draft-ietf-dime-rfc4005bis-00.txt   draft-ietf-dime-rfc4005bis-01.txt 
Network Working Group G. Zorn, Ed. Network Working Group G. Zorn
Internet-Draft Network Zen Internet-Draft Network Zen
Obsoletes: RFC4005 August 11, 2010 Obsoletes: 4005 (if approved) October 15, 2010
(if approved)
Intended status: Standards Track Intended status: Standards Track
Expires: February 12, 2011 Expires: April 18, 2011
Diameter Network Access Server Application Diameter Network Access Server Application
draft-ietf-dime-rfc4005bis-00 draft-ietf-dime-rfc4005bis-01
Abstract Abstract
This document describes the Diameter protocol application used for This document describes the Diameter protocol application used for
Authentication, Authorization, and Accounting (AAA) services in the Authentication, Authorization, and Accounting (AAA) services in the
Network Access Server (NAS) environment. When combined with the Network Access Server (NAS) environment. When combined with the
Diameter Base protocol, Transport Profile, and Extensible Diameter Base protocol, Transport Profile, and Extensible
Authentication Protocol specifications, this application Authentication Protocol specifications, this application
specification satisfies typical network access services requirements. specification satisfies typical network access services requirements.
skipping to change at page 1, line 37 skipping to change at page 1, line 36
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on February 12, 2011. This Internet-Draft will expire on April 18, 2011.
Copyright Notice Copyright Notice
Copyright (c) 2010 IETF Trust and the persons identified as the Copyright (c) 2010 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 38 skipping to change at page 2, line 37
3.10. Accounting-Answer (ACA) Command . . . . . . . . . . . . . 21 3.10. Accounting-Answer (ACA) Command . . . . . . . . . . . . . 21
4. Diameter NAS Application AVPs . . . . . . . . . . . . . . . . 22 4. Diameter NAS Application AVPs . . . . . . . . . . . . . . . . 22
4.1. Derived AVP Data Formats . . . . . . . . . . . . . . . . . 22 4.1. Derived AVP Data Formats . . . . . . . . . . . . . . . . . 22
4.1.1. QoSFilterRule . . . . . . . . . . . . . . . . . . . . 22 4.1.1. QoSFilterRule . . . . . . . . . . . . . . . . . . . . 22
4.2. NAS Session AVPs . . . . . . . . . . . . . . . . . . . . . 23 4.2. NAS Session AVPs . . . . . . . . . . . . . . . . . . . . . 23
4.2.1. Call and Session Information . . . . . . . . . . . . . 24 4.2.1. Call and Session Information . . . . . . . . . . . . . 24
4.2.2. NAS-Port AVP . . . . . . . . . . . . . . . . . . . . . 24 4.2.2. NAS-Port AVP . . . . . . . . . . . . . . . . . . . . . 24
4.2.3. NAS-Port-Id AVP . . . . . . . . . . . . . . . . . . . 25 4.2.3. NAS-Port-Id AVP . . . . . . . . . . . . . . . . . . . 25
4.2.4. NAS-Port-Type AVP . . . . . . . . . . . . . . . . . . 25 4.2.4. NAS-Port-Type AVP . . . . . . . . . . . . . . . . . . 25
4.2.5. Called-Station-Id AVP . . . . . . . . . . . . . . . . 25 4.2.5. Called-Station-Id AVP . . . . . . . . . . . . . . . . 25
4.2.6. Calling-Station-Id AVP . . . . . . . . . . . . . . . . 26 4.2.6. Calling-Station-Id AVP . . . . . . . . . . . . . . . . 25
4.2.7. Connect-Info AVP . . . . . . . . . . . . . . . . . . . 26 4.2.7. Connect-Info AVP . . . . . . . . . . . . . . . . . . . 26
4.2.8. Originating-Line-Info AVP . . . . . . . . . . . . . . 26 4.2.8. Originating-Line-Info AVP . . . . . . . . . . . . . . 26
4.2.9. Reply-Message AVP . . . . . . . . . . . . . . . . . . 27 4.2.9. Reply-Message AVP . . . . . . . . . . . . . . . . . . 27
4.3. NAS Authentication AVPs . . . . . . . . . . . . . . . . . 27 4.3. NAS Authentication AVPs . . . . . . . . . . . . . . . . . 27
4.3.1. User-Password AVP . . . . . . . . . . . . . . . . . . 28 4.3.1. User-Password AVP . . . . . . . . . . . . . . . . . . 28
4.3.2. Password-Retry AVP . . . . . . . . . . . . . . . . . . 28 4.3.2. Password-Retry AVP . . . . . . . . . . . . . . . . . . 28
4.3.3. Prompt AVP . . . . . . . . . . . . . . . . . . . . . . 29 4.3.3. Prompt AVP . . . . . . . . . . . . . . . . . . . . . . 29
4.3.4. CHAP-Auth AVP . . . . . . . . . . . . . . . . . . . . 29 4.3.4. CHAP-Auth AVP . . . . . . . . . . . . . . . . . . . . 29
4.3.5. CHAP-Algorithm AVP . . . . . . . . . . . . . . . . . . 29 4.3.5. CHAP-Algorithm AVP . . . . . . . . . . . . . . . . . . 29
4.3.6. CHAP-Ident AVP . . . . . . . . . . . . . . . . . . . . 29 4.3.6. CHAP-Ident AVP . . . . . . . . . . . . . . . . . . . . 29
skipping to change at page 6, line 18 skipping to change at page 6, line 18
LAT (Local Area Transport LAT (Local Area Transport
A Digital Equipment Corp. LAN protocol for terminal services A Digital Equipment Corp. LAN protocol for terminal services
[LAT]. [LAT].
VPN (Virtual Private Network) VPN (Virtual Private Network)
In this document, this term is used to describe access services In this document, this term is used to describe access services
that use tunneling methods. that use tunneling methods.
1.2. Requirements Language 1.2. Requirements Language
In this document, the key words "MAY", "MUST", "MUST NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"OPTIONAL", "RECOMMENDED", "SHOULD", and "SHOULD NOT" are to be "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
interpreted as described in [RFC2119], document are to be interpreted as described in RFC 2119 [RFC2119].
1.3. Advertising Application Support 1.3. Advertising Application Support
Diameter applications conforming to this specification MUST advertise Diameter applications conforming to this specification MUST advertise
support by including the value of one (1) in the Auth-Application-Id support by including the value of one (1) in the Auth-Application-Id
of the Capabilities-Exchange-Request (CER), AA-Request (AAR), and AA- of the Capabilities-Exchange-Request (CER), AA-Request (AAR), and AA-
Answer (AAA) messages. All other messages are defined by RFC 3588 Answer (AAA) messages. All other messages are defined by RFC 3588
and use the Base application id value. and use the Base application id value.
2. NAS Calls, Ports, and Sessions 2. NAS Calls, Ports, and Sessions
skipping to change at page 22, line 38 skipping to change at page 22, line 38
[ NAS-IPv6-Address ] [ NAS-IPv6-Address ]
[ NAS-Port ] [ NAS-Port ]
[ NAS-Port-Id ] [ NAS-Port-Id ]
[ NAS-Port-Type ] [ NAS-Port-Type ]
[ Service-Type ] [ Service-Type ]
[ Termination-Cause ] [ Termination-Cause ]
[ Accounting-Realtime-Required ] [ Accounting-Realtime-Required ]
[ Acct-Interim-Interval ] [ Acct-Interim-Interval ]
* [ Class ] * [ Class ]
* [ Proxy-Info ] * [ Proxy-Info ]
* [ Route-Record ]
* [ AVP ] * [ AVP ]
4. Diameter NAS Application AVPs 4. Diameter NAS Application AVPs
The following sections define a new derived AVP data format, a set of The following sections define a new derived AVP data format, a set of
application-specific AVPs and describe the use of AVPs defined in application-specific AVPs and describe the use of AVPs defined in
other documents by the Diameter NAS Application. other documents by the Diameter NAS Application.
4.1. Derived AVP Data Formats 4.1. Derived AVP Data Formats
skipping to change at page 37, line 35 skipping to change at page 37, line 35
the ASCII routing information to be configured for the user on the the ASCII routing information to be configured for the user on the
NAS. Zero or more of these AVPs MAY be present in an authorization NAS. Zero or more of these AVPs MAY be present in an authorization
response. response.
The string MUST contain a destination prefix in dotted quad form The string MUST contain a destination prefix in dotted quad form
optionally followed by a slash and a decimal length specifier stating optionally followed by a slash and a decimal length specifier stating
how many high-order bits of the prefix should be used. This is how many high-order bits of the prefix should be used. This is
followed by a space, a gateway address in dotted quad form, a space, followed by a space, a gateway address in dotted quad form, a space,
and one or more metrics separated by spaces; for example, and one or more metrics separated by spaces; for example,
"192.168.1.0/24 192.168.1.1 1" "192.0.2.0/24 192.0.2.1 1"
The length specifier may be omitted, in which case it should default The length specifier may be omitted, in which case it should default
to 8 bits for class A prefixes, to 16 bits for class B prefixes, and to 8 bits for class A prefixes, to 16 bits for class B prefixes, and
to 24 bits for class C prefixes; for example, to 24 bits for class C prefixes; for example,
"192.168.1.0 192.168.1.1 1" "192.0.2.0 192.0.2.1 1"
Whenever the gateway address is specified as "0.0.0.0" the IP address Whenever the gateway address is specified as "0.0.0.0" the IP address
of the user SHOULD be used as the gateway address. of the user SHOULD be used as the gateway address.
4.4.10.5.4. Framed-Pool AVP 4.4.10.5.4. Framed-Pool AVP
The Framed-Pool AVP (AVP Code 88) is of type OctetString and contains The Framed-Pool AVP (AVP Code 88) is of type OctetString and contains
the name of an assigned address pool that SHOULD be used to assign an the name of an assigned address pool that SHOULD be used to assign an
address for the user. If a NAS does not support multiple address address for the user. If a NAS does not support multiple address
pools, the NAS SHOULD ignore this AVP. Address pools are usually pools, the NAS SHOULD ignore this AVP. Address pools are usually
skipping to change at page 53, line 47 skipping to change at page 53, line 47
implementation dependent. implementation dependent.
4.6.11. Acct-Tunnel-Packets-Lost AVP 4.6.11. Acct-Tunnel-Packets-Lost AVP
The Acct-Tunnel-Packets-Lost AVP (AVP Code 86) is of type Unsigned32 The Acct-Tunnel-Packets-Lost AVP (AVP Code 86) is of type Unsigned32
and contains the number of packets lost on a given tunnel. and contains the number of packets lost on a given tunnel.
5. AVP Occurrence Tables 5. AVP Occurrence Tables
The following tables present the AVPs used by NAS applications in NAS The following tables present the AVPs used by NAS applications in NAS
messages and specify in which Diameter messages they MAY or MAY NOT messages and specify in which Diameter messages they may or may not
be present. Messages and AVPs defined in the base Diameter protocol be present. Messages and AVPs defined in the base Diameter protocol
[I-D.ietf-dime-rfc3588bis] are not described in this document. Note [I-D.ietf-dime-rfc3588bis] are not described in this document. Note
that AVPs that can only be present within a Grouped AVP are not that AVPs that can only be present within a Grouped AVP are not
represented in this table. represented in this table.
The table uses the following symbols: The table uses the following symbols:
0 The AVP MUST NOT be present in the message. 0 The AVP MUST NOT be present in the message.
0+ Zero or more instances of the AVP MAY be present in the 0+ Zero or more instances of the AVP MAY be present in the
message. message.
skipping to change at page 56, line 32 skipping to change at page 56, line 32
Port-Limit | 0-1 | 0-1 | Port-Limit | 0-1 | 0-1 |
Prompt | 0 | 0-1 | Prompt | 0 | 0-1 |
Proxy-Info | 0+ | 0+ | Proxy-Info | 0+ | 0+ |
QoS-Filter-Rule | 0 | 0+ | QoS-Filter-Rule | 0 | 0+ |
Re-Auth-Request-Type | 0 | 0-1 | Re-Auth-Request-Type | 0 | 0-1 |
Redirect-Host | 0 | 0+ | Redirect-Host | 0 | 0+ |
Redirect-Host-Usage | 0 | 0-1 | Redirect-Host-Usage | 0 | 0-1 |
Redirect-Max-Cache-Time | 0 | 0-1 | Redirect-Max-Cache-Time | 0 | 0-1 |
Reply-Message | 0 | 0+ | Reply-Message | 0 | 0+ |
Result-Code | 0 | 1 | Result-Code | 0 | 1 |
Route-Record | 0+ | 0+ | Route-Record | 0+ | 0 |
Service-Type | 0-1 | 0-1 | Service-Type | 0-1 | 0-1 |
Session-Id | 1 | 1 | Session-Id | 1 | 1 |
Session-Timeout | 0 | 0-1 | Session-Timeout | 0 | 0-1 |
State | 0-1 | 0-1 | State | 0-1 | 0-1 |
Tunneling | 0+ | 0+ | Tunneling | 0+ | 0+ |
User-Name | 0-1 | 0-1 | User-Name | 0-1 | 0-1 |
User-Password | 0-1 | 0 | User-Password | 0-1 | 0 |
------------------------------|-----+-----+ ------------------------------|-----+-----+
5.2. Accounting AVP Tables 5.2. Accounting AVP Tables
skipping to change at page 58, line 37 skipping to change at page 58, line 37
NAS-Port | 0-1 | 0-1 | NAS-Port | 0-1 | 0-1 |
NAS-Port-Id | 0-1 | 0-1 | NAS-Port-Id | 0-1 | 0-1 |
NAS-Port-Type | 0-1 | 0-1 | NAS-Port-Type | 0-1 | 0-1 |
Origin-AAA-Protocol | 0-1 | 0-1 | Origin-AAA-Protocol | 0-1 | 0-1 |
Origin-Host | 1 | 1 | Origin-Host | 1 | 1 |
Origin-Realm | 1 | 1 | Origin-Realm | 1 | 1 |
Origin-State-Id | 0-1 | 0-1 | Origin-State-Id | 0-1 | 0-1 |
Originating-Line-Info | 0-1 | 0 | Originating-Line-Info | 0-1 | 0 |
Proxy-Info | 0+ | 0+ | Proxy-Info | 0+ | 0+ |
QoS-Filter-Rule | 0+ | 0 | QoS-Filter-Rule | 0+ | 0 |
Route-Record | 0+ | 0+ | Route-Record | 0+ | 0 |
Result-Code | 0 | 1 | Result-Code | 0 | 1 |
Service-Type | 0-1 | 0-1 | Service-Type | 0-1 | 0-1 |
Session-Id | 1 | 1 | Session-Id | 1 | 1 |
Termination-Cause | 0-1 | 0-1 | Termination-Cause | 0-1 | 0-1 |
Tunnel-Assignment-Id | 0-1 | 0 | Tunnel-Assignment-Id | 0-1 | 0 |
Tunnel-Client-Endpoint | 0-1 | 0 | Tunnel-Client-Endpoint | 0-1 | 0 |
Tunnel-Medium-Type | 0-1 | 0 | Tunnel-Medium-Type | 0-1 | 0 |
Tunnel-Private-Group-Id | 0-1 | 0 | Tunnel-Private-Group-Id | 0-1 | 0 |
Tunnel-Server-Endpoint | 0-1 | 0 | Tunnel-Server-Endpoint | 0-1 | 0 |
Tunnel-Type | 0-1 | 0 | Tunnel-Type | 0-1 | 0 |
skipping to change at page 60, line 22 skipping to change at page 60, line 22
NAS-Port | 0-1 | 0-1 | NAS-Port | 0-1 | 0-1 |
NAS-Port-Id | 0-1 | 0-1 | NAS-Port-Id | 0-1 | 0-1 |
NAS-Port-Type | 0-1 | 0-1 | NAS-Port-Type | 0-1 | 0-1 |
Origin-AAA-Protocol | 0-1 | 0-1 | Origin-AAA-Protocol | 0-1 | 0-1 |
Origin-Host | 1 | 1 | Origin-Host | 1 | 1 |
Origin-Realm | 1 | 1 | Origin-Realm | 1 | 1 |
Origin-State-Id | 0-1 | 0-1 | Origin-State-Id | 0-1 | 0-1 |
Originating-Line-Info | 0-1 | 0 | Originating-Line-Info | 0-1 | 0 |
Proxy-Info | 0+ | 0+ | Proxy-Info | 0+ | 0+ |
QoS-Filter-Rule | 0+ | 0 | QoS-Filter-Rule | 0+ | 0 |
Route-Record | 0+ | 0+ | Route-Record | 0+ | 0 |
Result-Code | 0 | 1 | Result-Code | 0 | 1 |
Session-Id | 1 | 1 | Session-Id | 1 | 1 |
Service-Type | 0-1 | 0-1 | Service-Type | 0-1 | 0-1 |
Termination-Cause | 0-1 | 0-1 | Termination-Cause | 0-1 | 0-1 |
User-Name | 0-1 | 0-1 | User-Name | 0-1 | 0-1 |
Vendor-Specific-Application-Id | 0-1 | 0-1 | Vendor-Specific-Application-Id | 0-1 | 0-1 |
---------------------------------------|-----+-----+ ---------------------------------------|-----+-----+
6. IANA Considerations 6. IANA Considerations
skipping to change at page 62, line 25 skipping to change at page 62, line 25
8.1. Normative References 8.1. Normative References
[ANITypes] NANPA Number Resource Info, "ANI [ANITypes] NANPA Number Resource Info, "ANI
Assignments", <http://www.nanpa.com/ Assignments", <http://www.nanpa.com/
number_resource_info/ number_resource_info/
ani_ii_assignments.html>. ani_ii_assignments.html>.
[I-D.ietf-dime-rfc3588bis] Fajardo, V., Arkko, J., Loughney, J., and [I-D.ietf-dime-rfc3588bis] Fajardo, V., Arkko, J., Loughney, J., and
G. Zorn, "Diameter Base Protocol", G. Zorn, "Diameter Base Protocol",
draft-ietf-dime-rfc3588bis-23 (work in draft-ietf-dime-rfc3588bis-25 (work in
progress), August 2010. progress), September 2010.
[RADIUSTypes] IANA, "RADIUS Types", <http:// [RADIUSTypes] IANA, "RADIUS Types", <http://
www.iana.org/assignments/radius-types>. www.iana.org/assignments/radius-types>.
[RFC1994] Simpson, W., "PPP Challenge Handshake [RFC1994] Simpson, W., "PPP Challenge Handshake
Authentication Protocol (CHAP)", Authentication Protocol (CHAP)",
RFC 1994, August 1996. RFC 1994, August 1996.
[RFC2119] Bradner, S., "Key words for use in RFCs [RFC2119] Bradner, S., "Key words for use in RFCs
to Indicate Requirement Levels", BCP 14, to Indicate Requirement Levels", BCP 14,
skipping to change at page 64, line 45 skipping to change at page 64, line 45
[RFC2869] Rigney, C., Willats, W., and P. Calhoun, [RFC2869] Rigney, C., Willats, W., and P. Calhoun,
"RADIUS Extensions", RFC 2869, June 2000. "RADIUS Extensions", RFC 2869, June 2000.
[RFC2881] Mitton, D. and M. Beadles, "Network [RFC2881] Mitton, D. and M. Beadles, "Network
Access Server Requirements Next Access Server Requirements Next
Generation (NASREQNG) NAS Model", Generation (NASREQNG) NAS Model",
RFC 2881, July 2000. RFC 2881, July 2000.
[RFC2989] Aboba, B., Calhoun, P., Glass, S., [RFC2989] Aboba, B., Calhoun, P., Glass, S.,
Hiller, T., McCann, P., Shiino, H., Zorn, Hiller, T., McCann, P., Shiino, H.,
G., Dommety, G., C.Perkins, B.Patil, Walsh, P., Zorn, G., Dommety, G.,
D.Mitton, S.Manning, M.Beadles, P.Walsh, Perkins, C., Patil, B., Mitton, D.,
X.Chen, S.Sivalingham, A.Hameed, Manning, S., Beadles, M., Chen, X.,
M.Munson, S.Jacobs, B.Lim, B.Hirschman, Sivalingham, S., Hameed, A., Munson, M.,
R.Hsu, Y.Xu, E.Campell, S.Baba, and Jacobs, S., Lim, B., Hirschman, B., Hsu,
E.Jaques, "Criteria for Evaluating AAA R., Koo, H., Lipford, M., Campbell, E.,
Protocols for Network Access", RFC 2989, Xu, Y., Baba, S., and E. Jaques,
"Criteria for Evaluating AAA Protocols
for Network Access", RFC 2989,
November 2000. November 2000.
[RFC3169] Beadles, M. and D. Mitton, "Criteria for [RFC3169] Beadles, M. and D. Mitton, "Criteria for
Evaluating Network Access Server Evaluating Network Access Server
Protocols", RFC 3169, September 2001. Protocols", RFC 3169, September 2001.
[RFC3246] Davie, B., Charny, A., Bennet, J., [RFC3246] Davie, B., Charny, A., Bennet, J.,
Benson, K., Le Boudec, J., Courtney, W., Benson, K., Le Boudec, J., Courtney, W.,
Davari, S., Firoiu, V., and D. Stiliadis, Davari, S., Firoiu, V., and D. Stiliadis,
"An Expedited Forwarding PHB (Per-Hop "An Expedited Forwarding PHB (Per-Hop
skipping to change at page 66, line 23 skipping to change at page 66, line 24
the effort put into this document was done while he was in their the effort put into this document was done while he was in their
employ. employ.
A.2. RFC 4005bis A.2. RFC 4005bis
The vast majority of the text in this document was lifted directly The vast majority of the text in this document was lifted directly
fro RFC 4005; the editor owes a debt of gratitude to the authors fro RFC 4005; the editor owes a debt of gratitude to the authors
thereof (especially Dave Mitton, who somehow managed to make nroff thereof (especially Dave Mitton, who somehow managed to make nroff
paginate the AVP Occurance Tables correctly!). paginate the AVP Occurance Tables correctly!).
Thanks (in no particular order) to Jai-Jin Lim, Liu Hans, Sebastien
Decugis and Stefan Winter for their useful reviews and helpful
comments.
Author's Address Author's Address
Glen Zorn (editor) Glen Zorn
Network Zen Network Zen
1463 East Republican Street 227/358 Thanon Sanphawut
#358 Bang Na, Bangkok 10260
Seattle, Washington 98112 Thailand
USA
Phone: +66 (0) 87-040-4617
EMail: gwz@net-zen.net EMail: gwz@net-zen.net
 End of changes. 20 change blocks. 
32 lines changed or deleted 36 lines changed or added

This html diff was produced by rfcdiff 1.40. The latest version is available from http://tools.ietf.org/tools/rfcdiff/