draft-ietf-radext-ip-port-radius-ext-03.txt   draft-ietf-radext-ip-port-radius-ext-04.txt 
Network Working Group D. Cheng Network Working Group D. Cheng
Internet-Draft Huawei Internet-Draft Huawei
Intended status: Standards Track J. Korhonen Intended status: Standards Track J. Korhonen
Expires: August 10, 2015 Broadcom Expires: October 24, 2015 Broadcom Corporation
M. Boucadair M. Boucadair
France Telecom France Telecom
S. Sivakumar S. Sivakumar
Cisco Systems Cisco Systems
February 6, 2015 April 22, 2015
RADIUS Extensions for IP Port Configuration and Reporting RADIUS Extensions for IP Port Configuration and Reporting
draft-ietf-radext-ip-port-radius-ext-03 draft-ietf-radext-ip-port-radius-ext-04
Abstract Abstract
This document defines three new RADIUS attributes. For devices that This document defines three new RADIUS attributes. For devices that
implementing IP port ranges, these attributes are used to communicate implementing IP port ranges, these attributes are used to communicate
with a RADIUS server in order to configure and report TCP/UDP ports with a RADIUS server in order to configure and report TCP/UDP ports
and ICMP identifiers, as well as mapping behavior for specific hosts. and ICMP identifiers, as well as mapping behavior for specific hosts.
This mechanism can be used in various deployment scenarios such as This mechanism can be used in various deployment scenarios such as
CGN (Carrier Grade NAT), NAT64, Provider WLAN Gateway, etc. CGN (Carrier Grade NAT), NAT64, Provider WLAN Gateway, etc.
skipping to change at page 1, line 46 skipping to change at page 1, line 46
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on August 10, 2015. This Internet-Draft will expire on October 24, 2015.
Copyright Notice Copyright Notice
Copyright (c) 2015 IETF Trust and the persons identified as the Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 26 skipping to change at page 2, line 26
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4
3. Extensions of RADIUS Attributes and TLVs . . . . . . . . . . 5 3. Extensions of RADIUS Attributes and TLVs . . . . . . . . . . 5
3.1. Extended Attributes for IP Ports . . . . . . . . . . . . 6 3.1. Extended Attributes for IP Ports . . . . . . . . . . . . 6
3.1.1. Extended-Type . . . . . . . . . . . . . . . . . . . . 6 3.1.1. IP-Port-Limit Attribute . . . . . . . . . . . . . . . 6
3.1.2. IP-Port-Limit Attribute . . . . . . . . . . . . . . . 6 3.1.2. IP-Port-Range Attribute . . . . . . . . . . . . . . . 7
3.1.3. IP-Port-Range Attribute . . . . . . . . . . . . . . . 8 3.1.3. IP-Port-Forwarding-Map Attribute . . . . . . . . . . 10
3.1.4. IP-Port-Forwarding-Map Attribute . . . . . . . . . . 10 3.2. RADIUS TLVs for IP Ports . . . . . . . . . . . . . . . . 12
3.2. RADIUS TLVs for IP Ports . . . . . . . . . . . . . . . . 13 3.2.1. IP-Port-Type TLV . . . . . . . . . . . . . . . . . . 12
3.2.1. IP-Port-Type TLV . . . . . . . . . . . . . . . . . . 13 3.2.2. IP-Port-Limit TLV . . . . . . . . . . . . . . . . . . 13
3.2.2. IP-Port-Limit TLV . . . . . . . . . . . . . . . . . . 14 3.2.3. IP-Port-Ext-IPv4-Addr TLV . . . . . . . . . . . . . . 14
3.2.3. IP-Port-Ext-IPv4-Addr TLV . . . . . . . . . . . . . . 15 3.2.4. IP-Port-Int-IPv4-Addr TLV . . . . . . . . . . . . . . 15
3.2.4. IP-Port-Int-IPv4-Addr TLV . . . . . . . . . . . . . . 16
3.2.5. IP-Port-Int-IPv6-Addr TLV . . . . . . . . . . . . . . 16 3.2.5. IP-Port-Int-IPv6-Addr TLV . . . . . . . . . . . . . . 16
3.2.6. IP-Port-Int-Port TLV . . . . . . . . . . . . . . . . 17 3.2.6. IP-Port-Int-Port TLV . . . . . . . . . . . . . . . . 16
3.2.7. IP-Port-Ext-Port TLV . . . . . . . . . . . . . . . . 18 3.2.7. IP-Port-Ext-Port TLV . . . . . . . . . . . . . . . . 17
3.2.8. IP-Port-Alloc TLV . . . . . . . . . . . . . . . . . . 19 3.2.8. IP-Port-Alloc TLV . . . . . . . . . . . . . . . . . . 18
3.2.9. IP-Port-Range-Start TLV . . . . . . . . . . . . . . . 20 3.2.9. IP-Port-Range-Start TLV . . . . . . . . . . . . . . . 19
3.2.10. IP-Port-Range-End TLV . . . . . . . . . . . . . . . . 21 3.2.10. IP-Port-Range-End TLV . . . . . . . . . . . . . . . . 20
3.2.11. IP-Port-Local-Id TLV . . . . . . . . . . . . . . . . 21 3.2.11. IP-Port-Local-Id TLV . . . . . . . . . . . . . . . . 21
4. Applications, Use Cases and Examples . . . . . . . . . . . . 22 4. Applications, Use Cases and Examples . . . . . . . . . . . . 22
4.1. Managing CGN Port Behavior using RADIUS . . . . . . . . . 22 4.1. Managing CGN Port Behavior using RADIUS . . . . . . . . . 22
4.1.1. Configure IP Port Limit for a User . . . . . . . . . 23 4.1.1. Configure IP Port Limit for a User . . . . . . . . . 23
4.1.2. Report IP Port Allocation/De-allocation . . . . . . . 25 4.1.2. Report IP Port Allocation/De-allocation . . . . . . . 25
4.1.3. Configure Forwarding Port Mapping . . . . . . . . . . 26 4.1.3. Configure Forwarding Port Mapping . . . . . . . . . . 26
4.1.4. An Example . . . . . . . . . . . . . . . . . . . . . 28 4.1.4. An Example . . . . . . . . . . . . . . . . . . . . . 28
4.2. Report Assigned Port Set for a Visiting UE . . . . . . . 29 4.2. Report Assigned Port Set for a Visiting UE . . . . . . . 29
5. Table of Attributes . . . . . . . . . . . . . . . . . . . . . 30 5. Table of Attributes . . . . . . . . . . . . . . . . . . . . . 30
6. Security Considerations . . . . . . . . . . . . . . . . . . . 31 6. Security Considerations . . . . . . . . . . . . . . . . . . . 31
skipping to change at page 6, line 13 skipping to change at page 6, line 13
1. IP-Port-Limit Attribute 1. IP-Port-Limit Attribute
2. IP-Port-Range Attribute 2. IP-Port-Range Attribute
3. IP-Port-Forwarding-Map Attribute 3. IP-Port-Forwarding-Map Attribute
All these attributes are allocated from the RADIUS "Extended Type" All these attributes are allocated from the RADIUS "Extended Type"
code space per [RFC6929]. code space per [RFC6929].
3.1. Extended Attributes for IP Ports 3.1. Extended Attributes for IP Ports
3.1.1. Extended-Type 3.1.1. IP-Port-Limit Attribute
This section defines a new Extended-Type (see Figure 1).
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Extended-Type | Value....
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 1
Type:
TBA1 - Extended-Type-1 (241), Extended-Type-2 (242), Extended-
Type-3 (243), or Extended-Type-4 (244) per [RFC6929].
Length:
Indicates the total length in bytes of all fields of this
attribute, including Type, Length, Extended-Type, and the embedded
TLVs.
Extended-Type:
TBA2.
The interpretation of this field is determined by the identifier of
"TBA1.TBA2..." along with the embedded TLVs.
3.1.2. IP-Port-Limit Attribute
This attribute contains the Extended-Type defined in Section 3.1.1, This attribute is RADIUS Extended-Type, and contains a set of
along with a set of embedded TLVs defined in Section 3.2.1 (IP-Port- embedded TLVs defined in Section 3.2.1 (IP-Port-Type TLV),
Type TLV), Section 3.2.2 (IP-Port-Limit TLV), and Section 3.2.3 (IP- Section 3.2.2 (IP-Port-Limit TLV), and Section 3.2.3 (IP-Port-Ext-
Port-Ext-IPv4-Addr TLV). It specifies the maximum number of IP ports IPv4-Addr TLV). It specifies the maximum number of IP ports as
as indicated in IP-Port-Limit TLV, of a specific port type as indicated in IP-Port-Limit TLV, of a specific port type as indicated
indicated in IP-Port-Type TLV, and associated with a given IPv4 in IP-Port-Type TLV, and associated with a given IPv4 address as
address as indicated in IP-Port-Ext-IPv4-Addr TLV for an end user. indicated in IP-Port-Ext-IPv4-Addr TLV for an end user.
Note that when IP-Port-Ext-IPv4-Addr TLV is not included as part of Note that when IP-Port-Ext-IPv4-Addr TLV is not included as part of
the IP-Port-Limit Attribute, the port limit is applied to all the the IP-Port-Limit Attribute, the port limit is applied to all the
IPv4 addresses managed by the port device, e.g., a CGN or NAT64 IPv4 addresses managed by the port device, e.g., a CGN or NAT64
device. device.
The IP-Port-Limit Attribute MAY appear in an Access-Accept packet. The IP-Port-Limit Attribute MAY appear in an Access-Accept packet.
It MAY also appear in an Access-Request packet as a hint by the It MAY also appear in an Access-Request packet as a hint by the
device supporting port ranges, which is co-allocated with the NAS, to device supporting port ranges, which is co-allocated with the NAS, to
the RADIUS server as a preference, although the server is not the RADIUS server as a preference, although the server is not
required to honor such a hint. required to honor such a hint.
The IP-Port-Limit Attribute MAY appear in a CoA-Request packet. The IP-Port-Limit Attribute MAY appear in a CoA-Request packet.
The IP-Port-Limit Attribute MAY appear in an Accounting-Request The IP-Port-Limit Attribute MAY appear in an Accounting-Request
packet. packet.
The IP-Port-Limit Attribute MUST NOT appear in any other RADIUS The IP-Port-Limit Attribute MUST NOT appear in any other RADIUS
packets. packets.
The format of the IP-Port-Limit Attribute is shown in Figure 2. The The format of the IP-Port-Limit Attribute is shown in Figure 1. The
fields are transmitted from left to right. fields are transmitted from left to right.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Extended-Type | Value ... | Type | Length | Extended-Type | Value ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 2 Figure 1
Type: Type:
TBA1 - Extended-Type-1 (241), Extended-Type-2 (242), Extended- TBA1.
Type-3 (243), or Extended-Type-4 (244) per [RFC6929].
Length: Length:
This field indicates the total length in bytes of all fields of This field indicates the total length in bytes of all fields of
this attribute, including the Type, Length, Extended-Type, and the this attribute, including the Type, Length, Extended-Type, and the
entire length of the embedded TLVs. entire length of the embedded TLVs.
Extended-Type: Extended-Type:
TBA2. TBA2.
skipping to change at page 8, line 29 skipping to change at page 7, line 43
Attribute. Refer to Section 3.2.2. Attribute. Refer to Section 3.2.2.
IP-Port-Ext-IPv4-Addr TLV: IP-Port-Ext-IPv4-Addr TLV:
This TLV contains the IPv4 address that is associated with the This TLV contains the IPv4 address that is associated with the
IP port limit contained in the IP-Port-Limit TLV. This TLV is IP port limit contained in the IP-Port-Limit TLV. This TLV is
optionally included as part of the IP-Port-Limit Attribute. optionally included as part of the IP-Port-Limit Attribute.
Refer to Section 3.2.3. Refer to Section 3.2.3.
IP-Port-Limit attribute is associated with the following identifier: IP-Port-Limit attribute is associated with the following identifier:
Type(TBA1).Extended-Type(TBA2).IP-Port-Type TLV(TBA3).[IP-Port-Limit Type(TBA1).Extended-Type(TBA2).[IP-Port-Limit TLV (TBA6),IP-Port-Type
TLV(TBA4), {IP-Port-Ext-IPv4-Addr TLV(TBA5)}]. TLV(TBA5), {IP-Port-Ext-IPv4-Addr TLV(TBA7)}].
3.1.3. IP-Port-Range Attribute 3.1.2. IP-Port-Range Attribute
This attribute contains the Extended-Type defined in Section 3.1.1, This attribute is RADIUS Extended-Type, and contains a set of
along with a set of embedded TLVs defined in Section 3.2.1(IP-Port- embedded TLVs defined in Section 3.2.1(IP-Port-Type TLV), Section
Type TLV), Section 3.2.9(IP-Port-Range-Start TLV), Section 3.2.10 3.2.9(IP-Port-Range-Start TLV), Section 3.2.10 (IP-Port-Range-End
(IP-Port-Range-End TLV), Section 3.2.8 (IP-Port-Alloc TLV), TLV), Section 3.2.8 (IP-Port-Alloc TLV), Section 3.2.3 (IP-Port-Ext-
Section 3.2.3 (IP-Port-Ext-IPv4-Addr TLV), and Section 3.2.11 (IP- IPv4-Addr TLV), and Section 3.2.11 (IP-Port-Local-Id TLV).
Port-Local-Id TLV).
This attribute contains a range of contiguous IP ports of a specific This attribute contains a range of contiguous IP ports of a specific
port type and associated with an IPv4 address that are either port type and associated with an IPv4 address that are either
allocated or deallocated by a device for a given subscriber, and the allocated or deallocated by a device for a given subscriber, and the
information is intended to send to RADIUS server. information is intended to send to RADIUS server.
This attribute can be used to convey a single IP port number; in such This attribute can be used to convey a single IP port number; in such
case IP-Port-Range-Start and IP-Port-Range-End conveys the same case IP-Port-Range-Start and IP-Port-Range-End conveys the same
value. value.
skipping to change at page 9, line 17 skipping to change at page 8, line 30
are optional and if included, they are used by a port device (e.g., a are optional and if included, they are used by a port device (e.g., a
CGN device) to identify the end user. CGN device) to identify the end user.
The IP-Port-Range Attribute MAY appear in an Accounting-Request The IP-Port-Range Attribute MAY appear in an Accounting-Request
packet. packet.
The IP-Port-Range Attribute MUST NOT appear in any other RADIUS The IP-Port-Range Attribute MUST NOT appear in any other RADIUS
packets. packets.
The format of the IP-Port-Range Attribute format is shown in The format of the IP-Port-Range Attribute format is shown in
Figure 3. The fields are transmitted from left to right. Figure 2. The fields are transmitted from left to right.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Extended-Type | Value ... | Type | Length | Extended-Type | Value ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 3 Figure 2
Type: Type:
TBA1 - Extended-Type-1 (241), Extended-Type-2 (242), Extended- TBA1.
Type-3 (243), or Extended-Type-4 (244) per [RFC6929]
Length: Length:
This field indicates the total length in bytes of all fields of This field indicates the total length in bytes of all fields of
this attribute, including the Type, Length, Extended-Type, and the this attribute, including the Type, Length, Extended-Type, and the
entire length of the embedded TLVs. entire length of the embedded TLVs.
Extended-Type: Extended-Type:
TBA2. TBA3.
Value: Value:
This field contains a set of TLVs as follows: This field contains a set of TLVs as follows:
IP-Port-Type TLV: IP-Port-Type TLV:
This TLV contains a value that indicates the IP port type. This TLV contains a value that indicates the IP port type.
Refer to Section 3.2.1. Refer to Section 3.2.1.
skipping to change at page 10, line 43 skipping to change at page 10, line 6
IP-Port-Local-Id TLV: IP-Port-Local-Id TLV:
This TLV contains a local session identifier at the customer This TLV contains a local session identifier at the customer
premise, such as MAC address, interface ID, VLAN ID, PPP premise, such as MAC address, interface ID, VLAN ID, PPP
sessions ID, VRF ID, IPv6 address/prefix, etc. This TLV is sessions ID, VRF ID, IPv6 address/prefix, etc. This TLV is
optionally included as part of the IP-Port-Range Attribute. optionally included as part of the IP-Port-Range Attribute.
Refer to Section 3.2.11. Refer to Section 3.2.11.
The IP-Port-Range attribute is associated with the following The IP-Port-Range attribute is associated with the following
identifier: Type(TBA1).Extended-Type(TBA2).IP-Port-Type identifier: Type(TBA1).Extended-Type(TBA3).[IP-Port-Alloc TLV
TLV(TBA3).[IP-Port-Alloc TLV(TBA10), {IP-Port-Range-Start TLV(TBA11), (TBA12), IP-Port-Type TLV(TBA5), {IP-Port-Range-Start TLV(TBA13), IP-
IP-Port-Range-End TLV(TBA12)}, {IP-Port-Ext-IPv4-Addr TLV (TBA5)}, Port-Range-End TLV(TBA14)}, {IP-Port-Ext-IPv4-Addr TLV (TBA7)}, {IP-
{IP-Port-Local-Id TLV (TBA13)}]. Port-Local-Id TLV (TBA15)}].
3.1.4. IP-Port-Forwarding-Map Attribute 3.1.3. IP-Port-Forwarding-Map Attribute
This attribute contains the Extended-Type defined in Section 3.1.1, This attribute is RADIUS Extended-Type, and contains a set of
along with a set of embedded TLVs defined in Section 3.2.1(IP-Port- embedded TLVs defined in Section 3.2.1(IP-Port-Type TLV), Section
Type TLV), Section 3.2.6(IP-Port-Int-Port TLV), Section 3.2.7(IP- 3.2.6(IP-Port-Int-Port TLV), Section 3.2.7(IP-Port-Ext-Port TLV),
Port-Ext-Port TLV), Section 3.2.4(IP-Port-Int-IPv4-Addr TLV) or Section 3.2.4(IP-Port-Int-IPv4-Addr TLV) or Section 3.2.5(IP-Port-
Section 3.2.5(IP-Port-Int-IPv6-Addr TLV), Section 3.2.11(IP-Port- Int-IPv6-Addr TLV), Section 3.2.11(IP-Port-Local-Id TLV) and
Local-Id TLV) and Section 3.2.3 (IP-Port-Ext-IP-Addr TLV). Section 3.2.3 (IP-Port-Ext-IP-Addr TLV).
The attribute contains a 2-byte IP internal port number that is The attribute contains a 2-byte IP internal port number that is
associated with an internal IPv4 or IPv6 address, or a locally associated with an internal IPv4 or IPv6 address, or a locally
significant identifier at the customer site, and a 2-byte IP external significant identifier at the customer site, and a 2-byte IP external
port number that is associated with an external IPv4 address. The port number that is associated with an external IPv4 address. The
internal IPv4 or IPv6 address, or the local identifier must be internal IPv4 or IPv6 address, or the local identifier must be
included; the external IPv4 address may also be included. included; the external IPv4 address may also be included.
The IP-Port-Forwarding-Map Attribute MAY appear in an Access-Accept The IP-Port-Forwarding-Map Attribute MAY appear in an Access-Accept
packet. It MAY also appear in an Access-Request packet as a hint by packet. It MAY also appear in an Access-Request packet as a hint by
skipping to change at page 11, line 30 skipping to change at page 10, line 42
The IP-Port-Forwarding-Map Attribute MAY appear in a CoA-Request The IP-Port-Forwarding-Map Attribute MAY appear in a CoA-Request
packet. packet.
The IP-Port-Forwarding-Map Attribute MAY also appear in an The IP-Port-Forwarding-Map Attribute MAY also appear in an
Accounting-Request packet. Accounting-Request packet.
The attribute MUST NOT appear in any other RADIUS packet. The attribute MUST NOT appear in any other RADIUS packet.
The format of the IP-Port-Forwarding-Map Attribute is shown in The format of the IP-Port-Forwarding-Map Attribute is shown in
Figure 4. The fields are transmitted from left to right. Figure 3. The fields are transmitted from left to right.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Extended-Type | Value .... | Type | Length | Extended-Type | Value ....
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 4 Figure 3
Type: Type:
TBA1 - Extended-Type-1 (241), Extended-Type-2 (242), Extended- TBA1.
Type-3 (243), or Extended-Type-4 (244) per [RFC6929]
Length: Length:
This field indicates the total length in bytes of all fields of This field indicates the total length in bytes of all fields of
this attribute, including the Type, Length, Extended-Type, and the this attribute, including the Type, Length, Extended-Type, and the
entire length of the embedded TLVs. entire length of the embedded TLVs.
Extended-Type: Extended-Type:
TBA2. TBA4.
Value: Value:
This field contains a set of TLVs as follows: This field contains a set of TLVs as follows:
IP-Port-Type TLV: IP-Port-Type TLV:
This TLV contains a value that indicates the IP port type. This TLV contains a value that indicates the IP port type.
Refer to Section 3.2.1. Refer to Section 3.2.1.
skipping to change at page 13, line 15 skipping to change at page 12, line 27
Port-Forwarding-Map Attribute. Refer to Section 3.2.11. Port-Forwarding-Map Attribute. Refer to Section 3.2.11.
IP-Port-Ext-IPv4-Addr TLV: IP-Port-Ext-IPv4-Addr TLV:
This TLV contains an IPv4 address that is associated with the This TLV contains an IPv4 address that is associated with the
external IP port number contained in the IP-Port-Ext-Port TLV. external IP port number contained in the IP-Port-Ext-Port TLV.
This TLV may be included as part of the IP-Port-Forwarding-Map This TLV may be included as part of the IP-Port-Forwarding-Map
Attribute. Refer to Section 3.2.3. Attribute. Refer to Section 3.2.3.
The IP-Port-Forwarding-Map attribute is associated with the following The IP-Port-Forwarding-Map attribute is associated with the following
identifier: Type(TBA1).Extended-Type(TBA2).IP-Port-Type TLV(TBA3). identifier: Type(TBA1).Extended-Type(TBA4). [IP-Port-Int-Port
[IP-Port-Int-Port TLV(TBA8), IP-Port-Ext-Port TLV(TBA9), {IP-Port- TLV(TBA10), IP-Port-Ext-Port TLV(TBA11), IP-Port-Type TLV(TBA5), {IP-
Int-IPv4-Addr TLV(TBA6) | IP-Port-Int-IPv6-Addr TLV(TBA7) }, {IP- Port-Int-IPv4-Addr TLV(TBA8) | IP-Port-Int-IPv6-Addr TLV(TBA9)}, {IP-
Port-Ext-IPv4-Addr TLV(TBA5)}]. Port-Ext-IPv4-Addr TLV(TBA7)}].
3.2. RADIUS TLVs for IP Ports 3.2. RADIUS TLVs for IP Ports
3.2.1. IP-Port-Type TLV 3.2.1. IP-Port-Type TLV
This TLV (Figure 5) uses the format defined in [RFC6929]. Its Type This TLV (Figure 4) uses the format defined in [RFC6929]. Its Type
field contains a value that uniquely refers to IPFIX Element field contains a value that uniquely refers to IPFIX Element
transportType (TBAx1), and its Value field contains IPFIX Element transportType (TBAx1), and its Value field contains IPFIX Element
transportType, which indicates the type of IP transport type as transportType, which indicates the type of IP transport type as
follows: follows:
1: 1:
Refer to TCP port, UDP port, and ICMP identifier as a whole. Refer to TCP port, UDP port, and ICMP identifier as a whole.
2: 2:
skipping to change at page 14, line 8 skipping to change at page 13, line 16
Refer to UDP port only. Refer to UDP port only.
5: 5:
Refer to ICMP identifier only. Refer to ICMP identifier only.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | transportType | reserved | | Type | Length | transportType |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| transportType |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 5 Figure 4
Type: Type:
TBA3: This uniquely refers to IPFIX Element ID TBA0. TBA5: This uniquely refers to IPFIX Element ID TBA0.
Length: Length:
3. 6.
transportType: transportType:
unsigned8. Integer. This field contains the data (unsigned8) of
transportType (TBX1) defined in IPFIX, right justified, and the
unused bits in this field must be set to zero.
3.2.2. IP-Port-Limit TLV 3.2.2. IP-Port-Limit TLV
This TLV (Figure 6) uses the format defined in [RFC6929]. Its Type This TLV (Figure 5) uses the format defined in [RFC6929]. Its Type
field contains a value that uniquely refers to IPFIX Element field contains a value that uniquely refers to IPFIX Element
natTransportLimit (TBAx2), and its Value field contains IPFIX Element natTransportLimit (TBAx2), and its Value field contains IPFIX Element
natTransportLimit, which indicates the maximum number of ports of a natTransportLimit, which indicates the maximum number of ports of a
specified IP-Port-Type and associated with a given IPv4 address specified IP-Port-Type and associated with a given IPv4 address
assigned to a subscriber (refer to [IPFIX]) assigned to a subscriber.
Note that IP-Port-Limit TLV is embedded within IP-Port-Type TLV
(refer to Section 3.2.1) for detail.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | natTransportLimit | | Type | Length | natTransportLimit |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| natTransportLimit |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 6 Figure 5
Type: Type:
TBA4: This uniquely refers to IPFIX Element ID Limit TBD. TBA6: This uniquely refers to IPFIX Element ID Limit TBD.
Length: Length:
4. 6.
natTransportLimit: natTransportLimit:
unsigned16. Integer. This field contains the data (unsigned16) of
natTransportLimit (TBX2) defined in IPFIX, right justified, and
the unused bits in this field must be set to zero.
3.2.3. IP-Port-Ext-IPv4-Addr TLV 3.2.3. IP-Port-Ext-IPv4-Addr TLV
This TLV (Figure 7) uses the format defined in[RFC6929]. Its Type This TLV (Figure 6) uses the format defined in[RFC6929]. Its Type
field contains a value that uniquely refers to IPFIX Element field contains a value that uniquely refers to IPFIX Element
postNATSourceIPv4Address(225), and its Value field contains IPFIX postNATSourceIPv4Address(225), and its Value field contains IPFIX
Element postNATSourceIPv4Address, which is the IPv4 source address Element postNATSourceIPv4Address, which is the IPv4 source address
after NAT operation (refer to [IPFIX]). after NAT operation (refer to [IPFIX]).
IP-Port-Ext-IPv4-Addr TLV can be included as part of the IP-Port- IP-Port-Ext-IPv4-Addr TLV can be included as part of the IP-Port-
Limit Attribute (refer to Section 3.1.2), IP-Port-Range Attribute Limit Attribute (refer to Section 3.1.1), IP-Port-Range Attribute
(refer to Section 3.1.3), and IP-Port-Forwarding-Map Attribute (refer (refer to Section 3.1.2), and IP-Port-Forwarding-Map Attribute (refer
to Section 3.1.4). to Section 3.1.3).
Note that IP-Port-Ext-IPv4-Addr TLV is embedded within IP-Port-Type
TLV (refer to Section 3.2.1) for detail.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | postNATSourceIPv4Address | | Type | Length | postNATSourceIPv4Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| postNATSourceIPv4Address | | postNATSourceIPv4Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 7 Figure 6
Type: Type:
TBA5: The type field uniquely refers to the IPFIX Element ID 225. TBA7: The type field uniquely refers to the IPFIX Element ID 225.
Length: Length:
6 6
postNATSourceIPv4Address: postNATSourceIPv4Address:
ipv4Address. Integer. This field contains the data (ipv4Address) of
postNATSourceIPv4Address (225) defined in IPFIX.
3.2.4. IP-Port-Int-IPv4-Addr TLV 3.2.4. IP-Port-Int-IPv4-Addr TLV
This TLV (Figure 8) uses format defined in [RFC6929]. Its Type field This TLV (Figure 7) uses format defined in [RFC6929]. Its Type field
contains a value that uniquely refers to IPFIX Element contains a value that uniquely refers to IPFIX Element
sourceIPv4Address (8), and its Value field contains IPFIX Element sourceIPv4Address (8), and its Value field contains IPFIX Element
sourceIPv4Address, which is the IPv4 source address before NAT sourceIPv4Address, which is the IPv4 source address before NAT
operation (refer to [IPFIX]). operation (refer to [IPFIX]).
IP-Port-Int-IPv4-Addr TLV can be included as part of the IP-Port- IP-Port-Int-IPv4-Addr TLV can be included as part of the IP-Port-
Forwarding-Map Attribute (refer to Section 3.1.4). Forwarding-Map Attribute (refer to Section 3.1.3).
Note that IP-Port-Int-IPv4-Addr TLV is embedded within IP-Port-Type
TLV (refer to Section 3.2.1) for detail.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | sourceIPv4Address | | Type | Length | sourceIPv4Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| sourceIPv4Address | | sourceIPv4Address |
+-+--+-+-+-+-+-+-++-+-+-+-+-+-+-+ +-+--+-+-+-+-+-+-++-+-+-+-+-+-+-+
Figure 8 Figure 7
Type: Type:
TBA6: The type field uniquely refers to the IPFIX Element ID 8. TBA8: The type field uniquely refers to the IPFIX Element ID 8.
Length: Length:
6. 6.
sourceIPv4Address: sourceIPv4Address:
unsigned16. Integer. This field contains the data (ipv4Address) of
sourceIPv4Address (8) defined in IPFIX.
3.2.5. IP-Port-Int-IPv6-Addr TLV 3.2.5. IP-Port-Int-IPv6-Addr TLV
This TLV (Figure 9) uses format defined in [RFC6929]. Its Type field This TLV (Figure 8) uses format defined in [RFC6929]. Its Type field
contains a value that uniquely refers to IPFIX Element contains a value that uniquely refers to IPFIX Element
sourceIPv6Address(27), and its Value field contains IPFIX Element sourceIPv6Address(27), and its Value field contains IPFIX Element
sourceIPv6Address, which is the IPv6 source address before NAT sourceIPv6Address, which is the IPv6 source address before NAT
operation (refer to [IPFIX]). operation (refer to [IPFIX]).
IP-Port-Int-IPv6-Addr TLV can be included as part of the IP-Port- IP-Port-Int-IPv6-Addr TLV can be included as part of the IP-Port-
Forwarding-Map Attribute (refer to Section 3.1.4). Forwarding-Map Attribute (refer to Section 3.1.3).
Note that IP-Port-Int-IPv6-Addr TLV is embedded within IP-Port-Type
TLV (refer to Section 3.2.1) for detail.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | sourceIPv6Address | | Type | Length | sourceIPv6Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| sourceIPv6Address | | sourceIPv6Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| sourceIPv6Address | | sourceIPv6Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| sourceIPv6Address | | sourceIPv6Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| sourceIPv6Address | | sourceIPv6Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 9 Figure 8
Type: Type:
TBA7: The type field uniquely refers to the IPFIX Element ID 27. TBA9: The type field uniquely refers to the IPFIX Element ID 27.
Length: Length:
18. 18.
sourceIPv6Address: sourceIPv6Address:
unsigned64. IPv6 address (128 bits). This field contains the data
(ipv6Address) of sourceIPv6Address (27) defined in IPFIX.
3.2.6. IP-Port-Int-Port TLV 3.2.6. IP-Port-Int-Port TLV
This TLV (Figure 10) uses format defined in [RFC6929]. Its Type This TLV (Figure 9) uses format defined in [RFC6929]. Its Type field
field contains a value that uniquely refers to IPFIX Element contains a value that uniquely refers to IPFIX Element
sourceTransportPort (7), and its Value field contains IPFIX Element sourceTransportPort (7), and its Value field contains IPFIX Element
sourceTransportPort, which is the source transport number associated sourceTransportPort, which is the source transport number associated
with an internal IPv4 or IPv6 address (refer to [IPFIX]). with an internal IPv4 or IPv6 address (refer to [IPFIX]).
IP-Port-Int-Port TLV is included as part of the IP-Port-Forwarding- IP-Port-Int-Port TLV is included as part of the IP-Port-Forwarding-
Map Attribute (refer to Section 3.1.4). Map Attribute (refer to Section 3.1.3).
IP-Port-Int-Port TLV is embedded within embedded within IP-Port-Type
TLV (refer to Section 3.2.1) for detail.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | sourceTransportPort | | Type | Length | sourceTransportPort |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| sourceTransportPort |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 10 Figure 9
Type: Type:
TBA8: This uniquely refers to the IPFIX Element ID 7. TBA10: This uniquely refers to the IPFIX Element ID 7.
Length: Length:
4. 4.
sourceTransportPort: sourceTransportPort:
unsigned16. Integer. This field contains the data (unsigned16) of
sourceTrasnportPort (7) defined in IPFIX, right justified, and
unused bits must be set to zero.
3.2.7. IP-Port-Ext-Port TLV 3.2.7. IP-Port-Ext-Port TLV
This TLV (Figure 11) uses format defined in [RFC6929]. Its Type This TLV (Figure 10) uses format defined in [RFC6929]. Its Type
field contains a value that uniquely refers to IPFIX Element field contains a value that uniquely refers to IPFIX Element
postNAPTSourceTransportPort (227), and its Value field contains IPFIX postNAPTSourceTransportPort (227), and its Value field contains IPFIX
Element postNAPTSourceTransportPort, which is the transport number Element postNAPTSourceTransportPort, which is the transport number
associated with an external IPv4 address(refer to [IPFIX]). associated with an external IPv4 address(refer to [IPFIX]).
IP-Port-Ext-Port TLV is included as part of the IP-Port-Forwarding- IP-Port-Ext-Port TLV is included as part of the IP-Port-Forwarding-
Map Attribute (refer to Section 3.1.4). Map Attribute (refer to Section 3.1.3).
IP-Port-Ext-Port TLV is embedded within IP-Port-Type TLV (refer to
Section 3.2.1) for detail.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | postNAPTSourceTransportPort | | Type | Length | postNAPTSourceTransportPort |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| postNAPTSourceTransportPort |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 11 Figure 10
Type: Type:
TBA9: This uniquely refers to the IPFIX Element ID 227 . TBA11: This uniquely refers to the IPFIX Element ID 227 .
Length: Length:
6. 6.
postNAPTSourceTransportPort: postNAPTSourceTransportPort:
unsigned16. Integer. This field contains the data (unsigned16) of
postNAPTSourceTrasnportPort (227) defined in IPFIX, right
justified, and unused bits must be set to zero.
3.2.8. IP-Port-Alloc TLV 3.2.8. IP-Port-Alloc TLV
This TLV (Figure 12) uses format defined in [RFC6929]. Its Type This TLV (Figure 11) uses format defined in [RFC6929]. Its Type
field contains a value that uniquely refers to IPFIX Element natEvent field contains a value that uniquely refers to IPFIX Element natEvent
(230), and its Value field contains IPFIX Element "natEvent", which (230), and its Value field contains IPFIX Element "natEvent", which
is a flag to indicate an action of NAT operation (refer to [IPFIX]). is a flag to indicate an action of NAT operation (refer to [IPFIX]).
When the value of natEvent is "1" (Create event), it means to When the value of natEvent is "1" (Create event), it means to
allocate a range of transport ports; when the value is "2", it means allocate a range of transport ports; when the value is "2", it means
to de-allocate a range of transports ports. For the purpose of this to de-allocate a range of transports ports. For the purpose of this
TLV, no other value is used. TLV, no other value is used.
IP-Port-Alloc TLV is included as part of the IP-Port-Range Attribute IP-Port-Alloc TLV is included as part of the IP-Port-Range Attribute
(refer to Section 3.1.3). (refer to Section 3.1.2).
Note that IP-Port-Alloc TLV is embedded within IP-Port-Type TLV
(refer to Section 3.2.1) for detail.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | natEvent | Reserved | | Type | Length | natEvent |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| natEvent |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 12 Figure 11
Type: Type:
TBA10: This uniquely refers to the IPFIX Element ID 230 . TBA12: This uniquely refers to the IPFIX Element ID 230 .
Length: Length:
3. 3.
natEvent: natEvent:
unsigned8. This field indicates the allocation or deallocation of Integer. This field contains the data (unsigned8) of natEvent
a range of IP ports as follows: (230) defined in IPFIX, right justified, and unused bits must be
set to zero. It indicates the allocation or deallocation of a
range of IP ports as follows:
1: 1:
Allocation Allocation
2: 2:
Deallocation Deallocation
Reserved: Reserved:
0. 0.
3.2.9. IP-Port-Range-Start TLV 3.2.9. IP-Port-Range-Start TLV
This TLV (Figure 13) uses format defined in [RFC6929]. Its Type This TLV (Figure 12) uses format defined in [RFC6929]. Its Type
field contains a value that uniquely refers to IPFIX Element field contains a value that uniquely refers to IPFIX Element
portRangeStart (361), and its Value field contains IPFIX Element portRangeStart (361), and its Value field contains IPFIX Element
portRangeStart, which is the smallest port number of a range of portRangeStart, which is the smallest port number of a range of
contiguous transport ports (refer to [IPFIX]). contiguous transport ports (refer to [IPFIX]).
IP-Port-Range-Start TLV is included as part of the IP-Port-Range IP-Port-Range-Start TLV is included as part of the IP-Port-Range
Attribute (refer to Section 3.1.3). Attribute (refer to Section 3.1.2).
Note that IP-Port-Range-Start TLV is embedded within IP-Port-Type TLV
(refer to Section 3.1.1) for detail.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | portRangeStart | | Type | Length | portRangeStart |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| portRangeStart |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 13 Figure 12
Type: Type:
TBA11: This uniquely refers to the IPFIX Element ID 361. TBA13: This uniquely refers to the IPFIX Element ID 361.
TLV8-Length: TLV8-Length:
4. 4.
portRangeStart: portRangeStart:
unsigned16. This field contains the smallest port number of a Integer. This field contains the data (unsigned16) of (361)
range of contiguous IP transport ports. defined in IPFIX, right justified, and unused bits must be set to
zero.
3.2.10. IP-Port-Range-End TLV 3.2.10. IP-Port-Range-End TLV
This TLV (Figure 14) uses format defined in [RFC6929]. Its Type This TLV (Figure 13) uses format defined in [RFC6929]. Its Type
field contains a value that uniquely refers to IPFIX Element field contains a value that uniquely refers to IPFIX Element
portRangeEnd (362), and its Value field contains IPFIX Element portRangeEnd (362), and its Value field contains IPFIX Element
portRangeEnd, which is the largest port number of a range of portRangeEnd, which is the largest port number of a range of
contiguous transport ports (refer to [IPFIX]). contiguous transport ports (refer to [IPFIX]).
IP-Port-Range-End TLV is included as part of the IP-Port-Range IP-Port-Range-End TLV is included as part of the IP-Port-Range
Attribute (refer to Section 3.1.3). Attribute (refer to Section 3.1.2).
Note that IP-Port-Range-End TLV is embedded within IP-Port-Type TLV
(refer to Section 3.1.1) for detail.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | portRangeEnd | | Type | Length | portRangeEnd |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| portRangeEnd |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 14 Figure 13
Type: Type:
TBA12: This uniquely refers to IPFIC Element ID 362. TBA14: This uniquely refers to IPFIC Element ID 362.
Length: Length:
4. The Length field for IP-Port-Range-End TLV. 4. The Length field for IP-Port-Range-End TLV.
portRangeEnd: portRangeEnd:
unsigned16. This field contains the largest port number of a Integer. This field contains the data (unsigned16) of (362)
range of contiguous IP ports. defined in IPFIX, right justified, and unused bits must be set to
zero.
3.2.11. IP-Port-Local-Id TLV 3.2.11. IP-Port-Local-Id TLV
This TLV (Figure 15) uses format defined in [RFC6929]. Its Type This TLV (Figure 14) uses format defined in [RFC6929]. Its Type
field contains a value that uniquely refers to IPFIX Element localID field contains a value that uniquely refers to IPFIX Element localID
(TBAx3), and its Value field contains IPFIX Element localID, which is (TBAx3), and its Value field contains IPFIX Element localID, which is
a local significant identifier as explained below. a local significant identifier as explained below.
In some CGN deployment scenarios such as L2NAT In some CGN deployment scenarios such as DS-Extra-Lite [RFC6619] and
[I-D.miles-behave-l2nat], DS-Extra-Lite [RFC6619] and Lightweight Lightweight 4over6 [I-D.ietf-softwire-lw4over6], parameters at a
4over6 [I-D.ietf-softwire-lw4over6], parameters at a customer premise customer premise such as MAC address, interface ID, VLAN ID, PPP
such as MAC address, interface ID, VLAN ID, PPP session ID, IPv6 session ID, IPv6 prefix, VRF ID, etc., may also be required to pass
prefix, VRF ID, etc., may also be required to pass to the RADIUS to the RADIUS server as part of the accounting record.
server as part of the accounting record.
IP-Port-Local-Id TLV can be included as part of the IP-Port-Range IP-Port-Local-Id TLV can be included as part of the IP-Port-Range
Attribute (refer to Section 3.1.3) and IP-Port-Forwarding-Map Attribute (refer to Section 3.1.2) and IP-Port-Forwarding-Map
Attribute (refer to Section 3.1.4). Attribute (refer to Section 3.1.3).
Note that IP-Port-Local-Id TLV is embedded within IP-Port-Type TLV
(refer to Section 3.1.1) for detail.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | localID .... | Type | Length | localID ....
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 15 Figure 14
Type: Type:
TBA13: This uniquely refers to IPFIX Element ID TBD. TBA15: This uniquely refers to IPFIX Element ID TBD.
Length: Length:
Variable number of bytes. Variable number of bytes.
localID: localID:
string. This is a local session identifier at the customer string. This field contains the data (string) of (TBAX3) defined
in IPFIX. This is a local session identifier at the customer
premise, such as MAC address, interface ID, VLAN ID, PPP sessions premise, such as MAC address, interface ID, VLAN ID, PPP sessions
ID, VRF ID, IPv6 address/prefix, etc. ID, VRF ID, IPv6 address/prefix, etc.
4. Applications, Use Cases and Examples 4. Applications, Use Cases and Examples
This section describes some applications and use cases to illustrate This section describes some applications and use cases to illustrate
the use of the attributes proposed in this document. the use of the attributes proposed in this document.
4.1. Managing CGN Port Behavior using RADIUS 4.1. Managing CGN Port Behavior using RADIUS
skipping to change at page 23, line 43 skipping to change at page 23, line 20
Stack Lite [RFC6333], NAT64 [RFC6146], etc. As a result, a single Stack Lite [RFC6333], NAT64 [RFC6146], etc. As a result, a single
IPv4 public address may be shared by hundreds or even thousands of IPv4 public address may be shared by hundreds or even thousands of
subscribers. As indicated in [RFC6269], it is therefore necessary to subscribers. As indicated in [RFC6269], it is therefore necessary to
impose limits on the total number of ports available to an individual impose limits on the total number of ports available to an individual
subscriber to ensure that the shared resource, i.e., the IPv4 address subscriber to ensure that the shared resource, i.e., the IPv4 address
remains available in some capacity to all the subscribers using it, remains available in some capacity to all the subscribers using it,
and port limiting is also documented in [RFC6888] as a requirement. and port limiting is also documented in [RFC6888] as a requirement.
The IP port limit imposed to a specific subscriber may be on the The IP port limit imposed to a specific subscriber may be on the
total number of TCP and UDP ports plus the number of ICMP total number of TCP and UDP ports plus the number of ICMP
identifiers, or with other granularities as defined in Section 3.1.2. identifiers, or with other granularities as defined in Section 3.1.1.
The per-subscriber based IP port limit is configured on a RADIUS The per-subscriber based IP port limit is configured on a RADIUS
server, along with other user information such as credentials. The server, along with other user information such as credentials. The
value of these IP port limit is based on service agreement and its value of these IP port limit is based on service agreement and its
specification is out of the scope of this document. specification is out of the scope of this document.
When a subscriber signs in to the Internet service successfully, the When a subscriber signs in to the Internet service successfully, the
IP port limit for the subscriber is passed to the BNG based NAS, IP port limit for the subscriber is passed to the BNG based NAS,
where CGN also locates, using a new RADIUS attribute called IP-Port- where CGN also locates, using a new RADIUS attribute called IP-Port-
Limit (defined in Section 3.1.2), along with other configuration Limit (defined in Section 3.1.1), along with other configuration
parameters. While some parameters are passed to the subscriber, the parameters. While some parameters are passed to the subscriber, the
IP port limit is recorded on the CGN device for imposing the usage of IP port limit is recorded on the CGN device for imposing the usage of
TCP/UDP ports and ICMP identifiers for that subscriber. TCP/UDP ports and ICMP identifiers for that subscriber.
Figure 16 illustrates how RADIUS protocol is used to configure the Figure 15 illustrates how RADIUS protocol is used to configure the
maximum number of TCP/UDP ports for a given subscriber on a NAT44 maximum number of TCP/UDP ports for a given subscriber on a NAT44
device. device.
User NAT44/NAS AAA User NAT44/NAS AAA
| BNG Server | BNG Server
| | | | | |
| | | | | |
|----Service Request------>| | |----Service Request------>| |
| | | | | |
| |-----Access-Request -------->| | |-----Access-Request -------->|
skipping to change at page 24, line 33 skipping to change at page 24, line 24
| | (IP-Port-Limit) | | | (IP-Port-Limit) |
| | (for TCP/UDP ports) | | | (for TCP/UDP ports) |
|<---Service Granted ------| | |<---Service Granted ------| |
| (other parameters) | | | (other parameters) | |
| | | | | |
| (NAT44 external port | | (NAT44 external port |
| allocation and | | allocation and |
| IPv4 address assignment) | | IPv4 address assignment) |
| | | | | |
Figure 16: RADIUS Message Flow for Configuring NAT44 Port Limit Figure 15: RADIUS Message Flow for Configuring NAT44 Port Limit
The IP port limit created on a CGN device for a specific user using The IP port limit created on a CGN device for a specific user using
RADIUS extension may be changed using RADIUS CoA message [RFC5176] RADIUS extension may be changed using RADIUS CoA message [RFC5176]
that carries the same RADIUS attribute. The CoA message may be sent that carries the same RADIUS attribute. The CoA message may be sent
from the RADIUS server directly to the NAS, which once accepts and from the RADIUS server directly to the NAS, which once accepts and
sends back a RADIUS CoA ACK message, the new IP port limit replaces sends back a RADIUS CoA ACK message, the new IP port limit replaces
the previous one. the previous one.
Figure 17 illustrates how RADIUS protocol is used to increase the Figure 16 illustrates how RADIUS protocol is used to increase the
TCP/UDP port limit from 1024 to 2048 on a NAT44 device for a specific TCP/UDP port limit from 1024 to 2048 on a NAT44 device for a specific
user. user.
User NAT/NAS AAA User NAT/NAS AAA
| BNG Server | BNG Server
| | | | | |
| TCP/UDP Port Limit (1024) | | TCP/UDP Port Limit (1024) |
| | | | | |
| |<---------CoA Request----------| | |<---------CoA Request----------|
| | (IP-Port-Limit) | | | (IP-Port-Limit) |
| | (for TCP/UDP ports) | | | (for TCP/UDP ports) |
| | | | | |
| TCP/UDP Port Limit (2048) | | TCP/UDP Port Limit (2048) |
| | | | | |
| |---------CoA Response--------->| | |---------CoA Response--------->|
| | | | | |
Figure 17: RADIUS Message Flow for changing a user's NAT44 port limit Figure 16: RADIUS Message Flow for changing a user's NAT44 port limit
4.1.2. Report IP Port Allocation/De-allocation 4.1.2. Report IP Port Allocation/De-allocation
Upon obtaining the IP port limit for a subscriber, the CGN device Upon obtaining the IP port limit for a subscriber, the CGN device
needs to allocate a TCP/UDP port or an ICMP identifiers for the needs to allocate a TCP/UDP port or an ICMP identifiers for the
subscriber when receiving a new IP flow sent from that subscriber. subscriber when receiving a new IP flow sent from that subscriber.
As one practice, a CGN may allocate a bulk of TCP/UDP ports or ICMP As one practice, a CGN may allocate a bulk of TCP/UDP ports or ICMP
identifiers once at a time for a specific user, instead of one port/ identifiers once at a time for a specific user, instead of one port/
identifier at a time, and within each port bulk, the ports/ identifier at a time, and within each port bulk, the ports/
identifiers may be randomly distributed or in consecutive fashion. identifiers may be randomly distributed or in consecutive fashion.
When a CGN device allocates bulk of TCP/UDP ports and ICMP When a CGN device allocates bulk of TCP/UDP ports and ICMP
identifiers, the information can be easily conveyed to the RADIUS identifiers, the information can be easily conveyed to the RADIUS
server by a new RADIUS attribute called the IP-Port-Range (defined in server by a new RADIUS attribute called the IP-Port-Range (defined in
Section 3.1.3). The CGN device may allocate one or more TCP/UDP port Section 3.1.2). The CGN device may allocate one or more TCP/UDP port
ranges or ICMP identifier ranges, or generally called IP port ranges, ranges or ICMP identifier ranges, or generally called IP port ranges,
where each range contains a set of numbers representing TCP/UDP ports where each range contains a set of numbers representing TCP/UDP ports
or ICMP identifiers, and the total number of ports/identifiers must or ICMP identifiers, and the total number of ports/identifiers must
be less or equal to the associated IP port limit imposed for that be less or equal to the associated IP port limit imposed for that
subscriber. A CGN device may choose to allocate a small port range, subscriber. A CGN device may choose to allocate a small port range,
and allocate more at a later time as needed; such practice is good and allocate more at a later time as needed; such practice is good
because its randomization in nature. because its randomization in nature.
At the same time, the CGN device also needs to decide the shared IPv4 At the same time, the CGN device also needs to decide the shared IPv4
address for that subscriber. The shared IPv4 address and the pre- address for that subscriber. The shared IPv4 address and the pre-
skipping to change at page 26, line 11 skipping to change at page 25, line 43
pre-allocated IP port range for that subscriber to replace the pre-allocated IP port range for that subscriber to replace the
original source TCP/UDP port or ICMP identifier, along with the original source TCP/UDP port or ICMP identifier, along with the
replacement of the source IP address by the shared IPv4 address. replacement of the source IP address by the shared IPv4 address.
A CGN device may decide to "free" a previously assigned set of TCP/ A CGN device may decide to "free" a previously assigned set of TCP/
UDP ports or ICMP identifiers that have been allocated for a specific UDP ports or ICMP identifiers that have been allocated for a specific
subscriber but not currently in use, and with that, the CGN device subscriber but not currently in use, and with that, the CGN device
must send the information of the de-allocated IP port range along must send the information of the de-allocated IP port range along
with the shared IPv4 address to the RADIUS server. with the shared IPv4 address to the RADIUS server.
Figure 18 illustrates how RADIUS protocol is used to report a set of Figure 17 illustrates how RADIUS protocol is used to report a set of
ports allocated and de-allocated, respectively, by a NAT44 device for ports allocated and de-allocated, respectively, by a NAT44 device for
a specific user to the RADIUS server. a specific user to the RADIUS server.
Host NAT44/NAS AAA Host NAT44/NAS AAA
| BNG Server | BNG Server
| | | | | |
| | | | | |
|----Service Request------>| | |----Service Request------>| |
| | | | | |
| |-----Access-Request -------->| | |-----Access-Request -------->|
skipping to change at page 26, line 45 skipping to change at page 26, line 35
... ... ... ... ... ...
| | | | | |
| (NAT44 decides to de-allocate | | (NAT44 decides to de-allocate |
| a TCP/UDP port range for the user) | | a TCP/UDP port range for the user) |
| | | | | |
| |-----Accounting-Request----->| | |-----Accounting-Request----->|
| | (IP-Port-Range | | | (IP-Port-Range |
| | for de-allocation) | | | for de-allocation) |
| | | | | |
Figure 18: RADIUS Message Flow for reporting NAT44 allocation/de- Figure 17: RADIUS Message Flow for reporting NAT44 allocation/de-
allocation of a port set allocation of a port set
4.1.3. Configure Forwarding Port Mapping 4.1.3. Configure Forwarding Port Mapping
In most scenarios, the port mapping on a NAT device is dynamically In most scenarios, the port mapping on a NAT device is dynamically
created when the IP packets of an IP connection initiated by a user created when the IP packets of an IP connection initiated by a user
arrives. For some applications, the port mapping needs to be pre- arrives. For some applications, the port mapping needs to be pre-
defined allowing IP packets of applications from outside a CGN device defined allowing IP packets of applications from outside a CGN device
to pass through and "port forwarded" to the correct user located to pass through and "port forwarded" to the correct user located
behind the CGN device. behind the CGN device.
skipping to change at page 27, line 22 skipping to change at page 27, line 12
creating or deleting a mapping along with a rich set of features on a creating or deleting a mapping along with a rich set of features on a
CGN device in dynamic fashion. In some deployment, all users need is CGN device in dynamic fashion. In some deployment, all users need is
a few, typically just one pre-configured port mapping for a few, typically just one pre-configured port mapping for
applications such as web cam at home, and the lifetime of such a port applications such as web cam at home, and the lifetime of such a port
mapping remains valid throughout the duration of the customer's mapping remains valid throughout the duration of the customer's
Internet service connection time. In such an environment, it is Internet service connection time. In such an environment, it is
possible to statically configure a port mapping on the RADIUS server possible to statically configure a port mapping on the RADIUS server
for a user and let the RADIUS protocol to propagate the information for a user and let the RADIUS protocol to propagate the information
to the associated CGN device. to the associated CGN device.
Figure 19 illustrates how RADIUS protocol is used to configure a Figure 18 illustrates how RADIUS protocol is used to configure a
forwarding port mapping on a NAT44 device by using RADIUS protocol. forwarding port mapping on a NAT44 device by using RADIUS protocol.
Host NAT/NAS AAA Host NAT/NAS AAA
| BNG Server | BNG Server
| | | | | |
|----Service Request------>| | |----Service Request------>| |
| | | | | |
| |---------Access-Request------->| | |---------Access-Request------->|
| | | | | |
| |<--------Access-Accept---------| | |<--------Access-Accept---------|
skipping to change at page 27, line 47 skipping to change at page 27, line 37
| (Create a port mapping | | (Create a port mapping |
| for the user, and | | for the user, and |
| associate it with the | | associate it with the |
| internal IP address | | internal IP address |
| and external IP address) | | and external IP address) |
| | | | | |
| | | | | |
| |------Accounting-Request------>| | |------Accounting-Request------>|
| | (IP-Port-Forwarding-Map) | | | (IP-Port-Forwarding-Map) |
Figure 19: RADIUS Message Flow for configuring a forwarding port Figure 18: RADIUS Message Flow for configuring a forwarding port
mapping mapping
A port forwarding mapping that is created on a CGN device using A port forwarding mapping that is created on a CGN device using
RADIUS extension as described above may also be changed using RADIUS RADIUS extension as described above may also be changed using RADIUS
CoA message [RFC5176] that carries the same RADIUS associate. The CoA message [RFC5176] that carries the same RADIUS associate. The
CoA message may be sent from the RADIUS server directly to the NAS, CoA message may be sent from the RADIUS server directly to the NAS,
which once accepts and sends back a RADIUS CoA ACK message, the new which once accepts and sends back a RADIUS CoA ACK message, the new
port forwarding mapping then replaces the previous one. port forwarding mapping then replaces the previous one.
Figure 20 illustrates how RADIUS protocol is used to change an Figure 19 illustrates how RADIUS protocol is used to change an
existing port mapping from (a:X) to (a:Y), where "a" is an internal existing port mapping from (a:X) to (a:Y), where "a" is an internal
port, and "X" and "Y" are external ports, respectively, for a port, and "X" and "Y" are external ports, respectively, for a
specific user with a specific IP address specific user with a specific IP address
Host NAT/NAS AAA Host NAT/NAS AAA
| BNG Server | BNG Server
| | | | | |
| Internal IP Address | | Internal IP Address |
| Port Map (a:X) | | Port Map (a:X) |
| | | | | |
| |<---------CoA Request----------| | |<---------CoA Request----------|
| | (IP-Port-Forwarding-Map) | | | (IP-Port-Forwarding-Map) |
| | | | | |
| Internal IP Address | | Internal IP Address |
skipping to change at page 28, line 29 skipping to change at page 28, line 19
| | | | | |
| |<---------CoA Request----------| | |<---------CoA Request----------|
| | (IP-Port-Forwarding-Map) | | | (IP-Port-Forwarding-Map) |
| | | | | |
| Internal IP Address | | Internal IP Address |
| Port Map (a:Y) | | Port Map (a:Y) |
| | | | | |
| |---------CoA Response--------->| | |---------CoA Response--------->|
| | (IP-Port-Forwarding-Map) | | | (IP-Port-Forwarding-Map) |
Figure 20: RADIUS Message Flow for changing a user's forwarding port Figure 19: RADIUS Message Flow for changing a user's forwarding port
mapping mapping
4.1.4. An Example 4.1.4. An Example
An Internet Service Provider (ISP) assigns TCP/UDP 500 ports for the An Internet Service Provider (ISP) assigns TCP/UDP 500 ports for the
subscriber Joe. This number is the limit that can be used for TCP/UDP subscriber Joe. This number is the limit that can be used for TCP/UDP
ports on a NAT44 device for Joe, and is configured on a RADIUS ports on a NAT44 device for Joe, and is configured on a RADIUS
server. Also, Joe asks for a pre-defined port forwarding mapping on server. Also, Joe asks for a pre-defined port forwarding mapping on
the NAT44 device for his web cam applications (external port 5000 the NAT44 device for his web cam applications (external port 5000
maps to internal port 80). maps to internal port 80).
skipping to change at page 29, line 44 skipping to change at page 29, line 34
applications can communicate with his web cam at home from external applications can communicate with his web cam at home from external
realm directly traversing the pre-configured mapping on the CGN realm directly traversing the pre-configured mapping on the CGN
device. device.
When Joe disconnects from his Internet service, the CGN device will When Joe disconnects from his Internet service, the CGN device will
de-allocate all TCP/UDP ports as well as the port-forwarding mapping, de-allocate all TCP/UDP ports as well as the port-forwarding mapping,
and send the relevant information to the RADIUS server. and send the relevant information to the RADIUS server.
4.2. Report Assigned Port Set for a Visiting UE 4.2. Report Assigned Port Set for a Visiting UE
Figure 21 illustrates an example of the flow exchange which occurs Figure 20 illustrates an example of the flow exchange which occurs
when a visiting UE connects to a CPE offering WLAN service. when a visiting UE connects to a CPE offering WLAN service.
For identification purposes (see [RFC6967]), once the CPE assigns a For identification purposes (see [RFC6967]), once the CPE assigns a
port set, it issues a RADIUS message to report the assigned port set. port set, it issues a RADIUS message to report the assigned port set.
UE CPE NAS AAA UE CPE NAS AAA
| BNG Server | BNG Server
| | | | | |
| | | | | |
|----Service Request------>| | |----Service Request------>| |
skipping to change at page 30, line 36 skipping to change at page 30, line 36
| | | | | | | |
| | | | | | | |
| (CPE withdraws a TCP/UDP port | | (CPE withdraws a TCP/UDP port |
| range for a visiting UE) | | range for a visiting UE) |
| | | | | |
| |--Accounting-Request-...------------------->| | |--Accounting-Request-...------------------->|
| | (IP-Port-Range | | | (IP-Port-Range |
| | for de-allocation) | | | for de-allocation) |
| | | | | |
Figure 21: RADIUS Message Flow for reporting CPE allocation/de- Figure 20: RADIUS Message Flow for reporting CPE allocation/de-
allocation of a port set to a visiting UE allocation of a port set to a visiting UE
5. Table of Attributes 5. Table of Attributes
This document proposes three new RADIUS attributes and their formats This document proposes three new RADIUS attributes and their formats
are as follows: are as follows:
o IP-Port-Limit: TBA1.TBA2.TBA3.[TBA4, {TBA5}] o IP-Port-Limit: TBA1.TBA2.[TBA6, TBA5, {TBA7}]
o IP-Port-Range: TBA1.TBA2.TBA3.[TBA10, {TBA11, TBA12}, {TBA5}, o IP-Port-Range: TBA1.TBA3.[TBA12, TBA5, {TBA13, TBA14}, {TBA7},
{TBA13}]. {TBA15}].
o IP-Port-Forwarding-Map: TBA1.TBA2.TBA3.[TBA8, TBA9, {TBA6 | TBA7}, o IP-Port-Forwarding-Map: TBA1.TBA4.[TBA10, TBA11, TBA5, {TBA8 |
{TBA5}] TBA9}, {TBA7}]
The following table provides a guide as what type of RADIUS packets The following table provides a guide as what type of RADIUS packets
that may contain these attributes, and in what quantity. that may contain these attributes, and in what quantity.
Request Accept Reject Challenge Acct. # Attribute Request Accept Reject Challenge Acct. # Attribute
Request Request
0+ 0+ 0 0 0+ TBA IP-Port-Limit 0+ 0+ 0 0 0+ TBA IP-Port-Limit
0 0 0 0 0+ TBA IP-Port-Range 0 0 0 0 0+ TBA IP-Port-Range
0+ 0+ 0 0 0+ TBA IP-Port-Forwarding-Map 0+ 0+ 0 0 0+ TBA IP-Port-Forwarding-Map
skipping to change at page 32, line 8 skipping to change at page 32, line 8
or more IPv4 addresses. or more IPv4 addresses.
o localID (refer to Section 3.2.11): The identifier of this IPFIX o localID (refer to Section 3.2.11): The identifier of this IPFIX
Element is TBAx3. The data type of this IPFIX Element is string, Element is TBAx3. The data type of this IPFIX Element is string,
and the Element's value is an IPv4 or IPv6 address, a MAC address, and the Element's value is an IPv4 or IPv6 address, a MAC address,
a VLAN ID, etc. a VLAN ID, etc.
7.2. IANA Considerations on New RADIUS Attributes 7.2. IANA Considerations on New RADIUS Attributes
The following are new code point assignment for RADIUS extensions as The following are new code point assignment for RADIUS extensions as
requested by this document requested by this document:
o TBA1 (refer to Section 3.1.1): This value is for the Radius Type o TBA1: This value is allocated from Radius Extended-Type space.
field and should be allocated from the number space of Extended- Refer to Section 3.1.1, Section 3.1.2, and Section 3.1.3.
Type-1 (241), Extended-Type-2 (242), Extended-Type-3 (243), or
Extended-Type-4 (244) per [RFC6929].
o TBA2 (refer to Section 3.1.1): This value is for the Extended-Type o TBA2: This is allocated from TBA1, so TBA1.TBA2 identifies a new
field and should be allocated from the Short Extended Space per RADIUS attribute IP-Port-Limit. Refer to Section 3.1.1.
[RFC6929].
o TBA3 (refer to Section 3.2.1): This value is for the Type field of o TBA3: This is allocated from TBA1, so TBA1.TBA3 indentifies a new
IP-Port-Type TLV. It should be allocated as TLV data type. It is RADIUS attribute IP-Port-Range. Refer to Section 3.1.2.
within the TBA2 container and it extends the attribute tree as
TBA1.TBA2.TBA3.[...]. Also, this value uniquely refers to IPFIX
Element ID transportType (TBAx1).
o TBA4 (refer to Section 3.2.2): This value is for the Type field of o TBA4: This is allocated from TBA1, so TBA1.TBA4 indentifies a new
IP-Port-Limit TLV. It should be allocated as TLV data type and it RADISU attribute IP-Port-Forwarding-Map. Refer to Section 3.1.3.
extends the attribute tree as TBA1.TBA2.TBA3.[TBA4...]. Also,
this value uniquely refers to IPFIX Element ID
natTransportLimit(TBAx2).
o TBA5 (refer to Section 3.2.3): This value is for the Type field of o TBA5 (refer to Section 3.2.1): This is for the Type field of IP-
IP-Port-Ext-IPv4-Addr TLV. It should be allocated as TLV data Port-Type TLV. It should be allocated as TLV data type. The
type and it extends the attribute tree as Value filed of this TLV contains the data of IPFIX Element
TBA1.TBA2.TBA3.[..TBA5...]. Also, this value uniquely refers to transportType (TBAx1).
IPFIX Element ID postNATSourceIPv4Address(225).
o TBA6 (refer to Section 3.2.4): This value is for the Type field of o TBA6 (refer to Section 3.2.2): This is for the Type field of IP-
IP-Port-Int-IPv4-Addr TLV. It should be allocated as TLV data Port-Limit TLV. It should be allocated as TLV data type. The
type and it extends the attribute tree as Value field of this TLV contains the data of IPFIX Element
TBA1.TBA2.TBA3.[...TBA6...]. Also, this value uniquely refers to natTransportLimit(TBAx2).
IPFIX Element ID sourceIPv4Address(8).
o TBA7 (refer to Section 3.2.5): This value is for the Type field of o TBA7 (refer to Section 3.2.3): This is for the Type field of IP-
IP-Port-Int-IPv6-Addr TLV. It should be allocated as TLV data Port-Ext-IPv4-Addr TLV. It should be allocated as TLV data type.
type and it extends the attribute tree as The Value field of this TLV contains the data of IPFIX Element
TBA1.TBA2.TBA3.[...TBA7...]. Also, this value uniquely refers to postNATSourceIPv4Address(225).
IPFIX Element ID sourceIPv6Address(27).
o TBA8 (refer to Section 3.2.6): This value is for the Type field of o TBA8 (refer to Section 3.2.4): This is for the Type field of IP-
IP-Port-Int-Port TLV. It should be allocated as TLV data type and Port-Int-IPv4-Addr TLV. It should be allocated as TLV data type.
it extends the attribute tree as TBA1.TBA2.TBA3.[...TBA8...]. The Value field of this TLV contains the data of IPFIX Element
sourceIPv4Address(8).
Also, this value uniquely refers to IPFIX Element ID o TBA9 (refer to Section 3.2.5): This is for the Type field of IP-
Port-Int-IPv6-Addr TLV. It should be allocated as TLV data type.
The Value field of this TLV contains the data of IPFIX Element
sourceIPv6Address(27).
o TBA10 (refer to Section 3.2.6): This is for the Type field of IP-
Port-Int-Port TLV. It should be allocated as TLV data type. The
Value field of this TLV containss the data of IPFIX Element
sourceTransportPort(7). sourceTransportPort(7).
o TBA9 (refer to Section 3.2.7): This value is for the Type field of o TBA11 (refer to Section 3.2.7): This is for the Type field of IP-
IP-Port-Ext-port TLV. It should be allocated as TLV data type and Port-Ext-port TLV. It should be allocated as TLV data type. The
it extends the attribute tree as TBA1.TBA2.TBA3.[...TBA9...]. Value field of this TLV contains the data of IPFIX Element
Also, this value uniquely refers to IPFIX Element ID
postNAPTSourceTransportPort(227). postNAPTSourceTransportPort(227).
o TBA10 (refer to Section 3.2.8): This value is for the Type field o TBA12 (refer to Section 3.2.8): This is for the Type field of IP-
of IP-Port-Alloc TLV. It should be allocated as TLV data type and Port-Alloc TLV. It should be allocated as TLV data type. The
it extends the attribute tree as TBA1.TBA2.TBA3.[...TBA10...]. Value field of this TLV contains the data of IPFIX Element
Also, this value uniquely refers to IPFIX Element ID
natEvent(230). natEvent(230).
o TBA11 (refer to Section 3.2.9): This value is for the Type field o TBA13 (refer to Section 3.2.9): This is for the Type field of IP-
of IP-Port-Range-Start TLV. It should be allocated as TLV data Port-Range-Start TLV. It should be allocated as TLV data type.
type and it extends the attribute tree as The Value field of this TLV contains the data of IPFIX Element
TBA1.TBA2.TBA3.[...TBA11...]. Also, this value uniquely refers to portRangeStart(361).
IPFIX Element ID portRangeStart(361).
o TBA12 (refer to Section 3.2.10): This value is for the Type field o TBA14 (refer to Section 3.2.10): This is for the Type field of IP-
of IP-Port-Range-End TLV. It should be allocated as TLV data type Port-Range-End TLV. It should be allocated as TLV data type. The
and it extends the attribute tree as TBA1.TBA2.TBA3.[...TBA12...]. Value field of this TLV contains the data of IPFIX Element
Also, this value uniquely refers to IPFIX Element ID
portRangeEnd(362). portRangeEnd(362).
o TBA13 (refer to Section 3.2.11): This value is for the Type field o TBA15 (refer to Section 3.2.11): This is for the Type field of IP-
of IP-Port-Local-Id TLV. It should be allocated as TLV data type Port-Local-Id TLV. It should be allocated as TLV data type. The
and it extends the attribute tree as TBA1.TBA2.TBA3.[...TBA13...]. Value field of this TLV contains the data of IPFIX Element
Also, this value uniquely refers to IPFIX Element ID
localID(TBAx3). localID(TBAx3).
8. Acknowledgements 8. Acknowledgements
Many thanks to Dan Wing, Roberta Maglione, Daniel Derksen, David Many thanks to Dan Wing, Roberta Maglione, Daniel Derksen, David
Thaler, Alan Dekok, Lionel Morand, and Peter Deacon for their useful Thaler, Alan Dekok, Lionel Morand, and Peter Deacon for their useful
comments and suggestions. comments and suggestions.
9. References 9. References
skipping to change at page 34, line 49 skipping to change at page 34, line 39
"Service Provider Wi-Fi Services Over Residential "Service Provider Wi-Fi Services Over Residential
Architectures", draft-gundavelli-v6ops-community-wifi- Architectures", draft-gundavelli-v6ops-community-wifi-
svcs-06 (work in progress), April 2013. svcs-06 (work in progress), April 2013.
[I-D.ietf-softwire-lw4over6] [I-D.ietf-softwire-lw4over6]
Cui, Y., Qiong, Q., Boucadair, M., Tsou, T., Lee, Y., and Cui, Y., Qiong, Q., Boucadair, M., Tsou, T., Lee, Y., and
I. Farrer, "Lightweight 4over6: An Extension to the DS- I. Farrer, "Lightweight 4over6: An Extension to the DS-
Lite Architecture", draft-ietf-softwire-lw4over6-13 (work Lite Architecture", draft-ietf-softwire-lw4over6-13 (work
in progress), November 2014. in progress), November 2014.
[I-D.miles-behave-l2nat]
Miles, D. and M. Townsley, "Layer2-Aware NAT", draft-
miles-behave-l2nat-00 (work in progress), March 2009.
[RFC3022] Srisuresh, P. and K. Egevang, "Traditional IP Network [RFC3022] Srisuresh, P. and K. Egevang, "Traditional IP Network
Address Translator (Traditional NAT)", RFC 3022, January Address Translator (Traditional NAT)", RFC 3022, January
2001. 2001.
[RFC6146] Bagnulo, M., Matthews, P., and I. van Beijnum, "Stateful [RFC6146] Bagnulo, M., Matthews, P., and I. van Beijnum, "Stateful
NAT64: Network Address and Protocol Translation from IPv6 NAT64: Network Address and Protocol Translation from IPv6
Clients to IPv4 Servers", RFC 6146, April 2011. Clients to IPv4 Servers", RFC 6146, April 2011.
[RFC6269] Ford, M., Boucadair, M., Durand, A., Levis, P., and P. [RFC6269] Ford, M., Boucadair, M., Durand, A., Levis, P., and P.
Roberts, "Issues with IP Address Sharing", RFC 6269, June Roberts, "Issues with IP Address Sharing", RFC 6269, June
skipping to change at page 36, line 4 skipping to change at page 35, line 35
Authors' Addresses Authors' Addresses
Dean Cheng Dean Cheng
Huawei Huawei
2330 Central Expressway 2330 Central Expressway
Santa Clara, California 95050 Santa Clara, California 95050
USA USA
Email: dean.cheng@huawei.com Email: dean.cheng@huawei.com
Jouni Korhonen Jouni Korhonen
Broadcom Broadcom Corporation
Porkkalankatu 24 3151 Zanker Road
FIN-00180 Helsinki San Jose 95134
Finland USA
Email: jouni.nospam@gmail.com Email: jouni.nospam@gmail.com
Mohamed Boucadair Mohamed Boucadair
France Telecom France Telecom
Rennes Rennes
France France
Email: mohamed.boucadair@orange.com Email: mohamed.boucadair@orange.com
Senthil Sivakumar Senthil Sivakumar
Cisco Systems Cisco Systems
7100-8 Kit Creek Road 7100-8 Kit Creek Road
Research Triangle Park, North Carolina Research Triangle Park, North Carolina
USA USA
Email: ssenthil@cisco.com Email: ssenthil@cisco.com
 End of changes. 130 change blocks. 
283 lines changed or deleted 233 lines changed or added

This html diff was produced by rfcdiff 1.42. The latest version is available from http://tools.ietf.org/tools/rfcdiff/