April 2013, 1427 . 1429 [RFC8026] Boucadair, M. and I. Farrer, "Unified IPv4-in-IPv6 1430 Softwire Customer Premises Equipment (CPE): A DHCPv6-Based 1431 Prioritization Mechanism", RFC 8026, DOI 10.17487/RFC8026, 1432 November 2016, . 1434 [RFC8044] DeKok, A., "Data Types in RADIUS", RFC 8044, 1435 DOI 10.17487/RFC8044, January 2017, 1436 . 1438 [RFC8114] Boucadair, M., Qin, C., Jacquenet, C., Lee, Y., and Q. 1439 Wang, "Delivery of IPv4 Multicast Services to IPv4 Clients 1440 over an IPv6 Multicast Network", RFC 8114, 1441 DOI 10.17487/RFC8114, March 2017, 1442 . 1444 [RFC8115] Boucadair, M., Qin, J., Tsou, T., and X. Deng, "DHCPv6 1445 Option for IPv4-Embedded Multicast and Unicast IPv6 1446 Prefixes", RFC 8115, DOI 10.17487/RFC8115, March 2017, 1447 . 1449 [RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for 1450 Writing an IANA Considerations Section in RFCs", BCP 26, 1451 RFC 8126, DOI 10.17487/RFC8126, June 2017, 1452 . 1454 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 1455 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 1456 May 2017, . 1458 [RFC8415] Mrugalski, T., Siodelski, M., Volz, B., Yourtchenko, A., 1459 Richardson, M., Jiang, S., Lemon, T., and T. Winters, 1460 "Dynamic Host Configuration Protocol for IPv6 (DHCPv6)", 1461 RFC 8415, DOI 10.17487/RFC8415, November 2018, 1462 . 1464 10.2. Informative References 1466 [RFC2607] Aboba, B. and J. Vollbrecht, "Proxy Chaining and Policy 1467 Implementation in Roaming", RFC 2607, 1468 DOI 10.17487/RFC2607, June 1999, 1469 . 1471 [RFC2869] Rigney, C., Willats, W., and P. Calhoun, "RADIUS 1472 Extensions", RFC 2869, DOI 10.17487/RFC2869, June 2000, 1473 . 1475 [RFC4301] Kent, S. and K. Seo, "Security Architecture for the 1476 Internet Protocol", RFC 4301, DOI 10.17487/RFC4301, 1477 December 2005, . 1479 [RFC6333] Durand, A., Droms, R., Woodyatt, J., and Y. Lee, "Dual- 1480 Stack Lite Broadband Deployments Following IPv4 1481 Exhaustion", RFC 6333, DOI 10.17487/RFC6333, August 2011, 1482 . 1484 [RFC6346] Bush, R., Ed., "The Address plus Port (A+P) Approach to 1485 the IPv4 Address Shortage", RFC 6346, 1486 DOI 10.17487/RFC6346, August 2011, 1487 . 1489 [RFC6519] Maglione, R. and A. Durand, "RADIUS Extensions for Dual- 1490 Stack Lite", RFC 6519, DOI 10.17487/RFC6519, February 1491 2012, . 1493 [RFC7596] Cui, Y., Sun, Q., Boucadair, M., Tsou, T., Lee, Y., and I. 1494 Farrer, "Lightweight 4over6: An Extension to the Dual- 1495 Stack Lite Architecture", RFC 7596, DOI 10.17487/RFC7596, 1496 July 2015, . 1498 [RFC7597] Troan, O., Ed., Dec, W., Li, X., Bao, C., Matsushima, S., 1499 Murakami, T., and T. Taylor, Ed., "Mapping of Address and 1500 Port with Encapsulation (MAP-E)", RFC 7597, 1501 DOI 10.17487/RFC7597, July 2015, 1502 . 1504 [RFC7598] Mrugalski, T., Troan, O., Farrer, I., Perreault, S., Dec, 1505 W., Bao, C., Yeh, L., and X. Deng, "DHCPv6 Options for 1506 Configuration of Softwire Address and Port-Mapped 1507 Clients", RFC 7598, DOI 10.17487/RFC7598, July 2015, 1508 . 1510 [RFC7599] Li, X., Bao, C., Dec, W., Ed., Troan, O., Matsushima, S., 1511 and T. Murakami, "Mapping of Address and Port using 1512 Translation (MAP-T)", RFC 7599, DOI 10.17487/RFC7599, July 1513 2015, . 1515 [RFC7991] Hoffman, P., "The "xml2rfc" Version 3 Vocabulary", 1516 RFC 7991, DOI 10.17487/RFC7991, December 2016, 1517 . 1519 Appendix A. DHCPv6 to RADIUS Field Mappings 1521 The following sections detail the mappings between the softwire 1522 DHCPv6 option fields and the relevant RADIUS attributes as defined in 1523 this document. 1525 A.1. OPTION_S46_RULE (89) to Softwire46-Rule Sub-TLV Field Mappings 1527 +---------------------+----------------------+----------------------+ 1528 | OPTION_S46_RULE | Softwire46-Rule Name | TLV Field | 1529 | Field | | | 1530 +---------------------+----------------------+----------------------+ 1531 | flags | N/A | TLV-type (TBD7, | 1532 | | | TBD8) | 1533 | ea-len | EA-Length | EA-len | 1534 | prefix4-len | Rule-IPv4-Prefix | ruleprefix4-len | 1535 | ipv4-prefix | Rule-IPv4-Prefix | rule-ipv4-prefix | 1536 | prefix6-len | Rule-IPv6-Prefix | ruleprefix6-len | 1537 | ipv6-prefix | Rule-IPv6-Prefix | rule-ipv6-prefix | 1538 +---------------------+----------------------+----------------------+ 1540 A.2. OPTION_S46_BR (90) to Softwire46-BR Field Mappings 1542 +---------------------+---------------------+ 1543 | OPTION_S46_BR Field | Softwire46-BR Field | 1544 +---------------------+---------------------+ 1545 | br-ipv6-address | br-ipv6-address | 1546 +---------------------+---------------------+ 1548 A.3. OPTION_S46_DMR (91) to Softwire46-DMR 1550 +---------------------+----------------------+ 1551 | OPTION_S46_BR Field | Softwire46-DMR Field | 1552 +---------------------+----------------------+ 1553 | dmr-prefix6-len | dmr-prefix6-len | 1554 | dmr-ipv6-prefix | dmr-ipv6-prefix | 1555 +---------------------+----------------------+ 1557 A.4. OPTION_S46_V4V6BIND (92) to Softwire46-V4V6Bind 1559 +-----------------------+------------------------+------------------+ 1560 | OPTION_S46_V4V6BIND | Softwire46-V4V6Bind | TLV Field | 1561 | Field | Name | | 1562 +-----------------------+------------------------+------------------+ 1563 | ipv4-address | IPv4-address | ipv4-address | 1564 | bindprefix6-len | Bind-IPv6-Prefix | bind6prefix-len | 1565 | bind-ipv6-prefix | Bind-IPv6-Prefix | bind-ipv6-prefix | 1566 +-----------------------+------------------------+------------------+ 1568 A.5. OPTION_S46_PORTPARAMS (93) to Softwire46-PORTPARAMS Field Mappings 1570 +--------------------------+--------------------------+-------------+ 1571 | OPTION_S46_PORTPARAMS | Softwire46-PORTPARAMS | TLV Field | 1572 | Field | Name | | 1573 +--------------------------+--------------------------+-------------+ 1574 | offset | PSID-offset | PSID-Offset | 1575 | PSID-len | PSID-len | PSID-len | 1576 | PSID | PSID | PSID | 1577 +--------------------------+--------------------------+-------------+ 1579 A.6. OPTION_S46_PRIORITY (111) to Softwire46-PORTPARAMS Field Mappings 1581 +---------------------------+-------------------------------------+ 1582 | OPTION_S46_PRIORITY Field | Softwire46-Priority Attribute Field | 1583 +---------------------------+-------------------------------------+ 1584 | s46-option-code | Softwire46-option-code | 1585 +---------------------------+-------------------------------------+ 1587 A.7. OPTION_V6_PREFIX64 (113) to Softwire46-Multicast Attribute Field 1588 Mappings 1590 +--------------------+------------------------------+---------------+ 1591 | OPTION_V6_PREFIX64 | Softwire46-Multicast | TLV Field | 1592 | Field | Attribute TLV Name | | 1593 +--------------------+------------------------------+---------------+ 1594 | asm-length | ASM-Prefix64 | Prefix-Length | 1595 | ASM_mPrefix64 | ASM-Prefix64 | ASM Prefix64 | 1596 | ssm-length | SSM-Prefix64 | Prefix-Length | 1597 | SSM_mPrefix64 | SSM-Prefix64 | SSM Prefix64 | 1598 | unicast-length | U-Prefix64 | Prefix-Length | 1599 | uPrefix64 | U-Prefix64 | Unicast | 1600 | | | Prefix64 | 1601 +--------------------+------------------------------+---------------+ 1603 Authors' Addresses 1605 Sheng Jiang 1606 Huawei Technologies Co., Ltd 1607 Q14, Huawei Campus, No.156 Beiqing Road 1608 Hai-Dian District, Beijing, 100095 1609 P.R. China 1611 Email: jiangsheng@huawei.com 1612 Yu Fu 1613 CNNIC 1614 No.4 South 4th Street, Zhongguancun 1615 Hai-Dian District, Beijing, 100190 1616 P.R. China 1618 Email: eleven711711@foxmail.com 1620 Bing Liu 1621 Huawei Technologies Co., Ltd 1622 Q14, Huawei Campus, No.156 Beiqing Road 1623 Hai-Dian District, Beijing, 100095 1624 P.R. China 1626 Email: leo.liubing@huawei.com 1628 Peter Deacon 1629 IEA Software, Inc. 1630 P.O. Box 1170 1631 Veradale, WA 99037 1632 USA 1634 Email: peterd@iea-software.com 1636 Chongfeng Xie 1637 China Telecom 1638 Beijing 1639 P.R. China 1641 Email: xiechf.bri@chinatelecom.cn 1643 Tianxiang Li 1644 Tsinghua University 1645 Beijing 100084 1646 P.R.China 1648 Email: peter416733@gmail.com 1649 Mohamed Boucadair (editor) 1650 Orange 1651 Rennes, 35000 1652 France 1654 Email: mohamed.boucadair@orange.com