Network Working Group B. Lourdelet Internet-Draft W. Dec Intended status: Standards Track Cisco Systems, Inc. Expires: September 4, 2009 G. Zorn Network Zen March 3, 2009 RADIUS attributes for IPv6 Access Networks draft-lourdelet-radext-ipv6-access-00.txt Status of this Memo This Internet-Draft is submitted to IETF in full conformance with the provisions of BCP 78 and BCP 79. This document may contain material from IETF Documents or IETF Contributions published or made publicly available before November 10, 2008. The person(s) controlling the copyright in some of this material may not have granted the IETF Trust the right to allow modifications of such material outside the IETF Standards Process. Without obtaining an adequate license from the person(s) controlling the copyright in such materials, this document may not be modified outside the IETF Standards Process, and derivative works of it may not be created outside the IETF Standards Process, except to format it for publication as an RFC or to translate it into languages other than English. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on September 4, 2009. Copyright Notice Copyright (c) 2009 IETF Trust and the persons identified as the document authors. All rights reserved. Lourdelet, et al. Expires September 4, 2009 [Page 1] Internet-Draft RADIUS IPv6 Access March 2009 This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents in effect on the date of publication of this document (http://trustee.ietf.org/license-info). Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Abstract This document specifies new IPv6 attributes for RADIUS that complement [RFC3162]. Its goal is to offer more IPv6 deployment options when StateLess Address Auto Configuration (SLAAC) or DHCP are involved. Table of Contents 1. Requirements Language . . . . . . . . . . . . . . . . . . . . . 3 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . 3 3.1. IPv6-Address Attribute . . . . . . . . . . . . . . . . . . 3 3.2. IPv6-DNS-Server-Address . . . . . . . . . . . . . . . . . . 4 3.3. IPv6-Prefix-Information . . . . . . . . . . . . . . . . . . 5 3.4. Table of attributes . . . . . . . . . . . . . . . . . . . . 6 4. Diameter Considerations . . . . . . . . . . . . . . . . . . . . 6 5. Security Considerations . . . . . . . . . . . . . . . . . . . . 6 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 6 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 6 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 7 8.1. Normative References . . . . . . . . . . . . . . . . . . . 7 8.2. Informative References . . . . . . . . . . . . . . . . . . 7 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 8 Lourdelet, et al. Expires September 4, 2009 [Page 2] Internet-Draft RADIUS IPv6 Access March 2009 1. Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. 2. Introduction This document specifies new IPv6 RADIUS attributes used to support IPv6 network access. As IPv6 specifies two configuration mechanisms (DHCP and SLAAC), the new attributes are targeted at both protocols when it makes sense. 3. Attributes As usual, the fields shown in the diagrams below are transmitted from left to right. 3.1. IPv6-Address Attribute This Attribute indicates an IPv6 Address that is assigned to the uplink of the user equipment. It MAY be used in Access-Accept packets, and can appear multiple times. It MAY be used in an Access- Request packet as a hint by the NAS to the server that it would prefer these IPv6 address(es), but the server is not required to honor the hint. Since it is assumed that the NAS, when necessary will add a route corresponding to the address, it is not necessary for the server to also send a host Framed-IPv6-Route attribute for the same address. This Attribute can be used by DHCPv6 to offer a unique IPv6 address or can be used for a-posteriori validation of an autoconfigured address. A summary of the IPv6-Address Attribute format is shown below. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | Address | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Lourdelet, et al. Expires September 4, 2009 [Page 3] Internet-Draft RADIUS IPv6 Access March 2009 Type TBA1 for IPv6-Address Length 18 Address The Address field contains a 128-bit IPv6 address. 3.2. IPv6-DNS-Server-Address The IPv6-DNS-Server-Address Attribute contains the IPv6 address of a DNS server. This attribute MAY be included multiple times in Access- Accept. The contnet of this attribute can be inserted in a Router Advertisemnt as specified in RFc5006 or mapped to the matching DHCPv6 option. A summary of the IPv6-DNS-Server-Address Attribute format is given below. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | Address | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type TBA2 for IPv6-DNS-Server-Address Length 18 Lourdelet, et al. Expires September 4, 2009 [Page 4] Internet-Draft RADIUS IPv6 Access March 2009 Address The 128-bit IPv6 address of a DNS server. 3.3. IPv6-Prefix-Information This Attribute provides more specific prefix information to be advertised to the user by the NAS, with the NAS interface as the intended next-hop. It is used in the Access-Accept packet and can appear multiple times. A summary of the IPv6-Prefix-Information Attribute format is shown below. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Reserved | Prefix-Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | . Prefix (variable) . . . | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type TBA3 for IPv6-Prefix-Information Length At least 4 and no larger than 20; typically 12 or less. Prefix Length The length of the prefix, in bits; at least 0 and no more than 128; typically 64 or less. Prefix Variable-length field containing an IP address or a prefix of an IP address. The Prefix Length field contains the number of valid leading bits in the prefix. The bits in the prefix after the prefix length (if any) are reserved and MUST be initialized to zero by the sender and ignored by the receiver. Lourdelet, et al. Expires September 4, 2009 [Page 5] Internet-Draft RADIUS IPv6 Access March 2009 3.4. Table of attributes The following table provides a guide to which attributes may be found in which kinds of packets, and in what quantity. Request Accept Reject Challenge Accounting # Attribute Request 0+ 0+ 0 0 0+ TBA1 IPv6-Address 0+ 0+ 0 0 0+ TBA2 IPv6-DNS-Server-Address 0 0+ 0 0 0+ TBA3 IPv6-Prefix-Information 4. Diameter Considerations Since the Attributes defined in this document are allocated from the standard RADIUS type space (see Section 6), no special handling is required by Diameter entities. 5. Security Considerations TBD 6. IANA Considerations This document requires the assignment of three new RADIUS Attribute Types in the "Radius Types" registry (currently located at http://www.iana.org/assignments/radius-types for the following attributes: o IPv6-Address o IPv6-DNS-Server-Address o IPv6-Prefix-Information IANA should allocate these numbers from the standard RADIUS Attributes space using the "IETF Review" policy [RFC5226]. 7. Acknowledgements The authors would like to thank Alfred HInes and TBD for their contributions and comments to this document. 8. References Lourdelet, et al. Expires September 4, 2009 [Page 6] Internet-Draft RADIUS IPv6 Access March 2009 8.1. Normative References [RFC2865] Rigney, C., Willens, S., Rubens, A., and W. Simpson, "Remote Authentication Dial In User Service (RADIUS)", RFC 2865, June 2000. 8.2. Informative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6 (IPv6) Specification", RFC 2460, December 1998. [RFC2472] Haskin, D. and E. Allen, "IP Version 6 over PPP", RFC 2472, December 1998. [RFC2529] Carpenter, B. and C. Jung, "Transmission of IPv6 over IPv4 Domains without Explicit Tunnels", RFC 2529, March 1999. [RFC2866] Rigney, C., "RADIUS Accounting", RFC 2866, June 2000. [RFC2867] Zorn, G., Aboba, B., and D. Mitton, "RADIUS Accounting Modifications for Tunnel Protocol Support", RFC 2867, June 2000. [RFC2868] Zorn, G., Leifer, D., Rubens, A., Shriver, J., Holdrege, M., and I. Goyret, "RADIUS Attributes for Tunnel Protocol Support", RFC 2868, June 2000. [RFC2869] Rigney, C., Willats, W., and P. Calhoun, "RADIUS Extensions", RFC 2869, June 2000. [RFC3056] Carpenter, B. and K. Moore, "Connection of IPv6 Domains via IPv4 Clouds", RFC 3056, February 2001. [RFC3162] Aboba, B., Zorn, G., and D. Mitton, "RADIUS and IPv6", RFC 3162, August 2001. [RFC4213] Nordmark, E. and R. Gilligan, "Basic Transition Mechanisms for IPv6 Hosts and Routers", RFC 4213, October 2005. [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing Architecture", RFC 4291, February 2006. [RFC5072] S.Varada, Haskin, D., and E. Allen, "IP Version 6 over PPP", RFC 5072, September 2007. Lourdelet, et al. Expires September 4, 2009 [Page 7] Internet-Draft RADIUS IPv6 Access March 2009 [RFC5172] Varada, S., "Negotiation for IPv6 Datagram Compression Using IPv6 Control Protocol", RFC 5172, March 2008. [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 5226, May 2008. Authors' Addresses Benoit Lourdelet Cisco Systems, Inc. Village ent. GreenSide, Bat T3, 400, Av de Roumanille, 06410 BIOT - Sophia-Antipolis Cedex France Phone: +33 4 97 23 26 23 Email: blourdel@cisco.com Wojciech Dec Cisco Systems, Inc. Haarlerbergweg 13-19 400, Av de Roumanille, Amsterdam , NOORD-HOLLAND 1101 CH Netherlands Phone: +31 20 357 3034 Email: wdec@cisco.com Glen Zorn Network Zen 1310 East Thomas Street Seattle, WA US Email: gwz@net-zen.net Lourdelet, et al. Expires September 4, 2009 [Page 8]