RADIUS Extensions Working Group                                S. Winter
Internet-Draft                                                   RESTENA
Intended status: Standards Track                           July 16, 2012
Expires: January 17, 2013


                 RADIUS Accounting for traffic classes
                 draft-winter-radext-fancyaccounting-02

Abstract

   This document specifies new attributes for RADIUS Accounting to
   enable NAS reporting of subsets of the total traffic in a user
   session.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on January 17, 2013.

Copyright Notice

   Copyright (c) 2012 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.





Winter                  Expires January 17, 2013                [Page 1]


Internet-Draft           RADIUS Fancy Accounting               July 2012


Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . . . 3
     1.1.  Requirements Language . . . . . . . . . . . . . . . . . . . 3
   2.  Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . 3
     2.1.  Acct-Traffic-Class attribute  . . . . . . . . . . . . . . . 3
       2.1.1.  Acct-Traffic-Class-Name attribute . . . . . . . . . . . 4
       2.1.2.  Acct-Traffic-Class-Input-Octets attribute . . . . . . . 5
       2.1.3.  Acct-Traffic-Class-Output-Octets attribute  . . . . . . 5
       2.1.4.  Acct-Traffic-Class-Input-Packets attribute  . . . . . . 5
       2.1.5.  Acct-Traffic-Class-Output-Packets attribute . . . . . . 6
     2.2.  URN values for attribute Acct-Traffic-Class-Name  . . . . . 6
   3.  Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
   4.  Attribute Occurence Table . . . . . . . . . . . . . . . . . . . 8
   5.  Security Considerations . . . . . . . . . . . . . . . . . . . . 9
   6.  IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 9
   7.  Normative References  . . . . . . . . . . . . . . . . . . . . . 9


































Winter                  Expires January 17, 2013                [Page 2]


Internet-Draft           RADIUS Fancy Accounting               July 2012


1.  Introduction

   RADIUS Accounting [RFC2866] defines counters for octets and packets,
   both in the incoming and outgoing direction.  Usage of these counters
   enables an operator create volume-based billing models and to execute
   proper capacity planning on its infrastructure.

   The Accounting model is based on the assumption that all traffic in a
   user session is treated equally; i.e. that there are no differences
   in the billing model of one class of traffic over another.

   Actual deployments suggest that this assumption is no longer valid.
   In particular, different traffic classes are defined with DSCP; and
   billing the use of these traffic classes separately is an
   understandable request.

   Plus, the introduction of dual-stack operation on links creates an
   understandable interest of getting separate statistics about the
   amount of IPv4 vs. IPv6 usage on a link; be it for billing or
   statistical reasons.

   This document defines Accounting attributes that supplement (but not
   replace) the accounting counters in RFC2866.  It utilizes the new
   "extended attributes" in RADIUS ([I-D.ietf-radext-radius-extensions])
   to a) group accounting reports about traffic classes together and b)
   enable 64-Bit counts in a single attribute with the Integer64
   datatype.

1.1.  Requirements Language

   In this document, several words are used to signify the requirements
   of the specification.  The key words "MUST", "MUST NOT", "REQUIRED",
   "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT
   RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be
   interpreted as described in RFC 2119.  [RFC2119]

2.  Definitions

2.1.  Acct-Traffic-Class attribute

   The attribute Acct-Traffic-Class is a TLV container for a group of
   sub-attributes which specify the class of traffic that is being
   reported about, and the amount of traffic in a user session that
   falls into this class.

      Attribute: 245.1 Acct-Traffic-Class





Winter                  Expires January 17, 2013                [Page 3]


Internet-Draft           RADIUS Fancy Accounting               July 2012


      Type: TLV

      Length: >3 octets

   There can be multiple instances of this attribute in a Accounting-
   Interim-Update or a Accounting-Stop packet.  The attribute MUST NOT
   be present in an Accounting-Start packet.

   It is not required that the sum of all traffic in all instances is
   the total sum of octets and packets in the user's session.  I.e. the
   traffic classes used in the Accounting packet do not need to
   partition the total traffic in non-overlapping segments.

   The total number of octets and packets in a user session continues to
   be sent in the RFC2866 attributes.

2.1.1.  Acct-Traffic-Class-Name attribute

   The attribute Acct-Traffic-Class-Name, sub-attribute in the group
   Acct-Traffic-Class, defines the class of traffic for which the other
   attributes in the instance of Acct-Traffic-Class count octets and
   packets.  Every group instance MUST contain exactly one Acct-Traffic-
   Class-Name.

      Attribute: 245.1.2 Acct-Traffic-Class-Name

      Type: STRING

      Value: 1-250 octets

   There are two options for the value of this attribute.

   Option 1: Acct-Traffic-Class-Name string starting with the substring
   "urn:".  Usage of this option implies that the traffic name is in the
   form of a URN and requires that a public specification of this URN
   exists.  That specification must include the type of traffic being
   counted with this traffic class, and the exact definition of where in
   the network packets the byte-count starts and ends.  This document
   defines a set of known, well-defined traffic accounting classes in an
   IANA-managed registry in Section 2.2.  New values for this registry
   are assigned on expert review basis.

   Option 2: Acct-Traffic-Class-Name string not starting with "urn:".
   This option is for local use of special-purpose accounting as defined
   by the NAS administrator, where no defined URN matches the meaning of
   the traffic to be counted.  The meaning of the content needs to be
   communicated out-of-band between the NAS and RADIUS Server operator.
   Example: Acct-Traffic-Class-Name = "UDP traffic to AS2606".



Winter                  Expires January 17, 2013                [Page 4]


Internet-Draft           RADIUS Fancy Accounting               July 2012


2.1.2.  Acct-Traffic-Class-Input-Octets attribute

   The attribute Acct-Traffic-Class-Input-Octets, sub-attribute in the
   group Acct-Traffic-Class, carries the number of octets that belong to
   the class of traffic indicated by Acct-Traffic-Class-Name and have
   been sent to the entity for which the accounting packet was
   generated.  It MUST occur at most once inside every instance of the
   Acct-Traffic-Class TLV.  If a traffic parameter value is transmitted
   in this attribute in an Accouting-Request "Interim Update", then the
   final value of that traffic parameter MUST be reported in the
   corresponding Accounting-Request "Stop".

      Attribute: 245.1.3 Acct-Traffic-Class-Input-Octets

      Type: Integer64

      Value: number of octets sent to entity, matching the class of
      traffic

2.1.3.  Acct-Traffic-Class-Output-Octets attribute

   The attribute Acct-Traffic-Class-Output-Octets, sub-attribute in the
   group Acct-Traffic-Class, carries the number of octets that belong to
   the class of traffic indicated by Acct-Traffic-Class-Name and have
   been sent from the entity for which the accounting packet was
   generated.  It MUST occur at most once inside every instance of the
   Acct-Traffic-Class TLV.  If a traffic parameter value is transmitted
   in this attribute in an Accouting-Request "Interim Update", then the
   final value of that traffic parameter MUST be reported in the
   corresponding Accounting-Request "Stop".

      Attribute: 245.1.4 Acct-Traffic-Class-Output-Octets

      Type: Integer64

      Value: number of octets sent from entity, matching the class of
      traffic

2.1.4.  Acct-Traffic-Class-Input-Packets attribute

   The attribute Acct-Traffic-Class-Input-Packets, sub-attribute in the
   group Acct-Traffic-Class, carries the number of packets that belong
   to the class of traffic indicated by Acct-Traffic-Class-Name and have
   been sent to the entity for which the accounting packet was
   generated.  It MUST occur at most once inside every instance of the
   Acct-Traffic-Class TLV.  If a traffic parameter value is transmitted
   in this attribute in an Accouting-Request "Interim Update", then the
   final value of that traffic parameter MUST be reported in the



Winter                  Expires January 17, 2013                [Page 5]


Internet-Draft           RADIUS Fancy Accounting               July 2012


   corresponding Accounting-Request "Stop".

      Attribute: 245.1.5 Acct-Traffic-Class-Input-Packets

      Type: Integer64

      Value: number of packets sent to entity, matching the class of
      traffic

2.1.5.  Acct-Traffic-Class-Output-Packets attribute

   The attribute Acct-Traffic-Class-Output-Packets, sub-attribute in the
   group Acct-Traffic-Class, carries the number of packets that belong
   to the class of traffic indicated by Acct-Traffic-Class-Name and have
   been sent from the entity for which the accounting packet was
   generated.  It MUST occur at most once inside every instance of the
   Acct-Traffic-Class TLV.  If a traffic parameter value is transmitted
   in this attribute in an Accouting-Request "Interim Update", then the
   final value of that traffic parameter MUST be reported in the
   corresponding Accounting-Request "Stop".

      Attribute: 245.1.6 Acct-Traffic-Class-Output-Packets

      Type: Integer64

      Value: number of packets sent from entity, matching the class of
      traffic

2.2.  URN values for attribute Acct-Traffic-Class-Name

   The following URN values are defined for RADIUS Accounting Traffic
   Classes:

      Name: "urn:ietf:radius-accounting:ip:4"

         Purpose: volume count of IPv4 payloads

         Start of byte count: 1st byte of the IP header of the packet

         End of byte count: last byte of IP layer of the packet

      Name: "urn:ietf:radius-accounting:ip:6"

         Purpose: volume count of IPv6 payloads

         Start of byte count: 1st byte of the IP header of the packet





Winter                  Expires January 17, 2013                [Page 6]


Internet-Draft           RADIUS Fancy Accounting               July 2012


         End of byte count: last byte of IP layer of the packet

      Name: "urn:ietf:radius-accounting:dscp:0"

         Purpose: volume count of packet payloads with DSCP = 0

         Start of byte count: 1st byte of the IP header of the packet

         End of byte count: last byte of IP layer of the packet

      Name: "urn:ietf:radius-accounting:tcp"

         Purpose: volume count of TCP packets

         Start of byte count: 1st byte of the TCP header of the packet

         End of byte count: last byte of TCP layer of the packet

      Name: "urn:ietf:radius-accounting:udp"

         Purpose: volume count of UDP payloads

         Start of byte count: 1st byte of the UDP header of the packet

         End of byte count: last byte of UDP layer of the packet

   (more values to be added...)

3.  Example

   A NAS is configured to create statistics regarding IPv6 usage of CPE
   for statistical reasons, and of the amount of HTTP traffic sent to
   the example.com web site for billing reasons.

   User john@example.com starts a user session, transfers 1200 Bytes in
   10 packets via IPv6 to the internet, and receives 4500 Bytes in 30
   packets over IPv6 from the internet.

   In the same session, The user visits the IPv4-only example.com web
   site by sending 6000 bytes in 4 packets to the web site, and
   receiving 450000 Bytes in 35 packets from the web site.

   Then, the user terminates the session and an Accounting-Stop packet
   is generated.

   The NAS sends the recorded octet and packet values to his RADIUS
   Accounting server.  Since there is no URN value for "Traffic on
   TCP/80 to example.com, all IP versions" for use in the Acct-Traffic-



Winter                  Expires January 17, 2013                [Page 7]


Internet-Draft           RADIUS Fancy Accounting               July 2012


   Class-Name attribute, the NAS has been configured to indicate this
   class of traffic in a corresponding custom string.  The relevant
   attributes in the Accounting-Stop packet are:

   Acct-Traffic-Class

      Acct-Traffic-Class-Name = "urn:ietf:radius-accunting:ip:6"

      Acct-Traffic-Class-Input-Octets = 4500

      Acct-Traffic-Class-Output-Octets = 1200

      Acct-Traffic-Class-Input-Packets = 30

      Acct-Traffic-Class-Output-Packets = 10

   Acct-Traffic-Class

      Acct-Traffic-Class-Name = "Traffic on TCP/80 to example.com, all
      IP versions"

      Acct-Traffic-Class-Input-Octets = 450000

      Acct-Traffic-Class-Output-Octets = 6000

      Acct-Traffic-Class-Input-Packets = 35

      Acct-Traffic-Class-Output-Packets = 4

4.  Attribute Occurence Table

   This table lists the allowed occurences of the previously defined
   attributes in Accounting packets.

   Start  Interim  Stop  Reply  Attribute
   -----  -------  ----  -----  ---------------------------------
   0      0-n      0-s   0      Acct-Traffic-Class
   0      0-m      0-t   0      Acct-Traffic-Class-Name
   0      0-o      0-u   0      Acct-Traffic-Class-Input-Octets
   0      0-p      0-v   0      Acct-Traffic-Class-Output-Octets
   0      0-q      0-w   0      Acct-Traffic-Class-Input-Packets
   0      0-r      0-x   0      Acct-Traffic-Class-Output-Packets

                       Figure 1: Attribute Occurence

   Note 1: since all sub-attributes occur at most once inside any given
   Acct-Traffic-Class TLV, the sub-attributes can not occur more often
   than the TLV itself.  I.e. m<n, o<n, p<n, q<n, and r<n.



Winter                  Expires January 17, 2013                [Page 8]


Internet-Draft           RADIUS Fancy Accounting               July 2012


   Note 2: if Acct-Traffic-Class TLVs and their sub-attributes have been
   sent in Interim-Updates, they MUST also occur in the subsequent Stop
   packet; while the Stop packet MAY contain additional Acct-Traffic-
   Class instances.  I.e. in the table above: s>=n, t>=m, u>=o,
   v>=p,w>=q, and x>=r.

5.  Security Considerations

   Reveals user's traffic usage patterns.  Shouldn't be sent
   unencrpyptedly.

6.  IANA Considerations

   This document has actions for IANA.  TBD later.

7.  Normative References

   [RFC2866]                            Rigney, C., "RADIUS Accounting",
                                        RFC 2866, June 2000.

   [RFC2119]                            Bradner, S., "Key words for use
                                        in RFCs to Indicate Requirement
                                        Levels", BCP 14, RFC 2119,
                                        March 1997.

   [I-D.ietf-radext-radius-extensions]  DeKok, A. and A. Lior, "Remote
                                        Authentication Dial In User
                                        Service (RADIUS) Protocol
                                        Extensions", draft-ietf-radext-
                                        radius-extensions-06 (work in
                                        progress), June 2012.

Author's Address

   Stefan Winter
   Fondation RESTENA
   6, rue Richard Coudenhove-Kalergi
   Luxembourg  1359
   LUXEMBOURG

   Phone: +352 424409 1
   Fax:   +352 422473
   EMail: stefan.winter@restena.lu
   URI:   http://www.restena.lu.







Winter                  Expires January 17, 2013                [Page 9]