Network Working Group                                       B. Lourdelet
Internet-Draft                                                    W. Dec
Intended status: Standards Track                     Cisco Systems, Inc.
Expires: September 4, 2009                                       G. Zorn
                                                             Network Zen
                                                           March 3, 2009


               RADIUS attributes for IPv6 Access Networks
               draft-lourdelet-radext-ipv6-access-00.txt

Status of this Memo

   This Internet-Draft is submitted to IETF in full conformance with the
   provisions of BCP 78 and BCP 79.  This document may contain material
   from IETF Documents or IETF Contributions published or made publicly
   available before November 10, 2008.  The person(s) controlling the
   copyright in some of this material may not have granted the IETF
   Trust the right to allow modifications of such material outside the
   IETF Standards Process.  Without obtaining an adequate license from
   the person(s) controlling the copyright in such materials, this
   document may not be modified outside the IETF Standards Process, and
   derivative works of it may not be created outside the IETF Standards
   Process, except to format it for publication as an RFC or to
   translate it into languages other than English.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt.

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

   This Internet-Draft will expire on September 4, 2009.

Copyright Notice

   Copyright (c) 2009 IETF Trust and the persons identified as the
   document authors.  All rights reserved.



Lourdelet, et al.       Expires September 4, 2009               [Page 1]


Internet-Draft             RADIUS IPv6 Access                 March 2009


   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents in effect on the date of
   publication of this document (http://trustee.ietf.org/license-info).
   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.

Abstract

   This document specifies new IPv6 attributes for RADIUS that
   complement [RFC3162].  Its goal is to offer more IPv6 deployment
   options when StateLess Address Auto Configuration (SLAAC) or DHCP are
   involved.


Table of Contents

   1.  Requirements Language . . . . . . . . . . . . . . . . . . . . . 3
   2.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . . . 3
   3.  Attributes  . . . . . . . . . . . . . . . . . . . . . . . . . . 3
     3.1.  IPv6-Address Attribute  . . . . . . . . . . . . . . . . . . 3
     3.2.  IPv6-DNS-Server-Address . . . . . . . . . . . . . . . . . . 4
     3.3.  IPv6-Prefix-Information . . . . . . . . . . . . . . . . . . 5
     3.4.  Table of attributes . . . . . . . . . . . . . . . . . . . . 6
   4.  Diameter Considerations . . . . . . . . . . . . . . . . . . . . 6
   5.  Security Considerations . . . . . . . . . . . . . . . . . . . . 6
   6.  IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 6
   7.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . . . 6
   8.  References  . . . . . . . . . . . . . . . . . . . . . . . . . . 7
     8.1.  Normative References  . . . . . . . . . . . . . . . . . . . 7
     8.2.  Informative References  . . . . . . . . . . . . . . . . . . 7
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . . . 8




















Lourdelet, et al.       Expires September 4, 2009               [Page 2]


Internet-Draft             RADIUS IPv6 Access                 March 2009


1.  Requirements Language

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119].


2.  Introduction

   This document specifies new IPv6 RADIUS attributes used to support
   IPv6 network access.  As IPv6 specifies two configuration mechanisms
   (DHCP and SLAAC), the new attributes are targeted at both protocols
   when it makes sense.


3.  Attributes

   As usual, the fields shown in the diagrams below are transmitted from
   left to right.

3.1.  IPv6-Address Attribute

   This Attribute indicates an IPv6 Address that is assigned to the
   uplink of the user equipment.  It MAY be used in Access-Accept
   packets, and can appear multiple times.  It MAY be used in an Access-
   Request packet as a hint by the NAS to the server that it would
   prefer these IPv6 address(es), but the server is not required to
   honor the hint.  Since it is assumed that the NAS, when necessary
   will add a route corresponding to the address, it is not necessary
   for the server to also send a host Framed-IPv6-Route attribute for
   the same address.

   This Attribute can be used by DHCPv6 to offer a unique IPv6 address
   or can be used for a-posteriori validation of an autoconfigured
   address.

   A summary of the IPv6-Address Attribute format is shown below.

        0                   1                   2                   3
        0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
                                       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
                                       |     Type      |     Length    |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |                                                               |
       |                            Address                            |
       |                                                               |
       |                                                               |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+



Lourdelet, et al.       Expires September 4, 2009               [Page 3]


Internet-Draft             RADIUS IPv6 Access                 March 2009


   Type

      TBA1 for IPv6-Address

   Length

      18

   Address

      The Address field contains a 128-bit IPv6 address.

3.2.  IPv6-DNS-Server-Address

   The IPv6-DNS-Server-Address Attribute contains the IPv6 address of a
   DNS server.  This attribute MAY be included multiple times in Access-
   Accept.

   The contnet of this attribute can be inserted in a Router
   Advertisemnt as specified in RFc5006 or mapped to the matching DHCPv6
   option.

   A summary of the IPv6-DNS-Server-Address Attribute format is given
   below.

        0                   1                   2                   3
        0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
                                       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
                                       |     Type      |     Length    |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |                                                               |
       |                            Address                            |
       |                                                               |
       |                                                               |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


   Type

      TBA2 for IPv6-DNS-Server-Address

   Length

      18







Lourdelet, et al.       Expires September 4, 2009               [Page 4]


Internet-Draft             RADIUS IPv6 Access                 March 2009


   Address

      The 128-bit IPv6 address of a DNS server.

3.3.  IPv6-Prefix-Information

   This Attribute provides more specific prefix information to be
   advertised to the user by the NAS, with the NAS interface as the
   intended next-hop.  It is used in the Access-Accept packet and can
   appear multiple times.

   A summary of the IPv6-Prefix-Information Attribute format is shown
   below.

        0                   1                   2                   3
        0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |     Type      |    Length     |   Reserved    | Prefix-Length |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |                                                               |
       .                        Prefix (variable)                      .
       .                                                               .
       |                                                               |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


   Type

      TBA3 for IPv6-Prefix-Information

   Length

      At least 4 and no larger than 20; typically 12 or less.

   Prefix Length

      The length of the prefix, in bits; at least 0 and no more than
      128; typically 64 or less.

   Prefix

      Variable-length field containing an IP address or a prefix of an
      IP address.  The Prefix Length field contains the number of valid
      leading bits in the prefix.  The bits in the prefix after the
      prefix length (if any) are reserved and MUST be initialized to
      zero by the sender and ignored by the receiver.





Lourdelet, et al.       Expires September 4, 2009               [Page 5]


Internet-Draft             RADIUS IPv6 Access                 March 2009


3.4.  Table of attributes

   The following table provides a guide to which attributes may be found
   in which kinds of packets, and in what quantity.

 Request Accept Reject Challenge Accounting  #  Attribute
                                    Request
 0+      0+     0      0         0+        TBA1  IPv6-Address
 0+      0+     0      0         0+        TBA2  IPv6-DNS-Server-Address
 0       0+     0      0         0+        TBA3  IPv6-Prefix-Information


4.  Diameter Considerations

   Since the Attributes defined in this document are allocated from the
   standard RADIUS type space (see Section 6), no special handling is
   required by Diameter entities.


5.  Security Considerations

   TBD


6.  IANA Considerations

   This document requires the assignment of three new RADIUS Attribute
   Types in the "Radius Types" registry (currently located at
   http://www.iana.org/assignments/radius-types for the following
   attributes:

   o  IPv6-Address

   o  IPv6-DNS-Server-Address

   o  IPv6-Prefix-Information

   IANA should allocate these numbers from the standard RADIUS
   Attributes space using the "IETF Review" policy [RFC5226].


7.  Acknowledgements

   The authors would like to thank Alfred HInes and TBD for their
   contributions and comments to this document.


8.  References



Lourdelet, et al.       Expires September 4, 2009               [Page 6]


Internet-Draft             RADIUS IPv6 Access                 March 2009


8.1.  Normative References

   [RFC2865]  Rigney, C., Willens, S., Rubens, A., and W. Simpson,
              "Remote Authentication Dial In User Service (RADIUS)",
              RFC 2865, June 2000.

8.2.  Informative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.

   [RFC2460]  Deering, S. and R. Hinden, "Internet Protocol, Version 6
              (IPv6) Specification", RFC 2460, December 1998.

   [RFC2472]  Haskin, D. and E. Allen, "IP Version 6 over PPP",
              RFC 2472, December 1998.

   [RFC2529]  Carpenter, B. and C. Jung, "Transmission of IPv6 over IPv4
              Domains without Explicit Tunnels", RFC 2529, March 1999.

   [RFC2866]  Rigney, C., "RADIUS Accounting", RFC 2866, June 2000.

   [RFC2867]  Zorn, G., Aboba, B., and D. Mitton, "RADIUS Accounting
              Modifications for Tunnel Protocol Support", RFC 2867,
              June 2000.

   [RFC2868]  Zorn, G., Leifer, D., Rubens, A., Shriver, J., Holdrege,
              M., and I. Goyret, "RADIUS Attributes for Tunnel Protocol
              Support", RFC 2868, June 2000.

   [RFC2869]  Rigney, C., Willats, W., and P. Calhoun, "RADIUS
              Extensions", RFC 2869, June 2000.

   [RFC3056]  Carpenter, B. and K. Moore, "Connection of IPv6 Domains
              via IPv4 Clouds", RFC 3056, February 2001.

   [RFC3162]  Aboba, B., Zorn, G., and D. Mitton, "RADIUS and IPv6",
              RFC 3162, August 2001.

   [RFC4213]  Nordmark, E. and R. Gilligan, "Basic Transition Mechanisms
              for IPv6 Hosts and Routers", RFC 4213, October 2005.

   [RFC4291]  Hinden, R. and S. Deering, "IP Version 6 Addressing
              Architecture", RFC 4291, February 2006.

   [RFC5072]  S.Varada, Haskin, D., and E. Allen, "IP Version 6 over
              PPP", RFC 5072, September 2007.




Lourdelet, et al.       Expires September 4, 2009               [Page 7]


Internet-Draft             RADIUS IPv6 Access                 March 2009


   [RFC5172]  Varada, S., "Negotiation for IPv6 Datagram Compression
              Using IPv6 Control Protocol", RFC 5172, March 2008.

   [RFC5226]  Narten, T. and H. Alvestrand, "Guidelines for Writing an
              IANA Considerations Section in RFCs", BCP 26, RFC 5226,
              May 2008.


Authors' Addresses

   Benoit Lourdelet
   Cisco Systems, Inc.
   Village ent. GreenSide, Bat T3,
   400, Av de Roumanille,
   06410 BIOT - Sophia-Antipolis Cedex
   France

   Phone: +33 4 97 23 26 23
   Email: blourdel@cisco.com


   Wojciech Dec
   Cisco Systems, Inc.
   Haarlerbergweg 13-19
   400, Av de Roumanille,
   Amsterdam , NOORD-HOLLAND 1101 CH
   Netherlands

   Phone: +31 20 357 3034
   Email: wdec@cisco.com


   Glen Zorn
   Network Zen
   1310 East Thomas Street
   Seattle, WA
   US

   Email: gwz@net-zen.net












Lourdelet, et al.       Expires September 4, 2009               [Page 8]