Network Working Group                                            G. Zorn
Internet-Draft                                     Microsoft Corporation
Updates: RFC 2139                                              D. Mitton
Category: Informational                                     Bay Networks
<draft-ietf-radius-tunnel-acct-00.txt>                     November 1997



      RADIUS Accounting Modifications for Tunnel Protocol Support



1.  Status of this Memo

This  document  is an Internet-Draft.  Internet-Drafts are working docu-
ments of the Internet Engineering Task Force (IETF), its areas, and  its
working groups.  Note that other groups may also distribute working doc-
uments as Internet-Drafts.

Internet-Drafts are draft documents valid for a maximum  of  six  months
and  may  be  updated,  replaced, or obsoleted by other documents at any
time.  It is inappropriate to use Internet-Drafts as reference  material
or to cite them other than as work in progress.''

To  learn  the  current  status  of any Internet-Draft, please check the
``1id-abstracts.txt'' listing contained in  the  Internet-Drafts  Shadow
Directories  on ds.internic.net (US East Coast), nic.nordu.net (Europe),
ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific Rim).

The distribution of this memo is unlimited.  It is filed as <draft-ietf-
radius-tunnel-acct-00.txt>,  and expires May 25, 1998.  Please send com-
ments  to  the  RADIUS  Working  Group  mailing  list  (ietf-radius@liv-
ingston.com) or to the authors (glennz@microsoft.com and dmitton@baynet-
works.com).


2.  Abstract

This document defines a new RADIUS accounting Attribute and  new  values
for  the existing Acct-Status-Type Attribute [1] designed to support the
provision of compulsory tunneling in dial-up networks.


3.  Motivation

Many applications of tunneling protocols such as PPTP and  L2TP  involve
dial-up network access.  Some, such as the provision of secure access to
corporate intranets via the Internet,  are  characterized  by  voluntary



Zorn & Mitton                                                   [Page 1]


INTERNET-DRAFT      RADIUS Accounting Tunnel Support       November 1997


tunneling:  the  tunnel is created at the request of the user for a spe-
cific purpose.  Other applications  involve  compulsory  tunneling:  the
tunnel  is created without any action from the user and without allowing
the user any choice in the matter.  Examples of applications that  might
be  implemented  using  compulsory tunnels are Internet software upgrade
servers, software registration servers and banking services.  These  are
all services which, without compulsory tunneling, would probably be pro-
vided using dedicated networks or  at  least  dedicated  network  access
servers  (NAS),  since  they are characterized by the need to limit user
access to specific hosts.  Given the existence of widespread support for
compulsory tunneling, however, these types of services could be accessed
via any Internet service provider (ISP).  Typically,  ISPs  providing  a
service  want  to collect data regarding that service, for billing, net-
work planning, etc.  The most popular way to collect usage data in dial-
up  networks today is by means of RADIUS  Accounting.  The use of RADIUS
Accounting allows dial-up usage data to be collected at a central  loca-
tion,  rather  than  stored  on  each NAS.  It makes sense to use RADIUS
Accounting to collect usage data regarding compulsory  tunneling,  since
RADIUS  Accounting has been widely implemented and was designed to carry
this type of information.  In order to provide this functionality, a new
RADIUS attribute is needed to aid in the collation of tunnel usage data;
this document defines this attribute.  In addition, several  new  values
for  the  Acct-Status-Type attribute are proposed.  Specific recommenda-
tions for, and examples of, the application of this  attribute  for  the
L2TP  and  PPTP  protocols can be found in draft-ietf-radius-tunnel-imp-
XX.txt.


4.  Specification of Requirements

In this document, the key words "MAY", "MUST,  "MUST  NOT",  "optional",
"recommended",  "SHOULD",  and  "SHOULD  NOT",  are to be interpreted as
described in [2].


5.  New Acct-Status-Type Values

5.1.  Tunnel-Start

   Value
      ?

   Description

      This value MAY be used to mark the establishment of a tunnel  with
      another  node.   If  this  value is used, the following attributes
      SHOULD also be included in the Accounting-Request packet:




Zorn & Mitton                                                   [Page 2]


INTERNET-DRAFT      RADIUS Accounting Tunnel Support       November 1997


         NAS-IP-Address (4)
         Acct-Delay-Time (41)
         Tunnel-Type (64)
         Tunnel-Medium-Type (65)
         Tunnel-Client-Endpoint (66)
         Tunnel-Server-Endpoint (67)
         Acct-Tunnel-Connection (68)


5.2.  Tunnel-Stop

   Value
      ?

   Description

      This value MAY be used to mark the  destruction  of  a  tunnel  to
      another  node.   If  this  value is used, the following attributes
      SHOULD also be included in the Accounting-Request packet:

         NAS-IP-Address (4)
         Acct-Delay-Time (41)
         Acct-Terminate-Cause (49)
         Tunnel-Type (64)
         Tunnel-Medium-Type (65)
         Tunnel-Client-Endpoint (66)
         Tunnel-Server-Endpoint (67)
         Acct-Tunnel-Connection (68)


5.3.  Tunnel-Reject

   Value
      ?

   Description

      This value MAY be used to mark the rejection of the  establishment
      of a tunnel with another node.  If this value is used, the follow-
      ing attributes SHOULD also be included in  the  Accounting-Request
      packet:

         NAS-IP-Address (4)
         Acct-Delay-Time (41)
         Acct-Terminate-Cause (49)
         Tunnel-Type (64)
         Tunnel-Medium-Type (65)
         Tunnel-Client-Endpoint (66)



Zorn & Mitton                                                   [Page 3]


INTERNET-DRAFT      RADIUS Accounting Tunnel Support       November 1997


         Tunnel-Server-Endpoint (67)
         Acct-Tunnel-Connection (68)


5.4.  Tunnel-Link-Start

   Value
      ?

   Description

      This  value MAY be used to mark the creation of a tunnel link.  If
      this value is  used,  the  following  attributes  SHOULD  also  be
      included in the Accounting-Request packet:

      NAS-IP-Address (4)
      NAS-Port (5)
      Acct-Delay-Time (41)
      Tunnel-Type (64)
      Tunnel-Medium-Type (65)
      Tunnel-Client-Endpoint (66)
      Tunnel-Server-Endpoint (67)
      Acct-Tunnel-Connection (68)

5.5.  Tunnel-Link-Stop

   Value
      ?

   Description

      This  value  MAY be used to mark the destruction of a tunnel link.
      If this value is used, the following  attributes  SHOULD  also  be
      included in the Accounting-Request packet:

      NAS-IP-Address (4)
      NAS-Port (5)
      Acct-Delay-Time (41)
      Acct-Input-Octets (42)
      Acct-Output-Octets (43)
      Acct-Session-Id (44)
      Acct-Session-Time (46)
      Acct-Input-Packets (47)
      Acct-Output-Packets (48)
      Acct-Terminate-Cause (49)
      Acct-Multi-Session-Id (51)
      NAS-Port-Type (61)
      Tunnel-Type (64)



Zorn & Mitton                                                   [Page 4]


INTERNET-DRAFT      RADIUS Accounting Tunnel Support       November 1997


      Tunnel-Medium-Type (65)
      Tunnel-Client-Endpoint (66)
      Tunnel-Server-Endpoint (67)
      Acct-Tunnel-Connection (68)


6.  Attributes

6.1.  Acct-Tunnel-Connection

   Description

      This  Attribute  indicates the identifier assigned to the session.
      It SHOULD be included in Accounting-Request packets which  contain
      Acct-Status-Type  attributes  with values of either Start or Stop.
      This attribute, along with the Tunnel-Client-Endpoint and  Tunnel-
      Server-Endpoint  attributes [3], may be used to provide a means to
      uniquely identify a tunnel session for auditing purposes.

   A summary of the Acct-Tunnel-Connection  Attribute  format  is  shown
   below.  The fields are transmitted from left to right.

   0                   1                   2
   0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |    Type     |    Length     |    String ...
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Type

      68 for Acct-Tunnel-Connection

   Length

      >= 3

   String
      The  format  of  the  identifier  represented  by the String field
      depends upon the value of the Tunnel-Type attribute [3].


7.  Security Considerations

None (submissions welcome).







Zorn & Mitton                                                   [Page 5]


INTERNET-DRAFT      RADIUS Accounting Tunnel Support       November 1997


8.  References

[1]  Rigney, "RADIUS Accounting", RFC 2139, April 1997

[2]  Bradner, "Key words for use in RFCs to  Indicate  Requirement  Lev-
     els", RFC 2119, March 1997


9.  Acknowledgements

Thanks  to  Bernard  Aboba  (aboba@internaut.com)  for salient input and
review.


10.  Chair's Address

The RADIUS Working Group can be contacted via the current chair:

   Carl Rigney
   Livingston Enterprises
   6920 Koll Center Parkway, Suite 220
   Pleasanton, California  94566

   Phone: +1 510 426 0770
   E-Mail: cdr@livingston.com


11.  Authors' Addresses

Questions about this memo can also be directed to:

   Glen Zorn
   Microsoft Corporation
   One Microsoft Way
   Redmond, Washington 98052

   Phone:  +1 206 703 1559
   E-Mail: glennz@microsoft.com


   Dave Mitton
   Bay Networks, Inc.

   E-Mail: dmitton@baynetworks.com







Zorn & Mitton                                                   [Page 6]


INTERNET-DRAFT      RADIUS Accounting Tunnel Support       November 1997


12.  Expiration Date

This memo is filed as draft-ietf-radius-tunnel-acct-00.txt  and  expires
on May 25, 1998.















































Zorn & Mitton                                                   [Page 7]