draft-ietf-radext-ip-port-radius-ext-06.txt | draft-ietf-radext-ip-port-radius-ext-07.txt | |||
---|---|---|---|---|
Network Working Group D. Cheng | Network Working Group D. Cheng | |||
Internet-Draft Huawei | Internet-Draft Huawei | |||
Intended status: Standards Track J. Korhonen | Intended status: Standards Track J. Korhonen | |||
Expires: April 21, 2016 Broadcom Corporation | Expires: September 10, 2016 Broadcom Corporation | |||
M. Boucadair | M. Boucadair | |||
France Telecom | Orange | |||
S. Sivakumar | S. Sivakumar | |||
Cisco Systems | Cisco Systems | |||
October 19, 2015 | March 9, 2016 | |||
RADIUS Extensions for IP Port Configuration and Reporting | RADIUS Extensions for IP Port Configuration and Reporting | |||
draft-ietf-radext-ip-port-radius-ext-06 | draft-ietf-radext-ip-port-radius-ext-07 | |||
Abstract | Abstract | |||
This document defines three new RADIUS attributes. For devices that | This document defines three new RADIUS attributes. For devices that | |||
implementing IP port ranges, these attributes are used to communicate | implementing IP port ranges, these attributes are used to communicate | |||
with a RADIUS server in order to configure and report TCP/UDP ports | with a RADIUS server in order to configure and report TCP/UDP ports | |||
and ICMP identifiers, as well as mapping behavior for specific hosts. | and ICMP identifiers, as well as mapping behavior for specific hosts. | |||
This mechanism can be used in various deployment scenarios such as | This mechanism can be used in various deployment scenarios such as | |||
CGN (Carrier Grade NAT), NAT64, Provider WLAN Gateway, etc. | Carrier Grade NAT, IPv4/IPv6 translators, Provider WLAN Gateway, etc. | |||
Requirements Language | Requirements Language | |||
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | |||
document are to be interpreted as described in RFC 2119 [RFC2119]. | document are to be interpreted as described in RFC 2119 [RFC2119]. | |||
Status of This Memo | Status of This Memo | |||
This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
skipping to change at page 1, line 46 ¶ | skipping to change at page 1, line 46 ¶ | |||
Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
This Internet-Draft will expire on April 21, 2016. | This Internet-Draft will expire on September 10, 2016. | |||
Copyright Notice | Copyright Notice | |||
Copyright (c) 2015 IETF Trust and the persons identified as the | Copyright (c) 2016 IETF Trust and the persons identified as the | |||
document authors. All rights reserved. | document authors. All rights reserved. | |||
This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
(http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
publication of this document. Please review these documents | publication of this document. Please review these documents | |||
carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
described in the Simplified BSD License. | described in the Simplified BSD License. | |||
Table of Contents | Table of Contents | |||
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 | 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 | |||
3. Extensions of RADIUS Attributes and TLVs . . . . . . . . . . 5 | 3. Extensions of RADIUS Attributes and TLVs . . . . . . . . . . 5 | |||
3.1. Extended Attributes for IP Ports . . . . . . . . . . . . 6 | 3.1. Extended Attributes for IP Ports . . . . . . . . . . . . 6 | |||
3.1.1. IP-Port-Limit Attribute . . . . . . . . . . . . . . . 6 | 3.1.1. IP-Port-Limit Attribute . . . . . . . . . . . . . . . 6 | |||
3.1.2. IP-Port-Range Attribute . . . . . . . . . . . . . . . 7 | 3.1.2. IP-Port-Range Attribute . . . . . . . . . . . . . . . 8 | |||
3.1.3. IP-Port-Forwarding-Map Attribute . . . . . . . . . . 10 | 3.1.3. IP-Port-Forwarding-Map Attribute . . . . . . . . . . 10 | |||
3.2. RADIUS TLVs for IP Ports . . . . . . . . . . . . . . . . 12 | 3.2. RADIUS TLVs for IP Ports . . . . . . . . . . . . . . . . 13 | |||
3.2.1. IP-Port-Type TLV . . . . . . . . . . . . . . . . . . 12 | 3.2.1. IP-Port-Type TLV . . . . . . . . . . . . . . . . . . 13 | |||
3.2.2. IP-Port-Limit TLV . . . . . . . . . . . . . . . . . . 13 | 3.2.2. IP-Port-Limit TLV . . . . . . . . . . . . . . . . . . 14 | |||
3.2.3. IP-Port-Ext-IPv4-Addr TLV . . . . . . . . . . . . . . 14 | 3.2.3. IP-Port-Ext-IPv4-Addr TLV . . . . . . . . . . . . . . 15 | |||
3.2.4. IP-Port-Int-IPv4-Addr TLV . . . . . . . . . . . . . . 15 | 3.2.4. IP-Port-Int-IPv4-Addr TLV . . . . . . . . . . . . . . 15 | |||
3.2.5. IP-Port-Int-IPv6-Addr TLV . . . . . . . . . . . . . . 16 | 3.2.5. IP-Port-Int-IPv6-Addr TLV . . . . . . . . . . . . . . 16 | |||
3.2.6. IP-Port-Int-Port TLV . . . . . . . . . . . . . . . . 16 | 3.2.6. IP-Port-Int-Port TLV . . . . . . . . . . . . . . . . 17 | |||
3.2.7. IP-Port-Ext-Port TLV . . . . . . . . . . . . . . . . 17 | 3.2.7. IP-Port-Ext-Port TLV . . . . . . . . . . . . . . . . 18 | |||
3.2.8. IP-Port-Alloc TLV . . . . . . . . . . . . . . . . . . 18 | 3.2.8. IP-Port-Alloc TLV . . . . . . . . . . . . . . . . . . 19 | |||
3.2.9. IP-Port-Range-Start TLV . . . . . . . . . . . . . . . 19 | 3.2.9. IP-Port-Range-Start TLV . . . . . . . . . . . . . . . 20 | |||
3.2.10. IP-Port-Range-End TLV . . . . . . . . . . . . . . . . 20 | 3.2.10. IP-Port-Range-End TLV . . . . . . . . . . . . . . . . 21 | |||
3.2.11. IP-Port-Local-Id TLV . . . . . . . . . . . . . . . . 21 | 3.2.11. IP-Port-Local-Id TLV . . . . . . . . . . . . . . . . 22 | |||
4. Applications, Use Cases and Examples . . . . . . . . . . . . 22 | 4. Applications, Use Cases and Examples . . . . . . . . . . . . 23 | |||
4.1. Managing CGN Port Behavior using RADIUS . . . . . . . . . 22 | 4.1. Managing CGN Port Behavior using RADIUS . . . . . . . . . 23 | |||
4.1.1. Configure IP Port Limit for a User . . . . . . . . . 23 | 4.1.1. Configure IP Port Limit for a User . . . . . . . . . 23 | |||
4.1.2. Report IP Port Allocation/De-allocation . . . . . . . 25 | 4.1.2. Report IP Port Allocation/De-allocation . . . . . . . 25 | |||
4.1.3. Configure Forwarding Port Mapping . . . . . . . . . . 26 | 4.1.3. Configure Forwarding Port Mapping . . . . . . . . . . 27 | |||
4.1.4. An Example . . . . . . . . . . . . . . . . . . . . . 28 | 4.1.4. An Example . . . . . . . . . . . . . . . . . . . . . 29 | |||
4.2. Report Assigned Port Set for a Visiting UE . . . . . . . 29 | 4.2. Report Assigned Port Set for a Visiting UE . . . . . . . 30 | |||
5. Table of Attributes . . . . . . . . . . . . . . . . . . . . . 30 | 5. Table of Attributes . . . . . . . . . . . . . . . . . . . . . 31 | |||
6. Security Considerations . . . . . . . . . . . . . . . . . . . 31 | 6. Security Considerations . . . . . . . . . . . . . . . . . . . 32 | |||
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 31 | 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 32 | |||
7.1. IANA Considerations on New IPFIX Elements . . . . . . . . 31 | 7.1. IANA Considerations on New IPFIX Information Elements . . 32 | |||
7.2. IANA Considerations on New RADIUS Attributes . . . . . . 32 | 7.2. IANA Considerations on New RADIUS Attributes . . . . . . 33 | |||
7.3. IANA Considerations on New RADIUS Nested Attributes . . . 33 | ||||
8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 33 | 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 34 | |||
9. References . . . . . . . . . . . . . . . . . . . . . . . . . 33 | 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 34 | |||
9.1. Normative References . . . . . . . . . . . . . . . . . . 33 | 9.1. Normative References . . . . . . . . . . . . . . . . . . 34 | |||
9.2. Informative References . . . . . . . . . . . . . . . . . 34 | 9.2. Informative References . . . . . . . . . . . . . . . . . 35 | |||
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 35 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 36 | |||
1. Introduction | 1. Introduction | |||
In a broadband network, customer information is usually stored on a | In a broadband network, customer information is usually stored on a | |||
RADIUS server [RFC2865] and at the time when a user initiates an IP | RADIUS server [RFC2865]. At the time when a user initiates an IP | |||
connection request, the RADIUS server will populate the user's | connection request, if this request is authorized, the RADIUS server | |||
configuration information to the Network Access Server (NAS), which | will populate the user's configuration information to the Network | |||
is usually co-located with the Border Network Gateway (BNG), after | Access Server (NAS), which is often referred to as a Broadband | |||
the connection request is granted. The Carrier Grade NAT (CGN) | Network Gateway (BNG) in broadband access networks. The Carrier- | |||
function may also be implemented on the BNG, and therefore the CGN | Grade NAT (CGN) function may also be implemented on the BNG. Within | |||
TCP/UDP port (or ICMP identifier) mapping(s) behavior(s) can be | this document, the CGN may perform NAT44 [RFC3022], NAT64 [RFC6146], | |||
configured on the RADIUS server as part of the user profile, and | or Dual-Stack Lite AFTR [RFC6333] function. In such case, the CGN | |||
populated to the NAS in the same manner. In addition, during the | TCP/UDP port (or ICMP identifier) mapping(s) behavior(s) can be part | |||
operation, the CGN can also convey port/identifier mapping behavior | of the configuration information sent from the RADIUS server to the | |||
specific to a user to the RADIUS server, as part of the normal RADIUS | NAS/BNG. The NAS/BNG may also report to the RADIUS Server the port/ | |||
accounting process. | identifier mapping behavior applied by the CGN to a user session to | |||
the RADIUS server, as part of the accounting information sent from | ||||
The CGN device that communicates with a RADIUS server using RADIUS | the NAS/BNG to a RADIUS server. | |||
extensions defined in this document may perform NAT44 [RFC3022], | ||||
NAT64 [RFC6146], or Dual-Stack Lite AFTR [RFC6333] function. | ||||
For the CGN case, when IP packets traverse a CGN device, it would | When IP packets traverse the CGN, it performs TCP/UDP source port | |||
perform TCP/UDP source port mapping or ICMP identifier mapping as | mapping or ICMP identifier mapping as required. A TCP/ UDP source | |||
required. A TCP/ UDP source port or ICMP identifier, along with | port or ICMP identifier, along with source IP address, destination IP | |||
source IP address, destination IP address, destination port and | address, destination port and protocol identifier if applicable, | |||
protocol identifier if applicable, uniquely identify a session. | uniquely identify a session. Since the number space of TCP/UDP ports | |||
Since the number space of TCP/UDP ports and ICMP identifiers in CGN's | and ICMP identifiers in CGN's external realm is shared among multiple | |||
external realm is shared among multiple users assigned with the same | users assigned with the same IPv4 address, the total number of a | |||
IPv4 address, the total number of a user's simultaneous IP sessions | user's simultaneous IP sessions is likely to be subject to port quota | |||
is likely to be subject to port quota (see Section 5 of [RFC6269]). | (see Section 5 of [RFC6269]). | |||
The attributes defined in this document may also be used to report | The attributes defined in this document may also be used to report | |||
the assigned port range in some deployments such as Provider WLAN | the assigned port range in some deployments such as Provider WLAN | |||
[I-D.gundavelli-v6ops-community-wifi-svcs]. For example, a visiting | [I-D.gundavelli-v6ops-community-wifi-svcs]. For example, a visiting | |||
host can be managed by a CPE (Customer Premises Equipment ) which | host can be managed by a CPE (Customer Premises Equipment ) which | |||
will need to report the assigned port range to the service platform. | will need to report the assigned port range to the service platform. | |||
This is required for identification purposes (see TR-146 [TR-146] for | This is required for identification purposes (see TR-146 [TR-146] for | |||
example). | more details). | |||
This document proposes three new attributes as RADIUS protocol's | This document proposes three new attributes as RADIUS protocol's | |||
extensions, and they are used for separate purposes as follows: | extensions, and they are used for separate purposes as follows: | |||
1. IP-Port-Limit: This attribute may be carried in RADIUS Acces- | 1. IP-Port-Limit: This attribute may be carried in RADIUS Access- | |||
Accept, Access-Request, Accounting-Request or CoA-Request packet. | Accept, Access-Request, Accounting-Request or CoA-Request packet. | |||
The purpose of this attribute is to limit the total number of | The purpose of this attribute is to limit the total number of | |||
TCP/UDP ports and/or ICMP identifiers that an IP subscriber can | TCP/UDP ports and/or ICMP identifiers allocated to a user, | |||
use, associated with one or more IPv4 addresses. | associated with one or more IPv4 addresses. | |||
2. IP-Port-Range: This attribute may be carried in RADIUS | 2. IP-Port-Range: This attribute may be carried in RADIUS | |||
Accounting-Request packet. The purpose of this attribute is to | Accounting-Request packet. The purpose of this attribute is to | |||
report by an address sharing device (e.g., a CGN) to the RADIUS | report by an address sharing device (e.g., a CGN) to the RADIUS | |||
server the range of TCP/UDP ports and/or ICMP identifiers that | server the range of TCP/UDP ports and/or ICMP identifiers that | |||
have been allocated or deallocated associated with a given IPv4 | have been allocated or deallocated associated with a given IPv4 | |||
address for a subscriber. | address for a user. | |||
3. IP-Port-Forwarding-Map: This attribute may be carried in RADIUS | 3. IP-Port-Forwarding-Map: This attribute may be carried in RADIUS | |||
Access-Accept, Access-Request, Accounting-Request or CoA-Request | Access-Accept, Access-Request, Accounting-Request or CoA-Request | |||
packet. The purpose of this attribute is to specify how a TCP/ | packet. The purpose of this attribute is to specify how an IPv4 | |||
UDP port (or an ICMP identifier) mapping to another TCP/UDP port | address and a TCP/ UDP port (or an ICMP identifier) is mapped to | |||
(or an ICMP identifier), and each is associated with its | another IPv4 address and a TCP/UDP port (or an ICMP identifier). | |||
respective IPv4 address. | ||||
This document leverages the protocol defined in [RFC7012] by | ||||
proposing a mapping between type field of RADIUS TLV and Element ID | ||||
of IPFIX. It also proposes a few new IPFIX Elements as required by | ||||
this document (see Section 3). | ||||
This document was constructed using the [RFC2629]. | IPFIX Information Elements [RFC7012] can be used for IP flow | |||
identification and representation over RADIUS. This document | ||||
provides a mapping between RADIUS TLV and IPFIX Information Element | ||||
Identifiers. As a consequence, new IPFIX Information Elements are | ||||
defined by this document (see Section 3). | ||||
2. Terminology | 2. Terminology | |||
This document makes use if the following terms: | This document makes use of the following terms: | |||
o IP Port: refers to the port numbers of IP transport protocols, | o IP Port: refers to the port numbers of IP transport protocols, | |||
including TCP port, UDP port and ICMP identifier. | including TCP port, UDP port and ICMP identifier. | |||
o IP Port Type: refers to one of the following: (1) TCP/UDP port and | o IP Port Type: refers to one of the following: (1) TCP/UDP port and | |||
ICMP identifier, (2) TCP port and UDP port, (3) TCP port, (4) UDP | ICMP identifier, (2) TCP port and UDP port, (3) TCP port, (4) UDP | |||
port, or (5) ICMP identifier. | port, or (5) ICMP identifier. | |||
o IP Port Limit: denotes the maximum number of IP ports for a | o IP Port Limit: denotes the maximum number of IP ports for a | |||
specific IP port type, that a device supporting port ranges can | specific IP port type, that a device supporting port ranges can | |||
use when performing port number mapping for a specific user. | use when performing port number mapping for a specific user. | |||
Note, this limit is usually associated with one or more IPv4 | Note, this limit is usually associated with one or more IPv4 | |||
addresses. | addresses. | |||
o IP Port Range: specifies a set of contiguous IP ports, indicated | o IP Port Range: specifies a set of contiguous IP ports, indicated | |||
by the smallest numerical number and the largest numerical number, | by the lowest numerical number and the highest numerical number, | |||
inclusively. | inclusively. | |||
o Internal IP Address: refers to the IP address that is used as a | o Internal IP Address: refers to the IP address that is used as a | |||
source IP address in an outbound IP packet sent towards a device | source IP address in an outbound IP packet sent towards a device | |||
supporting port ranges in the internal realm. In the IPv4 case, | supporting port ranges in the internal realm. | |||
it is typically a private address [RFC1918]. | ||||
o External IP Address: refers to the IP address that is used as a | o External IP Address: refers to the IP address that is used as a | |||
source IP address in an outbound IP packet after traversing a | source IP address in an outbound IP packet after traversing a | |||
device supporting port ranges in the external realm. In the IPv4 | device supporting port ranges in the external realm. | |||
case, it is typically a global routable IP address. | ||||
o Internal Port: is a UDP or TCP port, or an ICMP identifier, which | o Internal Port: is a UDP or TCP port, or an ICMP identifier, which | |||
is allocated by a host or application behind a device supporting | is allocated by a host or application behind a device supporting | |||
port ranges for an outbound IP packet in the internal realm. | port ranges for an outbound IP packet in the internal realm. | |||
o External Port: is a UDP or TCP port, or an ICMP identifier, which | o External Port: is a UDP or TCP port, or an ICMP identifier, which | |||
is allocated by a device supporting port ranges upon receiving an | is allocated by a device supporting port ranges upon receiving an | |||
outbound IP packet in the internal realm, and is used to replace | outbound IP packet in the internal realm, and is used to replace | |||
the internal port that is allocated by a user or application. | the internal port that is allocated by a user or application. | |||
o External realm: refers to the networking segment where IPv4 public | o External realm: refers to the networking segment where external IP | |||
addresses are used in respective of the device supporting port | addresses are used in respective of the device supporting port | |||
ranges. | ranges. | |||
o Internal realm: refers to the networking segment that is behind a | o Internal realm: refers to the networking segment that is behind a | |||
device supporting port ranges and where IPv4 private addresses are | device supporting port ranges and where internal IP addresses are | |||
used. | used. | |||
o Mapping: associates with a device supporting port ranges for a | o Mapping: associates with a device supporting port ranges for a | |||
relationship between an internal IP address, internal port and the | relationship between an internal IP address, internal port and the | |||
protocol, and an external IP address, external port, and the | protocol, and an external IP address, external port, and the | |||
protocol. | protocol. | |||
o Port-based device: a device that is capable of providing IP | o Port-based device: a device that is capable of providing IP | |||
address and IP port mapping services and in particular, with the | address and IP port mapping services and in particular, with the | |||
granularity of one or more subsets within the 16-bit IP port | granularity of one or more subsets within the 16-bit IP port | |||
number range. A typical example of this device is a CGN, CPE, | number range. A typical example of this device is a CGN, CPE, | |||
Provider WLAN Gateway, etc. | Provider WLAN Gateway, etc. | |||
Note the terms "internal IP address", "internal port", "internal | Note that the definitions of "internal IP address", "internal port", | |||
realm", "external IP address", "external port", "external realm", and | "internal realm", "external IP address", "external port", "external | |||
"mapping" and their semantics are the same as in [RFC6887], and | realm", and "mapping" are the same as defined in Port Control | |||
[RFC6888]. | Protocol (PCP) [RFC6887], and the Common Requirements for Carrier- | |||
Grade NATs (CGNs) [RFC6888]. | ||||
3. Extensions of RADIUS Attributes and TLVs | 3. Extensions of RADIUS Attributes and TLVs | |||
These three new attributes are defined in the following sub-sections: | These three new attributes are defined in the following sub-sections: | |||
1. IP-Port-Limit Attribute | 1. IP-Port-Limit Attribute | |||
2. IP-Port-Range Attribute | 2. IP-Port-Range Attribute | |||
3. IP-Port-Forwarding-Map Attribute | 3. IP-Port-Forwarding-Map Attribute | |||
All these attributes are allocated from the RADIUS "Extended Type" | All these attributes are allocated from the RADIUS "Extended Type" | |||
code space per [RFC6929]. | code space per [RFC6929]. | |||
In all the figures describing the RADIUS attributes and TLV formats | ||||
in the following sub-sections, the fields are transmitted from left | ||||
to right. | ||||
3.1. Extended Attributes for IP Ports | 3.1. Extended Attributes for IP Ports | |||
3.1.1. IP-Port-Limit Attribute | 3.1.1. IP-Port-Limit Attribute | |||
This attribute is RADIUS Extended-Type, and contains a set of | This attribute is of type "TLV" as defined in the RADIUS Protocol | |||
embedded TLVs defined in Section 3.2.1 (IP-Port-Type TLV), | Extensions [RFC6929]. It contains the following sub-attributes: | |||
Section 3.2.2 (IP-Port-Limit TLV), and Section 3.2.3 (IP-Port-Ext- | ||||
IPv4-Addr TLV). It specifies the maximum number of IP ports as | o an IP-Port-Type TLV (see Section 3.2.1), | |||
indicated in IP-Port-Limit TLV, of a specific port type as indicated | ||||
in IP-Port-Type TLV, and associated with a given IPv4 address as | o an IP-Port-Limit TLV (see Section 3.2.2), | |||
indicated in IP-Port-Ext-IPv4-Addr TLV for an end user. | ||||
o an optional IP-Port-Ext-IPv4-Addr TLV (see Section 3.2.3). | ||||
It specifies the maximum number of IP ports as indicated in IP-Port- | ||||
Limit TLV, of a specific port type as indicated in IP-Port-Type TLV, | ||||
and associated with a given IPv4 address as indicated in IP-Port-Ext- | ||||
IPv4-Addr TLV for an end user. | ||||
Note that when IP-Port-Ext-IPv4-Addr TLV is not included as part of | Note that when IP-Port-Ext-IPv4-Addr TLV is not included as part of | |||
the IP-Port-Limit Attribute, the port limit is applied to all the | the IP-Port-Limit Attribute, the port limit applies to all the IPv4 | |||
IPv4 addresses managed by the port device, e.g., a CGN or NAT64 | addresses managed by the port device, e.g., a CGN or NAT64 device. | |||
device. | ||||
The IP-Port-Limit Attribute MAY appear in an Access-Accept packet. | The IP-Port-Limit Attribute MAY appear in an Access-Accept packet. | |||
It MAY also appear in an Access-Request packet as a hint by the | It MAY also appear in an Access-Request packet as a preferred maximum | |||
device supporting port ranges, which is co-allocated with the NAS, to | number of IP ports indicated by the device supporting port ranges co- | |||
the RADIUS server as a preference, although the server is not | located with the NAS e.g. a CGN or NAT64. However, the RADIUS server | |||
required to honor such a hint. | is not required to honor such a preference. | |||
The IP-Port-Limit Attribute MAY appear in a CoA-Request packet. | The IP-Port-Limit Attribute MAY appear in a CoA-Request packet. | |||
The IP-Port-Limit Attribute MAY appear in an Accounting-Request | The IP-Port-Limit Attribute MAY appear in an Accounting-Request | |||
packet. | packet. | |||
The IP-Port-Limit Attribute MUST NOT appear in any other RADIUS | The IP-Port-Limit Attribute MUST NOT appear in any other RADIUS | |||
packets. | packet. | |||
The format of the IP-Port-Limit Attribute is shown in Figure 1. The | The format of the IP-Port-Limit Attribute is shown in Figure 1. | |||
fields are transmitted from left to right. | ||||
0 1 2 3 | 0 1 2 3 | |||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| Type | Length | Extended-Type | Value ... | | Type | Length | Extended-Type | Value ... | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
Figure 1 | Figure 1 | |||
Type: | Type: | |||
TBA1. | 241 (To be confirmed by IANA). | |||
Length: | Length: | |||
This field indicates the total length in bytes of all fields of | This field indicates the total length in bytes of all fields of | |||
this attribute, including the Type, Length, Extended-Type, and the | this attribute, including the Type, Length, Extended-Type, and the | |||
entire length of the embedded TLVs. | entire length of the embedded TLVs. | |||
Extended-Type: | Extended-Type: | |||
TBA2. | TBA2. | |||
skipping to change at page 7, line 43 ¶ | skipping to change at page 7, line 51 ¶ | |||
Attribute. Refer to Section 3.2.2. | Attribute. Refer to Section 3.2.2. | |||
IP-Port-Ext-IPv4-Addr TLV: | IP-Port-Ext-IPv4-Addr TLV: | |||
This TLV contains the IPv4 address that is associated with the | This TLV contains the IPv4 address that is associated with the | |||
IP port limit contained in the IP-Port-Limit TLV. This TLV is | IP port limit contained in the IP-Port-Limit TLV. This TLV is | |||
optionally included as part of the IP-Port-Limit Attribute. | optionally included as part of the IP-Port-Limit Attribute. | |||
Refer to Section 3.2.3. | Refer to Section 3.2.3. | |||
IP-Port-Limit attribute is associated with the following identifier: | IP-Port-Limit attribute is associated with the following identifier: | |||
Type(TBA1).Extended-Type(TBA2).[IP-Port-Limit TLV (TBA6),IP-Port-Type | 241.Extended-Type(TBA2). | |||
TLV(TBA5), {IP-Port-Ext-IPv4-Addr TLV(TBA7)}]. | ||||
3.1.2. IP-Port-Range Attribute | 3.1.2. IP-Port-Range Attribute | |||
This attribute is RADIUS Extended-Type, and contains a set of | This attribute is of type "TLV" as defined in the RADIUS Protocol | |||
embedded TLVs defined in Section 3.2.1(IP-Port-Type TLV), Section | Extensions [RFC6929]. It contains the following sub-attributes: | |||
3.2.9(IP-Port-Range-Start TLV), Section 3.2.10 (IP-Port-Range-End | ||||
TLV), Section 3.2.8 (IP-Port-Alloc TLV), Section 3.2.3 (IP-Port-Ext- | o an IP-Port-Type TLV (see Section 3.2.1), | |||
IPv4-Addr TLV), and Section 3.2.11 (IP-Port-Local-Id TLV). | ||||
o an IP-Port-Range-Start TLV (see Section 3.2.9), | ||||
o an IP-Port-Range-End TLV (see Section 3.2.10), | ||||
o an IP-Port-Alloc TLV (see Section 3.2.8), | ||||
o an optional IP-Port-Ext-IPv4-Addr TLV (see Section 3.2.3), | ||||
o an optional IP-Port-Local-Id TLV (see Section 3.2.11). | ||||
This attribute contains a range of contiguous IP ports of a specific | This attribute contains a range of contiguous IP ports of a specific | |||
port type and associated with an IPv4 address that are either | port type and associated with an IPv4 address that are either | |||
allocated or deallocated by a device for a given subscriber, and the | allocated or deallocated by a device for a given user, and the | |||
information is intended to send to RADIUS server. | information is intended to be sent to RADIUS server. | |||
This attribute can be used to convey a single IP port number; in such | This attribute can be used to convey a single IP port number; in such | |||
case IP-Port-Range-Start and IP-Port-Range-End conveys the same | case IP-Port-Range-Start and IP-Port-Range-End conveys the same | |||
value. | value. | |||
Within an IP-Port-Range Attribute, the IP-Port-Alloc TLV is always | Within an IP-Port-Range Attribute, the IP-Port-Alloc TLV is always | |||
included. For port allocation, both IP-Port-Range-Start TLV and IP- | included. For port allocation, both IP-Port-Range-Start TLV and IP- | |||
Port-Range-End TLV must be included; for port deallocation, the | Port-Range-End TLV must be included; for port deallocation, the | |||
inclusion of these two TLVs is optional and if not included, it | inclusion of these two TLVs is optional and if not included, it | |||
implies that all ports that are previously allocated are now | implies that all ports that are previously allocated are now | |||
deallocated. Both IP-Port-Ext-IPv4-Addr TLV and IP-Port-Local-Id TLV | deallocated. Both IP-Port-Ext-IPv4-Addr TLV and IP-Port-Local-Id TLV | |||
are optional and if included, they are used by a port device (e.g., a | are optional and if included, they are used by a port device (e.g., a | |||
CGN device) to identify the end user. | CGN device) to identify the end user. | |||
The IP-Port-Range Attribute MAY appear in an Accounting-Request | The IP-Port-Range Attribute MAY appear in an Accounting-Request | |||
packet. | packet. | |||
The IP-Port-Range Attribute MUST NOT appear in any other RADIUS | The IP-Port-Range Attribute MUST NOT appear in any other RADIUS | |||
packets. | packet. | |||
The format of the IP-Port-Range Attribute format is shown in | The format of the IP-Port-Range Attribute format is shown in | |||
Figure 2. The fields are transmitted from left to right. | Figure 2. The fields are transmitted from left to right. | |||
0 1 2 3 | 0 1 2 3 | |||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| Type | Length | Extended-Type | Value ... | | Type | Length | Extended-Type | Value ... | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
Figure 2 | Figure 2 | |||
Type: | Type: | |||
TBA1. | 241 (To be confirmed by IANA). | |||
Length: | Length: | |||
This field indicates the total length in bytes of all fields of | This field indicates the total length in bytes of all fields of | |||
this attribute, including the Type, Length, Extended-Type, and the | this attribute, including the Type, Length, Extended-Type, and the | |||
entire length of the embedded TLVs. | entire length of the embedded TLVs. | |||
Extended-Type: | Extended-Type: | |||
TBA3. | TBA3. | |||
skipping to change at page 10, line 6 ¶ | skipping to change at page 10, line 27 ¶ | |||
IP-Port-Local-Id TLV: | IP-Port-Local-Id TLV: | |||
This TLV contains a local session identifier at the customer | This TLV contains a local session identifier at the customer | |||
premise, such as MAC address, interface ID, VLAN ID, PPP | premise, such as MAC address, interface ID, VLAN ID, PPP | |||
sessions ID, VRF ID, IPv6 address/prefix, etc. This TLV is | sessions ID, VRF ID, IPv6 address/prefix, etc. This TLV is | |||
optionally included as part of the IP-Port-Range Attribute. | optionally included as part of the IP-Port-Range Attribute. | |||
Refer to Section 3.2.11. | Refer to Section 3.2.11. | |||
The IP-Port-Range attribute is associated with the following | The IP-Port-Range attribute is associated with the following | |||
identifier: Type(TBA1).Extended-Type(TBA3).[IP-Port-Alloc TLV | identifier: 241.Extended-Type(TBA3). | |||
(TBA12), IP-Port-Type TLV(TBA5), {IP-Port-Range-Start TLV(TBA13), IP- | ||||
Port-Range-End TLV(TBA14)}, {IP-Port-Ext-IPv4-Addr TLV (TBA7)}, {IP- | ||||
Port-Local-Id TLV (TBA15)}]. | ||||
3.1.3. IP-Port-Forwarding-Map Attribute | 3.1.3. IP-Port-Forwarding-Map Attribute | |||
This attribute is RADIUS Extended-Type, and contains a set of | This attribute is of type "TLV" as defined in the RADIUS Protocol | |||
embedded TLVs defined in Section 3.2.1(IP-Port-Type TLV), Section | Extensions [RFC6929]. It contains the following sub-attributes: | |||
3.2.6(IP-Port-Int-Port TLV), Section 3.2.7(IP-Port-Ext-Port TLV), | ||||
Section 3.2.4(IP-Port-Int-IPv4-Addr TLV) or Section 3.2.5(IP-Port- | o an IP-Port-Type TLV (see Section 3.2.1), | |||
Int-IPv6-Addr TLV), Section 3.2.11(IP-Port-Local-Id TLV) and | ||||
Section 3.2.3 (IP-Port-Ext-IP-Addr TLV). | o an IP-Port-Int-Port TLV (see Section 3.2.6), | |||
o an IP-Port-Ext-Port TLV (see Section 3.2.7), | ||||
o either an IP-Port-Int-IPv4-Addr TLV (see Section 3.2.4) or an IP- | ||||
Port-Local-Id TLV (see Section 3.2.11), | ||||
o either an IP-Port-Int-IPv6-Addr TLV (see Section 3.2.5) or an IP- | ||||
Port-Local-Id TLV (see Section 3.2.11), | ||||
o an IP-Port-Ext-IPv4-Addr TLV (see Section 3.2.3). | ||||
The attribute contains a 2-byte IP internal port number that is | The attribute contains a 2-byte IP internal port number that is | |||
associated with an internal IPv4 or IPv6 address, or a locally | associated with an internal IPv4 or IPv6 address, or a locally | |||
significant identifier at the customer site, and a 2-byte IP external | significant identifier at the customer site, and a 2-byte IP external | |||
port number that is associated with an external IPv4 address. The | port number that is associated with an external IPv4 address. The | |||
internal IPv4 or IPv6 address, or the local identifier must be | internal IPv4 or IPv6 address, or the local identifier must be | |||
included; the external IPv4 address may also be included. | included; the external IPv4 address may also be included. | |||
The IP-Port-Forwarding-Map Attribute MAY appear in an Access-Accept | The IP-Port-Forwarding-Map Attribute MAY appear in an Access-Accept | |||
packet. It MAY also appear in an Access-Request packet as a hint by | packet. It MAY also appear in an Access-Request packet to indicate a | |||
the device supporting port mapping, which is co-allocated with the | preferred port mapping by the device co-located with NAS. However | |||
NAS, to the RADIUS server as a preference, although the server is not | the server is not required to honor such a preference. | |||
required to honor such a hint. | ||||
The IP-Port-Forwarding-Map Attribute MAY appear in a CoA-Request | The IP-Port-Forwarding-Map Attribute MAY appear in a CoA-Request | |||
packet. | packet. | |||
The IP-Port-Forwarding-Map Attribute MAY also appear in an | The IP-Port-Forwarding-Map Attribute MAY also appear in an | |||
Accounting-Request packet. | Accounting-Request packet. | |||
The attribute MUST NOT appear in any other RADIUS packet. | The IP-Port-Forwarding-Map Attribute MUST NOT appear in any other | |||
RADIUS packet. | ||||
The format of the IP-Port-Forwarding-Map Attribute is shown in | The format of the IP-Port-Forwarding-Map Attribute is shown in | |||
Figure 3. The fields are transmitted from left to right. | Figure 3. | |||
0 1 2 3 | 0 1 2 3 | |||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| Type | Length | Extended-Type | Value .... | | Type | Length | Extended-Type | Value .... | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
Figure 3 | Figure 3 | |||
Type: | Type: | |||
TBA1. | 241 (To be confirmed by IANA). | |||
Length: | Length: | |||
This field indicates the total length in bytes of all fields of | This field indicates the total length in bytes of all fields of | |||
this attribute, including the Type, Length, Extended-Type, and the | this attribute, including the Type, Length, Extended-Type, and the | |||
entire length of the embedded TLVs. | entire length of the embedded TLVs. | |||
Extended-Type: | Extended-Type: | |||
TBA4. | TBA4. | |||
skipping to change at page 12, line 27 ¶ | skipping to change at page 13, line 6 ¶ | |||
Port-Forwarding-Map Attribute. Refer to Section 3.2.11. | Port-Forwarding-Map Attribute. Refer to Section 3.2.11. | |||
IP-Port-Ext-IPv4-Addr TLV: | IP-Port-Ext-IPv4-Addr TLV: | |||
This TLV contains an IPv4 address that is associated with the | This TLV contains an IPv4 address that is associated with the | |||
external IP port number contained in the IP-Port-Ext-Port TLV. | external IP port number contained in the IP-Port-Ext-Port TLV. | |||
This TLV may be included as part of the IP-Port-Forwarding-Map | This TLV may be included as part of the IP-Port-Forwarding-Map | |||
Attribute. Refer to Section 3.2.3. | Attribute. Refer to Section 3.2.3. | |||
The IP-Port-Forwarding-Map attribute is associated with the following | The IP-Port-Forwarding-Map attribute is associated with the following | |||
identifier: Type(TBA1).Extended-Type(TBA4). [IP-Port-Int-Port | identifier: 241.Extended-Type(TBA4). | |||
TLV(TBA10), IP-Port-Ext-Port TLV(TBA11), IP-Port-Type TLV(TBA5), {IP- | ||||
Port-Int-IPv4-Addr TLV(TBA8) | IP-Port-Int-IPv6-Addr TLV(TBA9)}, {IP- | ||||
Port-Ext-IPv4-Addr TLV(TBA7)}]. | ||||
3.2. RADIUS TLVs for IP Ports | 3.2. RADIUS TLVs for IP Ports | |||
3.2.1. IP-Port-Type TLV | 3.2.1. IP-Port-Type TLV | |||
This TLV (Figure 4) uses the format defined in [RFC6929]. Its Type | This TLV (Figure 4) uses the format defined in [RFC6929]. Its "Type" | |||
field contains a value that uniquely refers to IPFIX Element | field contains a value that uniquely refers to IPFIX Information | |||
transportType (TBAx1), and its Value field contains IPFIX Element | Element "transportType" (TBAx1), and its "Value" field contains the | |||
transportType, which indicates the type of IP transport type as | values defined for the IPFIX Information Element "transportType", | |||
follows: | which indicates the type of IP transport as follows: | |||
1: | 1: | |||
Refer to TCP port, UDP port, and ICMP identifier as a whole. | Refer to TCP port, UDP port, and ICMP identifier as a whole. | |||
2: | 2: | |||
Refer to TCP port and UDP port as a whole. | Refer to TCP port and UDP port as a whole. | |||
3: | 3: | |||
skipping to change at page 13, line 13 ¶ | skipping to change at page 13, line 38 ¶ | |||
Refer to TCP port only. | Refer to TCP port only. | |||
4: | 4: | |||
Refer to UDP port only. | Refer to UDP port only. | |||
5: | 5: | |||
Refer to ICMP identifier only. | Refer to ICMP identifier only. | |||
IP-Port-Type TLV is included as part of the IP-Port-Limit Attribute | ||||
(refer to Section 3.1.1), IP-Port-Range Attribute (refer to | ||||
Section 3.1.2), and IP-Port-Forwarding-Map Attribute (refer to | ||||
Section 3.1.3). | ||||
0 1 2 3 | 0 1 2 3 | |||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| Type | Length | transportType | | Type | Length | transportType | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
transportType | | transportType | | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
Figure 4 | Figure 4 | |||
Type: | Type: | |||
TBA5: This uniquely refers to IPFIX Element ID TBA0. | The value depends on the encapsulating attribute (see IANA | |||
Section). This MUST uniquely refer to the IPFIX Information | ||||
Element identifier TBAx1. | ||||
Length: | Length: | |||
6. | 6. | |||
transportType: | transportType: | |||
Integer. This field contains the data (unsigned8) of | Integer. This field contains the data (unsigned8) of | |||
transportType (TBX1) defined in IPFIX, right justified, and the | transportType (TBAx1) defined in IPFIX, right justified, and the | |||
unused bits in this field must be set to zero. | unused bits in this field MUST be set to zero. | |||
3.2.2. IP-Port-Limit TLV | 3.2.2. IP-Port-Limit TLV | |||
This TLV (Figure 5) uses the format defined in [RFC6929]. Its Type | This TLV (Figure 5) uses the format defined in [RFC6929]. Its "Type" | |||
field contains a value that uniquely refers to IPFIX Element | field contains a value that uniquely refers to IPFIX Information | |||
natTransportLimit (TBAx2), and its Value field contains IPFIX Element | Element natTransportLimit (TBAx2), and its "Value" field contains | |||
natTransportLimit, which indicates the maximum number of ports of a | IPFIX Information Element natTransportLimit, which indicates the | |||
specified IP-Port-Type and associated with a given IPv4 address | maximum number of ports for a given IPv4 address assigned to a user | |||
assigned to a subscriber. | for a specified IP-Port-Type. | |||
IP-Port-Limit TLV is included as part of the IP-Port-Limit Attribute | ||||
(refer to Section 3.1.1). | ||||
0 1 2 3 | 0 1 2 3 | |||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| Type | Length | natTransportLimit | | Type | Length | natTransportLimit | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
natTransportLimit | | natTransportLimit | | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
Figure 5 | Figure 5 | |||
Type: | Type: | |||
TBA6: This uniquely refers to IPFIX Element ID Limit TBD. | TBD2.2. It MUST uniquely refer to the IPFIX Information Element | |||
identifier TBAx2. | ||||
Length: | Length: | |||
6. | 6. | |||
natTransportLimit: | natTransportLimit: | |||
Integer. This field contains the data (unsigned16) of | Integer. This field contains the data (unsigned16) of | |||
natTransportLimit (TBX2) defined in IPFIX, right justified, and | natTransportLimit (TBAx2) defined in IPFIX, right justified, and | |||
the unused bits in this field must be set to zero. | the unused bits in this field MUST be set to zero. | |||
3.2.3. IP-Port-Ext-IPv4-Addr TLV | 3.2.3. IP-Port-Ext-IPv4-Addr TLV | |||
This TLV (Figure 6) uses the format defined in[RFC6929]. Its Type | This TLV (Figure 6) uses the format defined in[RFC6929]. Its "Type" | |||
field contains a value that uniquely refers to IPFIX Element | field contains a value that uniquely refers to IPFIX Information | |||
postNATSourceIPv4Address(225), and its Value field contains IPFIX | Element postNATSourceIPv4Address(225), and its "Value" field contains | |||
Element postNATSourceIPv4Address, which is the IPv4 source address | IPFIX Information Element postNATSourceIPv4Address, which is the IPv4 | |||
after NAT operation (refer to [IPFIX]). | source address after NAT operation (refer to [IPFIX]). | |||
IP-Port-Ext-IPv4-Addr TLV can be included as part of the IP-Port- | IP-Port-Ext-IPv4-Addr TLV MAY be included as part of the IP-Port- | |||
Limit Attribute (refer to Section 3.1.1), IP-Port-Range Attribute | Limit Attribute (refer to Section 3.1.1), IP-Port-Range Attribute | |||
(refer to Section 3.1.2), and IP-Port-Forwarding-Map Attribute (refer | (refer to Section 3.1.2), and IP-Port-Forwarding-Map Attribute (refer | |||
to Section 3.1.3). | to Section 3.1.3). | |||
0 1 2 3 | 0 1 2 3 | |||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| Type | Length | postNATSourceIPv4Address | | Type | Length | postNATSourceIPv4Address | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
postNATSourceIPv4Address | | postNATSourceIPv4Address | | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
Figure 6 | Figure 6 | |||
Type: | Type: | |||
TBA7: The type field uniquely refers to the IPFIX Element ID 225. | The value depends on the encapsulating attribute (see IANA | |||
section). This MUST uniquely refer to the IPFIX Information | ||||
Element identifier 225. | ||||
Length: | Length: | |||
6 | 6 | |||
postNATSourceIPv4Address: | postNATSourceIPv4Address: | |||
Integer. This field contains the data (ipv4Address) of | Integer. This field contains the data (ipv4Address) of | |||
postNATSourceIPv4Address (225) defined in IPFIX. | postNATSourceIPv4Address (225) defined in IPFIX. | |||
3.2.4. IP-Port-Int-IPv4-Addr TLV | 3.2.4. IP-Port-Int-IPv4-Addr TLV | |||
This TLV (Figure 7) uses format defined in [RFC6929]. Its Type field | This TLV (Figure 7) uses format defined in [RFC6929]. Its "Type" | |||
contains a value that uniquely refers to IPFIX Element | field contains a value that uniquely refers to IPFIX Information | |||
sourceIPv4Address (8), and its Value field contains IPFIX Element | Element sourceIPv4Address (8), and its "Value" field contains IPFIX | |||
sourceIPv4Address, which is the IPv4 source address before NAT | Information Element sourceIPv4Address, which is the IPv4 source | |||
operation (refer to [IPFIX]). | address before NAT operation (refer to [IPFIX]). | |||
IP-Port-Int-IPv4-Addr TLV can be included as part of the IP-Port- | IP-Port-Int-IPv4-Addr TLV MAY be included as part of the IP-Port- | |||
Forwarding-Map Attribute (refer to Section 3.1.3). | Forwarding-Map Attribute (refer to Section 3.1.3). | |||
0 1 2 3 | 0 1 2 3 | |||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| Type | Length | sourceIPv4Address | | Type | Length | sourceIPv4Address | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
sourceIPv4Address | | sourceIPv4Address | | |||
+-+--+-+-+-+-+-+-++-+-+-+-+-+-+-+ | +-+--+-+-+-+-+-+-++-+-+-+-+-+-+-+ | |||
Figure 7 | Figure 7 | |||
Type: | Type: | |||
TBA8: The type field uniquely refers to the IPFIX Element ID 8. | TBD4.3. It MUST uniquely refer to the IPFIX Information Element | |||
identifier 8. | ||||
Length: | Length: | |||
6. | 6. | |||
sourceIPv4Address: | sourceIPv4Address: | |||
Integer. This field contains the data (ipv4Address) of | Integer. This field contains the data (ipv4Address) of | |||
sourceIPv4Address (8) defined in IPFIX. | sourceIPv4Address (8) defined in IPFIX. | |||
3.2.5. IP-Port-Int-IPv6-Addr TLV | 3.2.5. IP-Port-Int-IPv6-Addr TLV | |||
This TLV (Figure 8) uses format defined in [RFC6929]. Its Type field | This TLV (Figure 8) uses format defined in [RFC6929]. Its "Type" | |||
contains a value that uniquely refers to IPFIX Element | field contains a value that uniquely refers to IPFIX Information | |||
sourceIPv6Address(27), and its Value field contains IPFIX Element | Element sourceIPv6Address(27), and its "Value" field contains IPFIX | |||
sourceIPv6Address, which is the IPv6 source address before NAT | Information Element sourceIPv6Address, which is the IPv6 source | |||
operation (refer to [IPFIX]). | address before NAT operation (refer to [IPFIX]). | |||
IP-Port-Int-IPv6-Addr TLV can be included as part of the IP-Port- | IP-Port-Int-IPv6-Addr TLV MAY be included as part of the IP-Port- | |||
Forwarding-Map Attribute (refer to Section 3.1.3). | Forwarding-Map Attribute (refer to Section 3.1.3). | |||
0 1 2 3 | 0 1 2 3 | |||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| Type | Length | sourceIPv6Address | | Type | Length | sourceIPv6Address | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
sourceIPv6Address | sourceIPv6Address | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
sourceIPv6Address | sourceIPv6Address | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
sourceIPv6Address | sourceIPv6Address | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
sourceIPv6Address | | sourceIPv6Address | | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
Figure 8 | Figure 8 | |||
Type: | Type: | |||
TBA9: The type field uniquely refers to the IPFIX Element ID 27. | TBD4.4. It MUST uniquely refer to the IPFIX Information Element | |||
identifier 27. | ||||
Length: | Length: | |||
18. | 18. | |||
sourceIPv6Address: | sourceIPv6Address: | |||
IPv6 address (128 bits). This field contains the data | IPv6 address (128 bits). This field contains the data | |||
(ipv6Address) of sourceIPv6Address (27) defined in IPFIX. | (ipv6Address) of sourceIPv6Address (27) defined in IPFIX. | |||
3.2.6. IP-Port-Int-Port TLV | 3.2.6. IP-Port-Int-Port TLV | |||
This TLV (Figure 9) uses format defined in [RFC6929]. Its Type field | This TLV (Figure 9) uses format defined in [RFC6929]. Its "Type" | |||
contains a value that uniquely refers to IPFIX Element | field contains a value that uniquely refers to IPFIX Information | |||
sourceTransportPort (7), and its Value field contains IPFIX Element | Element sourceTransportPort (7), and its "Value" field contains IPFIX | |||
sourceTransportPort, which is the source transport number associated | Information Element sourceTransportPort, which is the source | |||
with an internal IPv4 or IPv6 address (refer to [IPFIX]). | transport number associated with an internal IPv4 or IPv6 address | |||
(refer to [IPFIX]). | ||||
IP-Port-Int-Port TLV is included as part of the IP-Port-Forwarding- | IP-Port-Int-Port TLV is included as part of the IP-Port-Forwarding- | |||
Map Attribute (refer to Section 3.1.3). | Map Attribute (refer to Section 3.1.3). | |||
0 1 2 3 | 0 1 2 3 | |||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| Type | Length | sourceTransportPort | | Type | Length | sourceTransportPort | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
sourceTransportPort | | sourceTransportPort | | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
Figure 9 | Figure 9 | |||
Type: | Type: | |||
TBA10: This uniquely refers to the IPFIX Element ID 7. | TBD4.5. It MUST uniquely refer to the IPFIX Information Element | |||
identifier 7. | ||||
Length: | Length: | |||
4. | 4. | |||
sourceTransportPort: | sourceTransportPort: | |||
Integer. This field contains the data (unsigned16) of | Integer. This field contains the data (unsigned16) of | |||
sourceTrasnportPort (7) defined in IPFIX, right justified, and | sourceTrasnportPort (7) defined in IPFIX, right justified, and | |||
unused bits must be set to zero. | unused bits MUST be set to zero. | |||
3.2.7. IP-Port-Ext-Port TLV | 3.2.7. IP-Port-Ext-Port TLV | |||
This TLV (Figure 10) uses format defined in [RFC6929]. Its Type | This TLV (Figure 10) uses format defined in [RFC6929]. Its "Type" | |||
field contains a value that uniquely refers to IPFIX Element | field contains a value that uniquely refers to IPFIX Information | |||
postNAPTSourceTransportPort (227), and its Value field contains IPFIX | Element postNAPTSourceTransportPort (227), and its "Value" field | |||
Element postNAPTSourceTransportPort, which is the transport number | contains IPFIX Information Element postNAPTSourceTransportPort, which | |||
associated with an external IPv4 address(refer to [IPFIX]). | is the transport number associated with an external IPv4 | |||
address(refer to [IPFIX]). | ||||
IP-Port-Ext-Port TLV is included as part of the IP-Port-Forwarding- | IP-Port-Ext-Port TLV is included as part of the IP-Port-Forwarding- | |||
Map Attribute (refer to Section 3.1.3). | Map Attribute (refer to Section 3.1.3). | |||
0 1 2 3 | 0 1 2 3 | |||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| Type | Length | postNAPTSourceTransportPort | | Type | Length | postNAPTSourceTransportPort | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
postNAPTSourceTransportPort | | postNAPTSourceTransportPort | | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
Figure 10 | Figure 10 | |||
Type: | Type: | |||
TBA11: This uniquely refers to the IPFIX Element ID 227 . | TBD4.6. It MUST uniquely refer to the IPFIX Information Element | |||
identifier 227 . | ||||
Length: | Length: | |||
6. | 6. | |||
postNAPTSourceTransportPort: | postNAPTSourceTransportPort: | |||
Integer. This field contains the data (unsigned16) of | Integer. This field contains the data (unsigned16) of | |||
postNAPTSourceTrasnportPort (227) defined in IPFIX, right | postNAPTSourceTrasnportPort (227) defined in IPFIX, right | |||
justified, and unused bits must be set to zero. | justified, and unused bits must be set to zero. | |||
3.2.8. IP-Port-Alloc TLV | 3.2.8. IP-Port-Alloc TLV | |||
This TLV (Figure 11) uses format defined in [RFC6929]. Its Type | This TLV (Figure 11) uses format defined in [RFC6929]. Its "Type" | |||
field contains a value that uniquely refers to IPFIX Element natEvent | field contains a value that uniquely refers to IPFIX Information | |||
(230), and its Value field contains IPFIX Element "natEvent", which | Element natEvent (230), and its "Value" field contains IPFIX | |||
is a flag to indicate an action of NAT operation (refer to [IPFIX]). | Information Element "natEvent", which is a flag to indicate an action | |||
of NAT operation (refer to [IPFIX]). | ||||
When the value of natEvent is "1" (Create event), it means to | When the value of natEvent is "1" (Create event), it means to | |||
allocate a range of transport ports; when the value is "2", it means | allocate a range of transport ports; when the value is "2", it means | |||
to de-allocate a range of transports ports. For the purpose of this | to de-allocate a range of transports ports. For the purpose of this | |||
TLV, no other value is used. | TLV, no other value is used. | |||
IP-Port-Alloc TLV is included as part of the IP-Port-Range Attribute | IP-Port-Alloc TLV is included as part of the IP-Port-Range Attribute | |||
(refer to Section 3.1.2). | (refer to Section 3.1.2). | |||
0 1 2 3 | 0 1 2 3 | |||
skipping to change at page 19, line 17 ¶ | skipping to change at page 19, line 48 ¶ | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| Type | Length | natEvent | | Type | Length | natEvent | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
natEvent | | natEvent | | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
Figure 11 | Figure 11 | |||
Type: | Type: | |||
TBA12: This uniquely refers to the IPFIX Element ID 230 . | TBD3.3. It MUST uniquely refer to the IPFIX Information Element | |||
identifier 230 . | ||||
Length: | Length: | |||
3. | 3. | |||
natEvent: | natEvent: | |||
Integer. This field contains the data (unsigned8) of natEvent | Integer. This field contains the data (unsigned8) of natEvent | |||
(230) defined in IPFIX, right justified, and unused bits must be | (230) defined in IPFIX, right justified, and unused bits must be | |||
set to zero. It indicates the allocation or deallocation of a | set to zero. It indicates the allocation or deallocation of a | |||
skipping to change at page 19, line 44 ¶ | skipping to change at page 20, line 28 ¶ | |||
2: | 2: | |||
Deallocation | Deallocation | |||
Reserved: | Reserved: | |||
0. | 0. | |||
3.2.9. IP-Port-Range-Start TLV | 3.2.9. IP-Port-Range-Start TLV | |||
This TLV (Figure 12) uses format defined in [RFC6929]. Its Type | This TLV (Figure 12) uses format defined in [RFC6929]. Its "Type" | |||
field contains a value that uniquely refers to IPFIX Element | field contains a value that uniquely refers to IPFIX Information | |||
portRangeStart (361), and its Value field contains IPFIX Element | Element portRangeStart (361), and its "Value" field contains IPFIX | |||
portRangeStart, which is the smallest port number of a range of | Information Element portRangeStart, which is the smallest port number | |||
contiguous transport ports (refer to [IPFIX]). | of a range of contiguous transport ports (refer to [IPFIX]). | |||
IP-Port-Range-Start TLV is included as part of the IP-Port-Range | IP-Port-Range-Start TLV is included as part of the IP-Port-Range | |||
Attribute (refer to Section 3.1.2). | Attribute (refer to Section 3.1.2). | |||
0 1 2 3 | 0 1 2 3 | |||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| Type | Length | portRangeStart | | Type | Length | portRangeStart | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
portRangeStart | | portRangeStart | | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
Figure 12 | Figure 12 | |||
Type: | Type: | |||
TBA13: This uniquely refers to the IPFIX Element ID 361. | TBD3.4. It MUST uniquely refer to the IPFIX Information Element | |||
identifier 361. | ||||
TLV8-Length: | TLV8-Length: | |||
4. | 4. | |||
portRangeStart: | portRangeStart: | |||
Integer. This field contains the data (unsigned16) of (361) | Integer. This field contains the data (unsigned16) of (361) | |||
defined in IPFIX, right justified, and unused bits must be set to | defined in IPFIX, right justified, and unused bits must be set to | |||
zero. | zero. | |||
3.2.10. IP-Port-Range-End TLV | 3.2.10. IP-Port-Range-End TLV | |||
This TLV (Figure 13) uses format defined in [RFC6929]. Its Type | This TLV (Figure 13) uses format defined in [RFC6929]. Its "Type" | |||
field contains a value that uniquely refers to IPFIX Element | field contains a value that uniquely refers to IPFIX Information | |||
portRangeEnd (362), and its Value field contains IPFIX Element | Element portRangeEnd (362), and its "Value" field contains IPFIX | |||
portRangeEnd, which is the largest port number of a range of | Information Element portRangeEnd, which is the largest port number of | |||
contiguous transport ports (refer to [IPFIX]). | a range of contiguous transport ports (refer to [IPFIX]). | |||
IP-Port-Range-End TLV is included as part of the IP-Port-Range | IP-Port-Range-End TLV is included as part of the IP-Port-Range | |||
Attribute (refer to Section 3.1.2). | Attribute (refer to Section 3.1.2). | |||
0 1 2 3 | 0 1 2 3 | |||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| Type | Length | portRangeEnd | | Type | Length | portRangeEnd | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
portRangeEnd | | portRangeEnd | | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
Figure 13 | Figure 13 | |||
Type: | Type: | |||
TBA14: This uniquely refers to IPFIC Element ID 362. | TBD3.5. It MUST uniquely refer to the IPFIX Information Element | |||
identifier 362. | ||||
Length: | Length: | |||
4. The Length field for IP-Port-Range-End TLV. | 4. The Length field for IP-Port-Range-End TLV. | |||
portRangeEnd: | portRangeEnd: | |||
Integer. This field contains the data (unsigned16) of (362) | Integer. This field contains the data (unsigned16) of (362) | |||
defined in IPFIX, right justified, and unused bits must be set to | defined in IPFIX, right justified, and unused bits must be set to | |||
zero. | zero. | |||
3.2.11. IP-Port-Local-Id TLV | 3.2.11. IP-Port-Local-Id TLV | |||
This TLV (Figure 14) uses format defined in [RFC6929]. Its Type | This TLV (Figure 14) uses format defined in [RFC6929]. Its "Type" | |||
field contains a value that uniquely refers to IPFIX Element localID | field contains a value that uniquely refers to the IPFIX Information | |||
(TBAx3), and its Value field contains IPFIX Element localID, which is | Element localID (TBAx3), and its "Value" field contains IPFIX | |||
a local significant identifier as explained below. | Information Element localID, which is a local significant identifier | |||
as explained below. | ||||
In some CGN deployment scenarios such as DS-Extra-Lite [RFC6619] and | In some CGN deployment scenarios such as DS-Extra-Lite [RFC6619] and | |||
Lightweight 4over6 [I-D.ietf-softwire-lw4over6], parameters at a | Lightweight 4over6 [RFC7596], parameters at a customer premise such | |||
customer premise such as MAC address, interface ID, VLAN ID, PPP | as MAC address, interface ID, VLAN ID, PPP session ID, IPv6 prefix, | |||
session ID, IPv6 prefix, VRF ID, etc., may also be required to pass | VRF ID, etc., may also be required to pass to the RADIUS server as | |||
to the RADIUS server as part of the accounting record. | part of the accounting record. | |||
IP-Port-Local-Id TLV can be included as part of the IP-Port-Range | IP-Port-Local-Id TLV MAY be included as part of the IP-Port-Range | |||
Attribute (refer to Section 3.1.2) and IP-Port-Forwarding-Map | Attribute (refer to Section 3.1.2) and IP-Port-Forwarding-Map | |||
Attribute (refer to Section 3.1.3). | Attribute (refer to Section 3.1.3). | |||
0 1 2 3 | 0 1 2 3 | |||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| Type | Length | localID .... | | Type | Length | localID .... | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
Figure 14 | Figure 14 | |||
Type: | Type: | |||
TBA15: This uniquely refers to IPFIX Element ID TBD. | The value depends on the encapsulating attribute (see IANA | |||
section). This MUST uniquely refer to the IPFIX Information | ||||
Element identifier TBAx3. | ||||
Length: | Length: | |||
Variable number of bytes. | Variable number of bytes. | |||
localID: | localID: | |||
string. This field contains the data (string) of (TBAX3) defined | string. This field contains the data (string) of (TBAx3) defined | |||
in IPFIX. This is a local session identifier at the customer | in IPFIX. This is a local session identifier at the customer | |||
premise, such as MAC address, interface ID, VLAN ID, PPP sessions | premise, such as MAC address, interface ID, VLAN ID, PPP sessions | |||
ID, VRF ID, IPv6 address/prefix, etc. | ID, VRF ID, IPv6 address/prefix, etc. | |||
4. Applications, Use Cases and Examples | 4. Applications, Use Cases and Examples | |||
This section describes some applications and use cases to illustrate | This section describes some applications and use cases to illustrate | |||
the use of the attributes proposed in this document. | the use of the attributes proposed in this document. | |||
4.1. Managing CGN Port Behavior using RADIUS | 4.1. Managing CGN Port Behavior using RADIUS | |||
In a broadband network, customer information is usually stored on a | In a broadband network, customer information is usually stored on a | |||
RADIUS server, and the BNG hosts the NAS. The communication between | RADIUS server, and the BNG acts as a NAS. The communication between | |||
the NAS and the RADIUS server is triggered by a subscriber when the | the NAS and the RADIUS server is triggered by a user when it signs in | |||
user signs in to the Internet service, where either PPP or DHCP/ | to the Internet service, where either PPP or DHCP/DHCPv6 is used. | |||
DHCPv6 is used. When a user signs in, the NAS sends a RADIUS Access- | When a user signs in, the NAS sends a RADIUS Access-Request message | |||
Request message to the RADIUS server. The RADIUS server validates | to the RADIUS server. The RADIUS server validates the request, and | |||
the request, and if the validation succeeds, it in turn sends back a | if the validation succeeds, it in turn sends back a RADIUS Access- | |||
RADIUS Access-Accept message. The Access-Accept message carries | Accept message. The Access-Accept message carries configuration | |||
configuration information specific to that user, back to the NAS, | information specific to that user, back to the NAS, where some of the | |||
where some of the information would pass on to the requesting user | information would pass on to the requesting user via PPP or DHCP/ | |||
via PPP or DHCP/DHCPv6. | DHCPv6. | |||
A CGN function in a broadband network would most likely reside on a | A CGN function in a broadband network would most likely co-located on | |||
BNG. In that case, parameters for CGN port/identifier mapping | a BNG. In that case, parameters for CGN port/identifier mapping | |||
behavior for users can be configured on the RADIUS server. When a | behavior for users can be configured on the RADIUS server. When a | |||
user signs in to the Internet service, the associated parameters can | user signs in to the Internet service, the associated parameters can | |||
be conveyed to the NAS, and proper configuration is accomplished on | be conveyed to the NAS, and proper configuration is accomplished on | |||
the CGN device for that user. | the CGN device for that user. | |||
Also, CGN operation status such as CGN port/identifier allocation and | Also, CGN operation status such as CGN port/identifier allocation and | |||
de-allocation for a specific user on the BNG can also be transmitted | de-allocation for a specific user on the BNG can also be transmitted | |||
back to the RADIUS server for accounting purpose using the RADIUS | back to the RADIUS server for accounting purpose using the RADIUS | |||
protocol. | protocol. | |||
skipping to change at page 23, line 8 ¶ | skipping to change at page 23, line 48 ¶ | |||
specification introduces little overhead to the existing network | specification introduces little overhead to the existing network | |||
operation. | operation. | |||
In the following sub-sections, we describe how to manage CGN behavior | In the following sub-sections, we describe how to manage CGN behavior | |||
using RADIUS protocol, with required RADIUS extensions proposed in | using RADIUS protocol, with required RADIUS extensions proposed in | |||
Section 3. | Section 3. | |||
4.1.1. Configure IP Port Limit for a User | 4.1.1. Configure IP Port Limit for a User | |||
In the face of IPv4 address shortage, there are currently proposals | In the face of IPv4 address shortage, there are currently proposals | |||
to multiplex multiple subscribers' connections over a smaller number | to multiplex multiple users' connections over a smaller number of | |||
of shared IPv4 addresses, such as Carrier Grade NAT [RFC6888], Dual- | shared IPv4 addresses, such as Carrier Grade NAT [RFC6888], Dual- | |||
Stack Lite [RFC6333], NAT64 [RFC6146], etc. As a result, a single | Stack Lite [RFC6333], NAT64 [RFC6146], etc. As a result, a single | |||
IPv4 public address may be shared by hundreds or even thousands of | IPv4 public address may be shared by hundreds or even thousands of | |||
subscribers. As indicated in [RFC6269], it is therefore necessary to | users. As indicated in [RFC6269], it is therefore necessary to | |||
impose limits on the total number of ports available to an individual | impose limits on the total number of ports available to an individual | |||
subscriber to ensure that the shared resource, i.e., the IPv4 address | user to ensure that the shared resource, i.e., the IPv4 address, | |||
remains available in some capacity to all the subscribers using it, | remains available in some capacity to all the users using it. The | |||
and port limiting is also documented in [RFC6888] as a requirement. | support of IP port limit is also documented in [RFC6888] as a | |||
requirement for CGN. | ||||
The IP port limit imposed to a specific subscriber may be on the | The IP port limit imposed to a specific user may be on the total | |||
total number of TCP and UDP ports plus the number of ICMP | number of TCP and UDP ports plus the number of ICMP identifiers, or | |||
identifiers, or with other granularities as defined in Section 3.1.1. | with other granularities as defined in Section 3.1.1. | |||
The per-subscriber based IP port limit is configured on a RADIUS | The per-user based IP port limit is configured on a RADIUS server, | |||
server, along with other user information such as credentials. The | along with other user information such as credentials. The value of | |||
value of these IP port limit is based on service agreement and its | this IP port limit is based on service agreement and its | |||
specification is out of the scope of this document. | specification is out of the scope of this document. | |||
When a subscriber signs in to the Internet service successfully, the | When a user signs in to the Internet service successfully, the IP | |||
IP port limit for the subscriber is passed to the BNG based NAS, | port limit for the subscriber is passed by the RADIUS server to the | |||
where CGN also locates, using a new RADIUS attribute called IP-Port- | BNG, acting as a NAS and co-located with the CGN, using a new RADIUS | |||
Limit (defined in Section 3.1.1), along with other configuration | attribute called IP-Port-Limit (defined in Section 3.1.1), along with | |||
parameters. While some parameters are passed to the subscriber, the | other configuration parameters. While some parameters are passed to | |||
IP port limit is recorded on the CGN device for imposing the usage of | the user, the IP port limit is recorded on the CGN device for | |||
TCP/UDP ports and ICMP identifiers for that subscriber. | imposing the usage of TCP/UDP ports and ICMP identifiers for that | |||
user. | ||||
Figure 15 illustrates how RADIUS protocol is used to configure the | Figure 15 illustrates how RADIUS protocol is used to configure the | |||
maximum number of TCP/UDP ports for a given subscriber on a NAT44 | maximum number of TCP/UDP ports for a given user on a NAT44 device. | |||
device. | ||||
User NAT44/NAS AAA | User NAT44/NAS AAA | |||
| BNG Server | | BNG Server | |||
| | | | | | | | |||
| | | | | | | | |||
|----Service Request------>| | | |----Service Request------>| | | |||
| | | | | | | | |||
| |-----Access-Request -------->| | | |-----Access-Request -------->| | |||
| | | | | | | | |||
| |<----Access-Accept-----------| | | |<----Access-Accept-----------| | |||
| | (IP-Port-Limit) | | | | (IP-Port-Limit) | | |||
| | (for TCP/UDP ports) | | | | (for TCP/UDP ports) | | |||
skipping to change at page 24, line 37 ¶ | skipping to change at page 25, line 16 ¶ | |||
RADIUS extension may be changed using RADIUS CoA message [RFC5176] | RADIUS extension may be changed using RADIUS CoA message [RFC5176] | |||
that carries the same RADIUS attribute. The CoA message may be sent | that carries the same RADIUS attribute. The CoA message may be sent | |||
from the RADIUS server directly to the NAS, which once accepts and | from the RADIUS server directly to the NAS, which once accepts and | |||
sends back a RADIUS CoA ACK message, the new IP port limit replaces | sends back a RADIUS CoA ACK message, the new IP port limit replaces | |||
the previous one. | the previous one. | |||
Figure 16 illustrates how RADIUS protocol is used to increase the | Figure 16 illustrates how RADIUS protocol is used to increase the | |||
TCP/UDP port limit from 1024 to 2048 on a NAT44 device for a specific | TCP/UDP port limit from 1024 to 2048 on a NAT44 device for a specific | |||
user. | user. | |||
User NAT/NAS AAA | User NAT44/NAS AAA | |||
| BNG Server | | BNG Server | |||
| | | | | | | | |||
| TCP/UDP Port Limit (1024) | | | TCP/UDP Port Limit (1024) | | |||
| | | | | | | | |||
| |<---------CoA Request----------| | | |<---------CoA Request----------| | |||
| | (IP-Port-Limit) | | | | (IP-Port-Limit) | | |||
| | (for TCP/UDP ports) | | | | (for TCP/UDP ports) | | |||
| | | | | | | | |||
| TCP/UDP Port Limit (2048) | | | TCP/UDP Port Limit (2048) | | |||
| | | | | | | | |||
| |---------CoA Response--------->| | | |---------CoA Response--------->| | |||
| | | | | | | | |||
Figure 16: RADIUS Message Flow for changing a user's NAT44 port limit | Figure 16: RADIUS Message Flow for changing a user's NAT44 port limit | |||
4.1.2. Report IP Port Allocation/De-allocation | 4.1.2. Report IP Port Allocation/De-allocation | |||
Upon obtaining the IP port limit for a subscriber, the CGN device | Upon obtaining the IP port limit for a user, the CGN device needs to | |||
needs to allocate a TCP/UDP port or an ICMP identifiers for the | allocate a TCP/UDP port or an ICMP identifiers for the user when | |||
subscriber when receiving a new IP flow sent from that subscriber. | receiving a new IP flow sent from that user. | |||
As one practice, a CGN may allocate a bulk of TCP/UDP ports or ICMP | As one practice, a CGN may allocate a bulk of TCP/UDP ports or ICMP | |||
identifiers once at a time for a specific user, instead of one port/ | identifiers once at a time for a specific user, instead of one port/ | |||
identifier at a time, and within each port bulk, the ports/ | identifier at a time, and within each port bulk, the ports/ | |||
identifiers may be randomly distributed or in consecutive fashion. | identifiers may be randomly distributed or in consecutive fashion. | |||
When a CGN device allocates bulk of TCP/UDP ports and ICMP | When a CGN device allocates bulk of TCP/UDP ports and ICMP | |||
identifiers, the information can be easily conveyed to the RADIUS | identifiers, the information can be easily conveyed to the RADIUS | |||
server by a new RADIUS attribute called the IP-Port-Range (defined in | server by a new RADIUS attribute called the IP-Port-Range (defined in | |||
Section 3.1.2). The CGN device may allocate one or more TCP/UDP port | Section 3.1.2). The CGN device may allocate one or more TCP/UDP port | |||
ranges or ICMP identifier ranges, or generally called IP port ranges, | ranges or ICMP identifier ranges, or generally called IP port ranges, | |||
where each range contains a set of numbers representing TCP/UDP ports | where each range contains a set of numbers representing TCP/UDP ports | |||
or ICMP identifiers, and the total number of ports/identifiers must | or ICMP identifiers, and the total number of ports/identifiers must | |||
be less or equal to the associated IP port limit imposed for that | be less or equal to the associated IP port limit imposed for that | |||
subscriber. A CGN device may choose to allocate a small port range, | user. A CGN device may choose to allocate a small port range, and | |||
and allocate more at a later time as needed; such practice is good | allocate more at a later time as needed; such practice is good | |||
because its randomization in nature. | because its randomization in nature. | |||
At the same time, the CGN device also needs to decide the shared IPv4 | At the same time, the CGN device also needs to decide the shared IPv4 | |||
address for that subscriber. The shared IPv4 address and the pre- | address for that user. The shared IPv4 address and the pre-allocated | |||
allocated IP port range are both passed to the RADIUS server. | IP port range are both passed to the RADIUS server. | |||
When a subscriber initiates an IP flow, the CGN device randomly | When a user initiates an IP flow, the CGN device randomly selects a | |||
selects a TCP/UDP port or ICMP identifier from the associated and | TCP/UDP port or ICMP identifier from the associated and pre-allocated | |||
pre-allocated IP port range for that subscriber to replace the | IP port range for that user to replace the original source TCP/UDP | |||
original source TCP/UDP port or ICMP identifier, along with the | port or ICMP identifier, along with the replacement of the source IP | |||
replacement of the source IP address by the shared IPv4 address. | address by the shared IPv4 address. | |||
A CGN device may decide to "free" a previously assigned set of TCP/ | A CGN device may decide to "free" a previously assigned set of TCP/ | |||
UDP ports or ICMP identifiers that have been allocated for a specific | UDP ports or ICMP identifiers that have been allocated for a specific | |||
subscriber but not currently in use, and with that, the CGN device | user but not currently in use, and with that, the CGN device must | |||
must send the information of the de-allocated IP port range along | send the information of the de-allocated IP port range along with the | |||
with the shared IPv4 address to the RADIUS server. | shared IPv4 address to the RADIUS server. | |||
Figure 17 illustrates how RADIUS protocol is used to report a set of | Figure 17 illustrates how RADIUS protocol is used to report a set of | |||
ports allocated and de-allocated, respectively, by a NAT44 device for | ports allocated and de-allocated, respectively, by a NAT44 device for | |||
a specific user to the RADIUS server. | a specific user to the RADIUS server. | |||
Host NAT44/NAS AAA | Host NAT44/NAS AAA | |||
| BNG Server | | BNG Server | |||
| | | | | | | | |||
| | | | | | | | |||
|----Service Request------>| | | |----Service Request------>| | | |||
| | | | | | | | |||
| |-----Access-Request -------->| | | |-----Access-Request -------->| | |||
| | | | | | | | |||
| |<----Access-Accept-----------| | | |<----Access-Accept-----------| | |||
|<---Service Granted ------| | | |<---Service Granted ------| | | |||
| (other parameters) | | | | (other parameters) | | | |||
skipping to change at page 28, line 25 ¶ | skipping to change at page 29, line 25 ¶ | |||
| | | | | | | | |||
| |---------CoA Response--------->| | | |---------CoA Response--------->| | |||
| | (IP-Port-Forwarding-Map) | | | | (IP-Port-Forwarding-Map) | | |||
Figure 19: RADIUS Message Flow for changing a user's forwarding port | Figure 19: RADIUS Message Flow for changing a user's forwarding port | |||
mapping | mapping | |||
4.1.4. An Example | 4.1.4. An Example | |||
An Internet Service Provider (ISP) assigns TCP/UDP 500 ports for the | An Internet Service Provider (ISP) assigns TCP/UDP 500 ports for the | |||
subscriber Joe. This number is the limit that can be used for TCP/UDP | user Joe. This number is the limit that can be used for TCP/UDP ports | |||
ports on a NAT44 device for Joe, and is configured on a RADIUS | on a NAT44 device for Joe, and is configured on a RADIUS server. | |||
server. Also, Joe asks for a pre-defined port forwarding mapping on | Also, Joe asks for a pre-defined port forwarding mapping on the NAT44 | |||
the NAT44 device for his web cam applications (external port 5000 | device for his web cam applications (external port 5000 maps to | |||
maps to internal port 80). | internal port 80). | |||
When Joe successfully connects to the Internet service, the RADIUS | When Joe successfully connects to the Internet service, the RADIUS | |||
server conveys the TCP/UDP port limit (1000) and the forwarding port | server conveys the TCP/UDP port limit (1000) and the forwarding port | |||
mapping (external port 5000 to internal port 80) to the NAT44 device, | mapping (external port 5000 to internal port 80) to the NAT44 device, | |||
using IP-Port-Limit attribute and IP-Port-Forwarding-Map attribute, | using IP-Port-Limit attribute and IP-Port-Forwarding-Map attribute, | |||
respectively, carried by an Access-Accept message to the BNG where | respectively, carried by an Access-Accept message to the BNG where | |||
NAS and CGN co-located. | NAS and CGN co-located. | |||
Upon receiving the first outbound IP packet sent from Joe's laptop, | Upon receiving the first outbound IP packet sent from Joe's laptop, | |||
the NAT44 device decides to allocate a small port pool that contains | the NAT44 device decides to allocate a small port pool that contains | |||
skipping to change at page 30, line 44 ¶ | skipping to change at page 31, line 44 ¶ | |||
| | | | | | | | |||
Figure 20: RADIUS Message Flow for reporting CPE allocation/de- | Figure 20: RADIUS Message Flow for reporting CPE allocation/de- | |||
allocation of a port set to a visiting UE | allocation of a port set to a visiting UE | |||
5. Table of Attributes | 5. Table of Attributes | |||
This document proposes three new RADIUS attributes and their formats | This document proposes three new RADIUS attributes and their formats | |||
are as follows: | are as follows: | |||
o IP-Port-Limit: TBA1.TBA2.[TBA6, TBA5, {TBA7}] | o IP-Port-Limit: 241.TBA2. | |||
o IP-Port-Range: TBA1.TBA3.[TBA12, TBA5, {TBA13, TBA14}, {TBA7}, | o IP-Port-Range: 241.TBA3. | |||
{TBA15}]. | ||||
o IP-Port-Forwarding-Map: TBA1.TBA4.[TBA10, TBA11, TBA5, {TBA8 | | o IP-Port-Forwarding-Map: 241.TBA4. | |||
TBA9}, {TBA7}] | ||||
Note to IANA: it is assumed that Extended-Type-1 "241" will be used | ||||
for theses attributes. | ||||
The following table provides a guide as what type of RADIUS packets | The following table provides a guide as what type of RADIUS packets | |||
that may contain these attributes, and in what quantity. | that may contain these attributes, and in what quantity. | |||
Request Accept Reject Challenge Acct. # Attribute | Request Accept Reject Challenge Acct. # Attribute | |||
Request | Request | |||
0+ 0+ 0 0 0+ TBA IP-Port-Limit | 0+ 0+ 0 0 0+ TBA IP-Port-Limit | |||
0 0 0 0 0+ TBA IP-Port-Range | 0 0 0 0 0+ TBA IP-Port-Range | |||
0+ 0+ 0 0 0+ TBA IP-Port-Forwarding-Map | 0+ 0+ 0 0 0+ TBA IP-Port-Forwarding-Map | |||
The following table defines the meaning of the above table entries. | The following table defines the meaning of the above table entries. | |||
0 This attribute MUST NOT be present in packet. | 0 This attribute MUST NOT be present in packet. | |||
0+ Zero or more instances of this attribute MAY be present in packet. | 0+ Zero or more instances of this attribute MAY be present in packet. | |||
6. Security Considerations | 6. Security Considerations | |||
This document does not introduce any security issue than what has | This document does not introduce any security issue other than the | |||
been identified in [RFC2865]. | ones already identified in RADIUS [RFC2865]. | |||
7. IANA Considerations | 7. IANA Considerations | |||
This document requires new code point assignments for both IPFIX | This document requires new code point assignments for both IPFIX | |||
Elements and RADIUS attributes as explained in the following | Information Elements and RADIUS attributes as explained in the | |||
sections. | following sub-sections. | |||
7.1. IANA Considerations on New IPFIX Elements | 7.1. IANA Considerations on New IPFIX Information Elements | |||
The following are code point assignments for new IPFIX Elements as | The following are code point assignments for new IPFIX Information | |||
requested by this document: | Elements as requested by this document: | |||
o transportType (refer to Section 3.2.1): The identifier of this | o transportType (refer to Section 3.2.1): The identifier of this | |||
IPFIX Element is TBAx1. The data type of this IPFIX Element is | IPFIX Information Element is TBAx1. The data type of this IPFIX | |||
unsigned8, and the Element's value indicates TCP/UDP ports and | Information Element is unsigned8, and the Element's value | |||
ICMP Identifiers (1), TCP/UDP ports (2), TCP ports (3), UDP ports | indicates TCP/UDP ports and ICMP Identifiers (1), TCP/UDP ports | |||
(4) or ICMP identifiers (5). | (2), TCP ports (3), UDP ports (4) or ICMP identifiers (5). | |||
o natTransportLimit (refer to Section 3.2.2): The identifier of this | o natTransportLimit (refer to Section 3.2.2): The identifier of this | |||
IPFIX Element is TBAx2. The data type of this IPFIX Element is | IPFIX Information Element is TBAx2. The data type of this IPFIX | |||
unsigned16, and the Element's value is the max number of IP | Information Element is unsigned16, and the Element's value is the | |||
transport ports to be assigned to an end user associated with one | max number of IP transport ports to be assigned to an end user | |||
or more IPv4 addresses. | associated with one or more IPv4 addresses. | |||
o localID (refer to Section 3.2.11): The identifier of this IPFIX | o localID (refer to Section 3.2.11): The identifier of this IPFIX | |||
Element is TBAx3. The data type of this IPFIX Element is string, | Information Element is TBAx3. The data type of this IPFIX | |||
and the Element's value is an IPv4 or IPv6 address, a MAC address, | Information Element is string, and the Element's value is an IPv4 | |||
a VLAN ID, etc. | or IPv6 address, a MAC address, a VLAN ID, etc. | |||
7.2. IANA Considerations on New RADIUS Attributes | 7.2. IANA Considerations on New RADIUS Attributes | |||
The following are new code point assignment for RADIUS extensions as | The authors request that Attribute Types and Attribute Values defined | |||
requested by this document: | in this document be registered by the Internet Assigned Numbers | |||
Authority (IANA) from the RADIUS namespaces as described in the "IANA | ||||
o TBA1: This value is allocated from Radius Extended-Type space. | Considerations" section of [RFC3575], in accordance with BCP 26 | |||
Refer to Section 3.1.1, Section 3.1.2, and Section 3.1.3. | [RFC5226]. For RADIUS packets, attributes and registries created by | |||
this document IANA is requested to place them at | ||||
o TBA2: This is allocated from TBA1, so TBA1.TBA2 identifies a new | http://www.iana.org/assignments/radius-types. | |||
RADIUS attribute IP-Port-Limit. Refer to Section 3.1.1. | ||||
o TBA3: This is allocated from TBA1, so TBA1.TBA3 indentifies a new | ||||
RADIUS attribute IP-Port-Range. Refer to Section 3.1.2. | ||||
o TBA4: This is allocated from TBA1, so TBA1.TBA4 indentifies a new | ||||
RADISU attribute IP-Port-Forwarding-Map. Refer to Section 3.1.3. | ||||
o TBA5 (refer to Section 3.2.1): This is for the Type field of IP- | ||||
Port-Type TLV. It should be allocated as TLV data type. The | ||||
Value filed of this TLV contains the data of IPFIX Element | ||||
transportType (TBAx1). | ||||
o TBA6 (refer to Section 3.2.2): This is for the Type field of IP- | ||||
Port-Limit TLV. It should be allocated as TLV data type. The | ||||
Value field of this TLV contains the data of IPFIX Element | ||||
natTransportLimit(TBAx2). | ||||
o TBA7 (refer to Section 3.2.3): This is for the Type field of IP- | In particular, this document defines three new RADIUS attributes, | |||
Port-Ext-IPv4-Addr TLV. It should be allocated as TLV data type. | entitled "IP-Port-Limit" (see Section 3.1.1), "IP-Port-Range" (see | |||
The Value field of this TLV contains the data of IPFIX Element | Section 3.1.2) and "IP-Port-Forwarding-Map" (see Section 3.1.3), with | |||
postNATSourceIPv4Address(225). | assigned values of 241.TBD2, 241.TBD3 and 241.TBD4 from the Short | |||
Extended Space of [RFC6929]: | ||||
o TBA8 (refer to Section 3.2.4): This is for the Type field of IP- | Type Name Meaning | |||
Port-Int-IPv4-Addr TLV. It should be allocated as TLV data type. | ---- ---- ------- | |||
The Value field of this TLV contains the data of IPFIX Element | 241.TBD2 IP-Port-Limit see Section 3.1.1 | |||
sourceIPv4Address(8). | 241.TBD3 IP-Port-Range see Section 3.1.2 | |||
241.TBD4 IP-Port-Forwarding-Map see Section 3.1.3 | ||||
o TBA9 (refer to Section 3.2.5): This is for the Type field of IP- | 7.3. IANA Considerations on New RADIUS Nested Attributes | |||
Port-Int-IPv6-Addr TLV. It should be allocated as TLV data type. | ||||
The Value field of this TLV contains the data of IPFIX Element | ||||
sourceIPv6Address(27). | ||||
o TBA10 (refer to Section 3.2.6): This is for the Type field of IP- | This specification requests allocation of the following TLVs within | |||
Port-Int-Port TLV. It should be allocated as TLV data type. The | the attribute IP-Port-Limit 241.TBD2: | |||
Value field of this TLV containss the data of IPFIX Element | ||||
sourceTransportPort(7). | ||||
o TBA11 (refer to Section 3.2.7): This is for the Type field of IP- | Type Name Meaning | |||
Port-Ext-port TLV. It should be allocated as TLV data type. The | ---- ---- ------- | |||
Value field of this TLV contains the data of IPFIX Element | 241.TBD2.1 IP-Port-Type see Section 3.2.1 | |||
postNAPTSourceTransportPort(227). | 241.TBD2.2 IP-Port-Limit see Section 3.2.2 | |||
241.TBD2.3 IP-Port-Ext-IPv4-Addr see Section 3.2.3 | ||||
o TBA12 (refer to Section 3.2.8): This is for the Type field of IP- | This specification requests allocation of the following TLVs within | |||
Port-Alloc TLV. It should be allocated as TLV data type. The | the attribute IP-Port-Range 241.TBD3: | |||
Value field of this TLV contains the data of IPFIX Element | ||||
natEvent(230). | ||||
o TBA13 (refer to Section 3.2.9): This is for the Type field of IP- | Type Name Meaning | |||
Port-Range-Start TLV. It should be allocated as TLV data type. | ---- ---- ------- | |||
The Value field of this TLV contains the data of IPFIX Element | 241.TBD3.1 IP-Port-Type see Section 3.2.1 | |||
portRangeStart(361). | 241.TBD3.2 IP-Port-Ext-IPv4-Addr see Section 3.2.3 | |||
241.TBD3.3 IP-Port-Alloc see Section 3.2.8 | ||||
241.TBD3.4 IP-Port-Range-Start see Section 3.2.9 | ||||
241.TBD3.5 IP-Port-Range-End see Section 3.2.10 | ||||
o TBA14 (refer to Section 3.2.10): This is for the Type field of IP- | This specification requests allocation of the following TLVs within | |||
Port-Range-End TLV. It should be allocated as TLV data type. The | the attribute IP-Port-Forwarding-Map 241.TBD4: | |||
Value field of this TLV contains the data of IPFIX Element | ||||
portRangeEnd(362). | ||||
o TBA15 (refer to Section 3.2.11): This is for the Type field of IP- | Type Name Meaning | |||
Port-Local-Id TLV. It should be allocated as TLV data type. The | ---- ---- ------- | |||
Value field of this TLV contains the data of IPFIX Element | 241.TBD4.1 IP-Port-Type see Section 3.2.1 | |||
localID(TBAx3). | 241.TBD4.2 IP-Port-Ext-IPv4-Addr see Section 3.2.3 | |||
241.TBD4.3 IP-Port-Int-IPv4-Addr see Section 3.2.4 | ||||
241.TBD4.4 IP-Port-Int-IPv6-Addr see Section 3.2.5 | ||||
241.TBD4.5 IP-Port-Int-Port see Section 3.2.6 | ||||
241.TBD4.6 IP-Port-Ext-Port see Section 3.2.7 | ||||
241.TBD4.7 IP-Port-Local-Id see Section 3.2.11 | ||||
8. Acknowledgements | 8. Acknowledgements | |||
Many thanks to Dan Wing, Roberta Maglione, Daniel Derksen, David | Many thanks to Dan Wing, Roberta Maglione, Daniel Derksen, David | |||
Thaler, Alan Dekok, Lionel Morand, and Peter Deacon for their useful | Thaler, Alan Dekok, Lionel Morand, and Peter Deacon for their useful | |||
comments and suggestions. | comments and suggestions. | |||
Special thanks to Lionel Morand for the Shepherd review. | ||||
9. References | 9. References | |||
9.1. Normative References | 9.1. Normative References | |||
[IPFIX] IANA, "IP Flow Information Export (IPFIX) Entities", | [IPFIX] IANA, "IP Flow Information Export (IPFIX) Entities", | |||
<http://www.iana.org/assignments/ipfix/ipfix.xhtml>. | <http://www.iana.org/assignments/ipfix/ipfix.xhtml>. | |||
[RFC1918] Rekhter, Y., Moskowitz, B., Karrenberg, D., de Groot, G., | ||||
and E. Lear, "Address Allocation for Private Internets", | ||||
BCP 5, RFC 1918, DOI 10.17487/RFC1918, February 1996, | ||||
<http://www.rfc-editor.org/info/rfc1918>. | ||||
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
Requirement Levels", BCP 14, RFC 2119, | Requirement Levels", BCP 14, RFC 2119, | |||
DOI 10.17487/RFC2119, March 1997, | DOI 10.17487/RFC2119, March 1997, | |||
<http://www.rfc-editor.org/info/rfc2119>. | <http://www.rfc-editor.org/info/rfc2119>. | |||
[RFC2629] Rose, M., "Writing I-Ds and RFCs using XML", RFC 2629, | ||||
DOI 10.17487/RFC2629, June 1999, | ||||
<http://www.rfc-editor.org/info/rfc2629>. | ||||
[RFC2865] Rigney, C., Willens, S., Rubens, A., and W. Simpson, | [RFC2865] Rigney, C., Willens, S., Rubens, A., and W. Simpson, | |||
"Remote Authentication Dial In User Service (RADIUS)", | "Remote Authentication Dial In User Service (RADIUS)", | |||
RFC 2865, DOI 10.17487/RFC2865, June 2000, | RFC 2865, DOI 10.17487/RFC2865, June 2000, | |||
<http://www.rfc-editor.org/info/rfc2865>. | <http://www.rfc-editor.org/info/rfc2865>. | |||
[RFC5176] Chiba, M., Dommety, G., Eklund, M., Mitton, D., and B. | [RFC3575] Aboba, B., "IANA Considerations for RADIUS (Remote | |||
Aboba, "Dynamic Authorization Extensions to Remote | Authentication Dial In User Service)", RFC 3575, | |||
Authentication Dial In User Service (RADIUS)", RFC 5176, | DOI 10.17487/RFC3575, July 2003, | |||
DOI 10.17487/RFC5176, January 2008, | <http://www.rfc-editor.org/info/rfc3575>. | |||
<http://www.rfc-editor.org/info/rfc5176>. | ||||
[RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an | ||||
IANA Considerations Section in RFCs", BCP 26, RFC 5226, | ||||
DOI 10.17487/RFC5226, May 2008, | ||||
<http://www.rfc-editor.org/info/rfc5226>. | ||||
[RFC6929] DeKok, A. and A. Lior, "Remote Authentication Dial In User | [RFC6929] DeKok, A. and A. Lior, "Remote Authentication Dial In User | |||
Service (RADIUS) Protocol Extensions", RFC 6929, | Service (RADIUS) Protocol Extensions", RFC 6929, | |||
DOI 10.17487/RFC6929, April 2013, | DOI 10.17487/RFC6929, April 2013, | |||
<http://www.rfc-editor.org/info/rfc6929>. | <http://www.rfc-editor.org/info/rfc6929>. | |||
[RFC7012] Claise, B., Ed. and B. Trammell, Ed., "Information Model | [RFC7012] Claise, B., Ed. and B. Trammell, Ed., "Information Model | |||
for IP Flow Information Export (IPFIX)", RFC 7012, | for IP Flow Information Export (IPFIX)", RFC 7012, | |||
DOI 10.17487/RFC7012, September 2013, | DOI 10.17487/RFC7012, September 2013, | |||
<http://www.rfc-editor.org/info/rfc7012>. | <http://www.rfc-editor.org/info/rfc7012>. | |||
[TR-146] Broadband Forum, "TR-146: Subscriber Sessions", | ||||
<http://www.broadband-forum.org/technical/download/ | ||||
TR-146.pdf>. | ||||
9.2. Informative References | 9.2. Informative References | |||
[I-D.gundavelli-v6ops-community-wifi-svcs] | [I-D.gundavelli-v6ops-community-wifi-svcs] | |||
Gundavelli, S., Grayson, M., Seite, P., and Y. Lee, | Gundavelli, S., Grayson, M., Seite, P., and Y. Lee, | |||
"Service Provider Wi-Fi Services Over Residential | "Service Provider Wi-Fi Services Over Residential | |||
Architectures", draft-gundavelli-v6ops-community-wifi- | Architectures", draft-gundavelli-v6ops-community-wifi- | |||
svcs-06 (work in progress), April 2013. | svcs-06 (work in progress), April 2013. | |||
[I-D.ietf-softwire-lw4over6] | ||||
Cui, Y., Qiong, Q., Boucadair, M., Tsou, T., Lee, Y., and | ||||
I. Farrer, "Lightweight 4over6: An Extension to the DS- | ||||
Lite Architecture", draft-ietf-softwire-lw4over6-13 (work | ||||
in progress), November 2014. | ||||
[RFC3022] Srisuresh, P. and K. Egevang, "Traditional IP Network | [RFC3022] Srisuresh, P. and K. Egevang, "Traditional IP Network | |||
Address Translator (Traditional NAT)", RFC 3022, | Address Translator (Traditional NAT)", RFC 3022, | |||
DOI 10.17487/RFC3022, January 2001, | DOI 10.17487/RFC3022, January 2001, | |||
<http://www.rfc-editor.org/info/rfc3022>. | <http://www.rfc-editor.org/info/rfc3022>. | |||
[RFC5176] Chiba, M., Dommety, G., Eklund, M., Mitton, D., and B. | ||||
Aboba, "Dynamic Authorization Extensions to Remote | ||||
Authentication Dial In User Service (RADIUS)", RFC 5176, | ||||
DOI 10.17487/RFC5176, January 2008, | ||||
<http://www.rfc-editor.org/info/rfc5176>. | ||||
[RFC6146] Bagnulo, M., Matthews, P., and I. van Beijnum, "Stateful | [RFC6146] Bagnulo, M., Matthews, P., and I. van Beijnum, "Stateful | |||
NAT64: Network Address and Protocol Translation from IPv6 | NAT64: Network Address and Protocol Translation from IPv6 | |||
Clients to IPv4 Servers", RFC 6146, DOI 10.17487/RFC6146, | Clients to IPv4 Servers", RFC 6146, DOI 10.17487/RFC6146, | |||
April 2011, <http://www.rfc-editor.org/info/rfc6146>. | April 2011, <http://www.rfc-editor.org/info/rfc6146>. | |||
[RFC6269] Ford, M., Ed., Boucadair, M., Durand, A., Levis, P., and | [RFC6269] Ford, M., Ed., Boucadair, M., Durand, A., Levis, P., and | |||
P. Roberts, "Issues with IP Address Sharing", RFC 6269, | P. Roberts, "Issues with IP Address Sharing", RFC 6269, | |||
DOI 10.17487/RFC6269, June 2011, | DOI 10.17487/RFC6269, June 2011, | |||
<http://www.rfc-editor.org/info/rfc6269>. | <http://www.rfc-editor.org/info/rfc6269>. | |||
skipping to change at page 35, line 41 ¶ | skipping to change at page 36, line 21 ¶ | |||
A., and H. Ashida, "Common Requirements for Carrier-Grade | A., and H. Ashida, "Common Requirements for Carrier-Grade | |||
NATs (CGNs)", BCP 127, RFC 6888, DOI 10.17487/RFC6888, | NATs (CGNs)", BCP 127, RFC 6888, DOI 10.17487/RFC6888, | |||
April 2013, <http://www.rfc-editor.org/info/rfc6888>. | April 2013, <http://www.rfc-editor.org/info/rfc6888>. | |||
[RFC6967] Boucadair, M., Touch, J., Levis, P., and R. Penno, | [RFC6967] Boucadair, M., Touch, J., Levis, P., and R. Penno, | |||
"Analysis of Potential Solutions for Revealing a Host | "Analysis of Potential Solutions for Revealing a Host | |||
Identifier (HOST_ID) in Shared Address Deployments", | Identifier (HOST_ID) in Shared Address Deployments", | |||
RFC 6967, DOI 10.17487/RFC6967, June 2013, | RFC 6967, DOI 10.17487/RFC6967, June 2013, | |||
<http://www.rfc-editor.org/info/rfc6967>. | <http://www.rfc-editor.org/info/rfc6967>. | |||
[RFC7596] Cui, Y., Sun, Q., Boucadair, M., Tsou, T., Lee, Y., and I. | ||||
Farrer, "Lightweight 4over6: An Extension to the Dual- | ||||
Stack Lite Architecture", RFC 7596, DOI 10.17487/RFC7596, | ||||
July 2015, <http://www.rfc-editor.org/info/rfc7596>. | ||||
[TR-146] Broadband Forum, "TR-146: Subscriber Sessions", | ||||
<http://www.broadband-forum.org/technical/download/ | ||||
TR-146.pdf>. | ||||
Authors' Addresses | Authors' Addresses | |||
Dean Cheng | Dean Cheng | |||
Huawei | Huawei | |||
2330 Central Expressway | 2330 Central Expressway | |||
Santa Clara, California 95050 | Santa Clara, California 95050 | |||
USA | USA | |||
Email: dean.cheng@huawei.com | Email: dean.cheng@huawei.com | |||
Jouni Korhonen | Jouni Korhonen | |||
Broadcom Corporation | Broadcom Corporation | |||
3151 Zanker Road | 3151 Zanker Road | |||
San Jose 95134 | San Jose 95134 | |||
USA | USA | |||
Email: jouni.nospam@gmail.com | Email: jouni.nospam@gmail.com | |||
Mohamed Boucadair | Mohamed Boucadair | |||
France Telecom | Orange | |||
Rennes | Rennes | |||
France | France | |||
Email: mohamed.boucadair@orange.com | Email: mohamed.boucadair@orange.com | |||
Senthil Sivakumar | Senthil Sivakumar | |||
Cisco Systems | Cisco Systems | |||
7100-8 Kit Creek Road | 7100-8 Kit Creek Road | |||
Research Triangle Park, North Carolina | Research Triangle Park, North Carolina | |||
USA | USA | |||
End of changes. 129 change blocks. | ||||
381 lines changed or deleted | 412 lines changed or added | |||
This html diff was produced by rfcdiff 1.44. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ |