idnits 2.17.1 draft-ietf-softwire-map-radius-24.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There is 1 instance of too long lines in the document, the longest one being 3 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 1254 has weird spacing: '...uration tlv ...' -- The document date (May 31, 2019) is 1792 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Downref: Normative reference to an Informational RFC: RFC 5176 Summary: 2 errors (**), 0 flaws (~~), 2 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Softwire S. Jiang, Ed. 3 Internet-Draft Huawei Technologies Co., Ltd 4 Intended status: Standards Track Y. Fu, Ed. 5 Expires: December 2, 2019 CNNIC 6 C. Xie 7 China Telecom 8 T. Li 9 Tsinghua University 10 M. Boucadair, Ed. 11 Orange 12 May 31, 2019 14 RADIUS Attributes for Address plus Port (A+P) based Softwire Mechanisms 15 draft-ietf-softwire-map-radius-24 17 Abstract 19 IPv4-over-IPv6 transition mechanisms provide IPv4 connectivity 20 services over IPv6 native networks during the IPv4/IPv6 co-existence 21 period. DHCPv6 options have been defined for configuring clients for 22 Lightweight 4over6, Mapping of Address and Port with Encapsulation, 23 and Mapping of Address and Port using Translation unicast softwire 24 mechanisms, and also multicast softwires. However, in many networks, 25 configuration information is stored in an Authentication, 26 Authorization, and Accounting server which utilizes the RADIUS 27 protocol to provide centralized management for users. When a new 28 transition mechanism is developed, new RADIUS attributes need to be 29 defined correspondingly. 31 This document defines new RADIUS attributes to carry Address plus 32 Port based softwire configuration parameters from an Authentication, 33 Authorization, and Accounting server to a Broadband Network Gateway. 34 Both unicast and multicast attributes are covered. 36 Status of This Memo 38 This Internet-Draft is submitted in full conformance with the 39 provisions of BCP 78 and BCP 79. 41 Internet-Drafts are working documents of the Internet Engineering 42 Task Force (IETF). Note that other groups may also distribute 43 working documents as Internet-Drafts. The list of current Internet- 44 Drafts is at https://datatracker.ietf.org/drafts/current/. 46 Internet-Drafts are draft documents valid for a maximum of six months 47 and may be updated, replaced, or obsoleted by other documents at any 48 time. It is inappropriate to use Internet-Drafts as reference 49 material or to cite them other than as "work in progress." 51 This Internet-Draft will expire on December 2, 2019. 53 Copyright Notice 55 Copyright (c) 2019 IETF Trust and the persons identified as the 56 document authors. All rights reserved. 58 This document is subject to BCP 78 and the IETF Trust's Legal 59 Provisions Relating to IETF Documents 60 (https://trustee.ietf.org/license-info) in effect on the date of 61 publication of this document. Please review these documents 62 carefully, as they describe your rights and restrictions with respect 63 to this document. Code Components extracted from this document must 64 include Simplified BSD License text as described in Section 4.e of 65 the Trust Legal Provisions and are provided without warranty as 66 described in the Simplified BSD License. 68 Table of Contents 70 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 71 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5 72 3. New RADIUS Attributes . . . . . . . . . . . . . . . . . . . . 6 73 3.1. Softwire46-Configuration Attribute . . . . . . . . . . . 6 74 3.1.1. Softwire46 Attributes . . . . . . . . . . . . . . . . 8 75 3.1.1.1. Softwire46-MAP-E Attribute . . . . . . . . . . . 10 76 3.1.1.2. Softwire46-MAP-T Attribute . . . . . . . . . . . 10 77 3.1.1.3. Softwire46-Lightweight-4over6 Attribute . . . . . 11 78 3.1.2. Softwire46 Sub-Attributes . . . . . . . . . . . . . . 11 79 3.1.3. Specification of the Softwire46 Sub-Attributes . . . 12 80 3.1.3.1. Softwire46-Rule Attribute . . . . . . . . . . . . 12 81 3.1.3.2. Softwire46-BR Attribute . . . . . . . . . . . . . 13 82 3.1.3.3. Softwire46-DMR Attribute . . . . . . . . . . . . 13 83 3.1.3.4. Softwire46-V4V6Bind Attribute . . . . . . . . . . 14 84 3.1.3.5. Softwire46-PORTPARAMS Attribute . . . . . . . . . 14 85 3.1.4. Sub-Attributes for Sofwtire46-Rule . . . . . . . . . 15 86 3.1.4.1. Rule-IPv6-Prefix Attribute . . . . . . . . . . . 15 87 3.1.4.2. Rule-IPv4-Prefix Attribute . . . . . . . . . . . 16 88 3.1.4.3. EA-Length Attribute . . . . . . . . . . . . . . . 16 89 3.1.5. Attributes for Softwire46-v4v6Bind . . . . . . . . . 17 90 3.1.5.1. IPv4-Address Attribute . . . . . . . . . . . . . 17 91 3.1.5.2. Bind-IPv6-Prefix Attribute . . . . . . . . . . . 17 92 3.1.6. Attributes for Softwire46-PORTPARAMS . . . . . . . . 18 93 3.1.6.1. PSID-Offset Attribute . . . . . . . . . . . . . . 18 94 3.1.6.2. PSID-Len Attribute . . . . . . . . . . . . . . . 19 95 3.1.6.3. PSID Attribute . . . . . . . . . . . . . . . . . 19 97 3.2. Softwire46-Priority Attribute . . . . . . . . . . . . . . 20 98 3.2.1. Softwire46-Option-Code . . . . . . . . . . . . . . . 21 99 3.3. Softwire46-Multicast Attribute . . . . . . . . . . . . . 22 100 3.3.1. ASM-Prefix64 Attribute . . . . . . . . . . . . . . . 23 101 3.3.2. SSM-Prefix64 Attribute . . . . . . . . . . . . . . . 24 102 3.3.3. U-Prefix64 Attribute . . . . . . . . . . . . . . . . 24 103 4. A Sample Configuration Process with RADIUS . . . . . . . . . 24 104 5. Table of Attributes . . . . . . . . . . . . . . . . . . . . . 27 105 6. Security Considerations . . . . . . . . . . . . . . . . . . . 28 106 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 28 107 7.1. New RADIUS Attributes . . . . . . . . . . . . . . . . . . 29 108 7.2. RADIUS Softwire46 Configuration and Multicast Attributes 29 109 7.3. Softwire46 Mechanisms and Their Identifying Option Codes 30 110 8. Contributing Authors . . . . . . . . . . . . . . . . . . . . 31 111 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 32 112 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 33 113 10.1. Normative References . . . . . . . . . . . . . . . . . . 33 114 10.2. Informative References . . . . . . . . . . . . . . . . . 34 115 Appendix A. DHCPv6 to RADIUS Field Mappings . . . . . . . . . . 36 116 A.1. OPTION_S46_RULE (89) to Softwire46-Rule Sub-TLV Field 117 Mappings . . . . . . . . . . . . . . . . . . . . . . . . 36 118 A.2. OPTION_S46_BR (90) to Softwire46-BR Field Mappings . . . 36 119 A.3. OPTION_S46_DMR (91) to Softwire46-DMR . . . . . . . . . . 36 120 A.4. OPTION_S46_V4V6BIND (92) to Softwire46-V4V6Bind . . . . . 36 121 A.5. OPTION_S46_PORTPARAMS (93) to Softwire46-PORTPARAMS Field 122 Mappings . . . . . . . . . . . . . . . . . . . . . . . . 37 123 A.6. OPTION_S46_PRIORITY (111) to Softwire46-PORTPARAMS Field 124 Mappings . . . . . . . . . . . . . . . . . . . . . . . . 37 125 A.7. OPTION_V6_PREFIX64 (113) to Softwire46-Multicast 126 Attribute Field Mappings . . . . . . . . . . . . . . . . 37 127 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 37 129 1. Introduction 131 Providers have started deploying and transitioning to IPv6. Several 132 IPv4 service continuity mechanisms based on the Address plus Port 133 (A+P) [RFC6346] have been proposed for providing unicast IPv4 over 134 IPv6-only infrastructure, such as Mapping of Address and Port with 135 Encapsulation (MAP-E) [RFC7597], Mapping of Address and Port using 136 Translation (MAP-T) [RFC7599], and Lightweight 4over6 [RFC7596]. 137 Also, [RFC8114] specifies a generic solution for the delivery of IPv4 138 multicast services to IPv4 clients over an IPv6 multicast network. 139 For each of these mechanisms, DHCPv6 options have been specified for 140 client configuration. 142 In many networks, user configuration information is stored in an 143 Authentication, Authorization, and Accounting (AAA) server. AAA 144 servers generally communicate using the Remote Authentication Dial In 145 User Service (RADIUS) [RFC2865] protocol. In a fixed broadband 146 network, a Broadband Network Gateway (BNG) acts as the access gateway 147 for users. That is, the BNG acts as both an AAA client to the AAA 148 server, and a DHCPv6 server for DHCPv6 messages sent by clients. 149 Throughout this document, the term BNG describes a device 150 implementing both the AAA client and DHCPv6 server functions. 152 Since IPv4-in-IPv6 softwire configuration information is stored in an 153 AAA server, and user configuration information is mainly transmitted 154 through DHCPv6 between the BNGs and Customer Premises Equipment (CEs, 155 a.k.a., CPE), new RADIUS attributes are needed to propagate the 156 information from the AAA servers to BNGs. 158 The RADIUS attributes defined in this document provide configuration 159 to populate the corresponding DHCPv6 options for unicast and 160 multicast softwire configuration, specifically: 162 o "Mapping of Address and Port with Encapsulation (MAP-E)" [RFC7597] 163 (DHCPv6 options defined in [RFC7598]). 165 o "Mapping of Address and Port using Translation (MAP-T)" [RFC7599] 166 (DHCPv6 options defined in [RFC7598]). 168 o "Lightweight 4over6: An Extension to the Dual-Stack Lite 169 Architecture" [RFC7596] (DHCPv6 options defined in [RFC7598]). 171 o "Unified IPv4-in-IPv6 Softwire Customer Premises Equipment (CPE): 172 A DHCPv6-Based Prioritization Mechanism" [RFC8026]. 174 o "Delivery of IPv4 Multicast Services to IPv4 Clients over an IPv6 175 Multicast Network" [RFC8114] (DHCPv6 options defined in 176 [RFC8115]). 178 The contents of the attributes defined in this document have a 1:1 179 mapping into the fields of the various DHCPv6 options in [RFC7598], 180 [RFC8026], and [RFC8115]. Table 1 shows how the DHCPv6 options map 181 to the corresponding RADIUS attribute. For detailed mappings between 182 each DHCPv6 option field and the corresponding RADIUS Attribute or 183 field, see Appendix A. 185 +----------------------------+--------------------------------+ 186 | DHCPv6 Option | RADIUS Attribute | 187 +----------------------------+--------------------------------+ 188 | OPTION_S46_RULE (89) | Softwire46-Rule | 189 | OPTION_S46_BR (90) | Softwire46-BR | 190 | OPTION_S46_DMR (91) | Softwire46-DMR | 191 | OPTION_S46_V4V6BIND (92) | Softwire46-V4V6Bind | 192 | OPTION_S46_PORTPARAMS (93) | Softwire46-PORTPARAMS | 193 | OPTION_S46_PRIORITY (111) | Softwire46-Priority | 194 | OPTION_V6_PREFIX64 (113) | Softwire46-Multicast | 195 +----------------------------+--------------------------------+ 197 Table 1: Mapping between DHCPv6 Options and RADIUS Attributes 199 A RADIUS attribute for Dual-Stack Lite [RFC6333] is defined in 200 [RFC6519]. 202 2. Terminology 204 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 205 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 206 "OPTIONAL" in this document are to be interpreted as described in 207 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, 208 as shown here. 210 The reader should be familiar with the concepts and terms defined in 211 [RFC7596], [RFC7597], [RFC7599], and [RFC8026]. 213 The terms "multicast Basic Bridging BroadBand" element (mB4) and 214 "multicast Address Family Transition Router" element (mAFTR) are 215 defined in [RFC8114]. 217 Softwire46 (S46) is used throughout to denote any of the IPv4-in-IPv6 218 softwire mechanisms listed above. Additionally, the following 219 abbreviations are used within the document: 221 o BNG: Broadband Network Gateway 223 o BR: Border Relay 225 o CE: Customer Edge 227 o DMR: Default Mapping Rule 229 o lwAFTR: Lightweight AFTR 231 o PSID: Port Set Identifier 232 o TLV: Type, Length, Value 234 o MAP-E: Mapping of Address and Port with Encapsulation 236 o MAP-T: Mapping of Address and Port using Translation 238 3. New RADIUS Attributes 240 This section defines the following attributes: 242 1. Softwire46-Configuration Attribute (Section 3.1): 244 This attribute carries the configuration information for MAP-E, 245 MAP-T, and Lightweight 4over6. The configuration information for 246 each Softwire46 mechanism is carried in the corresponding 247 Softwire46 attributes. Different attributes are required for 248 each Softwire46 mechanism. 250 2. Softwire46-Priority Attribute (Section 3.2): 252 Depending on the deployment scenario, a client may support 253 several different Softwire46 mechanisms and so request 254 configuration for more than one Softwire46 mechanism at a time. 255 The Softwire46-Priority Attribute contains information allowing 256 the client to prioritize which mechanism to use, corresponding to 257 OPTION_S46_PRIORITY defined in [RFC8026]. 259 3. Softwire46-Multicast Attribute (Section 3.3): 261 This attribute conveys the IPv6 prefixes to be used in [RFC8114] 262 to synthesize IPv4-embedded IPv6 addresses. The BNG uses the 263 IPv6 prefixes returned in the RADIUS Softwire46-Multicast 264 Attribute to populate the DHCPv6 PREFIX64 Option [RFC8115]. 266 All of these attributes are allocated from the RADIUS "Extended Type" 267 code space per [RFC6929]. 269 All of these attribute designs follow [RFC6158] and [RFC6929]. 271 This document adheres to [RFC8044] for defining the new RADIUS 272 attributes. 274 3.1. Softwire46-Configuration Attribute 276 This attribute is of type "tlv", as defined in the RADIUS Protocol 277 Extensions [RFC6929]. It contains some sub-attributes, with the 278 following requirements: 280 The Softwire46-Configuration Attribute MUST contain one or more of 281 the following attributes: Softwire46-MAP-E, Softwire46-MAP-T, and/ 282 or Softwire46-Lightweight-4over6. 284 The Softwire46-Configuration Attribute conveys the configuration 285 information for MAP-E, MAP-T, or Lightweight 4over6. The BNG 286 SHALL use the configuration information returned in the RADIUS 287 attribute to populate the DHCPv6 Softwire46 Container Option 288 defined in Section 5 of [RFC7598]. 290 The Softwire46-Configuration Attribute MAY appear in an Access- 291 Accept packet. It MAY also appear in an Access-Request packet to 292 indicate a preferred Softwire46 configuration. However, the 293 server is not required to honor such a preference. 295 The Softwire46-Configuration Attribute MAY appear in a CoA-Request 296 packet. 298 The Softwire46-Configuration Attribute MAY appear in an 299 Accounting-Request packet. 301 The Softwire46-Configuration Attribute MUST NOT appear in any 302 other RADIUS packet. 304 The Softwire46-Configuration Attribute MUST only encapsulate one 305 or more of the Softwire46 attributes defined in this document. 307 The Softwire46-Configuration Attribute is structured as follows: 309 Type 310 241 (To be confirmed by IANA). 312 Length 313 Indicates the total length, in bytes, of all fields of 314 this attribute, including the Type, Length, Extended-Type, 315 and the entire length of the embedded attributes. 317 Extended-Type 318 TBD1 320 Value 321 Contains one or more of the following attributes. Each attribute 322 type may appear at most once: 324 Softwire46-MAP-E 325 For configuring MAP-E clients. For the construction of 326 this attribute, refer to Section 3.1.1.1. 328 Softwire46-MAP-T 329 For configuring MAP-T clients. For the construction of 330 this attribute, refer to Section 3.1.1.2. 332 Softwire46-Lightweight-4over6 333 For configuring Lightweight 4over6 clients. For the 334 construction of this attribute, refer to Section 3.1.1.3. 336 The Softwire46-Configuration Attribute is associated with the 337 following identifier: 241.Extended-Type(TBD1). 339 3.1.1. Softwire46 Attributes 341 The Softwire46 attributes can only be encapsulated in the 342 Softwire46-Configuration Attribute. Depending on the deployment 343 scenario, a client might request for more than one transition 344 mechanism at a time. There MUST be at least one Softwire46 attribute 345 encapsulated in one Softwire46-Configuration Attribute. There MUST 346 be at most one instance of each type of Softwire46 attribute 347 encapsulated in one Softwire46-Configuration Attribute. 349 There are three types of Softwire46 attributes, namely: 351 1. Softwire46-MAP-E (Section 3.1.1.1) 353 2. Softwire46-MAP-T (Section 3.1.1.2) 355 3. Softwire46-Lightweight 4over6 (Section 3.1.1.3) 356 Each type of Softwire46 attribute contains a number of sub- 357 attributes, defined in Section 3.1.3. The hierarchy of the 358 Softwire46 attributes is shown in Figure 1. Section 3.1.2 describes 359 which sub-attributes are mandatory, optional, or not permitted for 360 each defined Softwire46 attribute. 362 /1.Rule-IPv6-Prefix 363 S / | 364 o / | 1.Softwire46-Rule -----+ 2.Rule-IPv4-Prefix 365 f | Softwire46-MAP-E--+ | 366 t | | 2.Softwire46-BR | 3.EA Length 367 w | | \ 368 i | | /1.PSID-Offset 369 r | | | 370 e | | 3.Softwire46-PORTPARAMS -----+ 2.PSID-Len 371 - | \ | 372 C | | 3.PSID 373 o | \ 374 n | 375 f | /1.Rule-IPv6-Prefix 376 i | / | 377 g | | 1.Softwire46-Rule------+ 2.Rule-IPv4-Prefix 378 u | Softwire46-MAP-T--+ | 379 r | | 2.Softwire46-DMR | 3.EA Length 380 a | | \ 381 t | | /1.PSID-Offset 382 i | | | 383 o | | 3.Softwire46-PORTPARAMS------+ 2.PSID-Len 384 n | \ | 385 | | 3.PSID 386 A | \ 387 t | 388 t | /1.IPv4-Address 389 r | / | 390 i | | 1.Softwire46-V4V6Bind -----+ 2.Bind-IPv6-Prefix 391 b | Softwire46- | \ 392 u | Lightweight-4over6+ 2.Softwire46-BR /1.PSID-Offset 393 t \ | | 394 e | 3.Softwire46-PORTPARAMS ----+ 2.PSID-Len 395 \ | 396 | 3.PSID 397 \ 399 Figure 1: Softwire46 Attributes Hierarchy 401 3.1.1.1. Softwire46-MAP-E Attribute 403 Softwire46-MAP-E attribute is designed for carrying the configuration 404 information for MAP-E. The structure of Softwire46-MAP-E is shown 405 below: 407 TLV-Type 408 1 410 TLV-Length 411 Indicates the length of this attribute, including 412 the TLV-Type, TLV-Length, and TLV-Value fields. 414 TLV-Value 415 Contains a set of sub-attributes, with the following requirements: 417 It MUST contain Softwire46-Rule, defined in Section 3.1.3.1. 419 It MUST contain Softwire46-BR, defined in Section 3.1.3.2. 421 It MAY contain Softwire46-PORTPARAMS, defined in Section 3.1.3.5. 423 3.1.1.2. Softwire46-MAP-T Attribute 425 Softwire46-MAP-T attribute is designed for carrying the configuration 426 information for MAP-T. The structure of Softwire46-MAP-T is shown 427 below: 429 TLV-Type 430 2 432 TLV-Length 433 Indicates the length of this attribute, including 434 the TLV-Type, TLV-Length, and TLV-Value fields. 436 TLV-Value 437 Contains a set of sub-attributes, with the following requirements: 439 It MUST contain Softwire46-Rule, defined in Section 3.1.3.1. 441 It MUST contain Softwire46-DMR, defined in Section 3.1.3.3. 443 It MAY contain Softwire46-PORTPARAMS, defined in Section 3.1.3.5. 445 3.1.1.3. Softwire46-Lightweight-4over6 Attribute 447 Softwire46-Lightweight-4over6 attribute is designed for carrying the 448 configuration information for Lightweight 4over6. The structure of 449 Softwire46-Lightweight-4over6 is shown below: 451 TLV-Type 452 3 454 TLV-Length 455 Indicates the length of this attribute, including 456 the TLV-Type, TLV-Length, and TLV-Value fields. 458 TLV-Value 459 Contains a set of sub-attributes as follows: 461 It MUST contain Softwire46-BR, defined in Section 3.1.3.2. 463 It MUST contain Softwire46-V4V6Bind, defined in Section 3.1.3.4. 465 It MAY contain Softwire46-PORTPARAMS, defined in Section 3.1.3.5. 467 3.1.2. Softwire46 Sub-Attributes 469 Table 2 shows which encapsulated sub-attributes are mandatory, 470 optional, or not permitted for each defined Softwire46 attribute. 472 +-----------------------+-------+-------+--------------------+ 473 | Sub-Attributes | MAP-E | MAP-T | Lightweight 4over6 | 474 +-----------------------+-------+-------+--------------------+ 475 | Softwire46-BR | 1 | 0 | 1 | 476 | Softwire46-Rule | 1 | 1 | 0 | 477 | Softwire46-DMR | 0 | 1 | 0 | 478 | Softwire46-V4V6Bind | 0 | 0 | 1 | 479 | Softwire46-PORTPARAMS | 0-1 | 0-1 | 0-1 | 480 +-----------------------+-------+-------+--------------------+ 482 Table 2: Softwire46 Sub-Attributes 484 The following table defines the meaning of Table 2 entries. 486 0 Not Permitted 487 0-1 Optional, zero or one instance of the attribute 488 may be present. 489 1 Mandatory, only one instance of the attribute 490 must be present. 492 3.1.3. Specification of the Softwire46 Sub-Attributes 494 3.1.3.1. Softwire46-Rule Attribute 496 Softwire46-Rule can only be encapsulated in Softwire46-MAP-E 497 (Section 3.1.1.1) or Softwire46-MAP-T (Section 3.1.1.2). Depending 498 on the deployment scenario, one Basic Mapping Rule (BMR) and zero or 499 more Forwarding Mapping Rules (FMRs) MUST be included in one 500 Softwire46-MAP-E or Softwire46-MAP-T. 502 Each type of Softwire46-Rule also contains a number of sub- 503 attributes, including Rule-IPv6-Prefix, Rule-IPv4-Prefix, and EA- 504 Length. The structure of the sub-attributes for Softwire46-Rule is 505 defined in Section 3.1.4. 507 Defining multiple TLV-types achieves the same design goals as the 508 "Softwire46 Rule Flags" defined in Section 4.1 of [RFC7598]. Using 509 TLV-type set to 5 is equivalent to setting the F-flag in the 510 OPTION_S46_RULE S46 Rule Flags field. 512 TLV-Type 513 4 Basic Mapping Rule only (not to be used for forwarding) 514 5 Forwarding Permitted Mapping Rule 516 TLV-Length 517 Indicates the length of this attribute, including 518 the TLV-Type, TLV-Length, and TLV-Value fields. 520 Data Type 521 The attribute Softwire46-Rule is of type tlv (Section 3.13 of 522 [RFC8044]). 524 TLV-Value 525 This field contains a set of attributes as follows: 527 Rule-IPv6-Prefix 528 This attribute contains the IPv6 prefix for use in the MAP rule. 529 Refer to Section 3.1.4.1. 531 Rule-IPv4-Prefix 532 This attribute contains the IPv4 prefix for use in the MAP rule. 533 Refer to Section 3.1.4.2. 535 EA-Length 536 This attribute contains the Embedded-Address (EA) bit length. 537 Refer to Section 3.1.4.3. 539 3.1.3.2. Softwire46-BR Attribute 541 Softwire46-BR can only be encapsulated in Softwire46-MAP-E 542 (Section 3.1.1.1) or Softwire46-Lightweight-4over6 (Section 3.1.1.3). 544 There MUST be at least one Softwire46-BR included in each 545 Softwire46-MAP-E or Softwire46-Lightweight-4over6. 547 The structure of Softwire46-BR is shown below: 549 TLV-Type 550 6 552 TLV-Length 553 18 octets 555 Data Type 556 The attribute Softwire46-BR is of type ip6addr (Section 3.9 of 557 [RFC8044]). 559 TLV-Value 560 br-ipv6-address. A fixed-length field of 16 octets that 561 specifies the IPv6 address for the Softwire46 Border Relay (BR). 563 3.1.3.3. Softwire46-DMR Attribute 565 Softwire46-DMR may only appear in Softwire46-MAP-T (Section 3.1.1.2). 566 There MUST be exactly one Softwire46-DMR included in one Softwire46- 567 MAP-T. 569 The structure of Softwire46-DMR is shown below: 571 TLV-Type 572 7 574 TLV-Length 575 4 + length of dmr-ipv6-prefix specified in octets. 577 Data Type 578 The attribute Softwire46-DMR is of type ip6pref (Section 3.10 of 579 [RFC8044]). 581 TLV-Value 582 dmr-ipv6-prefix. A variable-length (dmr-prefix6-len) field 583 specifying the IPv6 prefix for the BR. This field is right-padded 584 with zeros to the nearest octet boundary when dmr-prefix6-len 585 is not divisible by 8. Prefixes with length from 0 to 96 are allowed. 587 3.1.3.4. Softwire46-V4V6Bind Attribute 589 Softwire46-V4V6Bind may only be encapsulated in Softwire46- 590 Lightweight-4over6 (Section 3.1.1.3). There MUST be exactly one 591 Softwire46-V4V6Bind included in each Softwire46-Lightweight-4over6. 593 The structure of Softwire46-V4V6Bind is shown below: 595 TLV-Type 596 8 598 TLV-Length 599 Indicates the length of this attribute, including 600 the TLV-Type, TLV-Length, and TLV-Value fields. 602 Data Type 603 The attribute Softwire46-V4V6Bind is of type tlv (Section 3.13 of 604 [RFC8044]). 606 TLV-Value 607 This field contains a set of attributes as follows: 609 IPv4-Address 610 This attribute contains an IPv4 address, used to specify 611 the full or shared IPv4 address of the CE. Refer to 612 Section 3.1.5.1. 614 Bind-IPv6-Prefix 615 This attribute contains an IPv6 prefix used to indicate which 616 configured prefix the Softwire46 CE should use for constructing 617 the softwire. Refer to Section 3.1.5.2. 619 3.1.3.5. Softwire46-PORTPARAMS Attribute 621 Softwire46-PORTPARAMS is optional. It is used to specify port set 622 information for IPv4 address sharing between clients. 623 Softwire46-PORTPARAMS MAY be included in any of the Softwire46 624 attributes. 626 The structure of Softwire46-PORTPARAMS is shown below: 628 TLV-Type 629 9 631 TLV-Length 632 Indicates the length of this attribute, including 633 the TLV-Type, TLV-Length, and TLV-Value fields. 635 Data Type 636 The attribute Softwire46-PORTPARAMS is of type tlv (Section 3.13 637 of [RFC8044]). 639 TLV-Value 640 This field contains a set of attributes as follows: 642 PSID-Offset 643 This attribute specifies the numeric value for the Softwire46 644 algorithm's excluded port range/offset bits (a bits). Refer to 645 Section 3.1.6.1. 647 PSID-Len 648 This attribute specifies the number of significant bits in the 649 PSID field (also known as 'k'). Refer to Section 3.1.6.2. 651 PSID 652 This attribute specifies PSID value. Refer to Section 3.1.6.3. 654 3.1.4. Sub-Attributes for Sofwtire46-Rule 656 There are two types of Softwire46-Rule: the Basic Mapping Rule and 657 the Forwarding Mapping Rule, indicated by the value in the TLV-Type 658 field of Softwire46-Rule (Section 3.1.3.1). 660 Each type of Softwire46-Rule also contains a number of Sub-attributes 661 as detailed in the following sub-sections. 663 3.1.4.1. Rule-IPv6-Prefix Attribute 665 Rule-IPv6-Prefix is REQUIRED for every Softwire46-Rule. There MUST 666 be exactly one Rule-IPv6-Prefix encapsulated in each type of 667 Softwire46-Rule. 669 Rule-IPv6-Prefix follows the framed IPv6 prefix designed in [RFC3162] 670 and [RFC8044]. 672 The structure of Rule-IPv6-Prefix is shown below: 674 TLV-Type 675 10 677 TLV-Length 678 4 + length of rule-ipv6-prefix specified in octets. 680 Data Type 681 The attribute Rule-IPv6-Prefix is of type ipv6pref (Section 3.10 682 of [RFC8044]). 684 TLV-Value 685 rule-ipv6-prefix. A variable-length field that specifies an IPv6 686 prefix appearing in the MAP rule. 688 3.1.4.2. Rule-IPv4-Prefix Attribute 690 This attribute is used to convey the MAP Rule IPv4 prefix. The 691 structure of Rule-IPv4-Prefix is shown below: 693 TLV-Type 694 11 696 TLV-Length 697 4 + length of rule-ipv4-prefix specified in octets. 699 Data Type 700 The attribute Rule-IPv4-Prefix is of type ipv4pref (Section 3.11 701 of [RFC8044]). 703 TLV-Value 704 rule-ipv4-prefix. A variable-length field that pecifies 705 an IPv4 prefix appearing in the MAP rule. 707 3.1.4.3. EA-Length Attribute 709 This attribute is used to convey the Embedded-Address (EA) bit 710 length. The structure of EA-Length is shown below: 712 TLV-Type 713 12 715 TLV-Length 716 6 octets 718 Data Type 719 The attribute EA-Length is of type integer (Section 3.1 of 720 [RFC8044]). 722 TLV-Value 723 EA-len; 32-bits long. Specifies the Embedded-Address (EA) bit 724 length. Allowed values range from 0 to 48. 726 3.1.5. Attributes for Softwire46-v4v6Bind 728 3.1.5.1. IPv4-Address Attribute 730 The IPv4-Address MAY be used to specify the full or shared IPv4 731 address of the CE. 733 The structure of IPv4-Address is shown below: 735 TLV-Type 736 13 738 TLV-Length 739 6 octets 741 Data Type 742 The attribute IPv4-Address is of type ipv4addr (Section 3.8 743 of [RFC8044]). 745 TLV-Value 746 32-bits long. Specifies the IPv4 address (ipv4-address) to 747 appear in Softwire46-V4V6Bind (Section 3.1.3.4). 749 3.1.5.2. Bind-IPv6-Prefix Attribute 751 The Bind-IPv6-Prefix is used by the CE to identify the correct IPv6 752 prefix to be used as the tunnel source. 754 The structure of Bind-IPv6-Prefix is shown below: 756 TLV-Type 757 14 759 TLV-Length 760 4 + length of bind-ipv6-prefix specified in octets. 762 Data Type 763 The attribute Bind-IPv6-Prefix is of type ipv6pref (Section 3.10 764 of [RFC8044]). 766 TLV-Value 767 bind-ipv6-prefix. A variable-length field specifying the IPv6 768 prefix or address for the Softwire46 CE. This field is 769 right-padded with zeros to the nearest octet boundary 770 when the prefix length is not divisible by 8. 772 3.1.6. Attributes for Softwire46-PORTPARAMS 774 3.1.6.1. PSID-Offset Attribute 776 This attribute is used to convey the Port Set Identifier offset as 777 defined in [RFC7597]. This attribute is encoded in 32 bits as per 778 the recommendation in Appendix A.2.1 of [RFC6158]. 780 The structure of PSID-Offset is shown below: 782 TLV-Type 783 15 785 TLV-Length 786 6 octets 788 Data Type 789 The attribute PSID-Offset is of type integer (Section 3.1 790 of [RFC8044]). 792 TLV-Value 793 Contains the PSID-Offset (8-bits) right 794 justified, and the unused bits in this field MUST 795 be set to zero. This field that specifies the 796 numeric value for the Softwire46 algorithm's excluded 797 port range/offset bits (a bits), as per Section 5.1 798 of [RFC7597]. Allowed values are between 0 and 15. 799 Default values for this field are specific to the 800 Softwire mechanism being implemented and are defined 801 in the relevant specification document. 803 3.1.6.2. PSID-Len Attribute 805 This attribute is used to convey the PSID length as defined in 806 [RFC7597]. This attribute is encoded in 32 bits as per the 807 recommendation in Appendix A.2.1 of [RFC6158]. 809 The structure of PSID-Len is shown below: 811 TLV-Type 812 16 814 TLV-Length 815 6 octets 817 Data Type 818 The attribute PSID-Len is of type integer (Section 3.1 819 of [RFC8044]). 821 TLV-Value 822 Contains the PSID-len (8-bits) right 823 justified, and the unused bits in this field MUST 824 be set to zero. This field specifies the number of 825 significant bits in the PSID field (also known as 826 'k'). When set to 0, the PSID field is to be ignored. 827 After the first 'a' bits, there are k bits in the 828 port number representing the value of the PSID. 829 Subsequently, the address sharing ratio would be 830 2^k. 832 3.1.6.3. PSID Attribute 834 This attribute is used to convey the PSID as defined in [RFC7597]. 835 This attribute is encoded in 32 bits as per the recommendation in 836 Appendix A.2.1 of [RFC6158]. 838 The structure of PSID is shown below: 840 TLV-Type 841 17 843 TLV-Length 844 6 octets 846 Data Type 847 The attribute PSID is of type integer (Section 3.1 848 of [RFC8044]). 850 TLV-Value 851 Contains the PSID (16-bits) right justified, and the unused bits 852 in this field MUST be set to zero. 853 The PSID value algorithmically identifies a set of ports 854 assigned to a CE. The first k bits on the left of this 855 2-octet field is the PSID value. The remaining (16-k) bits 856 on the right are padding zeros. 858 3.2. Softwire46-Priority Attribute 860 The Softwire46-Priority Attribute includes an ordered list of 861 Softwire46 mechanisms allowing the client to prioritize which 862 mechanism to use, corresponding to OPTION_S46_PRIORITY defined in 863 [RFC8026]. The following requirements apply: 865 The Softwire46-Priority Attribute MAY appear in an Access-Accept 866 packet. It MAY also appear in an Access-Request packet. 868 The Softwire46-Priority Attribute MAY appear in a CoA-Request 869 packet. 871 The Softwire46-Priority Attribute MAY appear in an Accounting- 872 Request packet. 874 The Softwire46-Priority Attribute MUST NOT appear in any other 875 RADIUS packet. 877 The Softwrie46-Priority Attribute is structured as follows: 879 Type 880 241 (To be confirmed by IANA) 882 Length 883 Indicates the length of this attribute, 884 including the Type, Length, Extended-Type and Value fields. 886 Extended-Type 887 TBD5 889 TLV-Value 890 The attribute includes one or more Softwire46-Option-Code TLVs: 891 A Softwire46-Priority Attribute MUST contain at least one 892 Softwire46-Option-Code TLV (Section 3.2.1). 894 Softwire46 mechanisms are prioritized in the appearance order 895 of the in the Softwire46-Priority Attribute. 897 The Softwire46-Priority Attribute is associated with the following 898 identifier: 241.Extended-Type (TBD5). 900 3.2.1. Softwire46-Option-Code 902 This attribute is used to convey an option code assigned to a 903 Softwire46 mechanism [RFC8026]. This attribute is encoded in 32 bits 904 as per the recommendation in Appendix A.2.1 of [RFC6158]. 906 The structure of Softwire46-Option-Code is shown below: 908 TLV-Type 909 18 911 TLV-Length 912 6 octets 914 Data Type 915 The attribute Softwire46-Option-Code is of type integer 916 (Section 3.1 of [RFC8044]). 918 TLV-Value 919 A 32-bit IANA-registered option code representing a Softwire46 920 mechanism (Softwire46-option-code). The codes and their 921 corresponding Softwire46 mechanisms are listed in Section 7.3. 923 3.3. Softwire46-Multicast Attribute 925 The Softwire46-Multicast Attribute conveys the IPv6 prefixes to be 926 used to synthesize multicast and unicast IPv4-embedded IPv6 addresses 927 as per [RFC8114]. This attribute is of type "tlv" and contains 928 additional TLVs. The following requirements apply: 930 The BNG SHALL use the IPv6 prefixes returned in the RADIUS 931 Softwire46-Multicast Attribute to populate the DHCPv6 PREFIX64 932 Option [RFC8115]. 934 This attribute MAY be used in Access-Request packets as a hint to 935 the RADIUS server. For example, if the BNG is pre-configured for 936 Softwire46-Multicast, these prefixes may be inserted in the 937 attribute. The RADIUS server MAY ignore the hint sent by the BNG, 938 and it MAY assign a different Softwire46-Multicast Attribute. 940 The Softwire46-Multicast Attribute MAY appear in an Access- 941 Request, Access-Accept, CoA-Request, and Accounting-Request 942 packet. 944 The Softwire46-Multicast Attribute MUST NOT appear in any other 945 RADIUS packet. 947 The Softwire46-Multicast Attribute MAY contain ASM-Prefix64 948 (Section 3.3.1), SSM-Prefix64 (Section 3.3.2), and U-Prefix64 949 (Section 3.3.3). 951 The Softwire46-Multicast Attribute MUST include ASM-Prefix64 or 952 SSM-Prefix64, and it MAY include both. 954 The U-Prefix64 MUST be present when SSM-Prefix64 is present. 955 U-Prefix64 MAY be present when ASM-Prefix64 is present. 957 The Softwire46-Multicast Attribute is structured as follows: 959 Type 960 241 (To be confirmed by IANA) 962 Length 963 This field indicates the total length in bytes of all fields of 964 this attribute, including the Type, Length, Extended-Type, and the 965 entire length of the embedded attributes. 967 Extended-Type 968 TBD6 970 Value 971 This field contains a set of attributes as follows: 973 ASM-Prefix64 974 This attribute contains the ASM IPv6 prefix. Refer to 975 Section 3.3.1. 977 SSM-Prefix64 978 This attribute contains the SSM IPv6 prefix. Refer to 979 Section 3.3.2. 981 U-Prefix64 982 This attribute contains the IPv4 prefix used for address 983 translation. Refer to Section 3.3.3. 985 The Softwire46-Multicast Attribute is associated with the following 986 identifier: 241.Extended-Type(TBD6). 988 3.3.1. ASM-Prefix64 Attribute 990 The ASM-Prefix64 attribute is structured as follows: 992 TLV-Type 993 19 995 TLV-Length 996 16 octets. The length of asm-prefix64 must be to 96 [RFC8115]. 998 Data Type 999 The attribute ASM-Prefix64 is of type ipv6prefix (Section 3.10 of 1000 [RFC8044]). 1002 TLV-Value 1003 This field specifies the IPv6 multicast prefix (asm-prefix64) 1004 to be used to synthesize the IPv4-embedded IPv6 addresses of the 1005 multicast groups in the ASM mode. The conveyed multicast IPv6 1006 prefix MUST belong to the ASM range. 1008 3.3.2. SSM-Prefix64 Attribute 1010 The SSM-Prefix64 attribute is structured as follows: 1012 Type 1013 20 1015 TLV-Length 1016 16 octets. The length of ssm-prefix64 must be to 96 [RFC8115]. 1018 Data Type 1019 The attribute SSM-Prefix64 is of type ipv6prefix (Section 3.10 of 1020 [RFC8044]). 1022 TLV-Type 1023 This field specifies the IPv6 multicast prefix (ssm-prefix64) 1024 to be used to synthesize the IPv4-embedded IPv6 addresses of the 1025 multicast groups in the SSM mode. The conveyed multicast IPv6 1026 prefix MUST belong to the SSM range. 1028 3.3.3. U-Prefix64 Attribute 1030 The structure of U-Prefix64 is shown below: 1032 TLV-Type 1033 21 1035 TLV-Length 1036 4 + length of unicast-prefix. As specified in [RFC6052], 1037 the unicast-prefix prefix-length MUST be set to 32, 40, 48, 1038 56, 64, or 96. 1040 Data Type 1041 The attribute U-Prefix64 is of type ipv6prefix (Section 3.10 of 1042 [RFC8044]). 1044 TLV-Value 1045 This field identifies the IPv6 unicast prefix (u-prefix64) to 1046 be used in SSM mode for constructing the IPv4-embedded IPv6 1047 addresses representing the IPv4 multicast sources in the IPv6 1048 domain. It may also be used to extract the IPv4 address from the 1049 received multicast data flows. 1051 4. A Sample Configuration Process with RADIUS 1053 Figure 2 illustrates how the RADIUS and DHCPv6 protocols interwork to 1054 provide CE with softwire configuration information. 1056 CE BNG AAA Server 1057 | | | 1058 |-------1.DHCPv6 Solicit------->| | 1059 |(ORO with unicast and/or m'cast| | 1060 | container option code(s)) | | 1061 | | | 1062 | |-------2.Access-Request------->| 1063 | | (Softwire46-Configuration | 1064 | | Attribute and/or | 1065 | |Softwire46-Multicast Attribute)| 1066 | | | 1067 | |<------3.Access-Accept---------| 1068 | | (Softwire46-Configuration | 1069 | | Attribute and/or | 1070 | |Softwire46-Multicast Attribute)| 1071 | | | 1072 |<----4.DHCPv6 Advertisement----| | 1073 | (container option(s)) | | 1074 | | | 1075 |-------5.DHCPv6 Request------>| | 1076 | (container Option(s)) | | 1077 | | | 1078 |<--------6.DHCPv6 Reply--------| | 1079 | (container option(s)) | | 1080 | | | 1081 DHCPv6 RADIUS 1083 Figure 2: Interaction between DHCPv6 and AAA Server with RADIUS 1084 authentication 1086 1. The CE creates a DHCPv6 Solicit message. For unicast softwire 1087 configuration, the message includes an OPTION_REQUEST_OPTION (6) 1088 with the Softwire46 Container option codes as defined in 1089 [RFC7598]. OPTION_S46_CONT_MAPE (94) should be included for MAP- 1090 E, OPTION_S46_CONT_MAPT (95) for MAP-T, and OPTION_S46_CONT_LW 1091 (96) for Lightweight 4over6. For multicast configuration, the 1092 option number for OPTION_V6_PREFIX64 (113) is included in the 1093 client's ORO. The message is sent to the BNG. 1095 2. On receipt of the Solicit message, the BNG constructs a RADIUS 1096 Access-Request message containing a User-Name Attribute (1) 1097 (containing either a CE MAC address, interface-id or both), a 1098 User-Password Attribute (2) (with a pre-configured shared 1099 password as defined in [RFC2865]. The Softwire46-Configuration 1100 Attribute and/or Softwire46-Multicast Attribute are also included 1101 (as requested by the client). The resulting message is sent to 1102 the AAA server. 1104 3. The AAA server authenticates the request. If this is successful, 1105 and suitable configuration is available, an Access-Accept message 1106 is sent to the BNG containing the requested 1107 Softwire46-Configuration Attribute or Softwire46-Multicast 1108 Attribute. It is the responsibility of the AAA server to ensure 1109 the consistency of the provided configuration. 1111 4. The BNG maps the received softwire configuration into the 1112 corresponding fields in the DHCPv6 softwire configuration 1113 option(s). These are included in the DHCPv6 Advertise message 1114 which is sent to the CE. 1116 5. The CE sends a DHCPv6 Request message. In the ORO, the option 1117 code(s) of any of the required softwire options that were 1118 received in the Advertise message are included. 1120 6. The BNG sends a Reply message to the client containing the 1121 softwire container options enumerated in the ORO. 1123 The authorization operation could also be done independently, after 1124 the authentication process. In this case, steps 1-5 are completed as 1125 above, then the following steps are performed: 1127 6a. When the BNG receives the DHCPv6 Request, it constructs a RADIUS 1128 Access-Request message, which contains a Service-Type Attribute 1129 (6) with the value "Authorize Only" (17), the corresponding 1130 Softwire46-Configuration Attribute, and a State Attribute 1131 obtained from the previous authentication process according to 1132 [RFC5080]. The resulting message is sent to the AAA server. 1134 7a. The AAA checks the authorization request. If it is approved, an 1135 Access-Accept message is returned to the BNG with the 1136 corresponding Softwire46-Configuration Attribute. 1138 8a. The BNG sends a Reply message to the client containing the 1139 softwire container options enumerated in the ORO. 1141 In addition to the above, the following points need to be considered: 1143 o In both the configuration message flows described above the 1144 Message-authenticator (type 80) [RFC2869] SHOULD be used to 1145 protect both Access-Request and Access-Accept messages. 1147 o If the BNG does not receive the corresponding 1148 Softwire46-Configuration Attribute in the Access-Accept message it 1149 MAY fall back to creating the DHCPv6 softwire configuration 1150 options using pre-configured Softwire46 configuration, if this is 1151 present. 1153 o If the BNG receives an Access-Reject from the AAA server, then 1154 Softwire46 configuration MUST NOT be supplied to the client. 1156 o As specified in [RFC8415], Section 18.2.5, "Creation and 1157 Transmission of Rebind Messages", if the DHCPv6 server to which 1158 the DHCPv6 Renew message was sent at time T1 has not responded by 1159 time T2, the CE (DHCPv6 client) SHOULD enter the Rebind state and 1160 attempt to contact any available server. In this situation, a 1161 secondary BNG receiving the DHCPv6 message MUST initiate a new 1162 Access-Request message towards the AAA server. The secondary BNG 1163 includes the Softwire46-Configuration Attribute in this Access- 1164 Request message. 1166 o For Lightweight 4over6, the subscriber's binding state needs to be 1167 synchronized between the clients and the Lightweight AFTR 1168 (lwAFTR)/BR. This can be achieved in two ways: static pre- 1169 configuration of the bindings on both the AAA server and lwAFTR, 1170 or on-demand whereby the AAA server updates the lwAFTR with the 1171 subscriber's binding state as it is created or deleted. 1173 In some deployments, the DHCP server may use the Accounting-Request 1174 to report to a AAA server the softwire configuration returned to a 1175 requesting host. It is the responsibility of the DHCP server to 1176 ensure the consistency of the configuration provided to requesting 1177 hosts. Reported data to a AAA server may be required for various 1178 operational purposes (e.g., regulatory). 1180 5. Table of Attributes 1182 This document specifies three new RADIUS attributes, and their 1183 formats are as follows: 1185 o Softwire46-Configuration Attribute: 241.TBD1 1187 o Softwire46-Priority Attribute: 241.TBD5 1189 o Softwire46-Multicast Attribute: 241.TBD6 1191 Table 3 describes which attributes may be found, in which kinds of 1192 packets and in what quantity. 1194 Request Accept Reject Challenge Acct CoA- # Attribute 1195 Req Req 1196 0-1 0-1 0 0 0-1 0-1 241.TBD1 Softwire46- 1197 Configuration 1198 0-1 0-1 0 0 0-1 0-1 241.TBD5 Softwire46- 1199 Priority 1200 0-1 0-1 0 0 0-1 0-1 241.TBD6 Softwire46- 1201 Multicast 1203 Table 3: Table of Attributes 1205 6. Security Considerations 1207 Section 9 of [RFC7596] discusses security issues related to 1208 Lightweight 4over6, Section 10 of [RFC7597] discusses security issues 1209 related to MAP-E, Section 13 of [RFC7599] discusses security issues 1210 related to MAP-T, and Section 9 of [RFC8114] discusses security 1211 issues related to the delivery of IPv4 multicast services to IPv4 1212 clients over an IPv6 multicast network. 1214 This document does not introduce any security issue other than the 1215 ones already identified in RADIUS documents [RFC2865] and [RFC5176] 1216 for CoA messages. Known security vulnerabilities of the RADIUS 1217 protocol discussed in [RFC2607], [RFC2865], and [RFC2869] apply to 1218 this specification. 1220 This document targets deployments where a trusted relationship is in 1221 place between the RADIUS client and server with communication 1222 optionally secured by IPsec or Transport Layer Security (TLS) 1223 [RFC6614]. The use of IPsec [RFC4301] for providing security when 1224 RADIUS is carried in IPv6 is discussed in [RFC3162]. 1226 Security considerations for interactions between a Softwire46 CE and 1227 the BNG are discussed in Section 9 of [RFC7598] (DHCPv6 options for 1228 configuration of softwire46 address and port-mapped clients), 1229 Section 3 of [RFC8026] (DHCPv6-based Softwire46 prioritization 1230 mechanism), and Section 5 of [RFC8115] (DHCPv6 options for 1231 configuration of IPv4-embedded IPv6 prefixes). 1233 7. IANA Considerations 1235 IANA is requested to make new code point assignments for RADIUS 1236 attributes as described in the following subsections. The 1237 assignments should use the RADIUS registry available at 1238 https://www.iana.org/assignments/radius-types/. 1240 7.1. New RADIUS Attributes 1242 This document requests IANA to assign the Attribute Types defined in 1243 this document from the RADIUS namespace as described in the "IANA 1244 Considerations" section of [RFC3575], in accordance with BCP 26 1245 [RFC8126]. 1247 This document requests that IANA register three new RADIUS 1248 attributes, from the "Short Extended Space" of [RFC6929]. The 1249 attributes are: Softwire46-Configuration Attribute, 1250 Softwire46-Priority Attribute, and Softwire46-Multicast Attribute: 1252 Type Description Data Type Reference 1253 ---- ----------- --------- --------- 1254 241.TBD1 Softwire46-Configuration tlv Section 3.1 1255 241.TBD5 Softwire46-Priority tlv Section 3.2 1256 241.TBD6 Softwire46-Multicast tlv Section 3.3 1258 7.2. RADIUS Softwire46 Configuration and Multicast Attributes 1260 IANA is requested to create a new registry called "RADIUS Softwire46 1261 Configuration and Multicast Attributes". 1263 All attributes in this registry have one or more parent RADIUS 1264 attributes in nesting (refer to [RFC6929]). 1266 This registry must be initially populated with the following values: 1268 Value Description Data Type Reference 1269 ----- ----------- --------- --------- 1270 0 Reserved 1271 1 Softwire46-MAP-E tlv Section 3.1.1.1 1272 2 Softwire46-MAP-T tlv Section 3.1.1.2 1273 3 Softwire46-Lightweight-4over6 tlv Section 3.1.1.3 1274 4 Softwire46-Rule (BMR) tlv Section 3.1.3.1 1275 5 Softwire46-Rule (FMR) tlv Section 3.1.3.1 1276 6 Softwire46-BR ipv6addr Section 3.1.3.2 1277 7 Softwire46-DMR ipv6prefix Section 3.1.3.3 1278 8 Softwire46-V4V6Bind tlv Section 3.1.3.4 1279 9 Softwire46-PORTPARAMS tlv Section 3.1.3.5 1280 10 Rule-IPv6-Prefix ipv6prefix Section 3.1.4.1 1281 11 Rule-IPv4-Prefix ipv4prefix Section 3.1.4.2 1282 12 EA-Length integer Section 3.1.4.3 1283 13 IPv4-Address ipv4addr Section 3.1.5.1 1284 14 Bind-IPv6-Prefix ipv6prefix Section 3.1.5.2 1285 15 PSID-Offset integer Section 3.1.6.1 1286 16 PSID-Len integer Section 3.1.6.2 1287 17 PSID integer Section 3.1.6.3 1288 18 Softwire46-Option-Code integer Section 3.2.1 1289 19 ASM-Prefix64 ipv6prefix Section 3.3.1 1290 20 SSM-Prefix64 ipv6prefix Section 3.3.2 1291 21 U-Prefix64 ipv6prefix Section 3.3.3 1292 22-255 Unassigned 1294 The registration procedure for this registry is Standards Action as 1295 defined in [RFC8126]. 1297 7.3. Softwire46 Mechanisms and Their Identifying Option Codes 1299 The Softwire46-Priority Attribute conveys an ordered list of option 1300 codes assigned to Softwire46 mechanisms, for which IANA is requested 1301 to create and maintain a new registry entitled "Option Codes 1302 Permitted in the Softwire46-Priority Attribute". 1304 Table 4 shows the initial version of allowed option codes, and the 1305 Softwire46 mechanisms that they represent. The option code for DS- 1306 Lite is derived from the IANA allocated RADIUS Attribute Type value 1307 for DS-Lite [RFC6519]. The option codes for MAP-E, MAP-T, and 1308 Lightweight 4over6 are the TLV-Type values for the MAP-E, MAP-T, and 1309 Lightweight 4over6 attributes defined in Section 3.1.1. 1311 +-----------+--------------------+-----------+ 1312 |Option Code|Softwire46 Mechanism| Reference | 1313 +-----------+--------------------+-----------+ 1314 | 1 | MAP-E | RFC7597 | 1315 | 2 | MAP-T | RFC7599 | 1316 | 3 | Lightweight 4over6 | RFC7596 | 1317 | 144 | DS-Lite | RFC6519 | 1318 +-----------+--------------------+-----------+ 1320 Table 4: Option Codes to S46 Mechanisms 1322 Additional option codes may be added to this list in the future using 1323 the IETF Review process described in Section 4.8 of [RFC8126]. 1325 8. Contributing Authors 1327 Bing Liu 1328 Huawei Technologies Co., Ltd 1329 Q14, Huawei Campus, No.156 Beiqing Road 1330 Hai-Dian District, Beijing, 100095 1331 P.R. China 1333 Email: leo.liubing@huawei.com 1335 Peter Deacon 1336 IEA Software, Inc. 1337 P.O. Box 1170 1338 Veradale, WA 99037 1339 USA 1341 Email: peterd@iea-software.com 1343 Qiong Sun 1344 China Telecom 1345 Beijing China 1347 Email: sunqiong@ctbri.com.cn 1349 Qi Sun 1350 Tsinghua University 1351 Department of Computer Science, Tsinghua University 1352 Beijing 100084 1353 P.R.China 1354 Phone: +86-10-6278-5822 1356 Email: sunqibupt@gmail.com 1358 Cathy Zhou 1359 Huawei Technologies 1360 Bantian, Longgang District 1361 Shenzhen 518129 1363 Email: cathy.zhou@huawei.com 1365 Tina Tsou 1366 Huawei Technologies(USA) 1367 2330 Central Expressway 1368 Santa Clara, CA 95050 1369 USA 1371 Email: Tina.Tsou.Zouting@huawei.com 1373 ZiLong Liu 1374 Tsinghua University 1375 Beijing 100084 1376 P.R.China 1377 Phone: +86-10-6278-5822 1379 Email: liuzilong8266@126.com 1381 Yong Cui 1382 Tsinghua University 1383 Beijing 100084 1384 P.R.China 1385 Phone: +86-10-62603059 1387 Email: yong@csnet1.cs.tsinghua.edu.cn 1389 9. Acknowledgements 1391 The authors would like to thank the valuable comments made by Peter 1392 Lothberg, Wojciech Dec, Ian Farrer, Suresh Krishnan, Qian Wang, Wei 1393 Meng, Cui Wang, Alan Dekok, Stefan Winter, and Yu Tianpeng to this 1394 document. 1396 This document was merged with draft-sun-softwire-lw4over6-radext-01 1397 and draft-wang-radext-multicast-radius-ext-00, thanks to everyone who 1398 contributed to this document. 1400 This document was produced using the xml2rfc tool [RFC7991]. 1402 Many thanks to Al Morton, Bernie Volz, Joel Halpern, and Donald 1403 Eastlake for the review. 1405 10. References 1407 10.1. Normative References 1409 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1410 Requirement Levels", BCP 14, RFC 2119, 1411 DOI 10.17487/RFC2119, March 1997, 1412 . 1414 [RFC2865] Rigney, C., Willens, S., Rubens, A., and W. Simpson, 1415 "Remote Authentication Dial In User Service (RADIUS)", 1416 RFC 2865, DOI 10.17487/RFC2865, June 2000, 1417 . 1419 [RFC3162] Aboba, B., Zorn, G., and D. Mitton, "RADIUS and IPv6", 1420 RFC 3162, DOI 10.17487/RFC3162, August 2001, 1421 . 1423 [RFC3575] Aboba, B., "IANA Considerations for RADIUS (Remote 1424 Authentication Dial In User Service)", RFC 3575, 1425 DOI 10.17487/RFC3575, July 2003, 1426 . 1428 [RFC5080] Nelson, D. and A. DeKok, "Common Remote Authentication 1429 Dial In User Service (RADIUS) Implementation Issues and 1430 Suggested Fixes", RFC 5080, DOI 10.17487/RFC5080, December 1431 2007, . 1433 [RFC5176] Chiba, M., Dommety, G., Eklund, M., Mitton, D., and B. 1434 Aboba, "Dynamic Authorization Extensions to Remote 1435 Authentication Dial In User Service (RADIUS)", RFC 5176, 1436 DOI 10.17487/RFC5176, January 2008, 1437 . 1439 [RFC6052] Bao, C., Huitema, C., Bagnulo, M., Boucadair, M., and X. 1440 Li, "IPv6 Addressing of IPv4/IPv6 Translators", RFC 6052, 1441 DOI 10.17487/RFC6052, October 2010, 1442 . 1444 [RFC6158] DeKok, A., Ed. and G. Weber, "RADIUS Design Guidelines", 1445 BCP 158, RFC 6158, DOI 10.17487/RFC6158, March 2011, 1446 . 1448 [RFC6929] DeKok, A. and A. Lior, "Remote Authentication Dial In User 1449 Service (RADIUS) Protocol Extensions", RFC 6929, 1450 DOI 10.17487/RFC6929, April 2013, 1451 . 1453 [RFC8026] Boucadair, M. and I. Farrer, "Unified IPv4-in-IPv6 1454 Softwire Customer Premises Equipment (CPE): A DHCPv6-Based 1455 Prioritization Mechanism", RFC 8026, DOI 10.17487/RFC8026, 1456 November 2016, . 1458 [RFC8044] DeKok, A., "Data Types in RADIUS", RFC 8044, 1459 DOI 10.17487/RFC8044, January 2017, 1460 . 1462 [RFC8115] Boucadair, M., Qin, J., Tsou, T., and X. Deng, "DHCPv6 1463 Option for IPv4-Embedded Multicast and Unicast IPv6 1464 Prefixes", RFC 8115, DOI 10.17487/RFC8115, March 2017, 1465 . 1467 [RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for 1468 Writing an IANA Considerations Section in RFCs", BCP 26, 1469 RFC 8126, DOI 10.17487/RFC8126, June 2017, 1470 . 1472 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 1473 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 1474 May 2017, . 1476 [RFC8415] Mrugalski, T., Siodelski, M., Volz, B., Yourtchenko, A., 1477 Richardson, M., Jiang, S., Lemon, T., and T. Winters, 1478 "Dynamic Host Configuration Protocol for IPv6 (DHCPv6)", 1479 RFC 8415, DOI 10.17487/RFC8415, November 2018, 1480 . 1482 10.2. Informative References 1484 [RFC2607] Aboba, B. and J. Vollbrecht, "Proxy Chaining and Policy 1485 Implementation in Roaming", RFC 2607, 1486 DOI 10.17487/RFC2607, June 1999, 1487 . 1489 [RFC2869] Rigney, C., Willats, W., and P. Calhoun, "RADIUS 1490 Extensions", RFC 2869, DOI 10.17487/RFC2869, June 2000, 1491 . 1493 [RFC4301] Kent, S. and K. Seo, "Security Architecture for the 1494 Internet Protocol", RFC 4301, DOI 10.17487/RFC4301, 1495 December 2005, . 1497 [RFC6333] Durand, A., Droms, R., Woodyatt, J., and Y. Lee, "Dual- 1498 Stack Lite Broadband Deployments Following IPv4 1499 Exhaustion", RFC 6333, DOI 10.17487/RFC6333, August 2011, 1500 . 1502 [RFC6346] Bush, R., Ed., "The Address plus Port (A+P) Approach to 1503 the IPv4 Address Shortage", RFC 6346, 1504 DOI 10.17487/RFC6346, August 2011, 1505 . 1507 [RFC6519] Maglione, R. and A. Durand, "RADIUS Extensions for Dual- 1508 Stack Lite", RFC 6519, DOI 10.17487/RFC6519, February 1509 2012, . 1511 [RFC6614] Winter, S., McCauley, M., Venaas, S., and K. Wierenga, 1512 "Transport Layer Security (TLS) Encryption for RADIUS", 1513 RFC 6614, DOI 10.17487/RFC6614, May 2012, 1514 . 1516 [RFC7596] Cui, Y., Sun, Q., Boucadair, M., Tsou, T., Lee, Y., and I. 1517 Farrer, "Lightweight 4over6: An Extension to the Dual- 1518 Stack Lite Architecture", RFC 7596, DOI 10.17487/RFC7596, 1519 July 2015, . 1521 [RFC7597] Troan, O., Ed., Dec, W., Li, X., Bao, C., Matsushima, S., 1522 Murakami, T., and T. Taylor, Ed., "Mapping of Address and 1523 Port with Encapsulation (MAP-E)", RFC 7597, 1524 DOI 10.17487/RFC7597, July 2015, 1525 . 1527 [RFC7598] Mrugalski, T., Troan, O., Farrer, I., Perreault, S., Dec, 1528 W., Bao, C., Yeh, L., and X. Deng, "DHCPv6 Options for 1529 Configuration of Softwire Address and Port-Mapped 1530 Clients", RFC 7598, DOI 10.17487/RFC7598, July 2015, 1531 . 1533 [RFC7599] Li, X., Bao, C., Dec, W., Ed., Troan, O., Matsushima, S., 1534 and T. Murakami, "Mapping of Address and Port using 1535 Translation (MAP-T)", RFC 7599, DOI 10.17487/RFC7599, July 1536 2015, . 1538 [RFC7991] Hoffman, P., "The "xml2rfc" Version 3 Vocabulary", 1539 RFC 7991, DOI 10.17487/RFC7991, December 2016, 1540 . 1542 [RFC8114] Boucadair, M., Qin, C., Jacquenet, C., Lee, Y., and Q. 1543 Wang, "Delivery of IPv4 Multicast Services to IPv4 Clients 1544 over an IPv6 Multicast Network", RFC 8114, 1545 DOI 10.17487/RFC8114, March 2017, 1546 . 1548 Appendix A. DHCPv6 to RADIUS Field Mappings 1550 The following sections detail the mappings between the softwire 1551 DHCPv6 option fields and the relevant RADIUS attributes as defined in 1552 this document. 1554 A.1. OPTION_S46_RULE (89) to Softwire46-Rule Sub-TLV Field Mappings 1556 +---------------------+----------------------+----------------------+ 1557 | OPTION_S46_RULE | Softwire46-Rule Name | TLV Subfield | 1558 | Field | | | 1559 +---------------------+----------------------+----------------------+ 1560 | flags | N/A | TLV-type (TBD7, | 1561 | | | TBD8) | 1562 | ea-len | EA-Length | EA-len | 1563 | prefix4-len | Rule-IPv4-Prefix | Prefix-Length | 1564 | ipv4-prefix | Rule-IPv4-Prefix | rule-ipv4-prefix | 1565 | prefix6-len | Rule-IPv6-Prefix | Prefix-Length | 1566 | ipv6-prefix | Rule-IPv6-Prefix | rule-ipv6-prefix | 1567 +---------------------+----------------------+----------------------+ 1569 A.2. OPTION_S46_BR (90) to Softwire46-BR Field Mappings 1571 +---------------------+------------------------+ 1572 | OPTION_S46_BR Field | Softwire46-BR Subfield | 1573 +---------------------+------------------------+ 1574 | br-ipv6-address | br-ipv6-address | 1575 +---------------------+------------------------+ 1577 A.3. OPTION_S46_DMR (91) to Softwire46-DMR 1579 +---------------------+-------------------------+ 1580 | OPTION_S46_BR Field | Softwire46-DMR Subfield | 1581 +---------------------+-------------------------+ 1582 | dmr-prefix6-len | dmr-prefix6-len | 1583 | dmr-ipv6-prefix | dmr-ipv6-prefix | 1584 +---------------------+-------------------------+ 1586 A.4. OPTION_S46_V4V6BIND (92) to Softwire46-V4V6Bind 1588 +-----------------------+------------------------+------------------+ 1589 | OPTION_S46_V4V6BIND | Softwire46-V4V6Bind | TLV Subfield | 1590 | Field | Name | | 1591 +-----------------------+------------------------+------------------+ 1592 | ipv4-address | IPv4-Address | ipv4-address | 1593 | bindprefix6-len | Bind-IPv6-Prefix | Prefix-Length | 1594 | bind-ipv6-prefix | Bind-IPv6-Prefix | bind-ipv6-prefix | 1595 +-----------------------+------------------------+------------------+ 1597 A.5. OPTION_S46_PORTPARAMS (93) to Softwire46-PORTPARAMS Field Mappings 1599 +--------------------------+--------------------------+-------------+ 1600 | OPTION_S46_PORTPARAMS | Softwire46-PORTPARAMS | TLV | 1601 | Field | Name | Subfield | 1602 +--------------------------+--------------------------+-------------+ 1603 | offset | PSID-Offset | PSID-Offset | 1604 | PSID-len | PSID-Len | PSID-len | 1605 | PSID | PSID | PSID | 1606 +--------------------------+--------------------------+-------------+ 1608 A.6. OPTION_S46_PRIORITY (111) to Softwire46-PORTPARAMS Field Mappings 1610 +---------------------------+---------------------------------------+ 1611 | OPTION_S46_PRIORITY Field | Softwire46-Priority Attribute | 1612 | | Subfield | 1613 +---------------------------+---------------------------------------+ 1614 | s46-option-code | Softwire46-option-code | 1615 +---------------------------+---------------------------------------+ 1617 A.7. OPTION_V6_PREFIX64 (113) to Softwire46-Multicast Attribute Field 1618 Mappings 1620 +--------------------+------------------------------+---------------+ 1621 | OPTION_V6_PREFIX64 | Softwire46-Multicast | TLV Subfield | 1622 | Field | Attribute TLV Name | | 1623 +--------------------+------------------------------+---------------+ 1624 | asm-length | ASM-Prefix64 | Prefix-Length | 1625 | ASM_mPrefix64 | ASM-Prefix64 | asm-prefix64 | 1626 | ssm-length | SSM-Prefix64 | Prefix-Length | 1627 | SSM_mPrefix64 | SSM-Prefix64 | ssm-prefix64 | 1628 | unicast-length | U-Prefix64 | Prefix-Length | 1629 | uPrefix64 | U-Prefix64 | u-prefix64 | 1630 +--------------------+------------------------------+---------------+ 1632 Authors' Addresses 1634 Sheng Jiang 1635 Huawei Technologies Co., Ltd 1636 Q14, Huawei Campus, No.156 Beiqing Road 1637 Hai-Dian District, Beijing, 100095 1638 P.R. China 1640 Email: jiangsheng@huawei.com 1641 Yu Fu 1642 CNNIC 1643 No.4 South 4th Street, Zhongguancun 1644 Hai-Dian District, Beijing, 100190 1645 P.R. China 1647 Email: eleven711711@foxmail.com 1649 Chongfeng Xie 1650 China Telecom 1651 Beijing 1652 P.R. China 1654 Email: xiechf.bri@chinatelecom.cn 1656 Tianxiang Li 1657 Tsinghua University 1658 Beijing 100084 1659 P.R.China 1661 Email: peter416733@gmail.com 1663 Mohamed Boucadair (editor) 1664 Orange 1665 Rennes, 35000 1666 France 1668 Email: mohamed.boucadair@orange.com