draft-ietf-radext-delegated-prefix-05.txt | rfc4818.txt | |||
---|---|---|---|---|
Network Working Group J. Salowey | Network Working Group J. Salowey | |||
Internet-Draft R. Droms | Request for Comments: 4818 R. Droms | |||
Intended status: Standards Track Cisco Systems, Inc. | Category: Standards Track Cisco Systems, Inc. | |||
Expires: April 19, 2007 October 16, 2006 | ||||
RADIUS Delegated-IPv6-Prefix Attribute | RADIUS Delegated-IPv6-Prefix Attribute | |||
draft-ietf-radext-delegated-prefix-05.txt | ||||
Status of this Memo | ||||
By submitting this Internet-Draft, each author represents that any | ||||
applicable patent or other IPR claims of which he or she is aware | ||||
have been or will be disclosed, and any of which he or she becomes | ||||
aware will be disclosed, in accordance with Section 6 of BCP 79. | ||||
Internet-Drafts are working documents of the Internet Engineering | ||||
Task Force (IETF), its areas, and its working groups. Note that | ||||
other groups may also distribute working documents as Internet- | ||||
Drafts. | ||||
Internet-Drafts are draft documents valid for a maximum of six months | ||||
and may be updated, replaced, or obsoleted by other documents at any | ||||
time. It is inappropriate to use Internet-Drafts as reference | ||||
material or to cite them other than as "work in progress." | ||||
The list of current Internet-Drafts can be accessed at | ||||
http://www.ietf.org/ietf/1id-abstracts.txt. | ||||
The list of Internet-Draft Shadow Directories can be accessed at | Status of This Memo | |||
http://www.ietf.org/shadow.html. | ||||
This Internet-Draft will expire on April 19, 2007. | This document specifies an Internet standards track protocol for the | |||
Internet community, and requests discussion and suggestions for | ||||
improvements. Please refer to the current edition of the "Internet | ||||
Official Protocol Standards" (STD 1) for the standardization state | ||||
and status of this protocol. Distribution of this memo is unlimited. | ||||
Copyright Notice | Copyright Notice | |||
Copyright (C) The Internet Society (2006). | Copyright (C) The IETF Trust (2007). | |||
Abstract | Abstract | |||
This document defines a RADIUS (Remote Authentication Dial In User | This document defines a RADIUS (Remote Authentication Dial In User | |||
Service) attribute that carries an IPv6 prefix that is to be | Service) attribute that carries an IPv6 prefix that is to be | |||
delegated to the user. This attribute is usable within either RADIUS | delegated to the user. This attribute is usable within either RADIUS | |||
or Diameter. | or Diameter. | |||
1. Introduction | 1. Introduction | |||
skipping to change at page 2, line 39 | skipping to change at page 3, line 5 | |||
delegation of IPv6 prefixes to be used in the user's network, and | delegation of IPv6 prefixes to be used in the user's network, and | |||
therefore Framed-IPv6-Prefix and Delegated-IPv6-Prefix attributes may | therefore Framed-IPv6-Prefix and Delegated-IPv6-Prefix attributes may | |||
be included in the same RADIUS packet. | be included in the same RADIUS packet. | |||
2. Terminology | 2. Terminology | |||
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | |||
document are to be interpreted as described in RFC 2119 [3]. | document are to be interpreted as described in RFC 2119 [3]. | |||
3. Attribute format | 3. Attribute Format | |||
The format of the Delegated-IPv6-Prefix is: | The format of the Delegated-IPv6-Prefix is: | |||
0 1 2 3 | 0 1 2 3 | |||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| Type | Length | Reserved | Prefix-Length | | | Type | Length | Reserved | Prefix-Length | | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
Prefix | Prefix | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
Prefix | Prefix | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
Prefix | Prefix | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
Prefix | | Prefix | | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
Type | Type | |||
TBD for Delegated-IPv6-Prefix | 123 for Delegated-IPv6-Prefix | |||
Length | Length | |||
The length of the entire attribute, in bytes. At least 4 | The length of the entire attribute, in bytes. At least 4 (to | |||
(to hold Type/Length/Reserved/Prefix-Length for a 0-bit | hold Type/Length/Reserved/Prefix-Length for a 0-bit prefix), | |||
prefix), and no larger than 20 (to hold Type/Length/ | and no larger than 20 (to hold Type/Length/ Reserved/Prefix- | |||
Reserved/Prefix-Length for a 128-bit prefix) | Length for a 128-bit prefix) | |||
Reserved | Reserved | |||
Always set to zero by sender; ignored by receiver | Always set to zero by sender; ignored by receiver | |||
Prefix-Length | Prefix-Length | |||
The length of the prefix being delegated, in bits. At least | The length of the prefix being delegated, in bits. At least | |||
0 and no larger than 128 bits (identifying a single IPv6 | 0 and no larger than 128 bits (identifying a single IPv6 | |||
address) | address) | |||
skipping to change at page 4, line 13 | skipping to change at page 4, line 16 | |||
Request packet. | Request packet. | |||
The Delegated-IPv6-Prefix MUST NOT appear in any other RADIUS | The Delegated-IPv6-Prefix MUST NOT appear in any other RADIUS | |||
packets. | packets. | |||
4. Table of Attributes | 4. Table of Attributes | |||
The following table provides a guide to which attributes may be found | The following table provides a guide to which attributes may be found | |||
in which kinds of packets, and in what quantity. | in which kinds of packets, and in what quantity. | |||
+-----------------------------------------------------------------------+ | +-------------------------------------------------------------------+ | |||
| Request Accept Reject Challenge Accounting # Attribute | | | Request Accept Reject Challenge Accounting # Attribute | | |||
| Request | | | Request | | |||
| 0+ 0+ 0 0 0+ TBD Delegated-IPv6-Prefix | | | 0+ 0+ 0 0 0+ 123 Delegated-IPv6- | | |||
+-----------------------------------------------------------------------+ | | Prefix | | |||
+-------------------------------------------------------------------+ | ||||
The meaning of the above table entries is as follows: | The meaning of the above table entries is as follows: | |||
0 This attribute MUST NOT be present. | 0 This attribute MUST NOT be present. | |||
0+ Zero or more instances of this attribute MAY be present. | 0+ Zero or more instances of this attribute MAY be present. | |||
0-1 Zero or one instance of this attribute MAY be present. | 0-1 Zero or one instance of this attribute MAY be present. | |||
1 Exactly one instance of this attribute MUST be present. | 1 Exactly one instance of this attribute MUST be present. | |||
1+ One or more of these attributes MUST be present. | 1+ One or more of these attributes MUST be present. | |||
5. Diameter Considerations | 5. Diameter Considerations | |||
skipping to change at page 5, line 15 | skipping to change at page 5, line 17 | |||
to Diameter Accounting-Request [6] as well. | to Diameter Accounting-Request [6] as well. | |||
The AVP flag rules [5] for the Delegated-IPv6-Prefix attribute are: | The AVP flag rules [5] for the Delegated-IPv6-Prefix attribute are: | |||
+---------------------+ | +---------------------+ | |||
| AVP Flag rules | | | AVP Flag rules | | |||
|----+-----+----+-----|----+ | |----+-----+----+-----|----+ | |||
AVP | | |SHLD| MUST| | | AVP | | |SHLD| MUST| | | |||
Attribute Name Code Value Type |MUST| MAY | NOT| NOT|Encr| | Attribute Name Code Value Type |MUST| MAY | NOT| NOT|Encr| | |||
---------------------------------|----+-----+----+-----|----| | ---------------------------------|----+-----+----+-----|----| | |||
Delegated-IPv6- TBD OctetString| M | P | | V | Y | | Delegated-IPv6- 123 OctetString| M | P | | V | Y | | |||
Prefix | | | | | | | Prefix | | | | | | | |||
---------------------------------|----+-----+----+-----|----| | ---------------------------------|----+-----+----+-----|----| | |||
6. IANA Considerations | 6. IANA Considerations | |||
IANA is requested to assign a Type value, TBD, for this attribute | IANA assigned a Type value, 123, for this attribute from the RADIUS | |||
from the RADIUS Attribute Types registry. | Attribute Types registry. | |||
7. Security Considerations | 7. Security Considerations | |||
Known security vulnerabilities of the RADIUS protocol are discussed | Known security vulnerabilities of the RADIUS protocol are discussed | |||
in RFC 2607 [8], RFC 2865 [1] and RFC 2869 [9]. Use of IPsec [10] | in RFC 2607 [8], RFC 2865 [1], and RFC 2869 [9]. Use of IPsec [10] | |||
for providing security when RADIUS is carried in IPv6 is discussed in | for providing security when RADIUS is carried in IPv6 is discussed in | |||
RFC 3162. | RFC 3162. | |||
Security considerations for the Diameter protocol are discussed in | Security considerations for the Diameter protocol are discussed in | |||
RFC 3588 [5]. | RFC 3588 [5]. | |||
8. Change Log | 8. References | |||
This section to be removed before publication as an RFC. | ||||
The following changes were made in revision -01 of this document: | ||||
o Added additional details to Abstract; defined that this attribute | ||||
can be used in both RADIUS and Diameter. (Issue 188) | ||||
o Moved and clarified text describing which packets this attribute | ||||
can appear in adjacent to table in section 3. (Issue 188) | ||||
o Fixed RFC 2119 boilerplate in section 2. (Issue 185) | ||||
o Fixed table in section 3 to clarify which packets this attribute | ||||
cannot appear in. (Issue 188) | ||||
o Added section 4, Diameter Considerations. (Issue 188) | ||||
o Made some references in section 6, Security Considerations, | ||||
Informative rather than Normative. (Issue 188) | ||||
o Updated reference to RFC 2401 [9] to RFC 4301. (Issue 188) | ||||
o Changed "IP SEC" to "IPsec" in section 6. (Issues 185 and 188) | ||||
The following changes were made in revision -02 of this document: | ||||
o Added a second paragraph to the Introduction, referencing the | ||||
Framed-IPv6-Prefix attribute | ||||
o Improved description of attribute fields in section 3 | ||||
o Added border to table in section 3 | ||||
o Updated Section 4, Diameter Considerations, to describe how this | ||||
attribute would be used in Diameter. | ||||
o Added reference to RFC 3588 in Section 6, Security Considerations. | ||||
The following changes, based on Issues 201 and 204 on the RADEXT WG | ||||
Issues list: http://www.drizzle.com/~aboba/RADEXT/, were made in | ||||
revision -03 of this document: | ||||
o Updated Section 5, Diameter Considerations, to describe the AVP | ||||
flag rules for this attribute. | ||||
o Edited Section 1, to clarify the relationship between the | ||||
Delegated-IPv6-Prefix and Framed-IPv6-Prefix attributes. | ||||
o Edited table of attributes and moved to a separate section. | ||||
Revision -04 includes the following changes: | ||||
o Editorial changes in the AVP flag rules table | ||||
o Editorial changes in the description of the relationship between | ||||
the Delegated-IPv6-Prefix and Framed-IPv6-Prefix attributes (last | ||||
paragraph of section 1) | ||||
o Editorial changes in the first paragraph of section 1 to clarify | ||||
that this document defines a new attribute not already defined in | ||||
RFC 2865 | ||||
o Added a text and a diagram to section 1 to illustrate the use of | ||||
the Delegated-IPv6-Prefix attribute | ||||
Revision -05 includes the following changes: | ||||
o Corrected the spelling of "Reqesting" to "Requesting" in section | ||||
1, Introduction | ||||
o Corrected the spelling of "Delegate-IPv6-Prefix" to "Delegated- | ||||
IPv6-Prefix" in section 5, Diameter Consideration | ||||
9. References | ||||
9.1. Normative References | 8.1. Normative References | |||
[1] Rigney, C., Willens, S., Rubens, A., and W. Simpson, "Remote | [1] Rigney, C., Willens, S., Rubens, A., and W. Simpson, "Remote | |||
Authentication Dial In User Service (RADIUS)", RFC 2865, | Authentication Dial In User Service (RADIUS)", RFC 2865, June | |||
June 2000. | 2000. | |||
[2] Troan, O. and R. Droms, "IPv6 Prefix Options for Dynamic Host | [2] Troan, O. and R. Droms, "IPv6 Prefix Options for Dynamic Host | |||
Configuration Protocol (DHCP) version 6", RFC 3633, | Configuration Protocol (DHCP) version 6", RFC 3633, December | |||
December 2003. | 2003. | |||
[3] Bradner, S., "Key words for use in RFCs to Indicate Requirement | [3] Bradner, S., "Key words for use in RFCs to Indicate Requirement | |||
Levels", BCP 14, RFC 2119, March 1997. | Levels", BCP 14, RFC 2119, March 1997. | |||
9.2. Non-normative References | 9.2. Informative References | |||
[4] Aboba, B., Zorn, G., and D. Mitton, "RADIUS and IPv6", | [4] Aboba, B., Zorn, G., and D. Mitton, "RADIUS and IPv6", RFC 3162, | |||
RFC 3162, August 2001. | August 2001. | |||
[5] Calhoun, P., Loughney, J., Guttman, E., Zorn, G., and J. Arkko, | [5] Calhoun, P., Loughney, J., Guttman, E., Zorn, G., and J. Arkko, | |||
"Diameter Base Protocol", RFC 3588, September 2003. | "Diameter Base Protocol", RFC 3588, September 2003. | |||
[6] Calhoun, P., Zorn, G., Spence, D., and D. Mitton, "Diameter | [6] Calhoun, P., Zorn, G., Spence, D., and D. Mitton, "Diameter | |||
Network Access Server Application", RFC 4005, August 2005. | Network Access Server Application", RFC 4005, August 2005. | |||
[7] Eronen, P., Hiller, T., and G. Zorn, "Diameter Extensible | [7] Eronen, P., Hiller, T., and G. Zorn, "Diameter Extensible | |||
Authentication Protocol (EAP) Application", RFC 4072, | Authentication Protocol (EAP) Application", RFC 4072, August | |||
August 2005. | 2005. | |||
[8] Aboba, B. and J. Vollbrecht, "Proxy Chaining and Policy | [8] Aboba, B. and J. Vollbrecht, "Proxy Chaining and Policy | |||
Implementation in Roaming", RFC 2607, June 1999. | Implementation in Roaming", RFC 2607, June 1999. | |||
[9] Rigney, C., Willats, W., and P. Calhoun, "RADIUS Extensions", | [9] Rigney, C., Willats, W., and P. Calhoun, "RADIUS Extensions", | |||
RFC 2869, June 2000. | RFC 2869, June 2000. | |||
[10] Kent, S. and K. Seo, "Security Architecture for the Internet | [10] Kent, S. and K. Seo, "Security Architecture for the Internet | |||
Protocol", RFC 4301, December 2005. | Protocol", RFC 4301, December 2005. | |||
Authors' Addresses | Authors' Addresses | |||
Joe Salowey | Joe Salowey | |||
Cisco Systems, Inc. | Cisco Systems, Inc. | |||
2901 Third Avenue | 2901 Third Avenue | |||
Seattle, WA 98121 | Seattle, WA 98121 | |||
USA | USA | |||
Phone: +1 206.310.0596 | Phone: +1 206.310.0596 | |||
Email: jsalowey@cisco.com | EMail: jsalowey@cisco.com | |||
Ralph Droms | Ralph Droms | |||
Cisco Systems, Inc. | Cisco Systems, Inc. | |||
1414 Massachusetts Avenue | 1414 Massachusetts Avenue | |||
Boxborough, MA 01719 | Boxborough, MA 01719 | |||
USA | USA | |||
Phone: +1 978.936.1674 | Phone: +1 978.936.1674 | |||
Email: rdroms@cisco.com | EMail: rdroms@cisco.com | |||
Full Copyright Statement | Full Copyright Statement | |||
Copyright (C) The Internet Society (2006). | Copyright (C) The IETF Trust (2007). | |||
This document is subject to the rights, licenses and restrictions | This document is subject to the rights, licenses and restrictions | |||
contained in BCP 78, and except as set forth therein, the authors | contained in BCP 78, and except as set forth therein, the authors | |||
retain all their rights. | retain all their rights. | |||
This document and the information contained herein are provided on an | This document and the information contained herein are provided on an | |||
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS | "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS | |||
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET | OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND | |||
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, | THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS | |||
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE | OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF | |||
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED | THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED | |||
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. | WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. | |||
Intellectual Property | Intellectual Property | |||
The IETF takes no position regarding the validity or scope of any | The IETF takes no position regarding the validity or scope of any | |||
Intellectual Property Rights or other rights that might be claimed to | Intellectual Property Rights or other rights that might be claimed to | |||
pertain to the implementation or use of the technology described in | pertain to the implementation or use of the technology described in | |||
this document or the extent to which any license under such rights | this document or the extent to which any license under such rights | |||
might or might not be available; nor does it represent that it has | might or might not be available; nor does it represent that it has | |||
made any independent effort to identify any such rights. Information | made any independent effort to identify any such rights. Information | |||
skipping to change at page 9, line 45 | skipping to change at page 7, line 45 | |||
such proprietary rights by implementers or users of this | such proprietary rights by implementers or users of this | |||
specification can be obtained from the IETF on-line IPR repository at | specification can be obtained from the IETF on-line IPR repository at | |||
http://www.ietf.org/ipr. | http://www.ietf.org/ipr. | |||
The IETF invites any interested party to bring to its attention any | The IETF invites any interested party to bring to its attention any | |||
copyrights, patents or patent applications, or other proprietary | copyrights, patents or patent applications, or other proprietary | |||
rights that may cover technology that may be required to implement | rights that may cover technology that may be required to implement | |||
this standard. Please address the information to the IETF at | this standard. Please address the information to the IETF at | |||
ietf-ipr@ietf.org. | ietf-ipr@ietf.org. | |||
Acknowledgment | Acknowledgement | |||
Funding for the RFC Editor function is provided by the IETF | Funding for the RFC Editor function is currently provided by the | |||
Administrative Support Activity (IASA). | Internet Society. | |||
End of changes. 26 change blocks. | ||||
113 lines changed or deleted | 43 lines changed or added | |||
This html diff was produced by rfcdiff 1.33. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ |