draft-ietf-radext-delegated-prefix-05.txt   rfc4818.txt 
Network Working Group J. Salowey Network Working Group J. Salowey
Internet-Draft R. Droms Request for Comments: 4818 R. Droms
Intended status: Standards Track Cisco Systems, Inc. Category: Standards Track Cisco Systems, Inc.
Expires: April 19, 2007 October 16, 2006
RADIUS Delegated-IPv6-Prefix Attribute RADIUS Delegated-IPv6-Prefix Attribute
draft-ietf-radext-delegated-prefix-05.txt
Status of this Memo
By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at Status of This Memo
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on April 19, 2007. This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2006). Copyright (C) The IETF Trust (2007).
Abstract Abstract
This document defines a RADIUS (Remote Authentication Dial In User This document defines a RADIUS (Remote Authentication Dial In User
Service) attribute that carries an IPv6 prefix that is to be Service) attribute that carries an IPv6 prefix that is to be
delegated to the user. This attribute is usable within either RADIUS delegated to the user. This attribute is usable within either RADIUS
or Diameter. or Diameter.
1. Introduction 1. Introduction
skipping to change at page 2, line 39 skipping to change at page 3, line 5
delegation of IPv6 prefixes to be used in the user's network, and delegation of IPv6 prefixes to be used in the user's network, and
therefore Framed-IPv6-Prefix and Delegated-IPv6-Prefix attributes may therefore Framed-IPv6-Prefix and Delegated-IPv6-Prefix attributes may
be included in the same RADIUS packet. be included in the same RADIUS packet.
2. Terminology 2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [3]. document are to be interpreted as described in RFC 2119 [3].
3. Attribute format 3. Attribute Format
The format of the Delegated-IPv6-Prefix is: The format of the Delegated-IPv6-Prefix is:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Reserved | Prefix-Length | | Type | Length | Reserved | Prefix-Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Prefix Prefix
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Prefix Prefix
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Prefix Prefix
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Prefix | Prefix |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type Type
TBD for Delegated-IPv6-Prefix 123 for Delegated-IPv6-Prefix
Length Length
The length of the entire attribute, in bytes. At least 4 The length of the entire attribute, in bytes. At least 4 (to
(to hold Type/Length/Reserved/Prefix-Length for a 0-bit hold Type/Length/Reserved/Prefix-Length for a 0-bit prefix),
prefix), and no larger than 20 (to hold Type/Length/ and no larger than 20 (to hold Type/Length/ Reserved/Prefix-
Reserved/Prefix-Length for a 128-bit prefix) Length for a 128-bit prefix)
Reserved Reserved
Always set to zero by sender; ignored by receiver Always set to zero by sender; ignored by receiver
Prefix-Length Prefix-Length
The length of the prefix being delegated, in bits. At least The length of the prefix being delegated, in bits. At least
0 and no larger than 128 bits (identifying a single IPv6 0 and no larger than 128 bits (identifying a single IPv6
address) address)
skipping to change at page 4, line 13 skipping to change at page 4, line 16
Request packet. Request packet.
The Delegated-IPv6-Prefix MUST NOT appear in any other RADIUS The Delegated-IPv6-Prefix MUST NOT appear in any other RADIUS
packets. packets.
4. Table of Attributes 4. Table of Attributes
The following table provides a guide to which attributes may be found The following table provides a guide to which attributes may be found
in which kinds of packets, and in what quantity. in which kinds of packets, and in what quantity.
+-----------------------------------------------------------------------+ +-------------------------------------------------------------------+
| Request Accept Reject Challenge Accounting # Attribute | | Request Accept Reject Challenge Accounting # Attribute |
| Request | | Request |
| 0+ 0+ 0 0 0+ TBD Delegated-IPv6-Prefix | | 0+ 0+ 0 0 0+ 123 Delegated-IPv6- |
+-----------------------------------------------------------------------+ | Prefix |
+-------------------------------------------------------------------+
The meaning of the above table entries is as follows: The meaning of the above table entries is as follows:
0 This attribute MUST NOT be present. 0 This attribute MUST NOT be present.
0+ Zero or more instances of this attribute MAY be present. 0+ Zero or more instances of this attribute MAY be present.
0-1 Zero or one instance of this attribute MAY be present. 0-1 Zero or one instance of this attribute MAY be present.
1 Exactly one instance of this attribute MUST be present. 1 Exactly one instance of this attribute MUST be present.
1+ One or more of these attributes MUST be present. 1+ One or more of these attributes MUST be present.
5. Diameter Considerations 5. Diameter Considerations
skipping to change at page 5, line 15 skipping to change at page 5, line 17
to Diameter Accounting-Request [6] as well. to Diameter Accounting-Request [6] as well.
The AVP flag rules [5] for the Delegated-IPv6-Prefix attribute are: The AVP flag rules [5] for the Delegated-IPv6-Prefix attribute are:
+---------------------+ +---------------------+
| AVP Flag rules | | AVP Flag rules |
|----+-----+----+-----|----+ |----+-----+----+-----|----+
AVP | | |SHLD| MUST| | AVP | | |SHLD| MUST| |
Attribute Name Code Value Type |MUST| MAY | NOT| NOT|Encr| Attribute Name Code Value Type |MUST| MAY | NOT| NOT|Encr|
---------------------------------|----+-----+----+-----|----| ---------------------------------|----+-----+----+-----|----|
Delegated-IPv6- TBD OctetString| M | P | | V | Y | Delegated-IPv6- 123 OctetString| M | P | | V | Y |
Prefix | | | | | | Prefix | | | | | |
---------------------------------|----+-----+----+-----|----| ---------------------------------|----+-----+----+-----|----|
6. IANA Considerations 6. IANA Considerations
IANA is requested to assign a Type value, TBD, for this attribute IANA assigned a Type value, 123, for this attribute from the RADIUS
from the RADIUS Attribute Types registry. Attribute Types registry.
7. Security Considerations 7. Security Considerations
Known security vulnerabilities of the RADIUS protocol are discussed Known security vulnerabilities of the RADIUS protocol are discussed
in RFC 2607 [8], RFC 2865 [1] and RFC 2869 [9]. Use of IPsec [10] in RFC 2607 [8], RFC 2865 [1], and RFC 2869 [9]. Use of IPsec [10]
for providing security when RADIUS is carried in IPv6 is discussed in for providing security when RADIUS is carried in IPv6 is discussed in
RFC 3162. RFC 3162.
Security considerations for the Diameter protocol are discussed in Security considerations for the Diameter protocol are discussed in
RFC 3588 [5]. RFC 3588 [5].
8. Change Log 8. References
This section to be removed before publication as an RFC.
The following changes were made in revision -01 of this document:
o Added additional details to Abstract; defined that this attribute
can be used in both RADIUS and Diameter. (Issue 188)
o Moved and clarified text describing which packets this attribute
can appear in adjacent to table in section 3. (Issue 188)
o Fixed RFC 2119 boilerplate in section 2. (Issue 185)
o Fixed table in section 3 to clarify which packets this attribute
cannot appear in. (Issue 188)
o Added section 4, Diameter Considerations. (Issue 188)
o Made some references in section 6, Security Considerations,
Informative rather than Normative. (Issue 188)
o Updated reference to RFC 2401 [9] to RFC 4301. (Issue 188)
o Changed "IP SEC" to "IPsec" in section 6. (Issues 185 and 188)
The following changes were made in revision -02 of this document:
o Added a second paragraph to the Introduction, referencing the
Framed-IPv6-Prefix attribute
o Improved description of attribute fields in section 3
o Added border to table in section 3
o Updated Section 4, Diameter Considerations, to describe how this
attribute would be used in Diameter.
o Added reference to RFC 3588 in Section 6, Security Considerations.
The following changes, based on Issues 201 and 204 on the RADEXT WG
Issues list: http://www.drizzle.com/~aboba/RADEXT/, were made in
revision -03 of this document:
o Updated Section 5, Diameter Considerations, to describe the AVP
flag rules for this attribute.
o Edited Section 1, to clarify the relationship between the
Delegated-IPv6-Prefix and Framed-IPv6-Prefix attributes.
o Edited table of attributes and moved to a separate section.
Revision -04 includes the following changes:
o Editorial changes in the AVP flag rules table
o Editorial changes in the description of the relationship between
the Delegated-IPv6-Prefix and Framed-IPv6-Prefix attributes (last
paragraph of section 1)
o Editorial changes in the first paragraph of section 1 to clarify
that this document defines a new attribute not already defined in
RFC 2865
o Added a text and a diagram to section 1 to illustrate the use of
the Delegated-IPv6-Prefix attribute
Revision -05 includes the following changes:
o Corrected the spelling of "Reqesting" to "Requesting" in section
1, Introduction
o Corrected the spelling of "Delegate-IPv6-Prefix" to "Delegated-
IPv6-Prefix" in section 5, Diameter Consideration
9. References
9.1. Normative References 8.1. Normative References
[1] Rigney, C., Willens, S., Rubens, A., and W. Simpson, "Remote [1] Rigney, C., Willens, S., Rubens, A., and W. Simpson, "Remote
Authentication Dial In User Service (RADIUS)", RFC 2865, Authentication Dial In User Service (RADIUS)", RFC 2865, June
June 2000. 2000.
[2] Troan, O. and R. Droms, "IPv6 Prefix Options for Dynamic Host [2] Troan, O. and R. Droms, "IPv6 Prefix Options for Dynamic Host
Configuration Protocol (DHCP) version 6", RFC 3633, Configuration Protocol (DHCP) version 6", RFC 3633, December
December 2003. 2003.
[3] Bradner, S., "Key words for use in RFCs to Indicate Requirement [3] Bradner, S., "Key words for use in RFCs to Indicate Requirement
Levels", BCP 14, RFC 2119, March 1997. Levels", BCP 14, RFC 2119, March 1997.
9.2. Non-normative References 9.2. Informative References
[4] Aboba, B., Zorn, G., and D. Mitton, "RADIUS and IPv6", [4] Aboba, B., Zorn, G., and D. Mitton, "RADIUS and IPv6", RFC 3162,
RFC 3162, August 2001. August 2001.
[5] Calhoun, P., Loughney, J., Guttman, E., Zorn, G., and J. Arkko, [5] Calhoun, P., Loughney, J., Guttman, E., Zorn, G., and J. Arkko,
"Diameter Base Protocol", RFC 3588, September 2003. "Diameter Base Protocol", RFC 3588, September 2003.
[6] Calhoun, P., Zorn, G., Spence, D., and D. Mitton, "Diameter [6] Calhoun, P., Zorn, G., Spence, D., and D. Mitton, "Diameter
Network Access Server Application", RFC 4005, August 2005. Network Access Server Application", RFC 4005, August 2005.
[7] Eronen, P., Hiller, T., and G. Zorn, "Diameter Extensible [7] Eronen, P., Hiller, T., and G. Zorn, "Diameter Extensible
Authentication Protocol (EAP) Application", RFC 4072, Authentication Protocol (EAP) Application", RFC 4072, August
August 2005. 2005.
[8] Aboba, B. and J. Vollbrecht, "Proxy Chaining and Policy [8] Aboba, B. and J. Vollbrecht, "Proxy Chaining and Policy
Implementation in Roaming", RFC 2607, June 1999. Implementation in Roaming", RFC 2607, June 1999.
[9] Rigney, C., Willats, W., and P. Calhoun, "RADIUS Extensions", [9] Rigney, C., Willats, W., and P. Calhoun, "RADIUS Extensions",
RFC 2869, June 2000. RFC 2869, June 2000.
[10] Kent, S. and K. Seo, "Security Architecture for the Internet [10] Kent, S. and K. Seo, "Security Architecture for the Internet
Protocol", RFC 4301, December 2005. Protocol", RFC 4301, December 2005.
Authors' Addresses Authors' Addresses
Joe Salowey Joe Salowey
Cisco Systems, Inc. Cisco Systems, Inc.
2901 Third Avenue 2901 Third Avenue
Seattle, WA 98121 Seattle, WA 98121
USA USA
Phone: +1 206.310.0596 Phone: +1 206.310.0596
Email: jsalowey@cisco.com EMail: jsalowey@cisco.com
Ralph Droms Ralph Droms
Cisco Systems, Inc. Cisco Systems, Inc.
1414 Massachusetts Avenue 1414 Massachusetts Avenue
Boxborough, MA 01719 Boxborough, MA 01719
USA USA
Phone: +1 978.936.1674 Phone: +1 978.936.1674
Email: rdroms@cisco.com EMail: rdroms@cisco.com
Full Copyright Statement Full Copyright Statement
Copyright (C) The Internet Society (2006). Copyright (C) The IETF Trust (2007).
This document is subject to the rights, licenses and restrictions This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors contained in BCP 78, and except as set forth therein, the authors
retain all their rights. retain all their rights.
This document and the information contained herein are provided on an This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Intellectual Property Intellectual Property
The IETF takes no position regarding the validity or scope of any The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information made any independent effort to identify any such rights. Information
skipping to change at page 9, line 45 skipping to change at page 7, line 45
such proprietary rights by implementers or users of this such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr. http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at this standard. Please address the information to the IETF at
ietf-ipr@ietf.org. ietf-ipr@ietf.org.
Acknowledgment Acknowledgement
Funding for the RFC Editor function is provided by the IETF Funding for the RFC Editor function is currently provided by the
Administrative Support Activity (IASA). Internet Society.
 End of changes. 26 change blocks. 
113 lines changed or deleted 43 lines changed or added

This html diff was produced by rfcdiff 1.33. The latest version is available from http://tools.ietf.org/tools/rfcdiff/