< draft-ietf-softwire-map-radius-25.txt   draft-ietf-softwire-map-radius-26.txt >
Softwire S. Jiang, Ed. Softwire S. Jiang, Ed.
Internet-Draft Huawei Technologies Co., Ltd Internet-Draft Huawei Technologies Co., Ltd
Intended status: Standards Track Y. Fu, Ed. Intended status: Standards Track Y. Fu, Ed.
Expires: December 15, 2019 CNNIC Expires: December 16, 2019 CNNIC
C. Xie C. Xie
China Telecom China Telecom
T. Li T. Li
Tsinghua University Tsinghua University
M. Boucadair, Ed. M. Boucadair, Ed.
Orange Orange
June 13, 2019 June 14, 2019
RADIUS Attributes for Address plus Port (A+P) based Softwire Mechanisms RADIUS Attributes for Address plus Port (A+P) based Softwire Mechanisms
draft-ietf-softwire-map-radius-25 draft-ietf-softwire-map-radius-26
Abstract Abstract
IPv4-over-IPv6 transition mechanisms provide IPv4 connectivity IPv4-over-IPv6 transition mechanisms provide IPv4 connectivity
services over IPv6 native networks during the IPv4/IPv6 co-existence services over IPv6 native networks during the IPv4/IPv6 co-existence
period. DHCPv6 options have been defined for configuring clients for period. DHCPv6 options have been defined for configuring clients for
Lightweight 4over6, Mapping of Address and Port with Encapsulation, Lightweight 4over6, Mapping of Address and Port with Encapsulation,
and Mapping of Address and Port using Translation unicast softwire and Mapping of Address and Port using Translation unicast softwire
mechanisms, and also multicast softwires. However, in many networks, mechanisms, and also multicast softwires. However, in many networks,
configuration information is stored in an Authentication, configuration information is stored in an Authentication,
skipping to change at page 2, line 7 skipping to change at page 2, line 7
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on December 15, 2019. This Internet-Draft will expire on December 16, 2019.
Copyright Notice Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 3, line 12 skipping to change at page 3, line 12
3.1.6.2. PSID-Len Attribute . . . . . . . . . . . . . . . 20 3.1.6.2. PSID-Len Attribute . . . . . . . . . . . . . . . 20
3.1.6.3. PSID Attribute . . . . . . . . . . . . . . . . . 20 3.1.6.3. PSID Attribute . . . . . . . . . . . . . . . . . 20
3.2. Softwire46-Priority Attribute . . . . . . . . . . . . . . 21 3.2. Softwire46-Priority Attribute . . . . . . . . . . . . . . 21
3.2.1. Softwire46-Option-Code . . . . . . . . . . . . . . . 22 3.2.1. Softwire46-Option-Code . . . . . . . . . . . . . . . 22
3.3. Softwire46-Multicast Attribute . . . . . . . . . . . . . 23 3.3. Softwire46-Multicast Attribute . . . . . . . . . . . . . 23
3.3.1. ASM-Prefix64 Attribute . . . . . . . . . . . . . . . 24 3.3.1. ASM-Prefix64 Attribute . . . . . . . . . . . . . . . 24
3.3.2. SSM-Prefix64 Attribute . . . . . . . . . . . . . . . 25 3.3.2. SSM-Prefix64 Attribute . . . . . . . . . . . . . . . 25
3.3.3. U-Prefix64 Attribute . . . . . . . . . . . . . . . . 25 3.3.3. U-Prefix64 Attribute . . . . . . . . . . . . . . . . 25
4. A Sample Configuration Process with RADIUS . . . . . . . . . 25 4. A Sample Configuration Process with RADIUS . . . . . . . . . 25
5. Table of Attributes . . . . . . . . . . . . . . . . . . . . . 28 5. Table of Attributes . . . . . . . . . . . . . . . . . . . . . 29
6. Security Considerations . . . . . . . . . . . . . . . . . . . 29 6. Security Considerations . . . . . . . . . . . . . . . . . . . 30
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 29 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 30
7.1. New RADIUS Attributes . . . . . . . . . . . . . . . . . . 30 7.1. New RADIUS Attributes . . . . . . . . . . . . . . . . . . 30
7.2. RADIUS Softwire46 Configuration and Multicast Attributes 30 7.2. RADIUS Softwire46 Configuration and Multicast Attributes 31
7.3. Softwire46 Mechanisms and Their Identifying Option Codes 31 7.3. Softwire46 Mechanisms and Their Identifying Option Codes 32
8. Contributing Authors . . . . . . . . . . . . . . . . . . . . 32 8. Contributing Authors . . . . . . . . . . . . . . . . . . . . 32
9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 33 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 34
10. References . . . . . . . . . . . . . . . . . . . . . . . . . 34 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 34
10.1. Normative References . . . . . . . . . . . . . . . . . . 34 10.1. Normative References . . . . . . . . . . . . . . . . . . 34
10.2. Informative References . . . . . . . . . . . . . . . . . 35 10.2. Informative References . . . . . . . . . . . . . . . . . 36
Appendix A. DHCPv6 to RADIUS Field Mappings . . . . . . . . . . 37 Appendix A. DHCPv6 to RADIUS Field Mappings . . . . . . . . . . 37
A.1. OPTION_S46_RULE (89) to Softwire46-Rule Sub-TLV Field A.1. OPTION_S46_RULE (89) to Softwire46-Rule Sub-TLV Field
Mappings . . . . . . . . . . . . . . . . . . . . . . . . 37 Mappings . . . . . . . . . . . . . . . . . . . . . . . . 37
A.2. OPTION_S46_BR (90) to Softwire46-BR Field Mappings . . . 37 A.2. OPTION_S46_BR (90) to Softwire46-BR Field Mappings . . . 38
A.3. OPTION_S46_DMR (91) to Softwire46-DMR . . . . . . . . . . 37 A.3. OPTION_S46_DMR (91) to Softwire46-DMR . . . . . . . . . . 38
A.4. OPTION_S46_V4V6BIND (92) to Softwire46-V4V6Bind . . . . . 38 A.4. OPTION_S46_V4V6BIND (92) to Softwire46-V4V6Bind . . . . . 38
A.5. OPTION_S46_PORTPARAMS (93) to Softwire46-PORTPARAMS Field A.5. OPTION_S46_PORTPARAMS (93) to Softwire46-PORTPARAMS Field
Mappings . . . . . . . . . . . . . . . . . . . . . . . . 38 Mappings . . . . . . . . . . . . . . . . . . . . . . . . 38
A.6. OPTION_S46_PRIORITY (111) to Softwire46-PORTPARAMS Field A.6. OPTION_S46_PRIORITY (111) to Softwire46-PORTPARAMS Field
Mappings . . . . . . . . . . . . . . . . . . . . . . . . 38 Mappings . . . . . . . . . . . . . . . . . . . . . . . . 39
A.7. OPTION_V6_PREFIX64 (113) to Softwire46-Multicast A.7. OPTION_V6_PREFIX64 (113) to Softwire46-Multicast
Attribute Field Mappings . . . . . . . . . . . . . . . . 38 Attribute Field Mappings . . . . . . . . . . . . . . . . 39
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 39 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 39
1. Introduction 1. Introduction
Providers have started deploying and transitioning to IPv6. Several Providers have started deploying and transitioning to IPv6. Several
IPv4 service continuity mechanisms based on the Address plus Port IPv4 service continuity mechanisms based on the Address plus Port
(A+P) [RFC6346] have been proposed for providing unicast IPv4 over (A+P) [RFC6346] have been proposed for providing unicast IPv4 over
IPv6-only infrastructure, such as Mapping of Address and Port with IPv6-only infrastructure, such as Mapping of Address and Port with
Encapsulation (MAP-E) [RFC7597], Mapping of Address and Port using Encapsulation (MAP-E) [RFC7597], Mapping of Address and Port using
Translation (MAP-T) [RFC7599], and Lightweight 4over6 [RFC7596]. Translation (MAP-T) [RFC7599], and Lightweight 4over6 [RFC7596].
skipping to change at page 28, line 32 skipping to change at page 28, line 32
or on-demand whereby the AAA server updates the lwAFTR with the or on-demand whereby the AAA server updates the lwAFTR with the
CE's binding state as it is created or deleted. CE's binding state as it is created or deleted.
In some deployments, the DHCP server may use the Accounting-Request In some deployments, the DHCP server may use the Accounting-Request
to report to a AAA server the softwire configuration returned to a to report to a AAA server the softwire configuration returned to a
requesting host. It is the responsibility of the DHCP server to requesting host. It is the responsibility of the DHCP server to
ensure the consistency of the configuration provided to requesting ensure the consistency of the configuration provided to requesting
hosts. Reported data to a AAA server may be required for various hosts. Reported data to a AAA server may be required for various
operational purposes (e.g., regulatory). operational purposes (e.g., regulatory).
A configuration change (e.g., BR address) may result in an exchange
of CoA-Requests between the BNG and the AAA server as shown in
Figure 3. Concretely, when the BNG receives a CoA-Request message
containing Softwire46 attributes, it sends a DHCPv6 Reconfigure
message to the appropriate CE to inform that CE that an updated
configuration is available. Upon receipt of such message, the CE
sends a DHCPv6 Renew or Information-Request in order to receive the
updated Softwire46 configuration. In deployments where the BNG
embeds a DHCPv6 relay, CoA-Requests can be used following the
procedure specified in [RFC6977].
CE BNG AAA Server
| | |
|---DHCPv6 Solicit--------->| |
| |---Access-Request---------->|
| |<--Access-Accept------------|
| |(Softwire46-Configuration |
| | Attribute ...) |
....
| | |
| |<-----CoA-Request-----------|
| |(Softwire46-Configuration |
| | Attribute ...) |
| |------CoA-Response--------->|
|<--DHCPv6 Reconfigure------| |
| | |
....
Figure 3: Change of Configuration Example
5. Table of Attributes 5. Table of Attributes
This document specifies three new RADIUS attributes, and their This document specifies three new RADIUS attributes, and their
formats are as follows: formats are as follows:
o Softwire46-Configuration Attribute: 241.TBD1 o Softwire46-Configuration Attribute: 241.TBD1
o Softwire46-Priority Attribute: 241.TBD5 o Softwire46-Priority Attribute: 241.TBD5
o Softwire46-Multicast Attribute: 241.TBD6 o Softwire46-Multicast Attribute: 241.TBD6
skipping to change at page 29, line 25 skipping to change at page 30, line 14
6. Security Considerations 6. Security Considerations
Section 9 of [RFC7596] discusses security issues related to Section 9 of [RFC7596] discusses security issues related to
Lightweight 4over6, Section 10 of [RFC7597] discusses security issues Lightweight 4over6, Section 10 of [RFC7597] discusses security issues
related to MAP-E, Section 13 of [RFC7599] discusses security issues related to MAP-E, Section 13 of [RFC7599] discusses security issues
related to MAP-T, and Section 9 of [RFC8114] discusses security related to MAP-T, and Section 9 of [RFC8114] discusses security
issues related to the delivery of IPv4 multicast services to IPv4 issues related to the delivery of IPv4 multicast services to IPv4
clients over an IPv6 multicast network. clients over an IPv6 multicast network.
Generic RADIUS security considerations are discussed in Section 8 of This document does not introduce any security issues inherently
[RFC2865] and Section 6 of [RFC5176] for CoA messages. Known different from those already identified in Section 8 of [RFC2865] and
security vulnerabilities of the RADIUS protocol discussed in Section 6 of [RFC5176] for CoA messages. Known security
Section 7 of [RFC2607] and Section 7 of [RFC2869] apply to this vulnerabilities of the RADIUS protocol discussed in Section 7 of
specification. [RFC2607] and Section 7 of [RFC2869] apply to this specification.
These well-established properties of the RADIUS protocol place some
limitations on how it can safely be used, since there is some
inherent requirement to trust the counterparty to not misbehave.
This document targets deployments where a trusted relationship is in Accordingly, this document targets deployments where a trusted
place between the RADIUS client and server with communication relationship is in place between the RADIUS client and server with
optionally secured by IPsec or Transport Layer Security (TLS) communication optionally secured by IPsec or Transport Layer Security
[RFC6614]. The use of IPsec [RFC4301] for providing security when (TLS) [RFC6614]. The use of IPsec [RFC4301] for providing security
RADIUS is carried in IPv6 is discussed in [RFC3162]. when RADIUS is carried in IPv6 is discussed in [RFC3162].
Security considerations for interactions between a Softwire46 CE and Security considerations for interactions between a Softwire46 CE and
the BNG are discussed in Section 9 of [RFC7598] (DHCPv6 options for the BNG are discussed in Section 9 of [RFC7598] (DHCPv6 options for
configuration of softwire46 address and port-mapped clients), configuration of softwire46 address and port-mapped clients),
Section 3 of [RFC8026] (DHCPv6-based Softwire46 prioritization Section 3 of [RFC8026] (DHCPv6-based Softwire46 prioritization
mechanism), and Section 5 of [RFC8115] (DHCPv6 options for mechanism), and Section 5 of [RFC8115] (DHCPv6 options for
configuration of IPv4-embedded IPv6 prefixes). configuration of IPv4-embedded IPv6 prefixes).
7. IANA Considerations 7. IANA Considerations
skipping to change at page 36, line 32 skipping to change at page 37, line 5
[RFC6519] Maglione, R. and A. Durand, "RADIUS Extensions for Dual- [RFC6519] Maglione, R. and A. Durand, "RADIUS Extensions for Dual-
Stack Lite", RFC 6519, DOI 10.17487/RFC6519, February Stack Lite", RFC 6519, DOI 10.17487/RFC6519, February
2012, <https://www.rfc-editor.org/info/rfc6519>. 2012, <https://www.rfc-editor.org/info/rfc6519>.
[RFC6614] Winter, S., McCauley, M., Venaas, S., and K. Wierenga, [RFC6614] Winter, S., McCauley, M., Venaas, S., and K. Wierenga,
"Transport Layer Security (TLS) Encryption for RADIUS", "Transport Layer Security (TLS) Encryption for RADIUS",
RFC 6614, DOI 10.17487/RFC6614, May 2012, RFC 6614, DOI 10.17487/RFC6614, May 2012,
<https://www.rfc-editor.org/info/rfc6614>. <https://www.rfc-editor.org/info/rfc6614>.
[RFC6977] Boucadair, M. and X. Pougnard, "Triggering DHCPv6
Reconfiguration from Relay Agents", RFC 6977,
DOI 10.17487/RFC6977, July 2013,
<https://www.rfc-editor.org/info/rfc6977>.
[RFC7596] Cui, Y., Sun, Q., Boucadair, M., Tsou, T., Lee, Y., and I. [RFC7596] Cui, Y., Sun, Q., Boucadair, M., Tsou, T., Lee, Y., and I.
Farrer, "Lightweight 4over6: An Extension to the Dual- Farrer, "Lightweight 4over6: An Extension to the Dual-
Stack Lite Architecture", RFC 7596, DOI 10.17487/RFC7596, Stack Lite Architecture", RFC 7596, DOI 10.17487/RFC7596,
July 2015, <https://www.rfc-editor.org/info/rfc7596>. July 2015, <https://www.rfc-editor.org/info/rfc7596>.
[RFC7597] Troan, O., Ed., Dec, W., Li, X., Bao, C., Matsushima, S., [RFC7597] Troan, O., Ed., Dec, W., Li, X., Bao, C., Matsushima, S.,
Murakami, T., and T. Taylor, Ed., "Mapping of Address and Murakami, T., and T. Taylor, Ed., "Mapping of Address and
Port with Encapsulation (MAP-E)", RFC 7597, Port with Encapsulation (MAP-E)", RFC 7597,
DOI 10.17487/RFC7597, July 2015, DOI 10.17487/RFC7597, July 2015,
<https://www.rfc-editor.org/info/rfc7597>. <https://www.rfc-editor.org/info/rfc7597>.
 End of changes. 15 change blocks. 
25 lines changed or deleted 63 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/