idnits 2.17.1 draft-maglione-softwire-dslite-radius-ext-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document seems to contain a disclaimer for pre-RFC5378 work, but was first submitted on or after 10 November 2008. The disclaimer is usually necessary only for documents that revise or obsolete older RFCs, and that take significant amounts of text from those RFCs. If you can contact all authors of the source material and they are willing to grant the BCP78 rights to the IETF Trust, you can and should remove the disclaimer. Otherwise, the disclaimer is needed and you can ignore this comment. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (July 5, 2010) is 5041 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-16) exists of draft-ietf-radext-ipv6-access-01 == Outdated reference: A later version (-10) exists of draft-ietf-softwire-ds-lite-tunnel-option-03 == Outdated reference: A later version (-11) exists of draft-ietf-softwire-dual-stack-lite-04 Summary: 0 errors (**), 0 flaws (~~), 5 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 softwire R. Maglione 3 Internet-Draft Telecom Italia 4 Intended status: Standards Track A. Durand 5 Expires: January 6, 2011 Juniper Networks 6 July 5, 2010 8 RADIUS Extensions for Dual-Stack Lite 9 draft-maglione-softwire-dslite-radius-ext-00 11 Abstract 13 Dual-Stack Lite is a solution to offer both IPv4 and IPv6 14 connectivity to customers which are addressed only with an IPv6 15 prefix. DS-Lite requires to pre-configure the AFTR tunnel 16 information on the B4 element. In many networks, the customer 17 profile information may be stored in AAA servers while client 18 configurations are mainly provided through DHC protocol. This 19 document specifies two new RADIUS attributes to carry Dual-Stack Lite 20 Address Family Transition Router (AFTR) IPv6 address and name; the 21 RADIUS attributes are defined based on the equivalent DHCPv6 options 22 already specified in draft-ietf-softwire-ds-lite-tunnel-option. 23 These RADIUS attributes are meant to be used between the RADIUS 24 Server and the NAS, they are not intended to be used directly between 25 the B4 element and the RADIUS Server. 27 Status of this Memo 29 This Internet-Draft is submitted in full conformance with the 30 provisions of BCP 78 and BCP 79. 32 Internet-Drafts are working documents of the Internet Engineering 33 Task Force (IETF). Note that other groups may also distribute 34 working documents as Internet-Drafts. The list of current Internet- 35 Drafts is at http://datatracker.ietf.org/drafts/current/. 37 Internet-Drafts are draft documents valid for a maximum of six months 38 and may be updated, replaced, or obsoleted by other documents at any 39 time. It is inappropriate to use Internet-Drafts as reference 40 material or to cite them other than as "work in progress." 42 This Internet-Draft will expire on January 6, 2011. 44 Copyright Notice 46 Copyright (c) 2010 IETF Trust and the persons identified as the 47 document authors. All rights reserved. 49 This document is subject to BCP 78 and the IETF Trust's Legal 50 Provisions Relating to IETF Documents 51 (http://trustee.ietf.org/license-info) in effect on the date of 52 publication of this document. Please review these documents 53 carefully, as they describe your rights and restrictions with respect 54 to this document. Code Components extracted from this document must 55 include Simplified BSD License text as described in Section 4.e of 56 the Trust Legal Provisions and are provided without warranty as 57 described in the Simplified BSD License. 59 This document may contain material from IETF Documents or IETF 60 Contributions published or made publicly available before November 61 10, 2008. The person(s) controlling the copyright in some of this 62 material may not have granted the IETF Trust the right to allow 63 modifications of such material outside the IETF Standards Process. 64 Without obtaining an adequate license from the person(s) controlling 65 the copyright in such materials, this document may not be modified 66 outside the IETF Standards Process, and derivative works of it may 67 not be created outside the IETF Standards Process, except to format 68 it for publication as an RFC or to translate it into languages other 69 than English. 71 Table of Contents 73 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 74 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . 5 75 3. DS-Lite Configuration with RADIUS and DHCPv6 . . . . . . . . . 5 76 4. Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . 6 77 4.1. DS-Lite-Tunnel-Addr . . . . . . . . . . . . . . . . . . . . 6 78 4.2. DS-Lite-Tunnel-Name . . . . . . . . . . . . . . . . . . . . 6 79 5. Security Considerations . . . . . . . . . . . . . . . . . . . . 7 80 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 7 81 7. Normative References . . . . . . . . . . . . . . . . . . . . . 8 82 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 8 84 1. Introduction 86 Dual-Stack Lite [I-D.ietf-softwire-dual-stack-lite] is a solution to 87 offer both IPv4 and IPv6 connectivity to customers which are 88 addressed only with an IPv6 prefix (no IPv4 address is assigned to 89 the attachment device). One of its key components is an IPv4-over- 90 IPv6 tunnel, but a DS-Lite Basic Bridging BroadBand (B4) will not 91 know if the network it is attached to offers Dual-Stack Lite support, 92 and if it did, would not know the remote end of the tunnel to 93 establish a connection. 95 To inform the B4 of the AFTR's location, either an IPv6 address or 96 Fully Qualified Domain Name (FQDN) may be used. Once this 97 information is conveyed, the presence of the configuration indicating 98 the AFTR's location also informs a host to initiate Dual-Stack Lite 99 (DS-Lite) service and become a Softwire Initiator. 101 The draft draft-ietf-softwire-ds-lite-tunnel-option 102 [I-D.ietf-softwire-ds-lite-tunnel-option] specifies two DHCPv6 103 options which are meant to be used by a Dual-Stack Lite client (Basic 104 Bridging BroadBand element, B4) to discover its Address Family 105 Transition Router (AFTR) address. In order to be able to populate 106 such options the DHCPv6 Server must be pre-provisioned with the 107 Address Family Transition Router (AFTR) address or name. 109 In Broadband environments, customer profile may be managed by AAA 110 servers, together with user Authentication, Authorization, and 111 Accounting (AAA). RADIUS protocol [RFC2865] is usually used by AAA 112 Servers to communicate with network elements. 113 [I-D.ietf-radext-ipv6-access] describes a typical broadband network 114 scenario in which the Network Access Server (NAS) acts as the access 115 gateway for the users (hosts or CPEs) and the NAS embeds a DHCPv6 116 Server function that allows it to locally handle any DHCPv6 requests 117 issued by the clients. 119 Since the DS-Lite AFTR information can be stored in AAA servers and 120 the client configuration is mainly provided through DHC protocol 121 running between the NAS and the requesting clients, new RADIUS 122 attributes are needed to send AFTR information from AAA server to the 123 NAS. 125 This document aims at defining two new RADIUS attributes to be used 126 for carrying the DS-Lite Tunnel Name and DS-Lite Tunnel Address, 127 based on the equivalent DHCPv6 options already specified in 128 [I-D.ietf-softwire-ds-lite-tunnel-option] 130 2. Terminology 132 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 133 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 134 document are to be interpreted as described in [RFC2119]. 136 The terms DS-Lite Basic Bridging BroadBand element (B4) and the DS- 137 Lite Address Family Transition Router element (AFTR) are defined in 138 [I-D.ietf-softwire-dual-stack-lite] 140 3. DS-Lite Configuration with RADIUS and DHCPv6 142 The Figure 1 illustrates how the RADIUS protocol and DHCPv6 work 143 together to accomplish DS-Lite configuration on the B4 element. 145 B4 NAS AAA 146 | | Server 147 | | | 148 | | | 149 | |-----Access Request -------->| 150 | | | 151 | |<----Access Accept( 152 | | DS-Lite-Tunnel-Add | 153 | | DS-Lite-Tunnel-Name) | 154 | | | 155 |------DHCPv6 Request----->| | 156 | (DS-Lite tunnel Option) | | 157 | | | 158 |<-----DHCPv6 Reply--------| | 159 | (DS-Lite tunnel option) | | 161 DHCPv6 RADIUS 163 Figure 1: RADIUS and DHCPv6 Message Flow 165 The Network Access Server (NAS) operates as a client of RADIUS and as 166 DHCP Server for DHC protocol. The NAS initially sends a RADIUS 167 Access Request message to the RADIUS server, requesting 168 authentication. Once the RADIUS server receives the request, it 169 validates the sending client and if the request is approved, the AAA 170 server replies with an Access Accept message including a list of 171 attribute-value pairs that describe the parameters to be used for 172 this session. This list may also contain the AFTR Tunnel IPv6 173 Address and/or the AFTR Tunnel Name. When the NAS receives a DHCPv6 174 client request containing the DS-Lite tunnel Option, the NAS shall 175 use the address returned in the RADIUS DS-Lite-Tunnel-Addr attribute 176 to populate the DHCPv6 OPTION_DS_LITE_ADDR option in the DHCPv6 reply 177 message. 179 4. Attributes 181 This section specifies the format of the two new RADIUS attributes. 183 4.1. DS-Lite-Tunnel-Addr 185 Description 187 The DS-Lite-Tunnel-Addr RADIUS attribute contains a 128 bit IPv6 188 address that identifies the location of the remote tunnel endpoint, 189 expected to be located at an AFTR. The NAS shall use the address 190 returned in the RADIUS DS-Lite-Tunnel-Addr attribute to populate the 191 DHCPv6 OPTION_DS_LITE_ADDR option 192 [I-D.ietf-softwire-ds-lite-tunnel-option]. 194 This attribute MAY be used in Access-Accept packets and it MAY be 195 present in Accounting-Request records where the Acct-Status-Type is 196 set to Start, Stop or Interim-Update. The DS-Lite-Tunnel-Addr RADIUS 197 attribute and MUST NOT appear more than once in a message. 199 A summary of the DS-Lite-Tunnel-Addr RADIUS attribute format is shown 200 below. The fields are transmitted from left to right. 202 0 1 2 3 203 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 204 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 205 | Type | Length | DS-Lite-Tunnel-Addr | 206 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 207 | DS-Lite-Tunnel-Addr (IPv6 Address)(cont) | 208 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 210 Type: 212 TBA1 for DS-Lite-Tunnel-Addr. 213 Length: 214 16 octets 216 DS-Lite-Tunnel-Addr: 217 A 128-bit IPv6 address of the DS-Lite AFTR. 219 4.2. DS-Lite-Tunnel-Name 221 Description 223 The DS-Lite-Tunnel-Name RADIUS attribute contains a Fully Qualified 224 Domain Name that refers to the AFTR the client is requested to 225 establish a connection with. The NAS shall use the name returned in 226 the RADIUS DS-Lite-Tunnel-Name attribute to populate the DHCPv6 227 OPTION_DS_LITE_NAME option [I-D.ietf-softwire-ds-lite-tunnel-option] 229 This attribute MAY be used in Access-Accept packets and it MAY be 230 present in Accounting-Request records where the Acct-Status-Type is 231 set to Start, Stop or Interim-Update. The DS-Lite-Tunnel-Name RADIUS 232 attribute and MUST NOT appear more than once in a message. 234 A summary of the DS-Lite-Tunnel-Name RADIUS attribute format is shown 235 below. The fields are transmitted from left to right. 237 0 1 2 3 238 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 239 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 240 | Type | Length | DS-Lite-Tunnel-Name (FQDN) | 241 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 242 | DS-Lite-Tunnel-Name (FQDN) (cont) | 243 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 245 Type: 247 TBA2 for DS-Lite-Tunnel-Name. 248 Length: 249 Length in octets of the DS-Lite-Tunnel-Name (FQDN) 251 DS-Lite-Tunnel-Name: 252 A single Fully Qualified Domain Name of the remote tunnel 253 endpoint, located at the DS-Lite AFTR. 255 5. Security Considerations 257 This document has no additional security considerations beyond those 258 already identified in [RFC2865] 260 [I-D.ietf-softwire-dual-stack-lite] discusses DS-Lite related 261 security issues. 263 6. IANA Considerations 265 This document requests the allocation of two new Radius attribute 266 types from the IANA registry "Radius Attribute Types" located at 267 http://www.iana.org/assignments/radius-types 268 DS-Lite-Tunnel-Addr - TBA1 269 DS-Lite-Tunnel-Name - TBA2 271 7. Normative References 273 [I-D.ietf-radext-ipv6-access] 274 Lourdelet, B., Dec, W., Sarikaya, B., Zorn, G., and D. 275 Miles, "RADIUS attributes for IPv6 Access Networks", 276 draft-ietf-radext-ipv6-access-01 (work in progress), 277 April 2010. 279 [I-D.ietf-softwire-ds-lite-tunnel-option] 280 Hankins, D. and T. Mrugalski, "Dynamic Host Configuration 281 Protocol for IPv6 (DHCPv6) Options for Dual- Stack Lite", 282 draft-ietf-softwire-ds-lite-tunnel-option-03 (work in 283 progress), June 2010. 285 [I-D.ietf-softwire-dual-stack-lite] 286 Durand, A., Droms, R., Haberman, B., Woodyatt, J., Lee, 287 Y., and R. Bush, "Dual-Stack Lite Broadband Deployments 288 Following IPv4 Exhaustion", 289 draft-ietf-softwire-dual-stack-lite-04 (work in progress), 290 March 2010. 292 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 293 Requirement Levels", BCP 14, RFC 2119, March 1997. 295 [RFC2865] Rigney, C., Willens, S., Rubens, A., and W. Simpson, 296 "Remote Authentication Dial In User Service (RADIUS)", 297 RFC 2865, June 2000. 299 Authors' Addresses 301 Roberta Maglione 302 Telecom Italia 303 Via Reiss Romoli 274 304 Torino 10148 305 Italy 307 Phone: 308 Email: roberta.maglione@telecomitalia.it 309 Alain Durand 310 Juniper Networks 312 Phone: 313 Fax: 314 Email: adurand@juniper.net 315 URI: