draft-ietf-radext-ip-port-radius-ext-06.txt   draft-ietf-radext-ip-port-radius-ext-07.txt 
Network Working Group D. Cheng Network Working Group D. Cheng
Internet-Draft Huawei Internet-Draft Huawei
Intended status: Standards Track J. Korhonen Intended status: Standards Track J. Korhonen
Expires: April 21, 2016 Broadcom Corporation Expires: September 10, 2016 Broadcom Corporation
M. Boucadair M. Boucadair
France Telecom Orange
S. Sivakumar S. Sivakumar
Cisco Systems Cisco Systems
October 19, 2015 March 9, 2016
RADIUS Extensions for IP Port Configuration and Reporting RADIUS Extensions for IP Port Configuration and Reporting
draft-ietf-radext-ip-port-radius-ext-06 draft-ietf-radext-ip-port-radius-ext-07
Abstract Abstract
This document defines three new RADIUS attributes. For devices that This document defines three new RADIUS attributes. For devices that
implementing IP port ranges, these attributes are used to communicate implementing IP port ranges, these attributes are used to communicate
with a RADIUS server in order to configure and report TCP/UDP ports with a RADIUS server in order to configure and report TCP/UDP ports
and ICMP identifiers, as well as mapping behavior for specific hosts. and ICMP identifiers, as well as mapping behavior for specific hosts.
This mechanism can be used in various deployment scenarios such as This mechanism can be used in various deployment scenarios such as
CGN (Carrier Grade NAT), NAT64, Provider WLAN Gateway, etc. Carrier Grade NAT, IPv4/IPv6 translators, Provider WLAN Gateway, etc.
Requirements Language Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119]. document are to be interpreted as described in RFC 2119 [RFC2119].
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
skipping to change at page 1, line 46 skipping to change at page 1, line 46
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on April 21, 2016. This Internet-Draft will expire on September 10, 2016.
Copyright Notice Copyright Notice
Copyright (c) 2015 IETF Trust and the persons identified as the Copyright (c) 2016 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4
3. Extensions of RADIUS Attributes and TLVs . . . . . . . . . . 5 3. Extensions of RADIUS Attributes and TLVs . . . . . . . . . . 5
3.1. Extended Attributes for IP Ports . . . . . . . . . . . . 6 3.1. Extended Attributes for IP Ports . . . . . . . . . . . . 6
3.1.1. IP-Port-Limit Attribute . . . . . . . . . . . . . . . 6 3.1.1. IP-Port-Limit Attribute . . . . . . . . . . . . . . . 6
3.1.2. IP-Port-Range Attribute . . . . . . . . . . . . . . . 7 3.1.2. IP-Port-Range Attribute . . . . . . . . . . . . . . . 8
3.1.3. IP-Port-Forwarding-Map Attribute . . . . . . . . . . 10 3.1.3. IP-Port-Forwarding-Map Attribute . . . . . . . . . . 10
3.2. RADIUS TLVs for IP Ports . . . . . . . . . . . . . . . . 12 3.2. RADIUS TLVs for IP Ports . . . . . . . . . . . . . . . . 13
3.2.1. IP-Port-Type TLV . . . . . . . . . . . . . . . . . . 12 3.2.1. IP-Port-Type TLV . . . . . . . . . . . . . . . . . . 13
3.2.2. IP-Port-Limit TLV . . . . . . . . . . . . . . . . . . 13 3.2.2. IP-Port-Limit TLV . . . . . . . . . . . . . . . . . . 14
3.2.3. IP-Port-Ext-IPv4-Addr TLV . . . . . . . . . . . . . . 14 3.2.3. IP-Port-Ext-IPv4-Addr TLV . . . . . . . . . . . . . . 15
3.2.4. IP-Port-Int-IPv4-Addr TLV . . . . . . . . . . . . . . 15 3.2.4. IP-Port-Int-IPv4-Addr TLV . . . . . . . . . . . . . . 15
3.2.5. IP-Port-Int-IPv6-Addr TLV . . . . . . . . . . . . . . 16 3.2.5. IP-Port-Int-IPv6-Addr TLV . . . . . . . . . . . . . . 16
3.2.6. IP-Port-Int-Port TLV . . . . . . . . . . . . . . . . 16 3.2.6. IP-Port-Int-Port TLV . . . . . . . . . . . . . . . . 17
3.2.7. IP-Port-Ext-Port TLV . . . . . . . . . . . . . . . . 17 3.2.7. IP-Port-Ext-Port TLV . . . . . . . . . . . . . . . . 18
3.2.8. IP-Port-Alloc TLV . . . . . . . . . . . . . . . . . . 18 3.2.8. IP-Port-Alloc TLV . . . . . . . . . . . . . . . . . . 19
3.2.9. IP-Port-Range-Start TLV . . . . . . . . . . . . . . . 19 3.2.9. IP-Port-Range-Start TLV . . . . . . . . . . . . . . . 20
3.2.10. IP-Port-Range-End TLV . . . . . . . . . . . . . . . . 20 3.2.10. IP-Port-Range-End TLV . . . . . . . . . . . . . . . . 21
3.2.11. IP-Port-Local-Id TLV . . . . . . . . . . . . . . . . 21 3.2.11. IP-Port-Local-Id TLV . . . . . . . . . . . . . . . . 22
4. Applications, Use Cases and Examples . . . . . . . . . . . . 22 4. Applications, Use Cases and Examples . . . . . . . . . . . . 23
4.1. Managing CGN Port Behavior using RADIUS . . . . . . . . . 22 4.1. Managing CGN Port Behavior using RADIUS . . . . . . . . . 23
4.1.1. Configure IP Port Limit for a User . . . . . . . . . 23 4.1.1. Configure IP Port Limit for a User . . . . . . . . . 23
4.1.2. Report IP Port Allocation/De-allocation . . . . . . . 25 4.1.2. Report IP Port Allocation/De-allocation . . . . . . . 25
4.1.3. Configure Forwarding Port Mapping . . . . . . . . . . 26 4.1.3. Configure Forwarding Port Mapping . . . . . . . . . . 27
4.1.4. An Example . . . . . . . . . . . . . . . . . . . . . 28 4.1.4. An Example . . . . . . . . . . . . . . . . . . . . . 29
4.2. Report Assigned Port Set for a Visiting UE . . . . . . . 29 4.2. Report Assigned Port Set for a Visiting UE . . . . . . . 30
5. Table of Attributes . . . . . . . . . . . . . . . . . . . . . 30 5. Table of Attributes . . . . . . . . . . . . . . . . . . . . . 31
6. Security Considerations . . . . . . . . . . . . . . . . . . . 31 6. Security Considerations . . . . . . . . . . . . . . . . . . . 32
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 31 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 32
7.1. IANA Considerations on New IPFIX Elements . . . . . . . . 31 7.1. IANA Considerations on New IPFIX Information Elements . . 32
7.2. IANA Considerations on New RADIUS Attributes . . . . . . 32 7.2. IANA Considerations on New RADIUS Attributes . . . . . . 33
7.3. IANA Considerations on New RADIUS Nested Attributes . . . 33
8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 33 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 34
9. References . . . . . . . . . . . . . . . . . . . . . . . . . 33 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 34
9.1. Normative References . . . . . . . . . . . . . . . . . . 33 9.1. Normative References . . . . . . . . . . . . . . . . . . 34
9.2. Informative References . . . . . . . . . . . . . . . . . 34 9.2. Informative References . . . . . . . . . . . . . . . . . 35
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 35 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 36
1. Introduction 1. Introduction
In a broadband network, customer information is usually stored on a In a broadband network, customer information is usually stored on a
RADIUS server [RFC2865] and at the time when a user initiates an IP RADIUS server [RFC2865]. At the time when a user initiates an IP
connection request, the RADIUS server will populate the user's connection request, if this request is authorized, the RADIUS server
configuration information to the Network Access Server (NAS), which will populate the user's configuration information to the Network
is usually co-located with the Border Network Gateway (BNG), after Access Server (NAS), which is often referred to as a Broadband
the connection request is granted. The Carrier Grade NAT (CGN) Network Gateway (BNG) in broadband access networks. The Carrier-
function may also be implemented on the BNG, and therefore the CGN Grade NAT (CGN) function may also be implemented on the BNG. Within
TCP/UDP port (or ICMP identifier) mapping(s) behavior(s) can be this document, the CGN may perform NAT44 [RFC3022], NAT64 [RFC6146],
configured on the RADIUS server as part of the user profile, and or Dual-Stack Lite AFTR [RFC6333] function. In such case, the CGN
populated to the NAS in the same manner. In addition, during the TCP/UDP port (or ICMP identifier) mapping(s) behavior(s) can be part
operation, the CGN can also convey port/identifier mapping behavior of the configuration information sent from the RADIUS server to the
specific to a user to the RADIUS server, as part of the normal RADIUS NAS/BNG. The NAS/BNG may also report to the RADIUS Server the port/
accounting process. identifier mapping behavior applied by the CGN to a user session to
the RADIUS server, as part of the accounting information sent from
The CGN device that communicates with a RADIUS server using RADIUS the NAS/BNG to a RADIUS server.
extensions defined in this document may perform NAT44 [RFC3022],
NAT64 [RFC6146], or Dual-Stack Lite AFTR [RFC6333] function.
For the CGN case, when IP packets traverse a CGN device, it would When IP packets traverse the CGN, it performs TCP/UDP source port
perform TCP/UDP source port mapping or ICMP identifier mapping as mapping or ICMP identifier mapping as required. A TCP/ UDP source
required. A TCP/ UDP source port or ICMP identifier, along with port or ICMP identifier, along with source IP address, destination IP
source IP address, destination IP address, destination port and address, destination port and protocol identifier if applicable,
protocol identifier if applicable, uniquely identify a session. uniquely identify a session. Since the number space of TCP/UDP ports
Since the number space of TCP/UDP ports and ICMP identifiers in CGN's and ICMP identifiers in CGN's external realm is shared among multiple
external realm is shared among multiple users assigned with the same users assigned with the same IPv4 address, the total number of a
IPv4 address, the total number of a user's simultaneous IP sessions user's simultaneous IP sessions is likely to be subject to port quota
is likely to be subject to port quota (see Section 5 of [RFC6269]). (see Section 5 of [RFC6269]).
The attributes defined in this document may also be used to report The attributes defined in this document may also be used to report
the assigned port range in some deployments such as Provider WLAN the assigned port range in some deployments such as Provider WLAN
[I-D.gundavelli-v6ops-community-wifi-svcs]. For example, a visiting [I-D.gundavelli-v6ops-community-wifi-svcs]. For example, a visiting
host can be managed by a CPE (Customer Premises Equipment ) which host can be managed by a CPE (Customer Premises Equipment ) which
will need to report the assigned port range to the service platform. will need to report the assigned port range to the service platform.
This is required for identification purposes (see TR-146 [TR-146] for This is required for identification purposes (see TR-146 [TR-146] for
example). more details).
This document proposes three new attributes as RADIUS protocol's This document proposes three new attributes as RADIUS protocol's
extensions, and they are used for separate purposes as follows: extensions, and they are used for separate purposes as follows:
1. IP-Port-Limit: This attribute may be carried in RADIUS Acces- 1. IP-Port-Limit: This attribute may be carried in RADIUS Access-
Accept, Access-Request, Accounting-Request or CoA-Request packet. Accept, Access-Request, Accounting-Request or CoA-Request packet.
The purpose of this attribute is to limit the total number of The purpose of this attribute is to limit the total number of
TCP/UDP ports and/or ICMP identifiers that an IP subscriber can TCP/UDP ports and/or ICMP identifiers allocated to a user,
use, associated with one or more IPv4 addresses. associated with one or more IPv4 addresses.
2. IP-Port-Range: This attribute may be carried in RADIUS 2. IP-Port-Range: This attribute may be carried in RADIUS
Accounting-Request packet. The purpose of this attribute is to Accounting-Request packet. The purpose of this attribute is to
report by an address sharing device (e.g., a CGN) to the RADIUS report by an address sharing device (e.g., a CGN) to the RADIUS
server the range of TCP/UDP ports and/or ICMP identifiers that server the range of TCP/UDP ports and/or ICMP identifiers that
have been allocated or deallocated associated with a given IPv4 have been allocated or deallocated associated with a given IPv4
address for a subscriber. address for a user.
3. IP-Port-Forwarding-Map: This attribute may be carried in RADIUS 3. IP-Port-Forwarding-Map: This attribute may be carried in RADIUS
Access-Accept, Access-Request, Accounting-Request or CoA-Request Access-Accept, Access-Request, Accounting-Request or CoA-Request
packet. The purpose of this attribute is to specify how a TCP/ packet. The purpose of this attribute is to specify how an IPv4
UDP port (or an ICMP identifier) mapping to another TCP/UDP port address and a TCP/ UDP port (or an ICMP identifier) is mapped to
(or an ICMP identifier), and each is associated with its another IPv4 address and a TCP/UDP port (or an ICMP identifier).
respective IPv4 address.
This document leverages the protocol defined in [RFC7012] by
proposing a mapping between type field of RADIUS TLV and Element ID
of IPFIX. It also proposes a few new IPFIX Elements as required by
this document (see Section 3).
This document was constructed using the [RFC2629]. IPFIX Information Elements [RFC7012] can be used for IP flow
identification and representation over RADIUS. This document
provides a mapping between RADIUS TLV and IPFIX Information Element
Identifiers. As a consequence, new IPFIX Information Elements are
defined by this document (see Section 3).
2. Terminology 2. Terminology
This document makes use if the following terms: This document makes use of the following terms:
o IP Port: refers to the port numbers of IP transport protocols, o IP Port: refers to the port numbers of IP transport protocols,
including TCP port, UDP port and ICMP identifier. including TCP port, UDP port and ICMP identifier.
o IP Port Type: refers to one of the following: (1) TCP/UDP port and o IP Port Type: refers to one of the following: (1) TCP/UDP port and
ICMP identifier, (2) TCP port and UDP port, (3) TCP port, (4) UDP ICMP identifier, (2) TCP port and UDP port, (3) TCP port, (4) UDP
port, or (5) ICMP identifier. port, or (5) ICMP identifier.
o IP Port Limit: denotes the maximum number of IP ports for a o IP Port Limit: denotes the maximum number of IP ports for a
specific IP port type, that a device supporting port ranges can specific IP port type, that a device supporting port ranges can
use when performing port number mapping for a specific user. use when performing port number mapping for a specific user.
Note, this limit is usually associated with one or more IPv4 Note, this limit is usually associated with one or more IPv4
addresses. addresses.
o IP Port Range: specifies a set of contiguous IP ports, indicated o IP Port Range: specifies a set of contiguous IP ports, indicated
by the smallest numerical number and the largest numerical number, by the lowest numerical number and the highest numerical number,
inclusively. inclusively.
o Internal IP Address: refers to the IP address that is used as a o Internal IP Address: refers to the IP address that is used as a
source IP address in an outbound IP packet sent towards a device source IP address in an outbound IP packet sent towards a device
supporting port ranges in the internal realm. In the IPv4 case, supporting port ranges in the internal realm.
it is typically a private address [RFC1918].
o External IP Address: refers to the IP address that is used as a o External IP Address: refers to the IP address that is used as a
source IP address in an outbound IP packet after traversing a source IP address in an outbound IP packet after traversing a
device supporting port ranges in the external realm. In the IPv4 device supporting port ranges in the external realm.
case, it is typically a global routable IP address.
o Internal Port: is a UDP or TCP port, or an ICMP identifier, which o Internal Port: is a UDP or TCP port, or an ICMP identifier, which
is allocated by a host or application behind a device supporting is allocated by a host or application behind a device supporting
port ranges for an outbound IP packet in the internal realm. port ranges for an outbound IP packet in the internal realm.
o External Port: is a UDP or TCP port, or an ICMP identifier, which o External Port: is a UDP or TCP port, or an ICMP identifier, which
is allocated by a device supporting port ranges upon receiving an is allocated by a device supporting port ranges upon receiving an
outbound IP packet in the internal realm, and is used to replace outbound IP packet in the internal realm, and is used to replace
the internal port that is allocated by a user or application. the internal port that is allocated by a user or application.
o External realm: refers to the networking segment where IPv4 public o External realm: refers to the networking segment where external IP
addresses are used in respective of the device supporting port addresses are used in respective of the device supporting port
ranges. ranges.
o Internal realm: refers to the networking segment that is behind a o Internal realm: refers to the networking segment that is behind a
device supporting port ranges and where IPv4 private addresses are device supporting port ranges and where internal IP addresses are
used. used.
o Mapping: associates with a device supporting port ranges for a o Mapping: associates with a device supporting port ranges for a
relationship between an internal IP address, internal port and the relationship between an internal IP address, internal port and the
protocol, and an external IP address, external port, and the protocol, and an external IP address, external port, and the
protocol. protocol.
o Port-based device: a device that is capable of providing IP o Port-based device: a device that is capable of providing IP
address and IP port mapping services and in particular, with the address and IP port mapping services and in particular, with the
granularity of one or more subsets within the 16-bit IP port granularity of one or more subsets within the 16-bit IP port
number range. A typical example of this device is a CGN, CPE, number range. A typical example of this device is a CGN, CPE,
Provider WLAN Gateway, etc. Provider WLAN Gateway, etc.
Note the terms "internal IP address", "internal port", "internal Note that the definitions of "internal IP address", "internal port",
realm", "external IP address", "external port", "external realm", and "internal realm", "external IP address", "external port", "external
"mapping" and their semantics are the same as in [RFC6887], and realm", and "mapping" are the same as defined in Port Control
[RFC6888]. Protocol (PCP) [RFC6887], and the Common Requirements for Carrier-
Grade NATs (CGNs) [RFC6888].
3. Extensions of RADIUS Attributes and TLVs 3. Extensions of RADIUS Attributes and TLVs
These three new attributes are defined in the following sub-sections: These three new attributes are defined in the following sub-sections:
1. IP-Port-Limit Attribute 1. IP-Port-Limit Attribute
2. IP-Port-Range Attribute 2. IP-Port-Range Attribute
3. IP-Port-Forwarding-Map Attribute 3. IP-Port-Forwarding-Map Attribute
All these attributes are allocated from the RADIUS "Extended Type" All these attributes are allocated from the RADIUS "Extended Type"
code space per [RFC6929]. code space per [RFC6929].
In all the figures describing the RADIUS attributes and TLV formats
in the following sub-sections, the fields are transmitted from left
to right.
3.1. Extended Attributes for IP Ports 3.1. Extended Attributes for IP Ports
3.1.1. IP-Port-Limit Attribute 3.1.1. IP-Port-Limit Attribute
This attribute is RADIUS Extended-Type, and contains a set of This attribute is of type "TLV" as defined in the RADIUS Protocol
embedded TLVs defined in Section 3.2.1 (IP-Port-Type TLV), Extensions [RFC6929]. It contains the following sub-attributes:
Section 3.2.2 (IP-Port-Limit TLV), and Section 3.2.3 (IP-Port-Ext-
IPv4-Addr TLV). It specifies the maximum number of IP ports as o an IP-Port-Type TLV (see Section 3.2.1),
indicated in IP-Port-Limit TLV, of a specific port type as indicated
in IP-Port-Type TLV, and associated with a given IPv4 address as o an IP-Port-Limit TLV (see Section 3.2.2),
indicated in IP-Port-Ext-IPv4-Addr TLV for an end user.
o an optional IP-Port-Ext-IPv4-Addr TLV (see Section 3.2.3).
It specifies the maximum number of IP ports as indicated in IP-Port-
Limit TLV, of a specific port type as indicated in IP-Port-Type TLV,
and associated with a given IPv4 address as indicated in IP-Port-Ext-
IPv4-Addr TLV for an end user.
Note that when IP-Port-Ext-IPv4-Addr TLV is not included as part of Note that when IP-Port-Ext-IPv4-Addr TLV is not included as part of
the IP-Port-Limit Attribute, the port limit is applied to all the the IP-Port-Limit Attribute, the port limit applies to all the IPv4
IPv4 addresses managed by the port device, e.g., a CGN or NAT64 addresses managed by the port device, e.g., a CGN or NAT64 device.
device.
The IP-Port-Limit Attribute MAY appear in an Access-Accept packet. The IP-Port-Limit Attribute MAY appear in an Access-Accept packet.
It MAY also appear in an Access-Request packet as a hint by the It MAY also appear in an Access-Request packet as a preferred maximum
device supporting port ranges, which is co-allocated with the NAS, to number of IP ports indicated by the device supporting port ranges co-
the RADIUS server as a preference, although the server is not located with the NAS e.g. a CGN or NAT64. However, the RADIUS server
required to honor such a hint. is not required to honor such a preference.
The IP-Port-Limit Attribute MAY appear in a CoA-Request packet. The IP-Port-Limit Attribute MAY appear in a CoA-Request packet.
The IP-Port-Limit Attribute MAY appear in an Accounting-Request The IP-Port-Limit Attribute MAY appear in an Accounting-Request
packet. packet.
The IP-Port-Limit Attribute MUST NOT appear in any other RADIUS The IP-Port-Limit Attribute MUST NOT appear in any other RADIUS
packets. packet.
The format of the IP-Port-Limit Attribute is shown in Figure 1. The The format of the IP-Port-Limit Attribute is shown in Figure 1.
fields are transmitted from left to right.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Extended-Type | Value ... | Type | Length | Extended-Type | Value ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 1 Figure 1
Type: Type:
TBA1. 241 (To be confirmed by IANA).
Length: Length:
This field indicates the total length in bytes of all fields of This field indicates the total length in bytes of all fields of
this attribute, including the Type, Length, Extended-Type, and the this attribute, including the Type, Length, Extended-Type, and the
entire length of the embedded TLVs. entire length of the embedded TLVs.
Extended-Type: Extended-Type:
TBA2. TBA2.
skipping to change at page 7, line 43 skipping to change at page 7, line 51
Attribute. Refer to Section 3.2.2. Attribute. Refer to Section 3.2.2.
IP-Port-Ext-IPv4-Addr TLV: IP-Port-Ext-IPv4-Addr TLV:
This TLV contains the IPv4 address that is associated with the This TLV contains the IPv4 address that is associated with the
IP port limit contained in the IP-Port-Limit TLV. This TLV is IP port limit contained in the IP-Port-Limit TLV. This TLV is
optionally included as part of the IP-Port-Limit Attribute. optionally included as part of the IP-Port-Limit Attribute.
Refer to Section 3.2.3. Refer to Section 3.2.3.
IP-Port-Limit attribute is associated with the following identifier: IP-Port-Limit attribute is associated with the following identifier:
Type(TBA1).Extended-Type(TBA2).[IP-Port-Limit TLV (TBA6),IP-Port-Type 241.Extended-Type(TBA2).
TLV(TBA5), {IP-Port-Ext-IPv4-Addr TLV(TBA7)}].
3.1.2. IP-Port-Range Attribute 3.1.2. IP-Port-Range Attribute
This attribute is RADIUS Extended-Type, and contains a set of This attribute is of type "TLV" as defined in the RADIUS Protocol
embedded TLVs defined in Section 3.2.1(IP-Port-Type TLV), Section Extensions [RFC6929]. It contains the following sub-attributes:
3.2.9(IP-Port-Range-Start TLV), Section 3.2.10 (IP-Port-Range-End
TLV), Section 3.2.8 (IP-Port-Alloc TLV), Section 3.2.3 (IP-Port-Ext- o an IP-Port-Type TLV (see Section 3.2.1),
IPv4-Addr TLV), and Section 3.2.11 (IP-Port-Local-Id TLV).
o an IP-Port-Range-Start TLV (see Section 3.2.9),
o an IP-Port-Range-End TLV (see Section 3.2.10),
o an IP-Port-Alloc TLV (see Section 3.2.8),
o an optional IP-Port-Ext-IPv4-Addr TLV (see Section 3.2.3),
o an optional IP-Port-Local-Id TLV (see Section 3.2.11).
This attribute contains a range of contiguous IP ports of a specific This attribute contains a range of contiguous IP ports of a specific
port type and associated with an IPv4 address that are either port type and associated with an IPv4 address that are either
allocated or deallocated by a device for a given subscriber, and the allocated or deallocated by a device for a given user, and the
information is intended to send to RADIUS server. information is intended to be sent to RADIUS server.
This attribute can be used to convey a single IP port number; in such This attribute can be used to convey a single IP port number; in such
case IP-Port-Range-Start and IP-Port-Range-End conveys the same case IP-Port-Range-Start and IP-Port-Range-End conveys the same
value. value.
Within an IP-Port-Range Attribute, the IP-Port-Alloc TLV is always Within an IP-Port-Range Attribute, the IP-Port-Alloc TLV is always
included. For port allocation, both IP-Port-Range-Start TLV and IP- included. For port allocation, both IP-Port-Range-Start TLV and IP-
Port-Range-End TLV must be included; for port deallocation, the Port-Range-End TLV must be included; for port deallocation, the
inclusion of these two TLVs is optional and if not included, it inclusion of these two TLVs is optional and if not included, it
implies that all ports that are previously allocated are now implies that all ports that are previously allocated are now
deallocated. Both IP-Port-Ext-IPv4-Addr TLV and IP-Port-Local-Id TLV deallocated. Both IP-Port-Ext-IPv4-Addr TLV and IP-Port-Local-Id TLV
are optional and if included, they are used by a port device (e.g., a are optional and if included, they are used by a port device (e.g., a
CGN device) to identify the end user. CGN device) to identify the end user.
The IP-Port-Range Attribute MAY appear in an Accounting-Request The IP-Port-Range Attribute MAY appear in an Accounting-Request
packet. packet.
The IP-Port-Range Attribute MUST NOT appear in any other RADIUS The IP-Port-Range Attribute MUST NOT appear in any other RADIUS
packets. packet.
The format of the IP-Port-Range Attribute format is shown in The format of the IP-Port-Range Attribute format is shown in
Figure 2. The fields are transmitted from left to right. Figure 2. The fields are transmitted from left to right.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Extended-Type | Value ... | Type | Length | Extended-Type | Value ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 2 Figure 2
Type: Type:
TBA1. 241 (To be confirmed by IANA).
Length: Length:
This field indicates the total length in bytes of all fields of This field indicates the total length in bytes of all fields of
this attribute, including the Type, Length, Extended-Type, and the this attribute, including the Type, Length, Extended-Type, and the
entire length of the embedded TLVs. entire length of the embedded TLVs.
Extended-Type: Extended-Type:
TBA3. TBA3.
skipping to change at page 10, line 6 skipping to change at page 10, line 27
IP-Port-Local-Id TLV: IP-Port-Local-Id TLV:
This TLV contains a local session identifier at the customer This TLV contains a local session identifier at the customer
premise, such as MAC address, interface ID, VLAN ID, PPP premise, such as MAC address, interface ID, VLAN ID, PPP
sessions ID, VRF ID, IPv6 address/prefix, etc. This TLV is sessions ID, VRF ID, IPv6 address/prefix, etc. This TLV is
optionally included as part of the IP-Port-Range Attribute. optionally included as part of the IP-Port-Range Attribute.
Refer to Section 3.2.11. Refer to Section 3.2.11.
The IP-Port-Range attribute is associated with the following The IP-Port-Range attribute is associated with the following
identifier: Type(TBA1).Extended-Type(TBA3).[IP-Port-Alloc TLV identifier: 241.Extended-Type(TBA3).
(TBA12), IP-Port-Type TLV(TBA5), {IP-Port-Range-Start TLV(TBA13), IP-
Port-Range-End TLV(TBA14)}, {IP-Port-Ext-IPv4-Addr TLV (TBA7)}, {IP-
Port-Local-Id TLV (TBA15)}].
3.1.3. IP-Port-Forwarding-Map Attribute 3.1.3. IP-Port-Forwarding-Map Attribute
This attribute is RADIUS Extended-Type, and contains a set of This attribute is of type "TLV" as defined in the RADIUS Protocol
embedded TLVs defined in Section 3.2.1(IP-Port-Type TLV), Section Extensions [RFC6929]. It contains the following sub-attributes:
3.2.6(IP-Port-Int-Port TLV), Section 3.2.7(IP-Port-Ext-Port TLV),
Section 3.2.4(IP-Port-Int-IPv4-Addr TLV) or Section 3.2.5(IP-Port- o an IP-Port-Type TLV (see Section 3.2.1),
Int-IPv6-Addr TLV), Section 3.2.11(IP-Port-Local-Id TLV) and
Section 3.2.3 (IP-Port-Ext-IP-Addr TLV). o an IP-Port-Int-Port TLV (see Section 3.2.6),
o an IP-Port-Ext-Port TLV (see Section 3.2.7),
o either an IP-Port-Int-IPv4-Addr TLV (see Section 3.2.4) or an IP-
Port-Local-Id TLV (see Section 3.2.11),
o either an IP-Port-Int-IPv6-Addr TLV (see Section 3.2.5) or an IP-
Port-Local-Id TLV (see Section 3.2.11),
o an IP-Port-Ext-IPv4-Addr TLV (see Section 3.2.3).
The attribute contains a 2-byte IP internal port number that is The attribute contains a 2-byte IP internal port number that is
associated with an internal IPv4 or IPv6 address, or a locally associated with an internal IPv4 or IPv6 address, or a locally
significant identifier at the customer site, and a 2-byte IP external significant identifier at the customer site, and a 2-byte IP external
port number that is associated with an external IPv4 address. The port number that is associated with an external IPv4 address. The
internal IPv4 or IPv6 address, or the local identifier must be internal IPv4 or IPv6 address, or the local identifier must be
included; the external IPv4 address may also be included. included; the external IPv4 address may also be included.
The IP-Port-Forwarding-Map Attribute MAY appear in an Access-Accept The IP-Port-Forwarding-Map Attribute MAY appear in an Access-Accept
packet. It MAY also appear in an Access-Request packet as a hint by packet. It MAY also appear in an Access-Request packet to indicate a
the device supporting port mapping, which is co-allocated with the preferred port mapping by the device co-located with NAS. However
NAS, to the RADIUS server as a preference, although the server is not the server is not required to honor such a preference.
required to honor such a hint.
The IP-Port-Forwarding-Map Attribute MAY appear in a CoA-Request The IP-Port-Forwarding-Map Attribute MAY appear in a CoA-Request
packet. packet.
The IP-Port-Forwarding-Map Attribute MAY also appear in an The IP-Port-Forwarding-Map Attribute MAY also appear in an
Accounting-Request packet. Accounting-Request packet.
The attribute MUST NOT appear in any other RADIUS packet. The IP-Port-Forwarding-Map Attribute MUST NOT appear in any other
RADIUS packet.
The format of the IP-Port-Forwarding-Map Attribute is shown in The format of the IP-Port-Forwarding-Map Attribute is shown in
Figure 3. The fields are transmitted from left to right. Figure 3.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Extended-Type | Value .... | Type | Length | Extended-Type | Value ....
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 3 Figure 3
Type: Type:
TBA1. 241 (To be confirmed by IANA).
Length: Length:
This field indicates the total length in bytes of all fields of This field indicates the total length in bytes of all fields of
this attribute, including the Type, Length, Extended-Type, and the this attribute, including the Type, Length, Extended-Type, and the
entire length of the embedded TLVs. entire length of the embedded TLVs.
Extended-Type: Extended-Type:
TBA4. TBA4.
skipping to change at page 12, line 27 skipping to change at page 13, line 6
Port-Forwarding-Map Attribute. Refer to Section 3.2.11. Port-Forwarding-Map Attribute. Refer to Section 3.2.11.
IP-Port-Ext-IPv4-Addr TLV: IP-Port-Ext-IPv4-Addr TLV:
This TLV contains an IPv4 address that is associated with the This TLV contains an IPv4 address that is associated with the
external IP port number contained in the IP-Port-Ext-Port TLV. external IP port number contained in the IP-Port-Ext-Port TLV.
This TLV may be included as part of the IP-Port-Forwarding-Map This TLV may be included as part of the IP-Port-Forwarding-Map
Attribute. Refer to Section 3.2.3. Attribute. Refer to Section 3.2.3.
The IP-Port-Forwarding-Map attribute is associated with the following The IP-Port-Forwarding-Map attribute is associated with the following
identifier: Type(TBA1).Extended-Type(TBA4). [IP-Port-Int-Port identifier: 241.Extended-Type(TBA4).
TLV(TBA10), IP-Port-Ext-Port TLV(TBA11), IP-Port-Type TLV(TBA5), {IP-
Port-Int-IPv4-Addr TLV(TBA8) | IP-Port-Int-IPv6-Addr TLV(TBA9)}, {IP-
Port-Ext-IPv4-Addr TLV(TBA7)}].
3.2. RADIUS TLVs for IP Ports 3.2. RADIUS TLVs for IP Ports
3.2.1. IP-Port-Type TLV 3.2.1. IP-Port-Type TLV
This TLV (Figure 4) uses the format defined in [RFC6929]. Its Type This TLV (Figure 4) uses the format defined in [RFC6929]. Its "Type"
field contains a value that uniquely refers to IPFIX Element field contains a value that uniquely refers to IPFIX Information
transportType (TBAx1), and its Value field contains IPFIX Element Element "transportType" (TBAx1), and its "Value" field contains the
transportType, which indicates the type of IP transport type as values defined for the IPFIX Information Element "transportType",
follows: which indicates the type of IP transport as follows:
1: 1:
Refer to TCP port, UDP port, and ICMP identifier as a whole. Refer to TCP port, UDP port, and ICMP identifier as a whole.
2: 2:
Refer to TCP port and UDP port as a whole. Refer to TCP port and UDP port as a whole.
3: 3:
skipping to change at page 13, line 13 skipping to change at page 13, line 38
Refer to TCP port only. Refer to TCP port only.
4: 4:
Refer to UDP port only. Refer to UDP port only.
5: 5:
Refer to ICMP identifier only. Refer to ICMP identifier only.
IP-Port-Type TLV is included as part of the IP-Port-Limit Attribute
(refer to Section 3.1.1), IP-Port-Range Attribute (refer to
Section 3.1.2), and IP-Port-Forwarding-Map Attribute (refer to
Section 3.1.3).
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | transportType | Type | Length | transportType
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
transportType | transportType |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 4 Figure 4
Type: Type:
TBA5: This uniquely refers to IPFIX Element ID TBA0. The value depends on the encapsulating attribute (see IANA
Section). This MUST uniquely refer to the IPFIX Information
Element identifier TBAx1.
Length: Length:
6. 6.
transportType: transportType:
Integer. This field contains the data (unsigned8) of Integer. This field contains the data (unsigned8) of
transportType (TBX1) defined in IPFIX, right justified, and the transportType (TBAx1) defined in IPFIX, right justified, and the
unused bits in this field must be set to zero. unused bits in this field MUST be set to zero.
3.2.2. IP-Port-Limit TLV 3.2.2. IP-Port-Limit TLV
This TLV (Figure 5) uses the format defined in [RFC6929]. Its Type This TLV (Figure 5) uses the format defined in [RFC6929]. Its "Type"
field contains a value that uniquely refers to IPFIX Element field contains a value that uniquely refers to IPFIX Information
natTransportLimit (TBAx2), and its Value field contains IPFIX Element Element natTransportLimit (TBAx2), and its "Value" field contains
natTransportLimit, which indicates the maximum number of ports of a IPFIX Information Element natTransportLimit, which indicates the
specified IP-Port-Type and associated with a given IPv4 address maximum number of ports for a given IPv4 address assigned to a user
assigned to a subscriber. for a specified IP-Port-Type.
IP-Port-Limit TLV is included as part of the IP-Port-Limit Attribute
(refer to Section 3.1.1).
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | natTransportLimit | Type | Length | natTransportLimit
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
natTransportLimit | natTransportLimit |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 5 Figure 5
Type: Type:
TBA6: This uniquely refers to IPFIX Element ID Limit TBD. TBD2.2. It MUST uniquely refer to the IPFIX Information Element
identifier TBAx2.
Length: Length:
6. 6.
natTransportLimit: natTransportLimit:
Integer. This field contains the data (unsigned16) of Integer. This field contains the data (unsigned16) of
natTransportLimit (TBX2) defined in IPFIX, right justified, and natTransportLimit (TBAx2) defined in IPFIX, right justified, and
the unused bits in this field must be set to zero. the unused bits in this field MUST be set to zero.
3.2.3. IP-Port-Ext-IPv4-Addr TLV 3.2.3. IP-Port-Ext-IPv4-Addr TLV
This TLV (Figure 6) uses the format defined in[RFC6929]. Its Type This TLV (Figure 6) uses the format defined in[RFC6929]. Its "Type"
field contains a value that uniquely refers to IPFIX Element field contains a value that uniquely refers to IPFIX Information
postNATSourceIPv4Address(225), and its Value field contains IPFIX Element postNATSourceIPv4Address(225), and its "Value" field contains
Element postNATSourceIPv4Address, which is the IPv4 source address IPFIX Information Element postNATSourceIPv4Address, which is the IPv4
after NAT operation (refer to [IPFIX]). source address after NAT operation (refer to [IPFIX]).
IP-Port-Ext-IPv4-Addr TLV can be included as part of the IP-Port- IP-Port-Ext-IPv4-Addr TLV MAY be included as part of the IP-Port-
Limit Attribute (refer to Section 3.1.1), IP-Port-Range Attribute Limit Attribute (refer to Section 3.1.1), IP-Port-Range Attribute
(refer to Section 3.1.2), and IP-Port-Forwarding-Map Attribute (refer (refer to Section 3.1.2), and IP-Port-Forwarding-Map Attribute (refer
to Section 3.1.3). to Section 3.1.3).
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | postNATSourceIPv4Address | Type | Length | postNATSourceIPv4Address
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
postNATSourceIPv4Address | postNATSourceIPv4Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 6 Figure 6
Type: Type:
TBA7: The type field uniquely refers to the IPFIX Element ID 225. The value depends on the encapsulating attribute (see IANA
section). This MUST uniquely refer to the IPFIX Information
Element identifier 225.
Length: Length:
6 6
postNATSourceIPv4Address: postNATSourceIPv4Address:
Integer. This field contains the data (ipv4Address) of Integer. This field contains the data (ipv4Address) of
postNATSourceIPv4Address (225) defined in IPFIX. postNATSourceIPv4Address (225) defined in IPFIX.
3.2.4. IP-Port-Int-IPv4-Addr TLV 3.2.4. IP-Port-Int-IPv4-Addr TLV
This TLV (Figure 7) uses format defined in [RFC6929]. Its Type field This TLV (Figure 7) uses format defined in [RFC6929]. Its "Type"
contains a value that uniquely refers to IPFIX Element field contains a value that uniquely refers to IPFIX Information
sourceIPv4Address (8), and its Value field contains IPFIX Element Element sourceIPv4Address (8), and its "Value" field contains IPFIX
sourceIPv4Address, which is the IPv4 source address before NAT Information Element sourceIPv4Address, which is the IPv4 source
operation (refer to [IPFIX]). address before NAT operation (refer to [IPFIX]).
IP-Port-Int-IPv4-Addr TLV can be included as part of the IP-Port- IP-Port-Int-IPv4-Addr TLV MAY be included as part of the IP-Port-
Forwarding-Map Attribute (refer to Section 3.1.3). Forwarding-Map Attribute (refer to Section 3.1.3).
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | sourceIPv4Address | Type | Length | sourceIPv4Address
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
sourceIPv4Address | sourceIPv4Address |
+-+--+-+-+-+-+-+-++-+-+-+-+-+-+-+ +-+--+-+-+-+-+-+-++-+-+-+-+-+-+-+
Figure 7 Figure 7
Type: Type:
TBA8: The type field uniquely refers to the IPFIX Element ID 8. TBD4.3. It MUST uniquely refer to the IPFIX Information Element
identifier 8.
Length: Length:
6. 6.
sourceIPv4Address: sourceIPv4Address:
Integer. This field contains the data (ipv4Address) of Integer. This field contains the data (ipv4Address) of
sourceIPv4Address (8) defined in IPFIX. sourceIPv4Address (8) defined in IPFIX.
3.2.5. IP-Port-Int-IPv6-Addr TLV 3.2.5. IP-Port-Int-IPv6-Addr TLV
This TLV (Figure 8) uses format defined in [RFC6929]. Its Type field This TLV (Figure 8) uses format defined in [RFC6929]. Its "Type"
contains a value that uniquely refers to IPFIX Element field contains a value that uniquely refers to IPFIX Information
sourceIPv6Address(27), and its Value field contains IPFIX Element Element sourceIPv6Address(27), and its "Value" field contains IPFIX
sourceIPv6Address, which is the IPv6 source address before NAT Information Element sourceIPv6Address, which is the IPv6 source
operation (refer to [IPFIX]). address before NAT operation (refer to [IPFIX]).
IP-Port-Int-IPv6-Addr TLV can be included as part of the IP-Port- IP-Port-Int-IPv6-Addr TLV MAY be included as part of the IP-Port-
Forwarding-Map Attribute (refer to Section 3.1.3). Forwarding-Map Attribute (refer to Section 3.1.3).
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | sourceIPv6Address | Type | Length | sourceIPv6Address
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
sourceIPv6Address sourceIPv6Address
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
sourceIPv6Address sourceIPv6Address
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
sourceIPv6Address sourceIPv6Address
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
sourceIPv6Address | sourceIPv6Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 8 Figure 8
Type: Type:
TBA9: The type field uniquely refers to the IPFIX Element ID 27. TBD4.4. It MUST uniquely refer to the IPFIX Information Element
identifier 27.
Length: Length:
18. 18.
sourceIPv6Address: sourceIPv6Address:
IPv6 address (128 bits). This field contains the data IPv6 address (128 bits). This field contains the data
(ipv6Address) of sourceIPv6Address (27) defined in IPFIX. (ipv6Address) of sourceIPv6Address (27) defined in IPFIX.
3.2.6. IP-Port-Int-Port TLV 3.2.6. IP-Port-Int-Port TLV
This TLV (Figure 9) uses format defined in [RFC6929]. Its Type field This TLV (Figure 9) uses format defined in [RFC6929]. Its "Type"
contains a value that uniquely refers to IPFIX Element field contains a value that uniquely refers to IPFIX Information
sourceTransportPort (7), and its Value field contains IPFIX Element Element sourceTransportPort (7), and its "Value" field contains IPFIX
sourceTransportPort, which is the source transport number associated Information Element sourceTransportPort, which is the source
with an internal IPv4 or IPv6 address (refer to [IPFIX]). transport number associated with an internal IPv4 or IPv6 address
(refer to [IPFIX]).
IP-Port-Int-Port TLV is included as part of the IP-Port-Forwarding- IP-Port-Int-Port TLV is included as part of the IP-Port-Forwarding-
Map Attribute (refer to Section 3.1.3). Map Attribute (refer to Section 3.1.3).
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | sourceTransportPort | Type | Length | sourceTransportPort
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
sourceTransportPort | sourceTransportPort |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 9 Figure 9
Type: Type:
TBA10: This uniquely refers to the IPFIX Element ID 7. TBD4.5. It MUST uniquely refer to the IPFIX Information Element
identifier 7.
Length: Length:
4. 4.
sourceTransportPort: sourceTransportPort:
Integer. This field contains the data (unsigned16) of Integer. This field contains the data (unsigned16) of
sourceTrasnportPort (7) defined in IPFIX, right justified, and sourceTrasnportPort (7) defined in IPFIX, right justified, and
unused bits must be set to zero. unused bits MUST be set to zero.
3.2.7. IP-Port-Ext-Port TLV 3.2.7. IP-Port-Ext-Port TLV
This TLV (Figure 10) uses format defined in [RFC6929]. Its Type This TLV (Figure 10) uses format defined in [RFC6929]. Its "Type"
field contains a value that uniquely refers to IPFIX Element field contains a value that uniquely refers to IPFIX Information
postNAPTSourceTransportPort (227), and its Value field contains IPFIX Element postNAPTSourceTransportPort (227), and its "Value" field
Element postNAPTSourceTransportPort, which is the transport number contains IPFIX Information Element postNAPTSourceTransportPort, which
associated with an external IPv4 address(refer to [IPFIX]). is the transport number associated with an external IPv4
address(refer to [IPFIX]).
IP-Port-Ext-Port TLV is included as part of the IP-Port-Forwarding- IP-Port-Ext-Port TLV is included as part of the IP-Port-Forwarding-
Map Attribute (refer to Section 3.1.3). Map Attribute (refer to Section 3.1.3).
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | postNAPTSourceTransportPort | Type | Length | postNAPTSourceTransportPort
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
postNAPTSourceTransportPort | postNAPTSourceTransportPort |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 10 Figure 10
Type: Type:
TBA11: This uniquely refers to the IPFIX Element ID 227 . TBD4.6. It MUST uniquely refer to the IPFIX Information Element
identifier 227 .
Length: Length:
6. 6.
postNAPTSourceTransportPort: postNAPTSourceTransportPort:
Integer. This field contains the data (unsigned16) of Integer. This field contains the data (unsigned16) of
postNAPTSourceTrasnportPort (227) defined in IPFIX, right postNAPTSourceTrasnportPort (227) defined in IPFIX, right
justified, and unused bits must be set to zero. justified, and unused bits must be set to zero.
3.2.8. IP-Port-Alloc TLV 3.2.8. IP-Port-Alloc TLV
This TLV (Figure 11) uses format defined in [RFC6929]. Its Type This TLV (Figure 11) uses format defined in [RFC6929]. Its "Type"
field contains a value that uniquely refers to IPFIX Element natEvent field contains a value that uniquely refers to IPFIX Information
(230), and its Value field contains IPFIX Element "natEvent", which Element natEvent (230), and its "Value" field contains IPFIX
is a flag to indicate an action of NAT operation (refer to [IPFIX]). Information Element "natEvent", which is a flag to indicate an action
of NAT operation (refer to [IPFIX]).
When the value of natEvent is "1" (Create event), it means to When the value of natEvent is "1" (Create event), it means to
allocate a range of transport ports; when the value is "2", it means allocate a range of transport ports; when the value is "2", it means
to de-allocate a range of transports ports. For the purpose of this to de-allocate a range of transports ports. For the purpose of this
TLV, no other value is used. TLV, no other value is used.
IP-Port-Alloc TLV is included as part of the IP-Port-Range Attribute IP-Port-Alloc TLV is included as part of the IP-Port-Range Attribute
(refer to Section 3.1.2). (refer to Section 3.1.2).
0 1 2 3 0 1 2 3
skipping to change at page 19, line 17 skipping to change at page 19, line 48
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | natEvent | Type | Length | natEvent
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
natEvent | natEvent |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 11 Figure 11
Type: Type:
TBA12: This uniquely refers to the IPFIX Element ID 230 . TBD3.3. It MUST uniquely refer to the IPFIX Information Element
identifier 230 .
Length: Length:
3. 3.
natEvent: natEvent:
Integer. This field contains the data (unsigned8) of natEvent Integer. This field contains the data (unsigned8) of natEvent
(230) defined in IPFIX, right justified, and unused bits must be (230) defined in IPFIX, right justified, and unused bits must be
set to zero. It indicates the allocation or deallocation of a set to zero. It indicates the allocation or deallocation of a
skipping to change at page 19, line 44 skipping to change at page 20, line 28
2: 2:
Deallocation Deallocation
Reserved: Reserved:
0. 0.
3.2.9. IP-Port-Range-Start TLV 3.2.9. IP-Port-Range-Start TLV
This TLV (Figure 12) uses format defined in [RFC6929]. Its Type This TLV (Figure 12) uses format defined in [RFC6929]. Its "Type"
field contains a value that uniquely refers to IPFIX Element field contains a value that uniquely refers to IPFIX Information
portRangeStart (361), and its Value field contains IPFIX Element Element portRangeStart (361), and its "Value" field contains IPFIX
portRangeStart, which is the smallest port number of a range of Information Element portRangeStart, which is the smallest port number
contiguous transport ports (refer to [IPFIX]). of a range of contiguous transport ports (refer to [IPFIX]).
IP-Port-Range-Start TLV is included as part of the IP-Port-Range IP-Port-Range-Start TLV is included as part of the IP-Port-Range
Attribute (refer to Section 3.1.2). Attribute (refer to Section 3.1.2).
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | portRangeStart | Type | Length | portRangeStart
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
portRangeStart | portRangeStart |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 12 Figure 12
Type: Type:
TBA13: This uniquely refers to the IPFIX Element ID 361. TBD3.4. It MUST uniquely refer to the IPFIX Information Element
identifier 361.
TLV8-Length: TLV8-Length:
4. 4.
portRangeStart: portRangeStart:
Integer. This field contains the data (unsigned16) of (361) Integer. This field contains the data (unsigned16) of (361)
defined in IPFIX, right justified, and unused bits must be set to defined in IPFIX, right justified, and unused bits must be set to
zero. zero.
3.2.10. IP-Port-Range-End TLV 3.2.10. IP-Port-Range-End TLV
This TLV (Figure 13) uses format defined in [RFC6929]. Its Type This TLV (Figure 13) uses format defined in [RFC6929]. Its "Type"
field contains a value that uniquely refers to IPFIX Element field contains a value that uniquely refers to IPFIX Information
portRangeEnd (362), and its Value field contains IPFIX Element Element portRangeEnd (362), and its "Value" field contains IPFIX
portRangeEnd, which is the largest port number of a range of Information Element portRangeEnd, which is the largest port number of
contiguous transport ports (refer to [IPFIX]). a range of contiguous transport ports (refer to [IPFIX]).
IP-Port-Range-End TLV is included as part of the IP-Port-Range IP-Port-Range-End TLV is included as part of the IP-Port-Range
Attribute (refer to Section 3.1.2). Attribute (refer to Section 3.1.2).
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | portRangeEnd | Type | Length | portRangeEnd
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
portRangeEnd | portRangeEnd |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 13 Figure 13
Type: Type:
TBA14: This uniquely refers to IPFIC Element ID 362. TBD3.5. It MUST uniquely refer to the IPFIX Information Element
identifier 362.
Length: Length:
4. The Length field for IP-Port-Range-End TLV. 4. The Length field for IP-Port-Range-End TLV.
portRangeEnd: portRangeEnd:
Integer. This field contains the data (unsigned16) of (362) Integer. This field contains the data (unsigned16) of (362)
defined in IPFIX, right justified, and unused bits must be set to defined in IPFIX, right justified, and unused bits must be set to
zero. zero.
3.2.11. IP-Port-Local-Id TLV 3.2.11. IP-Port-Local-Id TLV
This TLV (Figure 14) uses format defined in [RFC6929]. Its Type This TLV (Figure 14) uses format defined in [RFC6929]. Its "Type"
field contains a value that uniquely refers to IPFIX Element localID field contains a value that uniquely refers to the IPFIX Information
(TBAx3), and its Value field contains IPFIX Element localID, which is Element localID (TBAx3), and its "Value" field contains IPFIX
a local significant identifier as explained below. Information Element localID, which is a local significant identifier
as explained below.
In some CGN deployment scenarios such as DS-Extra-Lite [RFC6619] and In some CGN deployment scenarios such as DS-Extra-Lite [RFC6619] and
Lightweight 4over6 [I-D.ietf-softwire-lw4over6], parameters at a Lightweight 4over6 [RFC7596], parameters at a customer premise such
customer premise such as MAC address, interface ID, VLAN ID, PPP as MAC address, interface ID, VLAN ID, PPP session ID, IPv6 prefix,
session ID, IPv6 prefix, VRF ID, etc., may also be required to pass VRF ID, etc., may also be required to pass to the RADIUS server as
to the RADIUS server as part of the accounting record. part of the accounting record.
IP-Port-Local-Id TLV can be included as part of the IP-Port-Range IP-Port-Local-Id TLV MAY be included as part of the IP-Port-Range
Attribute (refer to Section 3.1.2) and IP-Port-Forwarding-Map Attribute (refer to Section 3.1.2) and IP-Port-Forwarding-Map
Attribute (refer to Section 3.1.3). Attribute (refer to Section 3.1.3).
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | localID .... | Type | Length | localID ....
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 14 Figure 14
Type: Type:
TBA15: This uniquely refers to IPFIX Element ID TBD. The value depends on the encapsulating attribute (see IANA
section). This MUST uniquely refer to the IPFIX Information
Element identifier TBAx3.
Length: Length:
Variable number of bytes. Variable number of bytes.
localID: localID:
string. This field contains the data (string) of (TBAX3) defined string. This field contains the data (string) of (TBAx3) defined
in IPFIX. This is a local session identifier at the customer in IPFIX. This is a local session identifier at the customer
premise, such as MAC address, interface ID, VLAN ID, PPP sessions premise, such as MAC address, interface ID, VLAN ID, PPP sessions
ID, VRF ID, IPv6 address/prefix, etc. ID, VRF ID, IPv6 address/prefix, etc.
4. Applications, Use Cases and Examples 4. Applications, Use Cases and Examples
This section describes some applications and use cases to illustrate This section describes some applications and use cases to illustrate
the use of the attributes proposed in this document. the use of the attributes proposed in this document.
4.1. Managing CGN Port Behavior using RADIUS 4.1. Managing CGN Port Behavior using RADIUS
In a broadband network, customer information is usually stored on a In a broadband network, customer information is usually stored on a
RADIUS server, and the BNG hosts the NAS. The communication between RADIUS server, and the BNG acts as a NAS. The communication between
the NAS and the RADIUS server is triggered by a subscriber when the the NAS and the RADIUS server is triggered by a user when it signs in
user signs in to the Internet service, where either PPP or DHCP/ to the Internet service, where either PPP or DHCP/DHCPv6 is used.
DHCPv6 is used. When a user signs in, the NAS sends a RADIUS Access- When a user signs in, the NAS sends a RADIUS Access-Request message
Request message to the RADIUS server. The RADIUS server validates to the RADIUS server. The RADIUS server validates the request, and
the request, and if the validation succeeds, it in turn sends back a if the validation succeeds, it in turn sends back a RADIUS Access-
RADIUS Access-Accept message. The Access-Accept message carries Accept message. The Access-Accept message carries configuration
configuration information specific to that user, back to the NAS, information specific to that user, back to the NAS, where some of the
where some of the information would pass on to the requesting user information would pass on to the requesting user via PPP or DHCP/
via PPP or DHCP/DHCPv6. DHCPv6.
A CGN function in a broadband network would most likely reside on a A CGN function in a broadband network would most likely co-located on
BNG. In that case, parameters for CGN port/identifier mapping a BNG. In that case, parameters for CGN port/identifier mapping
behavior for users can be configured on the RADIUS server. When a behavior for users can be configured on the RADIUS server. When a
user signs in to the Internet service, the associated parameters can user signs in to the Internet service, the associated parameters can
be conveyed to the NAS, and proper configuration is accomplished on be conveyed to the NAS, and proper configuration is accomplished on
the CGN device for that user. the CGN device for that user.
Also, CGN operation status such as CGN port/identifier allocation and Also, CGN operation status such as CGN port/identifier allocation and
de-allocation for a specific user on the BNG can also be transmitted de-allocation for a specific user on the BNG can also be transmitted
back to the RADIUS server for accounting purpose using the RADIUS back to the RADIUS server for accounting purpose using the RADIUS
protocol. protocol.
skipping to change at page 23, line 8 skipping to change at page 23, line 48
specification introduces little overhead to the existing network specification introduces little overhead to the existing network
operation. operation.
In the following sub-sections, we describe how to manage CGN behavior In the following sub-sections, we describe how to manage CGN behavior
using RADIUS protocol, with required RADIUS extensions proposed in using RADIUS protocol, with required RADIUS extensions proposed in
Section 3. Section 3.
4.1.1. Configure IP Port Limit for a User 4.1.1. Configure IP Port Limit for a User
In the face of IPv4 address shortage, there are currently proposals In the face of IPv4 address shortage, there are currently proposals
to multiplex multiple subscribers' connections over a smaller number to multiplex multiple users' connections over a smaller number of
of shared IPv4 addresses, such as Carrier Grade NAT [RFC6888], Dual- shared IPv4 addresses, such as Carrier Grade NAT [RFC6888], Dual-
Stack Lite [RFC6333], NAT64 [RFC6146], etc. As a result, a single Stack Lite [RFC6333], NAT64 [RFC6146], etc. As a result, a single
IPv4 public address may be shared by hundreds or even thousands of IPv4 public address may be shared by hundreds or even thousands of
subscribers. As indicated in [RFC6269], it is therefore necessary to users. As indicated in [RFC6269], it is therefore necessary to
impose limits on the total number of ports available to an individual impose limits on the total number of ports available to an individual
subscriber to ensure that the shared resource, i.e., the IPv4 address user to ensure that the shared resource, i.e., the IPv4 address,
remains available in some capacity to all the subscribers using it, remains available in some capacity to all the users using it. The
and port limiting is also documented in [RFC6888] as a requirement. support of IP port limit is also documented in [RFC6888] as a
requirement for CGN.
The IP port limit imposed to a specific subscriber may be on the The IP port limit imposed to a specific user may be on the total
total number of TCP and UDP ports plus the number of ICMP number of TCP and UDP ports plus the number of ICMP identifiers, or
identifiers, or with other granularities as defined in Section 3.1.1. with other granularities as defined in Section 3.1.1.
The per-subscriber based IP port limit is configured on a RADIUS The per-user based IP port limit is configured on a RADIUS server,
server, along with other user information such as credentials. The along with other user information such as credentials. The value of
value of these IP port limit is based on service agreement and its this IP port limit is based on service agreement and its
specification is out of the scope of this document. specification is out of the scope of this document.
When a subscriber signs in to the Internet service successfully, the When a user signs in to the Internet service successfully, the IP
IP port limit for the subscriber is passed to the BNG based NAS, port limit for the subscriber is passed by the RADIUS server to the
where CGN also locates, using a new RADIUS attribute called IP-Port- BNG, acting as a NAS and co-located with the CGN, using a new RADIUS
Limit (defined in Section 3.1.1), along with other configuration attribute called IP-Port-Limit (defined in Section 3.1.1), along with
parameters. While some parameters are passed to the subscriber, the other configuration parameters. While some parameters are passed to
IP port limit is recorded on the CGN device for imposing the usage of the user, the IP port limit is recorded on the CGN device for
TCP/UDP ports and ICMP identifiers for that subscriber. imposing the usage of TCP/UDP ports and ICMP identifiers for that
user.
Figure 15 illustrates how RADIUS protocol is used to configure the Figure 15 illustrates how RADIUS protocol is used to configure the
maximum number of TCP/UDP ports for a given subscriber on a NAT44 maximum number of TCP/UDP ports for a given user on a NAT44 device.
device.
User NAT44/NAS AAA User NAT44/NAS AAA
| BNG Server | BNG Server
| | | | | |
| | | | | |
|----Service Request------>| | |----Service Request------>| |
| | | | | |
| |-----Access-Request -------->| | |-----Access-Request -------->|
| | | | | |
| |<----Access-Accept-----------| | |<----Access-Accept-----------|
| | (IP-Port-Limit) | | | (IP-Port-Limit) |
| | (for TCP/UDP ports) | | | (for TCP/UDP ports) |
skipping to change at page 24, line 37 skipping to change at page 25, line 16
RADIUS extension may be changed using RADIUS CoA message [RFC5176] RADIUS extension may be changed using RADIUS CoA message [RFC5176]
that carries the same RADIUS attribute. The CoA message may be sent that carries the same RADIUS attribute. The CoA message may be sent
from the RADIUS server directly to the NAS, which once accepts and from the RADIUS server directly to the NAS, which once accepts and
sends back a RADIUS CoA ACK message, the new IP port limit replaces sends back a RADIUS CoA ACK message, the new IP port limit replaces
the previous one. the previous one.
Figure 16 illustrates how RADIUS protocol is used to increase the Figure 16 illustrates how RADIUS protocol is used to increase the
TCP/UDP port limit from 1024 to 2048 on a NAT44 device for a specific TCP/UDP port limit from 1024 to 2048 on a NAT44 device for a specific
user. user.
User NAT/NAS AAA User NAT44/NAS AAA
| BNG Server | BNG Server
| | | | | |
| TCP/UDP Port Limit (1024) | | TCP/UDP Port Limit (1024) |
| | | | | |
| |<---------CoA Request----------| | |<---------CoA Request----------|
| | (IP-Port-Limit) | | | (IP-Port-Limit) |
| | (for TCP/UDP ports) | | | (for TCP/UDP ports) |
| | | | | |
| TCP/UDP Port Limit (2048) | | TCP/UDP Port Limit (2048) |
| | | | | |
| |---------CoA Response--------->| | |---------CoA Response--------->|
| | | | | |
Figure 16: RADIUS Message Flow for changing a user's NAT44 port limit Figure 16: RADIUS Message Flow for changing a user's NAT44 port limit
4.1.2. Report IP Port Allocation/De-allocation 4.1.2. Report IP Port Allocation/De-allocation
Upon obtaining the IP port limit for a subscriber, the CGN device Upon obtaining the IP port limit for a user, the CGN device needs to
needs to allocate a TCP/UDP port or an ICMP identifiers for the allocate a TCP/UDP port or an ICMP identifiers for the user when
subscriber when receiving a new IP flow sent from that subscriber. receiving a new IP flow sent from that user.
As one practice, a CGN may allocate a bulk of TCP/UDP ports or ICMP As one practice, a CGN may allocate a bulk of TCP/UDP ports or ICMP
identifiers once at a time for a specific user, instead of one port/ identifiers once at a time for a specific user, instead of one port/
identifier at a time, and within each port bulk, the ports/ identifier at a time, and within each port bulk, the ports/
identifiers may be randomly distributed or in consecutive fashion. identifiers may be randomly distributed or in consecutive fashion.
When a CGN device allocates bulk of TCP/UDP ports and ICMP When a CGN device allocates bulk of TCP/UDP ports and ICMP
identifiers, the information can be easily conveyed to the RADIUS identifiers, the information can be easily conveyed to the RADIUS
server by a new RADIUS attribute called the IP-Port-Range (defined in server by a new RADIUS attribute called the IP-Port-Range (defined in
Section 3.1.2). The CGN device may allocate one or more TCP/UDP port Section 3.1.2). The CGN device may allocate one or more TCP/UDP port
ranges or ICMP identifier ranges, or generally called IP port ranges, ranges or ICMP identifier ranges, or generally called IP port ranges,
where each range contains a set of numbers representing TCP/UDP ports where each range contains a set of numbers representing TCP/UDP ports
or ICMP identifiers, and the total number of ports/identifiers must or ICMP identifiers, and the total number of ports/identifiers must
be less or equal to the associated IP port limit imposed for that be less or equal to the associated IP port limit imposed for that
subscriber. A CGN device may choose to allocate a small port range, user. A CGN device may choose to allocate a small port range, and
and allocate more at a later time as needed; such practice is good allocate more at a later time as needed; such practice is good
because its randomization in nature. because its randomization in nature.
At the same time, the CGN device also needs to decide the shared IPv4 At the same time, the CGN device also needs to decide the shared IPv4
address for that subscriber. The shared IPv4 address and the pre- address for that user. The shared IPv4 address and the pre-allocated
allocated IP port range are both passed to the RADIUS server. IP port range are both passed to the RADIUS server.
When a subscriber initiates an IP flow, the CGN device randomly When a user initiates an IP flow, the CGN device randomly selects a
selects a TCP/UDP port or ICMP identifier from the associated and TCP/UDP port or ICMP identifier from the associated and pre-allocated
pre-allocated IP port range for that subscriber to replace the IP port range for that user to replace the original source TCP/UDP
original source TCP/UDP port or ICMP identifier, along with the port or ICMP identifier, along with the replacement of the source IP
replacement of the source IP address by the shared IPv4 address. address by the shared IPv4 address.
A CGN device may decide to "free" a previously assigned set of TCP/ A CGN device may decide to "free" a previously assigned set of TCP/
UDP ports or ICMP identifiers that have been allocated for a specific UDP ports or ICMP identifiers that have been allocated for a specific
subscriber but not currently in use, and with that, the CGN device user but not currently in use, and with that, the CGN device must
must send the information of the de-allocated IP port range along send the information of the de-allocated IP port range along with the
with the shared IPv4 address to the RADIUS server. shared IPv4 address to the RADIUS server.
Figure 17 illustrates how RADIUS protocol is used to report a set of Figure 17 illustrates how RADIUS protocol is used to report a set of
ports allocated and de-allocated, respectively, by a NAT44 device for ports allocated and de-allocated, respectively, by a NAT44 device for
a specific user to the RADIUS server. a specific user to the RADIUS server.
Host NAT44/NAS AAA Host NAT44/NAS AAA
| BNG Server | BNG Server
| | | | | |
| | | | | |
|----Service Request------>| | |----Service Request------>| |
| | | | | |
| |-----Access-Request -------->| | |-----Access-Request -------->|
| | | | | |
| |<----Access-Accept-----------| | |<----Access-Accept-----------|
|<---Service Granted ------| | |<---Service Granted ------| |
| (other parameters) | | | (other parameters) | |
skipping to change at page 28, line 25 skipping to change at page 29, line 25
| | | | | |
| |---------CoA Response--------->| | |---------CoA Response--------->|
| | (IP-Port-Forwarding-Map) | | | (IP-Port-Forwarding-Map) |
Figure 19: RADIUS Message Flow for changing a user's forwarding port Figure 19: RADIUS Message Flow for changing a user's forwarding port
mapping mapping
4.1.4. An Example 4.1.4. An Example
An Internet Service Provider (ISP) assigns TCP/UDP 500 ports for the An Internet Service Provider (ISP) assigns TCP/UDP 500 ports for the
subscriber Joe. This number is the limit that can be used for TCP/UDP user Joe. This number is the limit that can be used for TCP/UDP ports
ports on a NAT44 device for Joe, and is configured on a RADIUS on a NAT44 device for Joe, and is configured on a RADIUS server.
server. Also, Joe asks for a pre-defined port forwarding mapping on Also, Joe asks for a pre-defined port forwarding mapping on the NAT44
the NAT44 device for his web cam applications (external port 5000 device for his web cam applications (external port 5000 maps to
maps to internal port 80). internal port 80).
When Joe successfully connects to the Internet service, the RADIUS When Joe successfully connects to the Internet service, the RADIUS
server conveys the TCP/UDP port limit (1000) and the forwarding port server conveys the TCP/UDP port limit (1000) and the forwarding port
mapping (external port 5000 to internal port 80) to the NAT44 device, mapping (external port 5000 to internal port 80) to the NAT44 device,
using IP-Port-Limit attribute and IP-Port-Forwarding-Map attribute, using IP-Port-Limit attribute and IP-Port-Forwarding-Map attribute,
respectively, carried by an Access-Accept message to the BNG where respectively, carried by an Access-Accept message to the BNG where
NAS and CGN co-located. NAS and CGN co-located.
Upon receiving the first outbound IP packet sent from Joe's laptop, Upon receiving the first outbound IP packet sent from Joe's laptop,
the NAT44 device decides to allocate a small port pool that contains the NAT44 device decides to allocate a small port pool that contains
skipping to change at page 30, line 44 skipping to change at page 31, line 44
| | | | | |
Figure 20: RADIUS Message Flow for reporting CPE allocation/de- Figure 20: RADIUS Message Flow for reporting CPE allocation/de-
allocation of a port set to a visiting UE allocation of a port set to a visiting UE
5. Table of Attributes 5. Table of Attributes
This document proposes three new RADIUS attributes and their formats This document proposes three new RADIUS attributes and their formats
are as follows: are as follows:
o IP-Port-Limit: TBA1.TBA2.[TBA6, TBA5, {TBA7}] o IP-Port-Limit: 241.TBA2.
o IP-Port-Range: TBA1.TBA3.[TBA12, TBA5, {TBA13, TBA14}, {TBA7}, o IP-Port-Range: 241.TBA3.
{TBA15}].
o IP-Port-Forwarding-Map: TBA1.TBA4.[TBA10, TBA11, TBA5, {TBA8 | o IP-Port-Forwarding-Map: 241.TBA4.
TBA9}, {TBA7}]
Note to IANA: it is assumed that Extended-Type-1 "241" will be used
for theses attributes.
The following table provides a guide as what type of RADIUS packets The following table provides a guide as what type of RADIUS packets
that may contain these attributes, and in what quantity. that may contain these attributes, and in what quantity.
Request Accept Reject Challenge Acct. # Attribute Request Accept Reject Challenge Acct. # Attribute
Request Request
0+ 0+ 0 0 0+ TBA IP-Port-Limit 0+ 0+ 0 0 0+ TBA IP-Port-Limit
0 0 0 0 0+ TBA IP-Port-Range 0 0 0 0 0+ TBA IP-Port-Range
0+ 0+ 0 0 0+ TBA IP-Port-Forwarding-Map 0+ 0+ 0 0 0+ TBA IP-Port-Forwarding-Map
The following table defines the meaning of the above table entries. The following table defines the meaning of the above table entries.
0 This attribute MUST NOT be present in packet. 0 This attribute MUST NOT be present in packet.
0+ Zero or more instances of this attribute MAY be present in packet. 0+ Zero or more instances of this attribute MAY be present in packet.
6. Security Considerations 6. Security Considerations
This document does not introduce any security issue than what has This document does not introduce any security issue other than the
been identified in [RFC2865]. ones already identified in RADIUS [RFC2865].
7. IANA Considerations 7. IANA Considerations
This document requires new code point assignments for both IPFIX This document requires new code point assignments for both IPFIX
Elements and RADIUS attributes as explained in the following Information Elements and RADIUS attributes as explained in the
sections. following sub-sections.
7.1. IANA Considerations on New IPFIX Elements 7.1. IANA Considerations on New IPFIX Information Elements
The following are code point assignments for new IPFIX Elements as The following are code point assignments for new IPFIX Information
requested by this document: Elements as requested by this document:
o transportType (refer to Section 3.2.1): The identifier of this o transportType (refer to Section 3.2.1): The identifier of this
IPFIX Element is TBAx1. The data type of this IPFIX Element is IPFIX Information Element is TBAx1. The data type of this IPFIX
unsigned8, and the Element's value indicates TCP/UDP ports and Information Element is unsigned8, and the Element's value
ICMP Identifiers (1), TCP/UDP ports (2), TCP ports (3), UDP ports indicates TCP/UDP ports and ICMP Identifiers (1), TCP/UDP ports
(4) or ICMP identifiers (5). (2), TCP ports (3), UDP ports (4) or ICMP identifiers (5).
o natTransportLimit (refer to Section 3.2.2): The identifier of this o natTransportLimit (refer to Section 3.2.2): The identifier of this
IPFIX Element is TBAx2. The data type of this IPFIX Element is IPFIX Information Element is TBAx2. The data type of this IPFIX
unsigned16, and the Element's value is the max number of IP Information Element is unsigned16, and the Element's value is the
transport ports to be assigned to an end user associated with one max number of IP transport ports to be assigned to an end user
or more IPv4 addresses. associated with one or more IPv4 addresses.
o localID (refer to Section 3.2.11): The identifier of this IPFIX o localID (refer to Section 3.2.11): The identifier of this IPFIX
Element is TBAx3. The data type of this IPFIX Element is string, Information Element is TBAx3. The data type of this IPFIX
and the Element's value is an IPv4 or IPv6 address, a MAC address, Information Element is string, and the Element's value is an IPv4
a VLAN ID, etc. or IPv6 address, a MAC address, a VLAN ID, etc.
7.2. IANA Considerations on New RADIUS Attributes 7.2. IANA Considerations on New RADIUS Attributes
The following are new code point assignment for RADIUS extensions as The authors request that Attribute Types and Attribute Values defined
requested by this document: in this document be registered by the Internet Assigned Numbers
Authority (IANA) from the RADIUS namespaces as described in the "IANA
o TBA1: This value is allocated from Radius Extended-Type space. Considerations" section of [RFC3575], in accordance with BCP 26
Refer to Section 3.1.1, Section 3.1.2, and Section 3.1.3. [RFC5226]. For RADIUS packets, attributes and registries created by
this document IANA is requested to place them at
o TBA2: This is allocated from TBA1, so TBA1.TBA2 identifies a new http://www.iana.org/assignments/radius-types.
RADIUS attribute IP-Port-Limit. Refer to Section 3.1.1.
o TBA3: This is allocated from TBA1, so TBA1.TBA3 indentifies a new
RADIUS attribute IP-Port-Range. Refer to Section 3.1.2.
o TBA4: This is allocated from TBA1, so TBA1.TBA4 indentifies a new
RADISU attribute IP-Port-Forwarding-Map. Refer to Section 3.1.3.
o TBA5 (refer to Section 3.2.1): This is for the Type field of IP-
Port-Type TLV. It should be allocated as TLV data type. The
Value filed of this TLV contains the data of IPFIX Element
transportType (TBAx1).
o TBA6 (refer to Section 3.2.2): This is for the Type field of IP-
Port-Limit TLV. It should be allocated as TLV data type. The
Value field of this TLV contains the data of IPFIX Element
natTransportLimit(TBAx2).
o TBA7 (refer to Section 3.2.3): This is for the Type field of IP- In particular, this document defines three new RADIUS attributes,
Port-Ext-IPv4-Addr TLV. It should be allocated as TLV data type. entitled "IP-Port-Limit" (see Section 3.1.1), "IP-Port-Range" (see
The Value field of this TLV contains the data of IPFIX Element Section 3.1.2) and "IP-Port-Forwarding-Map" (see Section 3.1.3), with
postNATSourceIPv4Address(225). assigned values of 241.TBD2, 241.TBD3 and 241.TBD4 from the Short
Extended Space of [RFC6929]:
o TBA8 (refer to Section 3.2.4): This is for the Type field of IP- Type Name Meaning
Port-Int-IPv4-Addr TLV. It should be allocated as TLV data type. ---- ---- -------
The Value field of this TLV contains the data of IPFIX Element 241.TBD2 IP-Port-Limit see Section 3.1.1
sourceIPv4Address(8). 241.TBD3 IP-Port-Range see Section 3.1.2
241.TBD4 IP-Port-Forwarding-Map see Section 3.1.3
o TBA9 (refer to Section 3.2.5): This is for the Type field of IP- 7.3. IANA Considerations on New RADIUS Nested Attributes
Port-Int-IPv6-Addr TLV. It should be allocated as TLV data type.
The Value field of this TLV contains the data of IPFIX Element
sourceIPv6Address(27).
o TBA10 (refer to Section 3.2.6): This is for the Type field of IP- This specification requests allocation of the following TLVs within
Port-Int-Port TLV. It should be allocated as TLV data type. The the attribute IP-Port-Limit 241.TBD2:
Value field of this TLV containss the data of IPFIX Element
sourceTransportPort(7).
o TBA11 (refer to Section 3.2.7): This is for the Type field of IP- Type Name Meaning
Port-Ext-port TLV. It should be allocated as TLV data type. The ---- ---- -------
Value field of this TLV contains the data of IPFIX Element 241.TBD2.1 IP-Port-Type see Section 3.2.1
postNAPTSourceTransportPort(227). 241.TBD2.2 IP-Port-Limit see Section 3.2.2
241.TBD2.3 IP-Port-Ext-IPv4-Addr see Section 3.2.3
o TBA12 (refer to Section 3.2.8): This is for the Type field of IP- This specification requests allocation of the following TLVs within
Port-Alloc TLV. It should be allocated as TLV data type. The the attribute IP-Port-Range 241.TBD3:
Value field of this TLV contains the data of IPFIX Element
natEvent(230).
o TBA13 (refer to Section 3.2.9): This is for the Type field of IP- Type Name Meaning
Port-Range-Start TLV. It should be allocated as TLV data type. ---- ---- -------
The Value field of this TLV contains the data of IPFIX Element 241.TBD3.1 IP-Port-Type see Section 3.2.1
portRangeStart(361). 241.TBD3.2 IP-Port-Ext-IPv4-Addr see Section 3.2.3
241.TBD3.3 IP-Port-Alloc see Section 3.2.8
241.TBD3.4 IP-Port-Range-Start see Section 3.2.9
241.TBD3.5 IP-Port-Range-End see Section 3.2.10
o TBA14 (refer to Section 3.2.10): This is for the Type field of IP- This specification requests allocation of the following TLVs within
Port-Range-End TLV. It should be allocated as TLV data type. The the attribute IP-Port-Forwarding-Map 241.TBD4:
Value field of this TLV contains the data of IPFIX Element
portRangeEnd(362).
o TBA15 (refer to Section 3.2.11): This is for the Type field of IP- Type Name Meaning
Port-Local-Id TLV. It should be allocated as TLV data type. The ---- ---- -------
Value field of this TLV contains the data of IPFIX Element 241.TBD4.1 IP-Port-Type see Section 3.2.1
localID(TBAx3). 241.TBD4.2 IP-Port-Ext-IPv4-Addr see Section 3.2.3
241.TBD4.3 IP-Port-Int-IPv4-Addr see Section 3.2.4
241.TBD4.4 IP-Port-Int-IPv6-Addr see Section 3.2.5
241.TBD4.5 IP-Port-Int-Port see Section 3.2.6
241.TBD4.6 IP-Port-Ext-Port see Section 3.2.7
241.TBD4.7 IP-Port-Local-Id see Section 3.2.11
8. Acknowledgements 8. Acknowledgements
Many thanks to Dan Wing, Roberta Maglione, Daniel Derksen, David Many thanks to Dan Wing, Roberta Maglione, Daniel Derksen, David
Thaler, Alan Dekok, Lionel Morand, and Peter Deacon for their useful Thaler, Alan Dekok, Lionel Morand, and Peter Deacon for their useful
comments and suggestions. comments and suggestions.
Special thanks to Lionel Morand for the Shepherd review.
9. References 9. References
9.1. Normative References 9.1. Normative References
[IPFIX] IANA, "IP Flow Information Export (IPFIX) Entities", [IPFIX] IANA, "IP Flow Information Export (IPFIX) Entities",
<http://www.iana.org/assignments/ipfix/ipfix.xhtml>. <http://www.iana.org/assignments/ipfix/ipfix.xhtml>.
[RFC1918] Rekhter, Y., Moskowitz, B., Karrenberg, D., de Groot, G.,
and E. Lear, "Address Allocation for Private Internets",
BCP 5, RFC 1918, DOI 10.17487/RFC1918, February 1996,
<http://www.rfc-editor.org/info/rfc1918>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<http://www.rfc-editor.org/info/rfc2119>. <http://www.rfc-editor.org/info/rfc2119>.
[RFC2629] Rose, M., "Writing I-Ds and RFCs using XML", RFC 2629,
DOI 10.17487/RFC2629, June 1999,
<http://www.rfc-editor.org/info/rfc2629>.
[RFC2865] Rigney, C., Willens, S., Rubens, A., and W. Simpson, [RFC2865] Rigney, C., Willens, S., Rubens, A., and W. Simpson,
"Remote Authentication Dial In User Service (RADIUS)", "Remote Authentication Dial In User Service (RADIUS)",
RFC 2865, DOI 10.17487/RFC2865, June 2000, RFC 2865, DOI 10.17487/RFC2865, June 2000,
<http://www.rfc-editor.org/info/rfc2865>. <http://www.rfc-editor.org/info/rfc2865>.
[RFC5176] Chiba, M., Dommety, G., Eklund, M., Mitton, D., and B. [RFC3575] Aboba, B., "IANA Considerations for RADIUS (Remote
Aboba, "Dynamic Authorization Extensions to Remote Authentication Dial In User Service)", RFC 3575,
Authentication Dial In User Service (RADIUS)", RFC 5176, DOI 10.17487/RFC3575, July 2003,
DOI 10.17487/RFC5176, January 2008, <http://www.rfc-editor.org/info/rfc3575>.
<http://www.rfc-editor.org/info/rfc5176>.
[RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an
IANA Considerations Section in RFCs", BCP 26, RFC 5226,
DOI 10.17487/RFC5226, May 2008,
<http://www.rfc-editor.org/info/rfc5226>.
[RFC6929] DeKok, A. and A. Lior, "Remote Authentication Dial In User [RFC6929] DeKok, A. and A. Lior, "Remote Authentication Dial In User
Service (RADIUS) Protocol Extensions", RFC 6929, Service (RADIUS) Protocol Extensions", RFC 6929,
DOI 10.17487/RFC6929, April 2013, DOI 10.17487/RFC6929, April 2013,
<http://www.rfc-editor.org/info/rfc6929>. <http://www.rfc-editor.org/info/rfc6929>.
[RFC7012] Claise, B., Ed. and B. Trammell, Ed., "Information Model [RFC7012] Claise, B., Ed. and B. Trammell, Ed., "Information Model
for IP Flow Information Export (IPFIX)", RFC 7012, for IP Flow Information Export (IPFIX)", RFC 7012,
DOI 10.17487/RFC7012, September 2013, DOI 10.17487/RFC7012, September 2013,
<http://www.rfc-editor.org/info/rfc7012>. <http://www.rfc-editor.org/info/rfc7012>.
[TR-146] Broadband Forum, "TR-146: Subscriber Sessions",
<http://www.broadband-forum.org/technical/download/
TR-146.pdf>.
9.2. Informative References 9.2. Informative References
[I-D.gundavelli-v6ops-community-wifi-svcs] [I-D.gundavelli-v6ops-community-wifi-svcs]
Gundavelli, S., Grayson, M., Seite, P., and Y. Lee, Gundavelli, S., Grayson, M., Seite, P., and Y. Lee,
"Service Provider Wi-Fi Services Over Residential "Service Provider Wi-Fi Services Over Residential
Architectures", draft-gundavelli-v6ops-community-wifi- Architectures", draft-gundavelli-v6ops-community-wifi-
svcs-06 (work in progress), April 2013. svcs-06 (work in progress), April 2013.
[I-D.ietf-softwire-lw4over6]
Cui, Y., Qiong, Q., Boucadair, M., Tsou, T., Lee, Y., and
I. Farrer, "Lightweight 4over6: An Extension to the DS-
Lite Architecture", draft-ietf-softwire-lw4over6-13 (work
in progress), November 2014.
[RFC3022] Srisuresh, P. and K. Egevang, "Traditional IP Network [RFC3022] Srisuresh, P. and K. Egevang, "Traditional IP Network
Address Translator (Traditional NAT)", RFC 3022, Address Translator (Traditional NAT)", RFC 3022,
DOI 10.17487/RFC3022, January 2001, DOI 10.17487/RFC3022, January 2001,
<http://www.rfc-editor.org/info/rfc3022>. <http://www.rfc-editor.org/info/rfc3022>.
[RFC5176] Chiba, M., Dommety, G., Eklund, M., Mitton, D., and B.
Aboba, "Dynamic Authorization Extensions to Remote
Authentication Dial In User Service (RADIUS)", RFC 5176,
DOI 10.17487/RFC5176, January 2008,
<http://www.rfc-editor.org/info/rfc5176>.
[RFC6146] Bagnulo, M., Matthews, P., and I. van Beijnum, "Stateful [RFC6146] Bagnulo, M., Matthews, P., and I. van Beijnum, "Stateful
NAT64: Network Address and Protocol Translation from IPv6 NAT64: Network Address and Protocol Translation from IPv6
Clients to IPv4 Servers", RFC 6146, DOI 10.17487/RFC6146, Clients to IPv4 Servers", RFC 6146, DOI 10.17487/RFC6146,
April 2011, <http://www.rfc-editor.org/info/rfc6146>. April 2011, <http://www.rfc-editor.org/info/rfc6146>.
[RFC6269] Ford, M., Ed., Boucadair, M., Durand, A., Levis, P., and [RFC6269] Ford, M., Ed., Boucadair, M., Durand, A., Levis, P., and
P. Roberts, "Issues with IP Address Sharing", RFC 6269, P. Roberts, "Issues with IP Address Sharing", RFC 6269,
DOI 10.17487/RFC6269, June 2011, DOI 10.17487/RFC6269, June 2011,
<http://www.rfc-editor.org/info/rfc6269>. <http://www.rfc-editor.org/info/rfc6269>.
skipping to change at page 35, line 41 skipping to change at page 36, line 21
A., and H. Ashida, "Common Requirements for Carrier-Grade A., and H. Ashida, "Common Requirements for Carrier-Grade
NATs (CGNs)", BCP 127, RFC 6888, DOI 10.17487/RFC6888, NATs (CGNs)", BCP 127, RFC 6888, DOI 10.17487/RFC6888,
April 2013, <http://www.rfc-editor.org/info/rfc6888>. April 2013, <http://www.rfc-editor.org/info/rfc6888>.
[RFC6967] Boucadair, M., Touch, J., Levis, P., and R. Penno, [RFC6967] Boucadair, M., Touch, J., Levis, P., and R. Penno,
"Analysis of Potential Solutions for Revealing a Host "Analysis of Potential Solutions for Revealing a Host
Identifier (HOST_ID) in Shared Address Deployments", Identifier (HOST_ID) in Shared Address Deployments",
RFC 6967, DOI 10.17487/RFC6967, June 2013, RFC 6967, DOI 10.17487/RFC6967, June 2013,
<http://www.rfc-editor.org/info/rfc6967>. <http://www.rfc-editor.org/info/rfc6967>.
[RFC7596] Cui, Y., Sun, Q., Boucadair, M., Tsou, T., Lee, Y., and I.
Farrer, "Lightweight 4over6: An Extension to the Dual-
Stack Lite Architecture", RFC 7596, DOI 10.17487/RFC7596,
July 2015, <http://www.rfc-editor.org/info/rfc7596>.
[TR-146] Broadband Forum, "TR-146: Subscriber Sessions",
<http://www.broadband-forum.org/technical/download/
TR-146.pdf>.
Authors' Addresses Authors' Addresses
Dean Cheng Dean Cheng
Huawei Huawei
2330 Central Expressway 2330 Central Expressway
Santa Clara, California 95050 Santa Clara, California 95050
USA USA
Email: dean.cheng@huawei.com Email: dean.cheng@huawei.com
Jouni Korhonen Jouni Korhonen
Broadcom Corporation Broadcom Corporation
3151 Zanker Road 3151 Zanker Road
San Jose 95134 San Jose 95134
USA USA
Email: jouni.nospam@gmail.com Email: jouni.nospam@gmail.com
Mohamed Boucadair Mohamed Boucadair
France Telecom Orange
Rennes Rennes
France France
Email: mohamed.boucadair@orange.com Email: mohamed.boucadair@orange.com
Senthil Sivakumar Senthil Sivakumar
Cisco Systems Cisco Systems
7100-8 Kit Creek Road 7100-8 Kit Creek Road
Research Triangle Park, North Carolina Research Triangle Park, North Carolina
USA USA
 End of changes. 129 change blocks. 
381 lines changed or deleted 412 lines changed or added

This html diff was produced by rfcdiff 1.44. The latest version is available from http://tools.ietf.org/tools/rfcdiff/