draft-ietf-radext-coa-proxy-09.txt   draft-ietf-radext-coa-proxy-10.txt 
.nr HY 0 .nr HY 0
Network Working Group DeKok, Alan Network Working Group DeKok, Alan
INTERNET-DRAFT FreeRADIUS INTERNET-DRAFT FreeRADIUS
Updates: 5176, 5580 J. Korhonen Updates: 5176, 5580 J. Korhonen
Category: Standards Track Category: Standards Track
<draft-ietf-radext-coa-proxy-09.txt> <draft-ietf-radext-coa-proxy-10.txt>
22 January 2019 22 January 2019
Dynamic Authorization Proxying in Dynamic Authorization Proxying in
Remote Authorization Dial-In User Service Protocol (RADIUS) Remote Authorization Dial-In User Service Protocol (RADIUS)
draft-ietf-radext-coa-proxy-09.txt draft-ietf-radext-coa-proxy-10.txt
Abstract Abstract
RFC 5176 defines Change of Authorization (CoA) and Disconnect Message RFC 5176 defines Change of Authorization (CoA) and Disconnect Message
(DM) behavior for RADIUS. That document suggests that proxying these (DM) behavior for RADIUS. That document suggests that proxying these
messages is possible, but gives no guidance as to how it is done. messages is possible, but gives no guidance as to how it is done.
This specification updates RFC 5176 to correct that omission for This specification updates RFC 5176 to correct that omission for
scenarios where networks use Realm-based proxying as defined in RFC scenarios where networks use Realm-based proxying as defined in RFC
7542. This specification also updates RFC 5580 to allow the 7542. This specification also updates RFC 5580 to allow the
Operator-Name attribute in CoA-Request and Disconnect-Request Operator-Name attribute in CoA-Request and Disconnect-Request
skipping to change at page 3, line 7 skipping to change at page 3, line 7
(http://trustee.ietf.org/license-info/) in effect on the date of (http://trustee.ietf.org/license-info/) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
2. ........................................................... 3
1. Introduction ............................................. 4 1. Introduction ............................................. 4
1.1. Terminology ......................................... 4 1.1. Terminology ......................................... 4
1.2. Requirements Language ............................... 5 1.2. Requirements Language ............................... 5
2. ........................................................... 6 2. Problem Statement ........................................ 6
2.1. Typical RADIUS Proxying ............................. 6 2.1. Typical RADIUS Proxying ............................. 6
2.2. CoA Processing ...................................... 7 2.2. CoA Processing ...................................... 7
2.3. Failure of CoA Proxying ............................. 7 2.3. Failure of CoA Proxying ............................. 7
3. How to Perform CoA Proxying .............................. 8 3. How to Perform CoA Proxying .............................. 8
3.1. Changes to Access-Request and Accounting-Request pack 9 3.1. Changes to Access-Request and Accounting-Request pack 9
3.2. Proxying of CoA-Request and Disconnect-Request packet 9 3.2. Proxying of CoA-Request and Disconnect-Request packet 9
3.3. Reception of CoA-Request and Disconnect-Request packe 10 3.3. Reception of CoA-Request and Disconnect-Request packe 10
3.4. Operator-NAS-Identifier ............................. 11 3.4. Operator-NAS-Identifier ............................. 11
4. Requirements ............................................. 14 4. Requirements ............................................. 14
4.1. Requirements on Home Servers ........................ 14 4.1. Requirements on Home Servers ........................ 14
skipping to change at page 6, line 5 skipping to change at page 6, line 5
intermediary proxies. intermediary proxies.
1.2. Requirements Language 1.2. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP "OPTIONAL" in this document are to be interpreted as described in BCP
14 [RFC2119] [RFC8174] when, and only when, they appear in all 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here. capitals, as shown here.
2. 2. Problem Statement
Problem Statement
This section describes how RADIUS proxying works, how CoA packets This section describes how RADIUS proxying works, how CoA packets
work, and why CoA proxying as discussed in [RFC5176] is insufficient work, and why CoA proxying as discussed in [RFC5176] is insufficient
to create a working system. to create a working system.
2.1. Typical RADIUS Proxying 2.1. Typical RADIUS Proxying
When a RADIUS server proxies an Access-Request packet, it typically When a RADIUS server proxies an Access-Request packet, it typically
does so based on the contents of the User-Name attribute, which does so based on the contents of the User-Name attribute, which
contains a Network Access Identifier (NAI) [RFC7542]. This contains a Network Access Identifier (NAI) [RFC7542]. This
 End of changes. 5 change blocks. 
7 lines changed or deleted 4 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/