Network Working Group F. Adrangi, Intel
INTERNET DRAFT P. Congdon, C. Black, Hewlett Packard
Category: Informational A. Lior, Bridgewater Systems
Expires: Dec 2004 F. Bari, AT&T Wireless
July 16, 2004
Network Bandwidth Parameters
draft-adrangi-radius-bandwidth-capability-01.txt
Status of this Memo
This document is an Internet-Draft and is in full conformance
with all provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet
Engineering Task Force (IETF), its areas, and its working
groups. Note that other groups may also distribute working
documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other
documents at any time. It is inappropriate to use Internet-
Drafts as reference material or to cite them other than as "work
in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
Abstract
This document describes bandwidth profile parameters and a
protocol framework that enables an AAA server to specify the
parameters that should be allocated by the access network for
duration of an authorized user session.
Adrangi, et al. Expires Dec 16, 2004 [Page 1]
Internet Draft Network Bandwidth Parameters July 16 2004
Table of Contents
1. Introduction....................................................2
1.2 Requirements language..........................................3
2. Overview........................................................3
2.1 Bandwidth Parameters...........................................3
2.1.1 Minimum Bandwidth for ingress and egress.....................3
2.1.2 Maximum Bandwidth for ingress and egress.....................3
2.2 Protocol.......................................................3
2.2.1 Static Bandwidth Allocation..................................5
2.2.2 Dynamic Bandwidth Allocation.................................6
2.2.2.1 Push Method................................................6
2.2.2.2 Pull Method................................................8
2.3 Diameter RADIUS Interoperability...............................9
3. Attribute Format/Syntax.........................................9
4. Table of Attribute(s)..........................................11
5. IANA Considerations............................................12
6. Security Considerations........................................12
7. Acknowledgements...............................................13
8. References.....................................................13
AuthorsÆ Addresses................................................13
1. Introduction
The bandwidth that a user is authorized within an access network
can be a result of the access network capabilities based on its
architecture and access technology, and the type of user
subscription to the home network (e.g., gold, silver, bronze user
types).
This document describes a simple protocol framework that enables
an access network to advertise its network bandwidth capabilities
that it can allocate for a given client connection. And, it
enables the home network to indicate the desired network bandwidth
capabilities for the user connection within the access network.
User bandwidth can be determined during initial authentication
authorization of the session. It is also desirable to change the
bandwidth mid-session. For example, the user may want to purchase
additional bandwidth to download a large file. This document
enables operators to dynamically modify the bandwidth allocation
for a session.
This document defines new AAA attributes that can optionally be
used for the following;
. Conveying bandwidth parameters to the home network that an
access network can allocate for a given user session
Adrangi, et al. Expires Dec 30, 2004 [Page 2]
Internet Draft Network Bandwidth Parameters July 16 2004
. Conveying the desired bandwidth parameters from the home
network that should be allocated by the access network for
the duration of the user session.
These attributes are also used for reporting the allocated
bandwidth in accounting records. The attributes are described for
RADIUS [1], but works as is also in Diameter [RFC 3588], and
through the translation rules defined in [Diameter NASREQ].
1.2 Requirements language
In this document, several words are used to signify the
requirements of the specification. These words are often
capitalized. The key words "MUST", "MUST NOT", "REQUIRED",
"SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED",
"MAY", and "OPTIONAL" in this document are to be interpreted as
described in [RFC2119].
2. Overview
This section describes the bandwidth parameters and the protocol
by which these parameters can be exchanged between a NAS and the
AAA server to help the access network determine the bandwidth
parameters that should be allocated for the userÆs connection by
the access.
2.1 Bandwidth Parameters
Bandwidth Profile parameters consists of four parameters: minimum
bandwidth, and maximum bandwidth specified both for ingress and
egress. The following subsections describe these parameters.
2.1.1 Minimum Bandwidth for ingress and egress
It indicates the minimum peak ingress/egress data rate that the
authorized user should get within the access network. This
value is a target, rather than a guarantee.
2.1.2 Maximum Bandwidth for ingress and egress
It indicates the average maximum ingress/egress data rate that
an access network can allow to an authorized user.
2.2 Protocol
Two protocols are described. One protocol is used to allocate
bandwidth when a service is initiated (referred to as Static
Bandwidth Allocation); the other protocol describes how to change
Adrangi, et al. Expires Dec 30, 2004 [Page 3]
Internet Draft Network Bandwidth Parameters July 16 2004
bandwidth attribute dynamically that is, mid-session (also
referred to as Dynamic Bandwidth Allocation).
Both protocols exchange bandwidth parameters using the various
AAA messages, and they are comprised of three phases: bandwidth
Advertisement, Selection, and Confirmation.
Bandwidth Advertisement:
MAY be sent in Access-Request packet in RADIUS, and the AAR
and DER commands in Diameter [Diameter NASREQ, Diameter EAP],
from the NAS to the home AAA server. The attributes convey
possible/available bandwidth parameters that can be allocated
for the access network client connection to the AAA server by
the NAS.
Bandwidth Selection:
MAY be sent in Access-Accept packet and Change of
Authorization (COA) messages in RADIUS. MAY also be sent in
RAR command in Diameter [4]. Selection conveys the desired
bandwidth parameters for an access network client connection
to the NAS by the home AAA server.
Bandwidth Confirmation:
If Bandwidth Selection is received and enforced, the
attributes MUST be sent in Accounting-Request packets in
RADIUS and in ACR command in Diameter. Confirmation indicates
that the desired bandwidth parameters specified by a home
network are being enforced by the access network.
The Bandwidth Attributes, defined in section 3, are used to carry
the Bandwidth Advertisement, Selection, Confirmation in various
RADIUS packets and Diameter commands.
An Advertisement, Selection, Confirmation is said to be valid if
it contains the four aforementioned bandwidth parameters. For a
valid Advertisement, Selection or Confirmation, the minimum
bandwidth rate values for ingress and egress traffic MUST be
equal or less than their corresponding maximum bandwidth rate
values.
If a Selection is sent in response to an Advertisement, for the
Selection to be considered valid, the bandwidth parameters in the
Selection MUST NOT exceed the corresponding bandwidth parameters
in the Advertisement. A bandwidth rate value of zero in
Selection should be interpreted as a ödonÆt careö value.
Adrangi, et al. Expires Dec 30, 2004 [Page 4]
Internet Draft Network Bandwidth Parameters July 16 2004
The following subsections describe static and dynamic bandwidth
allocation.
2.2.1 Static Bandwidth Allocation
Static bandwidth allocation is performed during the initial
session authentication / authorization.
The following diagram shows the protocol interaction between
the NAS and the home RADIUS server for determining network
bandwidth rates that an access network needs to allocate for a
client connection within the access network.
Client NAS home RADIUS server
| | |
| | |
| Authentication | |
| Phase Begin | |
|----------------->| Access-Request |
| | + |
| | BA for Advertisement |
| |----------------------------->|
| | |
|<<More Authentication/Authorization Exchanges>> |
| | |
| | |
| |<-----------------------------|
| | Access-Accept |
| Authentication | + |
| Accept | BA for Selection |
|<-----------------| |
| | |
| | |
| | Accounting Request |
| | + |
| | BA for Confirmation |
| |----------------------------->|
| | |
The NAS MAY send an Advertisement in an Access-Request message.
If the home RADIUS server receives an invalid Advertisement,
then the RADIUS server MUST silently discard the Access-
Request.
A home RADIUS server MAY send the Selection after receiving a
valid Advertisement. It MAY also send the Selection in the
absence of an Advertisement, based on local policies such as
Adrangi, et al. Expires Dec 30, 2004 [Page 5]
Internet Draft Network Bandwidth Parameters July 16 2004
the clientÆs subscription profile. When the NAS receives an
invalid Selection, it MUST treat the Access-Accept message as
an Access Reject.
If the NAS receives a valid Selection in response to an Access-
Request that did not contain an Advertisement, then the NAS MAY
honor the Selection.
If the NAS receives a valid Selection in response to an Access-
Request that contained a valid Advertisement, then the NAS MUST
honor the Selection.
In the absence of a Selection after sending a valid
Advertisement, in accordance with local policy, the access
network MAY enforce its default bandwidth rate values or it MAY
use öbest effortö bandwidth for that client connection.
2.2.2 Dynamic Bandwidth Allocation
Dynamic bandwidth allocation uses the Change of Authorization
(COA) RADIUS message as defined in [3], and the Diameter RAR
message as defined in [4]. These messages are referred to as
the re-authorization messages in this specification.
In accordance with [3] there are two methods for dynamically
changing authorization attributes of a session. These two
methods are described in this section.
At anytime during the session the home AAA server may send the
NAS a re-authorization message containing session
identification attributes (see [3] for the possible options).
The re-authorization message may include authorization
attributes in which case it is "pushing" the bandwidth
attributes to the NAS. Or, it may instruct the NAS to generate
an authorize-only AAA exchange to "pull" the bandwidth
attributes. In RADIUS this exchange is an Access-Request with
Service-Type set to "Authorize-Only". In Diameter it is the AAR
command with the Auth-Request-Type AVP set to AUTHORIZE_ONLY.
In either "push" or "pull" method, upon successful acceptance
of the new bandwidth parameters for the session, the NAS MUST
generate an Accouting-Stop record that contains the old
bandwidth attributes followed by an Accounting-Start message
that contains the new bandwidth attributes.
In order to allow for downstream correlation of the accounting
records, an NAS that supports dynamic bandwidth allocation MUST
include Acct-Multi-Session-Id when writing accounting records.
2.2.2.1 Push Method
Adrangi, et al. Expires Dec 30, 2004 [Page 6]
Internet Draft Network Bandwidth Parameters July 16 2004
In the Push Method, to effect a dynamic bandwidth change the
home RADIUS server sends a re-authorization message and
includes a valid Selection. The RADIUS server MAY also
include other attributes in the re-authorization message.
NAS Home RADIUS Server
| |
| |
|re-authorization + BAs for Selection |
|<---------------------------------------------|
| |
| |
| re-authorization ACK |
|--------------------------------------------->|
| |
| |
| Accounting-Stop + old BAs for Confirmation |
|--------------------------------------------->|
| |
| Accounting-Start + new bandwidth |
|--------------------------------------------->|
| |
| |
Upon the successful reception of the re-authorization message
(see [3] for details) by the NAS, if the re-authorization
message contains an invalid Selection, the NAS MUST respond
with a re-authorization NAK with Error Cause (101) set to
öInvalid Requestö (404).
If the NAS is able to offer the requested bandwidth to the
specified session, the NAS MUST reply with a re-authorization
ACK and it MUST generate an Accounting-Stop record containing
the old bandwidth attributes followed by an Accounting-Start
record containing the new bandwidth attributes. If the NAS
can not comply with the request for new bandwidth it MUST
reply with re-authorization NAK with Error Cause (101) set to
"Resources Unavailable"(506).
If the NAS receives a re-authorization message that does not
include Bandwidth attributes then the NAS must not alter the
bandwidth already allocated to the session.
Adrangi, et al. Expires Dec 30, 2004 [Page 7]
Internet Draft Network Bandwidth Parameters July 16 2004
2.2.2.2 Pull Method
Alternatively, in the pull method, to effect a dynamic
bandwidth change, as per [3], the home network sends a re-
authorization message to instruct the AN to generate an
Authorize-Only request (Access-Request with Service-Type set
to Authorize-Only).
NAS Home RADIUS server
| |
| re-authorization + Service-Type = öAuthorize Onlyö |
|<-----------------------------------------------------|
| |
|re-authorization NAK + Service-Type = öAuthorize Onlyö|
| + Error-Cause "Request Initiated" |
|----------------------------------------------------->|
| |
| Access-Request + Service-Type öAuthorize Onlyö |
| + BAs for Advertisement |
|----------------------------------------------------->|
| |
| Access-Accept + BAs for Selection |
|<-----------------------------------------------------|
| |
| Accounting-Stop + old BAs for Confirmation |
|----------------------------------------------------->|
| |
| Accounting-Start + new BAs for Confirmation |
|----------------------------------------------------->|
| |
| |
As with the static bandwidth allocation (described earlier),
the AN MAY Advertise the currently available bandwidth in the
Authorize-Only message.
Upon receiving the Authorize-Only message from the AN, the
RADIUS server MUST respond with either an Access-Accept
message or an Access-Reject message.
When responding with an Access-Accept message, the RADIUS
server MAY include the BAs for Selection. If the Authorize-
Only message included an Advertisement, the bandwidth
parameters in Selection MUST be within the bounds of
bandwidth parameters in the Advertisement received in the
Authorize-Only message.
Adrangi, et al. Expires Dec 30, 2004 [Page 8]
Internet Draft Network Bandwidth Parameters July 16 2004
Upon receiving an Access-Reject in response to the Authorize-
Only, the AN will terminate the session and send an
Accounting-Stop record.
Upon receiving an Access-Accept in response to an Authorize-
Only request that does not contain bandwidth Selection, the
access network MUST allocate its default bandwidth rate
values, and then the NAS MUST generate an Accouting-Stop
record that contains the old bandwidth attributes followed by
an Accounting-Start message that contains the new bandwidth
attributes.
Upon receiving an Access-Accept packet that contains an
invalid Bandwidth Selection, the AN MUST treat the response
as an Access-Reject and immediately terminate the session.
Upon receiving an Access-Accept message in response to an
Authorize-Only message that contained the Bandwidth
Advertisement, then providing the bandwidth selections are
within the bounds of the Advertisement, then AN MUST honor
the requested bandwidth and generate an Accounting-Stop
message that contains the old bandwidth attributes followed
by an Account-Start message that contains the new bandwidth
attributes. If the bandwidth Selection were outside the
bounds of the Advertisement, then the AN MUST treat the
Access-Accept as an Access-Reject and immediately terminate
the session.
Upon receiving an Access-Accept message that contains a valid
Selection in response to an Authorize-Only that did not
contain the Advertisement, the AN MAY honor the Selection or
it MAY continue to honor the previously agreed to bandwidth.
In the former case, the AN must generate an Accounting Stop
message containing the old bandwidth attributes followed by
an Accounting-Start message containing the current bandwidth
attributes.
2.3 Diameter RADIUS Interoperability
In deployments where both RADIUS clients talking with Diameter
Servers or Diameter Client talking with RADIUS server then a
translation agent will be deployed and operate in accordance to
the NASREQ specification.
3. Attribute Format/Syntax
This section describes format and syntax for the attributes that
carry the network bandwidth parameters. The attributes are used
for bandwidth parameters Advertisement, Selection, and
Confirmation.
Adrangi, et al. Expires Dec 30, 2004 [Page 9]
Internet Draft Network Bandwidth Parameters July 16 2004
A summary of the AN Bandwidth Parameter Attributes is shown below.
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Value |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Value |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
TBD - Ingress Average Minimum Bandwidth Rate
Length
6
Value
An integer value representing the ingress average minimum
bandwidth rate in bytes per second.
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Value |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Value |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
TBD - Ingress Average Maximum Bandwidth Rate
Length
6
Value
An integer value representing the egress average minimum
bandwidth rate in bytes per second
Adrangi, et al. Expires Dec 30, 2004 [Page 10]
Internet Draft Network Bandwidth Parameters July 16 2004
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Value |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Value |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
TBD Egress Average Minimum Bandwidth Rate
Length
6
Value
An integer value representing the ingress average maximum
bandwidth rate in bytes per second
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Value |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Value |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
TBD Egress Average Maximum Bandwidth Rate
Length
6
Value
An integer value representing the egress average maximum
bandwidth Rate in bytes per second
4. Table of Attribute(s)
Adrangi, et al. Expires Dec 30, 2004 [Page 11]
Internet Draft Network Bandwidth Parameters July 16 2004
The following table provides a guide to which attribute(s) may be
found in which kinds of packets, and in what quantity.
Request Accept Reject Challenge Accounting # Attribute
Request
0-1 0-1 0 0 0-1 TBD Ingress Minimum Band.
0-1 0-1 0 0 0-1 TBD Ingress Maximum Band.
0-1 0-1 0 0 0-1 TBD Egress Minimum Band.
0-1 0-1 0 0 0-1 TBD Egress Minimum Band.
For Change-of-Authorization Messages
Request ACK NAK # Attribute
0-1 0 0 TBD Ingress Minimum Bandwidth
0-1 0 0 TBD Ingress Maximum Bandwidth
0-1 0 0 TBD Egress Minimum Bandwidth
0-1 0 0 TBD Egress Maximum Bandwidth
Note 1 : if the Change-of-Authorization message contains any
bandwidth attributes then all the bandwidth attributes received for
this session are overwritten. If the Change-of-Authorization
message does not contain any bandwidth attributes then, the
previously received bandwidth attributes remain in effect.
Note 2: if one of the attribute is included in a qualified RADIUS
packet, then all the three attributes MUST be included.
5. IANA Considerations
This document requires the assignment of four new RADIUS attribute
numbers for the following attribute(s):
1) Ingress Average Minimum Bandwidth Rate
2) Ingress Average Maximum Bandwidth Rate
3) Egress Average Minimum Bandwidth Rate
4) Egress Average Maximum Bandwidth Rate
Please See section 3 for the registered list of numbers.
6. Security Considerations
Adrangi, et al. Expires Dec 30, 2004 [Page 12]
Internet Draft Network Bandwidth Parameters July 16 2004
The attributes in this document have no additional security
considerations beyond those already identified in [1].
7. Acknowledgements
The authors would specially like to thank Jari Arkko (of Ericsson)
for his through review of the draft, providing feedback/comments
and proposing text.
The authors would like to thank Bernard Aboba (of Microsoft),
Parviz Yegani (of Cisco), Stefan De_cnodder (of alcatel) for their
feedback and guidance.
8. References
[1] Rigney, C., Rubens, A., Simpson, W. and S. Willens, "Remote
Authentication Dial In User Server (RADIUS)", RFC 2865, June
2000.
[2] Rigney, C., "RADIUS Accounting", RFC 2866, June 2000.
[3] Chiba, M., Dommety, G., Eklud, M., Mitton, D., Aboba, B.,
öDynamic Authorization Extensions to Remote Authentication
Dial In User Service (RADIUS)ö, RFC 3576, July 2003.
[4] Calhoun, et al., ö Diameter Base Protocolö, RFC 3588,
September 2003.
AuthorsÆ Addresses
Farid Adrangi
Intel Corporation
2111 N.E. 25th Avenue
Hillsboro OR
USA
Chuck Black
ProCurve Networking Business
Hewlett-Packard Company
8000 Foothills Blvd
Roseville, CA 95747
Phone: +1 916 785 9713
Fax: +1 916 785 1199
Email: chuck.black@hp.com
Paul Congdon
ProCurve Networking Business
Adrangi, et al. Expires Dec 30, 2004 [Page 13]
Internet Draft Network Bandwidth Parameters July 16 2004
Hewlett-Packard Company
8000 Foothills Blvd - MS 5662
Roseville, CA 95747
Phone: +1 916 785 5753
Fax: +1 916 785 8478
Email: paul.congdon@hp.com
Avi Lior
Bridgewater Systems Corporation
303 Terry Fox Drive
Suite 100
Ottawa, Ontario K2K 3J1
Canada
Farooq Bari
AT&T Wireless
7277 164th Avenue N.E.
Redmond WA
USA
Phone: +1 425-580-5526
EMail: farooq.bari@attws.com
Full Copyright Statement
Copyright (C) The Internet Society (2002). All Rights
Reserved.
This document and translations of it may be copied and
furnished to others, and derivative works that comment on or
otherwise explain it or assist in its implementation may be
prepared, copied, published and distributed, in whole or in
part, without restriction of any kind, provided that the above
copyright notice and this paragraph are included on all such
copies and derivative works. However, this document itself may
not be modified in any way, such as by removing the copyright
notice or references to the Internet Society or other Internet
organizations, except as needed for the purpose of developing
Internet standards in which case the procedures for copyrights
defined in the Internet Standards process must be followed, or
as required to translate it into languages other than English.
The limited permissions granted above are perpetual and will
not be revoked by the Internet Society or its successors or
assigns.
Adrangi, et al. Expires Dec 30, 2004 [Page 14]
Internet Draft Network Bandwidth Parameters July 16 2004
This document and the information contained herein is provided
on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE
OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY
IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A
PARTICULAR PURPOSE.
Acknowledgement
Funding for the RFC Editor function is currently provided by
the Internet Society.
Adrangi, et al. Expires Dec 30, 2004 [Page 15]