draft-ietf-radext-ip-port-radius-ext-11.txt   draft-ietf-radext-ip-port-radius-ext-12.txt 
Network Working Group D. Cheng Network Working Group D. Cheng
Internet-Draft Huawei Internet-Draft Huawei
Intended status: Standards Track J. Korhonen Intended status: Standards Track J. Korhonen
Expires: February 11, 2017 Broadcom Corporation Expires: April 1, 2017 Broadcom Corporation
M. Boucadair M. Boucadair
Orange Orange
S. Sivakumar S. Sivakumar
Cisco Systems Cisco Systems
August 10, 2016 September 28, 2016
RADIUS Extensions for IP Port Configuration and Reporting RADIUS Extensions for IP Port Configuration and Reporting
draft-ietf-radext-ip-port-radius-ext-11 draft-ietf-radext-ip-port-radius-ext-12
Abstract Abstract
This document defines three new RADIUS attributes. For devices that This document defines three new RADIUS attributes. For devices that
implement IP port ranges, these attributes are used to communicate implement IP port ranges, these attributes are used to communicate
with a RADIUS server in order to configure and report TCP/UDP ports with a RADIUS server in order to configure and report IP transport
and ICMP identifiers, as well as mapping behavior for specific hosts. ports, as well as mapping behavior for specific hosts. This
This mechanism can be used in various deployment scenarios such as mechanism can be used in various deployment scenarios such as
Carrier-Grade NAT, IPv4/IPv6 translators, Provider WLAN Gateway, etc. Carrier-Grade NAT, IPv4/IPv6 translators, Provider WLAN Gateway, etc.
Requirements Language Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119]. document are to be interpreted as described in RFC 2119 [RFC2119].
Status of This Memo Status of This Memo
skipping to change at page 1, line 46 skipping to change at page 1, line 46
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on February 11, 2017. This Internet-Draft will expire on April 1, 2017.
Copyright Notice Copyright Notice
Copyright (c) 2016 IETF Trust and the persons identified as the Copyright (c) 2016 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 51 skipping to change at page 2, line 51
4. Applications, Use Cases and Examples . . . . . . . . . . . . 23 4. Applications, Use Cases and Examples . . . . . . . . . . . . 23
4.1. Managing CGN Port Behavior using RADIUS . . . . . . . . . 23 4.1. Managing CGN Port Behavior using RADIUS . . . . . . . . . 23
4.1.1. Configure IP Port Limit for a User . . . . . . . . . 24 4.1.1. Configure IP Port Limit for a User . . . . . . . . . 24
4.1.2. Report IP Port Allocation/Deallocation . . . . . . . 26 4.1.2. Report IP Port Allocation/Deallocation . . . . . . . 26
4.1.3. Configure Forwarding Port Mapping . . . . . . . . . . 27 4.1.3. Configure Forwarding Port Mapping . . . . . . . . . . 27
4.1.4. An Example . . . . . . . . . . . . . . . . . . . . . 29 4.1.4. An Example . . . . . . . . . . . . . . . . . . . . . 29
4.2. Report Assigned Port Set for a Visiting UE . . . . . . . 30 4.2. Report Assigned Port Set for a Visiting UE . . . . . . . 30
5. Table of Attributes . . . . . . . . . . . . . . . . . . . . . 31 5. Table of Attributes . . . . . . . . . . . . . . . . . . . . . 31
6. Security Considerations . . . . . . . . . . . . . . . . . . . 32 6. Security Considerations . . . . . . . . . . . . . . . . . . . 32
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 32 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 32
7.1. IANA Considerations on New IPFIX Information Elements . . 33 7.1. IANA Considerations on New IPFIX Information
Elements . . . . . . . . . . . . . . . . . . . . . . . . 33
7.2. IANA Considerations on New RADIUS Attributes . . . . . . 33 7.2. IANA Considerations on New RADIUS Attributes . . . . . . 33
7.3. IANA Considerations on New RADIUS TLVs . . . . . . . . . 34 7.3. IANA Considerations on New RADIUS TLVs . . . . . . . . . 34
8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 34 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 34
9. References . . . . . . . . . . . . . . . . . . . . . . . . . 34 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 34
9.1. Normative References . . . . . . . . . . . . . . . . . . 34 9.1. Normative References . . . . . . . . . . . . . . . . . . 34
9.2. Informative References . . . . . . . . . . . . . . . . . 35 9.2. Informative References . . . . . . . . . . . . . . . . . 35
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 36 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 37
1. Introduction 1. Introduction
In a broadband network, customer information is usually stored on a In a broadband network, customer information is usually stored on a
RADIUS server [RFC2865]. At the time when a user initiates an IP RADIUS server [RFC2865]. At the time when a user initiates an IP
connection request, if this request is authorized, the RADIUS server connection request, if this request is authorized, the RADIUS server
will populate the user's configuration information to the Network will populate the user's configuration information to the Network
Access Server (NAS), which is often referred to as a Broadband Access Server (NAS), which is often referred to as a Broadband
Network Gateway (BNG) in broadband access networks. The Carrier- Network Gateway (BNG) in broadband access networks. The Carrier-
Grade NAT (CGN) function may also be implemented on the BNG. Within Grade NAT (CGN) function may also be implemented on the BNG. Within
this document, the CGN may perform NAT44 [RFC3022], NAT64 [RFC6146], this document, the CGN may perform NAT44 [RFC3022], NAT64 [RFC6146],
or Dual-Stack Lite AFTR [RFC6333] function. In such case, the CGN or Dual-Stack Lite AFTR [RFC6333] function. In such case, the CGN IP
TCP/UDP port (or ICMP identifier) mapping(s) behavior(s) can be part transport port (e.g., TCP/UDP port) mapping(s) behavior(s) can be
of the configuration information sent from the RADIUS server to the part of the configuration information sent from the RADIUS server to
NAS/BNG. The NAS/BNG may also report to the RADIUS Server the port/ the NAS/BNG. The NAS/BNG may also report to the RADIUS Server the
identifier mapping behavior applied by the CGN to a user session to port/identifier mapping behavior applied by the CGN to a user session
the RADIUS server, as part of the accounting information sent from to the RADIUS server, as part of the accounting information sent from
the NAS/BNG to a RADIUS server. the NAS/BNG to a RADIUS server.
When IP packets traverse the CGN, it performs TCP/UDP source port When IP packets traverse the CGN, it performs mapping on the IP
mapping or ICMP identifier mapping as required. A TCP/ UDP source transport (e.g., TCP/UDP) source port as required. An IP transport
port or ICMP identifier, along with source IP address, destination IP source port, along with source IP address, destination IP address,
address, destination port and protocol identifier if applicable, destination port and protocol identifier if applicable, uniquely
uniquely identify a session. Since the number space of TCP/UDP ports identify a session. Since the number space of IP transport ports in
and ICMP identifiers in CGN's external realm is shared among multiple CGN's external realm is shared among multiple users assigned with the
users assigned with the same IPv4 address, the total number of a same IPv4 address, the total number of a user's simultaneous IP
user's simultaneous IP sessions is likely to be subject to port quota sessions is likely to be subject to port quota (see Section 5 of
(see Section 5 of [RFC6269]). [RFC6269]).
The attributes defined in this document may also be used to report The attributes defined in this document may also be used to report
the assigned port range in some deployments such as Provider WLAN the assigned port range in some deployments such as Provider WLAN
[I-D.gundavelli-v6ops-community-wifi-svcs]. For example, a visiting [I-D.gundavelli-v6ops-community-wifi-svcs]. For example, a visiting
host can be managed by a CPE (Customer Premises Equipment ) which host can be managed by a CPE (Customer Premises Equipment ) which
will need to report the assigned port range to the service platform. will need to report the assigned port range to the service platform.
This is required for identification purposes (see TR-146 [TR-146] for This is required for identification purposes (see TR-146 [TR-146] for
more details). more details).
This document proposes three new attributes as RADIUS protocol's This document proposes three new attributes as RADIUS protocol's
extensions, and they are used for separate purposes as follows: extensions, and they are used for separate purposes as follows:
1. IP-Port-Limit-Info: This attribute may be carried in RADIUS 1. IP-Port-Limit-Info: This attribute may be carried in RADIUS
Access-Accept, Access-Request, Accounting-Request or CoA-Request Access-Accept, Access-Request, Accounting-Request or CoA-Request
packet. The purpose of this attribute is to limit the total packet. The purpose of this attribute is to limit the total
number of TCP/UDP ports and/or ICMP identifiers allocated to a number of IP source transport ports allocated to a user,
user, associated with one or more IPv4 addresses. associated with one or more IPv4 or IPv6 addresses.
2. IP-Port-Range: This attribute may be carried in RADIUS 2. IP-Port-Range: This attribute may be carried in RADIUS
Accounting-Request packet. The purpose of this attribute is to Accounting-Request packet. The purpose of this attribute is to
report by an address sharing device (e.g., a CGN) to the RADIUS report by an address sharing device (e.g., a CGN) to the RADIUS
server the range of TCP/UDP ports and/or ICMP identifiers that server the range of IP source transport ports that have been
have been allocated or deallocated associated with a given IPv4 allocated or deallocated associated with a given IPv4/IPv6
address for a user. address for a user.
3. IP-Port-Forwarding-Map: This attribute may be carried in RADIUS 3. IP-Port-Forwarding-Map: This attribute may be carried in RADIUS
Access-Accept, Access-Request, Accounting-Request or CoA-Request Access-Accept, Access-Request, Accounting-Request or CoA-Request
packet. The purpose of this attribute is to specify how an IPv4 packet. The purpose of this attribute is to specify how an IP
address and a TCP/ UDP port (or an ICMP identifier) is mapped to internal source transport port together with its internal IPv4 or
another IPv4 address and a TCP/UDP port (or an ICMP identifier). IPv6 address are mapped to an external source transport port
along with the external IPv4 address.
IPFIX Information Elements [RFC7012] can be used for IP flow IPFIX Information Elements [RFC7012] can be used for IP flow
identification and representation over RADIUS. This document identification and representation over RADIUS. This document
provides a mapping between RADIUS TLV and IPFIX Information Element provides a mapping between some RADIUS TLV and IPFIX Information
Identifiers. As a consequence, new IPFIX Information Elements are Element Identifiers. A new IPFIX Information Element is defined by
defined by this document (see Section 3). this document (see Section 3.2.2).
IP protocol numbers (refer to [ProtocolNumbers]) can be used for
identification of IP transport protocols (e.g., TCP/UDP, DCCP and
SCTP) that are associated with some RADIUS attributes.
2. Terminology 2. Terminology
This document makes use of the following terms: This document makes use of the following terms:
o IP Port: refers to the port numbers of IP transport protocols, o IP Port: refers to IP transport port.
including TCP port, UDP port and ICMP identifier.
o IP Port Type: refers to one of the following: (1) TCP/UDP port and o IP Port Type: refers to the IP transport protocol as indicated by
ICMP identifier, (2) TCP port and UDP port, (3) TCP port, (4) UDP the IP transport protocol number, refer to (refer to
port, or (5) ICMP identifier. [ProtocolNumbers])
o IP Port Limit: denotes the maximum number of IP ports for a o IP Port Limit: denotes the maximum number of IP ports for a
specific IP port type, that a device supporting port ranges can specific IP port type, that a device supporting port ranges can
use when performing port number mapping for a specific user. use when performing port number mapping for a specific user.
Note, this limit is usually associated with one or more IPv4 Note, this limit is usually associated with one or more IPv4/IPv6
addresses. addresses.
o IP Port Range: specifies a set of contiguous IP ports, indicated o IP Port Range: specifies a set of contiguous IP ports, indicated
by the lowest numerical number and the highest numerical number, by the lowest numerical number and the highest numerical number,
inclusively. inclusively.
o Internal IP Address: refers to the IP address that is used as a o Internal IP Address: refers to the IP address that is used as a
source IP address in an outbound IP packet sent towards a device source IP address in an outbound IP packet sent towards a device
supporting port ranges in the internal realm. supporting port ranges in the internal realm.
o External IP Address: refers to the IP address that is used as a o External IP Address: refers to the IP address that is used as a
source IP address in an outbound IP packet after traversing a source IP address in an outbound IP packet after traversing a
device supporting port ranges in the external realm. device supporting port ranges in the external realm.
o Internal Port: is a UDP or TCP port, or an ICMP identifier, which o Internal Port: is an IP transport port, which is allocated by a
is allocated by a host or application behind a device supporting host or application behind a device supporting port ranges for an
port ranges for an outbound IP packet in the internal realm. outbound IP packet in the internal realm.
o External Port: is a UDP or TCP port, or an ICMP identifier, which o External Port: is an IP transport port, which is allocated by a
is allocated by a device supporting port ranges upon receiving an device supporting port ranges upon receiving an outbound IP packet
outbound IP packet in the internal realm, and is used to replace in the internal realm, and is used to replace the internal port
the internal port that is allocated by a user or application. that is allocated by a user or application.
o External realm: refers to the networking segment where external IP o External realm: refers to the networking segment where external IP
addresses are used as source addresses of outbound packets addresses are used as source addresses of outbound packets
forwarded by a device supporting port ranges. forwarded by a device supporting port ranges.
o Internal realm: refers to the networking segment that is behind a o Internal realm: refers to the networking segment that is behind a
device supporting port ranges and where internal IP addresses are device supporting port ranges and where internal IP addresses are
used. used.
o Mapping: associates with a device supporting port ranges for a o Mapping: associates with a device supporting port ranges for a
relationship between an internal IP address, internal port and the relationship between an internal IP address, internal port and the
protocol, and an external IP address, external port, and the protocol, and an external IP address, external port, and the
protocol. protocol.
o Port-based device: a device that is capable of providing IP o Port-based device: a device that is capable of providing IP
address and IP port mapping services and in particular, with the address and IP transport port mapping services and in particular,
granularity of one or more subsets within the 16-bit IP port with the granularity of one or more subsets within the 16-bit IP
number range. A typical example of this device is a CGN, CPE, transport port number range. A typical example of this device is
Provider WLAN Gateway, etc. a CGN, CPE, Provider WLAN Gateway, etc.
Note that the definitions of "internal IP address", "internal port",
"internal realm", "external IP address", "external port", "external
realm", and "mapping" are the same as defined in Port Control
Protocol (PCP) [RFC6887], and the Common Requirements for Carrier-
Grade NATs (CGNs) [RFC6888].
3. Extensions of RADIUS Attributes and TLVs 3. Extensions of RADIUS Attributes and TLVs
These three new attributes are defined in the following sub-sections: These three new attributes are defined in the following sub-sections:
1. IP-Port-Limit-Info Attribute 1. IP-Port-Limit-Info Attribute
2. IP-Port-Range Attribute 2. IP-Port-Range Attribute
3. IP-Port-Forwarding-Map Attribute 3. IP-Port-Forwarding-Map Attribute
All these attributes are allocated from the RADIUS "Extended Type" All these attributes are allocated from the RADIUS "Extended Type"
code space per [RFC6929]. code space per [RFC6929].
These attributes and their embedded TLVs (refer to Section 3.2) are These attributes and their embedded TLVs (refer to Section 3.2) are
defined with globally unique names and follow the guideline in defined with globally unique names and follow the guideline in
Section 2.7.1 of [RFC6929]. Section 2.7.1 of [RFC6929].
In all the figures describing the RADIUS attributes and TLV formats In all the figures describing the RADIUS attributes and TLV formats
in the following sub-sections, the fields are transmitted from left in the following sub-sections, the fields are transmitted from left
to right. to right.
skipping to change at page 6, line 20 skipping to change at page 6, line 22
In all the figures describing the RADIUS attributes and TLV formats In all the figures describing the RADIUS attributes and TLV formats
in the following sub-sections, the fields are transmitted from left in the following sub-sections, the fields are transmitted from left
to right. to right.
3.1. Extended Attributes for IP Ports 3.1. Extended Attributes for IP Ports
3.1.1. IP-Port-Limit-Info Attribute 3.1.1. IP-Port-Limit-Info Attribute
This attribute is of type "TLV" as defined in the RADIUS Protocol This attribute is of type "TLV" as defined in the RADIUS Protocol
Extensions [RFC6929]. It contains the following sub-attributes: Extensions [RFC6929]. It contains some sub-attributes and the
requirement is as follows:
o an IP-Port-Type TLV (see Section 3.2.1), o The IP-Port-Limit-Info Attribute MAY contain the IP-Port-Type TLV
(see Section 3.2.1).
o an IP-Port-Limit TLV (see Section 3.2.2), o The IP-Port-Limit-Info Attribute MUST contain the IP-Port-Limit
TLV (see Section 3.2.2).
o an optional IP-Port-Ext-IPv4-Addr TLV (see Section 3.2.3). o The IP-Port-Limit-Info Attribute MAY contain the IP-Port-Ext-
IPv4-Addr TLV (see Section 3.2.3).
It specifies the maximum number of IP ports as indicated in IP-Port- The IP-Port-Limit-Info Attribute specifies the maximum number of IP
Limit TLV, of a specific port type as indicated in IP-Port-Type TLV, ports as indicated in IP-Port-Limit TLV, of a specific IP transport
and associated with a given IPv4 address as indicated in IP-Port-Ext- protocol as indicated in IP-Port-Type TLV, and associated with a
IPv4-Addr TLV for an end user. given IPv4 address as indicated in IP-Port-Ext-IPv4-Addr TLV for an
end user.
Note that when IP-Port-Ext-IPv4-Addr TLV is not included as part of Note that when IP-Port-Type TLV is not included as part of the IP-
the IP-Port-Limit-Info Attribute, the port limit applies to all the Port-Limit-Info Attribute, the port limit applies to all IP transport
IPv4 addresses managed by the port device, e.g., a CGN or NAT64 protocols.
Note also that when IP-Port-Ext-IPv4-Addr TLV is not included as part
of the IP-Port-Limit-Info Attribute, the port limit applies to all
the IPv4 addresses managed by the port device, e.g., a CGN or NAT64
device. device.
The IP-Port-Limit-Info Attribute MAY appear in an Access-Accept The IP-Port-Limit-Info Attribute MAY appear in an Access-Accept
packet. It MAY also appear in an Access-Request packet as a packet. It MAY also appear in an Access-Request packet as a
preferred maximum number of IP ports indicated by the device preferred maximum number of IP ports indicated by the device
supporting port ranges co-located with the NAS, e.g., a CGN or NAT64. supporting port ranges co-located with the NAS, e.g., a CGN or NAT64.
However, the RADIUS server is not required to honor such a However, the RADIUS server is not required to honor such a
preference. preference.
The IP-Port-Limit-Info Attribute MAY appear in a CoA-Request packet. The IP-Port-Limit-Info Attribute MAY appear in a CoA-Request packet.
skipping to change at page 7, line 39 skipping to change at page 8, line 4
Value Value
This field contains a set of TLVs as follows: This field contains a set of TLVs as follows:
IP-Port-Type TLV IP-Port-Type TLV
This TLV contains a value that indicates the IP port type. This TLV contains a value that indicates the IP port type.
Refer to Section 3.2.1. Refer to Section 3.2.1.
IP-Port-Limit TLV IP-Port-Limit TLV
This TLV contains the maximum number of IP ports of a specific This TLV contains the maximum number of IP ports of a specific
IP port type and associated with a given IPv4 address for an IP port type and associated with a given IPv4 address for an
end user. This TLV must be included in the IP-Port-Limit-Info end user. This TLV MUST be included in the IP-Port-Limit-Info
Attribute. Refer to Section 3.2.2. Attribute. Refer to Section 3.2.2.
IP-Port-Ext-IPv4-Addr TLV IP-Port-Ext-IPv4-Addr TLV
This TLV contains the IPv4 address that is associated with the This TLV contains the IPv4 address that is associated with the
IP port limit contained in the IP-Port-Limit TLV. This TLV is IP port limit contained in the IP-Port-Limit TLV. This TLV is
optionally included as part of the IP-Port-Limit-Info optionally included as part of the IP-Port-Limit-Info
Attribute. Refer to Section 3.2.3. Attribute. Refer to Section 3.2.3.
IP-Port-Limit-Info Attribute is associated with the following IP-Port-Limit-Info Attribute is associated with the following
identifier: 241.Extended-Type(TBD1). identifier: 241.Extended-Type(TBD1).
3.1.2. IP-Port-Range Attribute 3.1.2. IP-Port-Range Attribute
This attribute is of type "TLV" as defined in the RADIUS Protocol This attribute is of type "TLV" as defined in the RADIUS Protocol
Extensions [RFC6929]. It contains the following sub-attributes: Extensions [RFC6929]. It contains some sub-attributes and the
requirement is as follows:
o an IP-Port-Type TLV (see Section 3.2.1), o The IP-Port-Range Attribute MAY contain the IP-Port-Type TLV (see
Section 3.2.1).
o an IP-Port-Range-Start TLV (see Section 3.2.9), o The IP-Port-Range Attribute MUST contain the IP-Port-Alloc TLV
(see Section 3.2.8).
o an IP-Port-Range-End TLV (see Section 3.2.10), o For port allocation, the IP-Port-Range Attribute MUST contain both
the IP-Port-Range-Start TLV (see Section 3.2.9) and the IP-Port-
Range-END TLV (see Section 3.2.10). For port deallocation, the
IP-Port-Range Attribute MAY contain both of these two TLVs; if the
two TLVs are not included, it implies that all ports that are
previously allocated are now all deallocated.
o an IP-Port-Alloc TLV (see Section 3.2.8), o The IP-Port-Range Attribute MAY contain the IP-Port-Ext-IPv4-Addr
TLV (see Section 3.2.3).
o an optional IP-Port-Ext-IPv4-Addr TLV (see Section 3.2.3), o The IP-Port-Range Attribute MAY contain the IP-Port-Local-Id TLV
(see Section 3.2.11).
o an optional IP-Port-Local-Id TLV (see Section 3.2.11). The IP-Port-Range Attribute contains a range of contiguous IP ports.
These ports are either to be allocated or deallocated depending on
the Value carried by the IP-Port-Alloc TLV.
This attribute contains a range of contiguous IP ports of a specific If the IP-Port-Type TLV is included as part of the IP-Port-Range
port type and associated with an IPv4 address that is either Attribute, the port range is associated with the specific IP
allocated or deallocated by a device for a given user, and the transport protocol as specified in the IP-Port-Type TLV, but
information is intended to be sent to RADIUS server. otherwise is for all IP transport protocols.
This attribute can be used to convey a single IP port number; in such If the IP-Port-Ext-IPv4-Addr TLV is included as part of the IP-Port-
case IP-Port-Range-Start and IP-Port-Range-End conveys the same Range Attribute, the port range as specified is associated with IPv4
value. address as indicated, but otherwise is for all IPv4 addresses by the
port device (e.g., a CGN device) for the end user.
Within an IP-Port-Range Attribute, the IP-Port-Alloc TLV is always This attribute can be used to convey a single IP transport port
included. For port allocation, both IP-Port-Range-Start TLV and IP- number; in such case the Value of the IP-Port-Range-Start TLV and the
Port-Range-End TLV must be included; for port deallocation, the IP-Port-Range-End TLV, respectively, contain the same port number.
inclusion of these two TLVs is optional and if not included, it
implies that all ports that are previously allocated are now The information contained in the IP-Port-Range Attribute is sent to
deallocated. Both IP-Port-Ext-IPv4-Addr TLV and IP-Port-Local-Id TLV RADIUS server.
are optional and if included, they are used by a port device (e.g., a
CGN device) to identify the end user.
The IP-Port-Range Attribute MAY appear in an Accounting-Request The IP-Port-Range Attribute MAY appear in an Accounting-Request
packet. packet.
The IP-Port-Range Attribute MUST NOT appear in any other RADIUS The IP-Port-Range Attribute MUST NOT appear in any other RADIUS
packet. packet.
The format of the IP-Port-Range Attribute is shown in Figure 2. The format of the IP-Port-Range Attribute is shown in Figure 2.
0 1 2 3 0 1 2 3
skipping to change at page 9, line 32 skipping to change at page 10, line 4
Extended-Type Extended-Type
TBD2. TBD2.
Value Value
This field contains a set of TLVs as follows: This field contains a set of TLVs as follows:
IP-Port-Type TLV IP-Port-Type TLV
This TLV contains a value that indicates the IP port type. This TLV contains a value that indicates the IP port type.
Refer to Section 3.2.1. Refer to Section 3.2.1.
IP-Port-Alloc TLV IP-Port-Alloc TLV
This TLV contains a flag to indicate that the range of the This TLV contains a flag to indicate that the range of the
specified IP ports for either allocation or deallocation. This specified IP ports for either allocation or deallocation. This
TLV must be included as part of the IP-Port-Range Attribute. TLV MUST be included as part of the IP-Port-Range Attribute.
Refer to Section 3.2.8. Refer to Section 3.2.8.
IP-Port-Range-Start TLV IP-Port-Range-Start TLV
This TLV contains the smallest port number of a range of This TLV contains the smallest port number of a range of
contiguous IP ports. To report the port allocation, this TLV contiguous IP ports. To report the port allocation, this TLV
must be included together with IP-Port-Range-End TLV as part of MUST be included together with IP-Port-Range-End TLV as part of
the IP-Port-Range Attribute. Refer to Section 3.2.9. the IP-Port-Range Attribute. Refer to Section 3.2.9.
IP-Port-Range-End TLV IP-Port-Range-End TLV
This TLV contains the largest port number of a range of This TLV contains the largest port number of a range of
contiguous IP ports. To report the port allocation, this TLV contiguous IP ports. To report the port allocation, this TLV
must be included together with IP-Port-Range-Start TLV as part MUST be included together with IP-Port-Range-Start TLV as part
of the IP-Port-Range Attribute. Refer to Section 3.2.10. of the IP-Port-Range Attribute. Refer to Section 3.2.10.
IP-Port-Ext-IPv4-Addr TLV IP-Port-Ext-IPv4-Addr TLV
This TLV contains the IPv4 address that is associated with the This TLV contains the IPv4 address that is associated with the
IP port range, as collectively indicated in the IP-Port-Range- IP port range, as collectively indicated in the IP-Port-Range-
Start TLV and the IP-Port-Range-End TLV. This TLV is Start TLV and the IP-Port-Range-End TLV. This TLV is
optionally included as part of the IP-Port-Range Attribute. optionally included as part of the IP-Port-Range Attribute.
Refer to Section 3.2.3. Refer to Section 3.2.3.
IP-Port-Local-Id TLV IP-Port-Local-Id TLV
This TLV contains a local session identifier at the customer This TLV contains a local session identifier at the customer
premise, such as MAC address, interface ID, VLAN ID, PPP premise, such as MAC address, interface ID, VLAN ID, PPP
sessions ID, VRF ID, IPv6 address/prefix, etc. This TLV is sessions ID, VRF ID, IP address/prefix, etc. This TLV is
optionally included as part of the IP-Port-Range Attribute. optionally included as part of the IP-Port-Range Attribute.
Refer to Section 3.2.11. Refer to Section 3.2.11.
The IP-Port-Range attribute is associated with the following The IP-Port-Range attribute is associated with the following
identifier: 241.Extended-Type(TBD2). identifier: 241.Extended-Type(TBD2).
3.1.3. IP-Port-Forwarding-Map Attribute 3.1.3. IP-Port-Forwarding-Map Attribute
This attribute is of type "TLV" as defined in the RADIUS Protocol This attribute is of type "TLV" as defined in the RADIUS Protocol
Extensions [RFC6929]. It contains the following sub-attributes: Extensions [RFC6929]. It contains some sub-attributes and the
requirement is as follows:
o an IP-Port-Type TLV (see Section 3.2.1), o The IP-Port-Forwarding-Map Attribute MAY contain the IP-Port-Type
TLV (see Section 3.2.1).
o an IP-Port-Int-Port TLV (see Section 3.2.6), o The IP-Port-Forwarding-Map Attribute MUST contain both IP-Port-
Int-Port TLV (see Section 3.2.6) and the IP-Port-Ext-Port TLV (see
Section 3.2.7).
o an IP-Port-Ext-Port TLV (see Section 3.2.7), o If the internal realm is with IPv4 address family, the IP-Port-
Forwarding-Map Attribute MUST contain the IP-Port-Int-IPv4-Addr
TLV (see Section 3.2.4); if the internal realm is with IPv6
address family, the IP-Port-Forwarding-Map Attribute MUST contain
the IP-Port-Int-IPv6-Addr TLV (see Section 3.2.5).
o either an IP-Port-Int-IPv4-Addr TLV (see Section 3.2.4) or an IP- o The IP-Port-Forwarding-Map Attribute MAY contain the IP-Port-Ext-
Port-Local-Id TLV (see Section 3.2.11), IPv4-Addr TLV (see Section 3.2.3).
o either an IP-Port-Int-IPv6-Addr TLV (see Section 3.2.5) or an IP- o The IP-Port-Forwarding-Map Attribute MAY contain the IP-Port-
Port-Local-Id TLV (see Section 3.2.11), Local-Id TLV (see Section 3.2.11).
o an IP-Port-Ext-IPv4-Addr TLV (see Section 3.2.3). The attribute contains a 2-byte IP internal port number and a 2-byte
IP external port number. The internal port number is associated with
an internal IPv4 or IPv6 address that MUST always be included. The
external port number is associated with a specific external IPv4
address if included, but otherwise with all external IPv4 addresses
for the end user.
The attribute contains a 2-byte IP internal port number that is If the IP-Port-Type TLV is included as part of the IP-Port-
associated with an internal IPv4 or IPv6 address, or a locally Forwarding-Map Attribute, the port mapping is associated with the
significant identifier at the customer site, and a 2-byte IP external specific IP transport protocol as specified in the IP-Port-Type TLV,
port number that is associated with an external IPv4 address. The but otherwise is for all IP transport protocols.
internal IPv4 or IPv6 address, or the local identifier must be
included; the external IPv4 address may also be included.
The IP-Port-Forwarding-Map Attribute MAY appear in an Access-Accept The IP-Port-Forwarding-Map Attribute MAY appear in an Access-Accept
packet. It MAY also appear in an Access-Request packet to indicate a packet. It MAY also appear in an Access-Request packet to indicate a
preferred port mapping by the device co-located with NAS. However preferred port mapping by the device co-located with NAS. However
the server is not required to honor such a preference. the server is not required to honor such a preference.
The IP-Port-Forwarding-Map Attribute MAY appear in a CoA-Request The IP-Port-Forwarding-Map Attribute MAY appear in a CoA-Request
packet. packet.
The IP-Port-Forwarding-Map Attribute MAY also appear in an The IP-Port-Forwarding-Map Attribute MAY also appear in an
skipping to change at page 12, line 4 skipping to change at page 12, line 32
Extended-Type Extended-Type
TBD3. TBD3.
Value Value
This field contains a set of TLVs as follows: This field contains a set of TLVs as follows:
IP-Port-Type TLV IP-Port-Type TLV
This TLV contains a value that indicates the IP port type. This TLV contains a value that indicates the IP port type.
Refer to Section 3.2.1. Refer to Section 3.2.1.
IP-Port-Int-Port TLV IP-Port-Int-Port TLV
This TLV contains an internal IP port number associated with an This TLV contains an internal IP port number associated with an
internal IPv4 or IPv6 address. This TLV must be included internal IPv4 or IPv6 address. This TLV MUST be included
together with IP-Port-Ext-Port TLV as part of the IP-Port- together with IP-Port-Ext-Port TLV as part of the IP-Port-
Forwarding-Map attribute. Refer to Section 3.2.6. Forwarding-Map attribute. Refer to Section 3.2.6.
IP-Port-Ext-Port TLV IP-Port-Ext-Port TLV
This TLV contains an external IP port number associated with an This TLV contains an external IP port number associated with an
external IPv4 address. This TLV must be included together with external IPv4 address. This TLV MUST be included together with
IP-Port-Int-Port TLV as part of the IP-Port-Forwarding-Map IP-Port-Int-Port TLV as part of the IP-Port-Forwarding-Map
attribute. Refer to Section 3.2.7. attribute. Refer to Section 3.2.7.
IP-Port-Int-IPv4-Addr TLV IP-Port-Int-IPv4-Addr TLV
This TLV contains an IPv4 address that is associated with the This TLV contains an IPv4 address that is associated with the
internal IP port number contained in the IP-Port-Int-Port TLV. internal IP port number contained in the IP-Port-Int-Port TLV.
For IPv4 network, either this TLV or IP-Port-Local-Id TLV must For internal realm with IPv4 address family, this TLV MUST be
be included as part of the IP-Port-Forwarding-Map Attribute. included as part of the IP-Port-Forwarding-Map Attribute.
Refer to Section 3.2.4. Refer to Section 3.2.4.
IP-Port-Int-IPv6-Addr TLV IP-Port-Int-IPv6-Addr TLV
This TLV contains an IPv4 address that is associated with the This TLV contains an IPv6 address that is associated with the
internal IP port number contained in the IP-Port-Int-Port TLV. internal IP port number contained in the IP-Port-Int-Port TLV.
For IPv6 network, either this TLV or IP-Port-Local-Id TLV must For internal realm with IPv6 address family, this TLV MUST be
be included as part of the IP-Port-Forwarding-Map Attribute. included as part of the IP-Port-Forwarding-Map Attribute.
Refer to Section 3.2.5. Refer to Section 3.2.5.
IP-Port-Local-Id TLV
This TLV contains a local session identifier at the customer
premise, such as MAC address, interface ID, VLAN ID, PPP
sessions ID, VRF ID, IPv6 address/prefix, etc. Either this TLV
or IP-Port-Int-IP-Addr TLV must be included as part of the IP-
Port-Forwarding-Map Attribute. Refer to Section 3.2.11.
IP-Port-Ext-IPv4-Addr TLV IP-Port-Ext-IPv4-Addr TLV
This TLV contains an IPv4 address that is associated with the This TLV contains an IPv4 address that is associated with the
external IP port number contained in the IP-Port-Ext-Port TLV. external IP port number contained in the IP-Port-Ext-Port TLV.
This TLV may be included as part of the IP-Port-Forwarding-Map This TLV MAY be included as part of the IP-Port-Forwarding-Map
Attribute. Refer to Section 3.2.3. Attribute. Refer to Section 3.2.3.
IP-Port-Local-Id TLV
This TLV contains a local session identifier at the customer
premise, such as MAC address, interface ID, VLAN ID, PPP
sessions ID, VRF ID, IP address/prefix, etc. This TLV is
optionally included as part of the IP-Port-Forwarding-Map
Attribute. Refer to Section 3.2.11.
The IP-Port-Forwarding-Map Attribute is associated with the following The IP-Port-Forwarding-Map Attribute is associated with the following
identifier: 241.Extended-Type(TBD3). identifier: 241.Extended-Type(TBD3).
3.2. RADIUS TLVs for IP Ports 3.2. RADIUS TLVs for IP Ports
The TLVs that are included in the three attributes (see Section 3.1) The TLVs that are included in the three attributes (see Section 3.1)
are defined in the following sub-sections. These TLVs use the format are defined in the following sub-sections. These TLVs use the format
defined in [RFC6929]. As the three attributes carry similar data, we defined in [RFC6929]. As the three attributes carry similar data, we
have defined a common set of TLVs which are used for all three have defined a common set of TLVs which are used for all three
attributes. That is, the TLVs have the same name and number, when attributes. That is, the TLVs have the same name and number, when
encapsulated in any one of the three parent attributes. See encapsulated in any one of the three parent attributes. See
Section 3.1.1, Section 3.1.2, and Section 3.1.3 for a list of which Section 3.1.1, Section 3.1.2, and Section 3.1.3 for a list of which
TLV is permitted within which parent attribute. TLV is permitted within which parent attribute.
3.2.1. IP-Port-Type TLV 3.2.1. IP-Port-Type TLV
The format of IP-Port-Type TLV is shown in Figure 4. This attribute The format of IP-Port-Type TLV is shown in Figure 4. This attribute
carries IPFIX Information Element TBAx1, "transportType", which carries the IP transport protocol number defined by IANA (refer to
indicates the type of IP transport as follows: [ProtocolNumbers])
1:
Refer to TCP port, UDP port, and ICMP identifier as a whole.
2:
Refer to TCP port and UDP port as a whole.
3:
Refer to TCP port only.
4:
Refer to UDP port only.
5:
Refer to ICMP identifier only.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| TLV-Type | Length | transportType | TLV-Type | Length | Protocol-Number
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
transportType | Protocol-Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 4 Figure 4
TLV-Type TLV-Type
1 1
Length Length
6 6
transportType Protocol-Number
Integer. This field contains the data (unsigned8) of Integer. This field contains the data (unsigned8) of the port
transportType (TBAx1) defined in IPFIX, right justified, and the number defined in [ProtocolNumbers], right justified, and the
unused bits in this field MUST be set to zero. unused bits in this field MUST be set to zero.
IP-Port-Type TLV is included in the following Attributes: IP-Port-Type TLV MAY be included in the following Attributes:
o IP-Port-Limit-Info Attribute, identified as 241.TBD1.1 (see o IP-Port-Limit-Info Attribute, identified as 241.TBD1.1 (see
Section 3.1.1). Section 3.1.1).
o IP-Port-Range Attribute, identified as 241.TBD2.1 (see o IP-Port-Range Attribute, identified as 241.TBD2.1 (see
Section 3.1.2). Section 3.1.2).
o IP-Port-Forwarding-Mapping Attribute, identified as 241.TBD3.1 When the IP-Port-Type TLV is included within a RADIUS Attribute, the
(see Section 3.1.3). associated attribute is applied to the IP transport protocol as
indicated by the Protocol-Number only, such as TCP, UDP, SCTP
[RFC4960], DCCP [RFC4340], etc.
3.2.2. IP-Port-Limit TLV 3.2.2. IP-Port-Limit TLV
The format of IP-Port-Limit TLV is shown in Figure 5. This attribute The format of IP-Port-Limit TLV is shown in Figure 5. This attribute
carries IPFIX Information Element TBAx2, "natTransportLimit", which carries IPFIX Information Element "sourceTransportPortsLimit (TBAx1),
indicates the maximum number of ports for a given IPv4 address which indicates the maximum number of IP transport ports as a limit
assigned to a user for a specified IP-Port-Type. for an end user to use that is associated with one or more IPv4 or
IPv6 addresses.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| TLV-Type | Length | natTransportLimit | TLV-Type | Length | sourceTransportPortsLimit
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
natTransportLimit | sourceTransportPortsLimit |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 5 Figure 5
TLV-Type TLV-Type
2 2
Length Length
6 6
natTransportLimit sourceTransportPortsLimit
Integer. This field contains the data (unsigned16) of Integer. This field contains the data (unsigned16) of
natTransportLimit (TBAx2) defined in IPFIX, right justified, and sourceTransportPortsLimit (TBAx1) defined in IPFIX, right
the unused bits in this field MUST be set to zero. justified, and the unused bits in this field MUST be set to zero.
IP-Port-Limit TLV is included as part of the IP-Port-Limit-Info IP-Port-Limit TLV MUST be included as part of the IP-Port-Limit-Info
Attribute (refer to Section 3.1.1), identified as 241.TBD1.2. Attribute (refer to Section 3.1.1), identified as 241.TBD1.2.
3.2.3. IP-Port-Ext-IPv4-Addr TLV 3.2.3. IP-Port-Ext-IPv4-Addr TLV
The format of IP-Port-Ext-IPv4-Addr TLV is shown in Figure 6. This The format of IP-Port-Ext-IPv4-Addr TLV is shown in Figure 6. This
attribute carries IPFIX Information Element 225, attribute carries IPFIX Information Element 225,
"postNATSourceIPv4Address", which is the IPv4 source address after "postNATSourceIPv4Address", which is the IPv4 source address after
NAT operation (refer to [IPFIX]). NAT operation (refer to [IPFIX]).
0 1 2 3 0 1 2 3
skipping to change at page 17, line 7 skipping to change at page 17, line 7
4 4
Length Length
6 6
sourceIPv4Address sourceIPv4Address
Integer. This field contains the data (ipv4Address) of Integer. This field contains the data (ipv4Address) of
sourceIPv4Address (8) defined in IPFIX. sourceIPv4Address (8) defined in IPFIX.
IP-Port-Int-IPv4-Addr TLV MAY be included as part of the IP-Port- If the internal realm is with IPv4 address family, the IP-Port-Int-
Forwarding-Map Attribute (refer to Section 3.1.3), identified as IPv4-Addr TLV MUST be included as part of the IP-Port-Forwarding-Map
241.TBD3.4. Attribute (refer to Section 3.1.3), identified as 241.TBD3.4.
3.2.5. IP-Port-Int-IPv6-Addr TLV 3.2.5. IP-Port-Int-IPv6-Addr TLV
The format of IP-Port-Int-IPv6-Addr TLV is shown in Figure 8. This The format of IP-Port-Int-IPv6-Addr TLV is shown in Figure 8. This
attribute carries IPFIX Information Element 27, "sourceIPv6Address", attribute carries IPFIX Information Element 27, "sourceIPv6Address",
which is the IPv6 source address before NAT operation (refer to which is the IPv6 source address before NAT operation (refer to
[IPFIX]). [IPFIX]).
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
skipping to change at page 17, line 47 skipping to change at page 17, line 47
Length Length
18 18
sourceIPv6Address sourceIPv6Address
IPv6 address (128 bits). This field contains the data IPv6 address (128 bits). This field contains the data
(ipv6Address) of sourceIPv6Address (27) defined in IPFIX. (ipv6Address) of sourceIPv6Address (27) defined in IPFIX.
IP-Port-Int-IPv6-Addr TLV MAY be included as part of the IP-Port- If the internal realm is with IPv6 address family, the IP-Port-Int-
Forwarding-Map Attribute (refer to Section 3.1.3), identified as IPv6-Addr TLV MUST be included as part of the IP-Port-Forwarding-Map
241.TBD3.5. Attribute (refer to Section 3.1.3), identified as 241.TBD3.5.
3.2.6. IP-Port-Int-Port TLV 3.2.6. IP-Port-Int-Port TLV
The format of IP-Port-Int-Port TLV is shown in Figure 9. This The format of IP-Port-Int-Port TLV is shown in Figure 9. This
attribute carries IPFIX Information Element 7, "sourceTransportPort", attribute carries IPFIX Information Element 7, "sourceTransportPort",
which is the source transport number associated with an internal IPv4 which is the source transport number associated with an internal IPv4
or IPv6 address (refer to [IPFIX]). or IPv6 address (refer to [IPFIX]).
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
skipping to change at page 18, line 36 skipping to change at page 18, line 36
Length Length
6 6
sourceTransportPort sourceTransportPort
Integer. This field contains the data (unsigned16) of Integer. This field contains the data (unsigned16) of
sourceTrasnportPort (7) defined in IPFIX, right justified, and sourceTrasnportPort (7) defined in IPFIX, right justified, and
unused bits MUST be set to zero. unused bits MUST be set to zero.
IP-Port-Int-Port TLV is included as part of the IP-Port-Forwarding- IP-Port-Int-Port TLV MUST be included as part of the IP-Port-
Map Attribute (refer to Section 3.1.3), identified as 241.TBD3.6. Forwarding-Map Attribute (refer to Section 3.1.3), identified as
241.TBD3.6.
3.2.7. IP-Port-Ext-Port TLV 3.2.7. IP-Port-Ext-Port TLV
The format of IP-Port-Ext-Port TLV is shown in Figure 10. This The format of IP-Port-Ext-Port TLV is shown in Figure 10. This
attribute carries IPFIX Information Element 227, attribute carries IPFIX Information Element 227,
"postNAPTSourceTransportPort", which is the transport number "postNAPTSourceTransportPort", which is the transport number
associated with an external IPv4 address(refer to [IPFIX]). associated with an external IPv4 address(refer to [IPFIX]).
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
skipping to change at page 19, line 27 skipping to change at page 19, line 27
7 7
Length Length
6 6
postNAPTSourceTransportPort postNAPTSourceTransportPort
Integer. This field contains the data (unsigned16) of Integer. This field contains the data (unsigned16) of
postNAPTSourceTrasnportPort (227) defined in IPFIX, right postNAPTSourceTrasnportPort (227) defined in IPFIX, right
justified, and unused bits must be set to zero. justified, and unused bits MUST be set to zero.
IP-Port-Ext-Port TLV is included as part of the IP-Port-Forwarding- IP-Port-Ext-Port TLV MUST be included as part of the IP-Port-
Map Attribute (refer to Section 3.1.3), identified as 241.TBD3.7. Forwarding-Map Attribute (refer to Section 3.1.3), identified as
241.TBD3.7.
3.2.8. IP-Port-Alloc TLV 3.2.8. IP-Port-Alloc TLV
The format of IP-Port-Alloc TLV is shown in Figure 11. This The format of IP-Port-Alloc TLV is shown in Figure 11. This
attribute carries IPFIX Information Element 230, "natEvent", which is attribute carries IPFIX Information Element 230, "natEvent", which is
a flag to indicate an action of NAT operation (refer to [IPFIX]). a flag to indicate an action of NAT operation (refer to [IPFIX]).
When the value of natEvent is "1" (Create event), it means to When the value of natEvent is "1" (Create event), it means to
allocate a range of transport ports; when the value is "2", it means allocate a range of transport ports; when the value is "2", it means
to deallocate a range of transports ports. For the purpose of this to deallocate a range of transports ports. For the purpose of this
skipping to change at page 20, line 26 skipping to change at page 20, line 26
8 8
Length Length
6 6
natEvent natEvent
Integer. This field contains the data (unsigned8) of natEvent Integer. This field contains the data (unsigned8) of natEvent
(230) defined in IPFIX, right justified, and unused bits must be (230) defined in IPFIX, right justified, and unused bits MUST be
set to zero. It indicates the allocation or deallocation of a set to zero. It indicates the allocation or deallocation of a
range of IP ports as follows: range of IP ports as follows:
1: 1:
Allocation Allocation
2: 2:
Deallocation Deallocation
Reserved: Reserved:
0. 0.
IP-Port-Alloc TLV is included as part of the IP-Port-Range Attribute IP-Port-Alloc TLV MUST be included as part of the IP-Port-Range
(refer to Section 3.1.2), identified as 241.TBD2.8. Attribute (refer to Section 3.1.2), identified as 241.TBD2.8.
3.2.9. IP-Port-Range-Start TLV 3.2.9. IP-Port-Range-Start TLV
The format of IP-Port-Range-Start TLV is shown in Figure 12. This The format of IP-Port-Range-Start TLV is shown in Figure 12. This
attribute carries IPFIX Information Element 361, "portRangeStart", attribute carries IPFIX Information Element 361, "portRangeStart",
which is the smallest port number of a range of contiguous transport which is the smallest port number of a range of contiguous transport
ports (refer to [IPFIX]). ports (refer to [IPFIX]).
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
skipping to change at page 21, line 26 skipping to change at page 21, line 26
9 9
Length Length
6 6
portRangeStart portRangeStart
Integer. This field contains the data (unsigned16) of (361) Integer. This field contains the data (unsigned16) of (361)
defined in IPFIX, right justified, and unused bits must be set to defined in IPFIX, right justified, and unused bits MUST be set to
zero. zero.
IP-Port-Range-Start TLV is included as part of the IP-Port-Range IP-Port-Range-Start TLV is included as part of the IP-Port-Range
Attribute (refer to Section 3.1.2), identified as 241.TBD2.9. Attribute (refer to Section 3.1.2), identified as 241.TBD2.9.
3.2.10. IP-Port-Range-End TLV 3.2.10. IP-Port-Range-End TLV
The format of IP-Port-Range-End TLV is shown in Figure 13. This The format of IP-Port-Range-End TLV is shown in Figure 13. This
attribute carries IPFIX Information Element 362, "portRangeEnd", attribute carries IPFIX Information Element 362, "portRangeEnd",
which is the largest port number of a range of contiguous transport which is the largest port number of a range of contiguous transport
skipping to change at page 22, line 13 skipping to change at page 22, line 13
TLV-Type TLV-Type
10 10
Length Length
6 6
portRangeEnd portRangeEnd
Integer. This field contains the data (unsigned16) of (362) Integer. This field contains the data (unsigned16) of (362)
defined in IPFIX, right justified, and unused bits must be set to defined in IPFIX, right justified, and unused bits MUST be set to
zero. zero.
IP-Port-Range-End TLV is included as part of the IP-Port-Range IP-Port-Range-End TLV is included as part of the IP-Port-Range
Attribute (refer to Section 3.1.2), identified as 241.TBD2.10. Attribute (refer to Section 3.1.2), identified as 241.TBD2.10.
3.2.11. IP-Port-Local-Id TLV 3.2.11. IP-Port-Local-Id TLV
The format of IP-Port-Local-Id TLV is shown in Figure 14. This The format of IP-Port-Local-Id TLV is shown in Figure 14. This
attribute carries IPFIX Information Element TBAx3, "localID", which attribute carries a string called "localID", which is a local
is a local significant identifier as explained below. significant identifier as explained below.
In some CGN deployment scenarios such as DS-Extra-Lite [RFC6619] and The primary issue addressed by this TLV is that there are CGN
Lightweight 4over6 [RFC7596], parameters at a customer premise such deployments that do not distinguish internal hosts by their internal
as MAC address, interface ID, VLAN ID, PPP session ID, IPv6 prefix, IP address alone, but use further identifiers for unique subscriber
VRF ID, etc., may also be required to pass to the RADIUS server as identification. For example, this is the case if a CGN supports
part of the accounting record. overlapping private or shared IP address spaces (refer to [RFC1918]
and [RFC6598]) for internal hosts of different subscribers. In such
cases, different internal hosts are identified and mapped at the CGN
by their IP address and/or another identifier, for example, the
identifier of a tunnel between the CGN and the subscriber. In these
scenarios (and similar ones), the internal IP address is not
sufficient to demultiplex connections from internal hosts. An
additional identifier needs to be present in the IP-Port-Range
Attribute and IP-Port-Forwarding-Mapping Attribute in order to
uniquely identify an internal host. The IP-Port-Local-Id TLV is used
to carry this identifier.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| TLV-Type | Length | localID .... | TLV-Type | Length | localID ....
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 14 Figure 14
TLV-Type TLV-Type
skipping to change at page 22, line 40 skipping to change at page 23, line 4
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| TLV-Type | Length | localID .... | TLV-Type | Length | localID ....
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 14 Figure 14
TLV-Type TLV-Type
11 11
Length Length
Variable number of bytes. Variable number of bytes.
localID localID
string. This field contains the data (string) of (TBAx3) defined string. The data type of this field is string (refer to
in IPFIX. This is a local session identifier at the customer [I-D.ietf-radext-datatypes]). This field contains the data that
premise, such as MAC address, interface ID, VLAN ID, PPP sessions is a local session identifier at the customer premise, such as MAC
ID, VRF ID, IPv6 address/prefix, etc. address, interface ID, VLAN ID, PPP sessions ID, VRF ID, IP
address/prefix, etc.
IP-Port-Local-Id TLV MAY be included in the following Attributes: IP-Port-Local-Id TLV MAY be included in the following Attributes:
o IP-Port-Range Attribute, identified as 241.TBD2.11 (see o IP-Port-Range Attribute, identified as 241.TBD2.11 (see
Section 3.1.2). Section 3.1.2).
o IP-Port-Forwarding-Mapping Attribute, identified as 241.TBD3.11 o IP-Port-Forwarding-Mapping Attribute, identified as 241.TBD3.11
(see Section 3.1.3). (see Section 3.1.3).
4. Applications, Use Cases and Examples 4. Applications, Use Cases and Examples
skipping to change at page 23, line 34 skipping to change at page 23, line 45
the NAS and the RADIUS server is triggered by a user when it signs in the NAS and the RADIUS server is triggered by a user when it signs in
to the Internet service, where either PPP or DHCP/DHCPv6 is used. to the Internet service, where either PPP or DHCP/DHCPv6 is used.
When a user signs in, the NAS sends a RADIUS Access-Request message When a user signs in, the NAS sends a RADIUS Access-Request message
to the RADIUS server. The RADIUS server validates the request, and to the RADIUS server. The RADIUS server validates the request, and
if the validation succeeds, it in turn sends back a RADIUS Access- if the validation succeeds, it in turn sends back a RADIUS Access-
Accept message. The Access-Accept message carries configuration Accept message. The Access-Accept message carries configuration
information specific to that user, back to the NAS, where some of the information specific to that user, back to the NAS, where some of the
information would pass on to the requesting user via PPP or DHCP/ information would pass on to the requesting user via PPP or DHCP/
DHCPv6. DHCPv6.
A CGN function in a broadband network would most likely co-located on A CGN function in a broadband network is most likely co-located on a
a BNG. In that case, parameters for CGN port/identifier mapping BNG. In that case, parameters for CGN port mapping behavior for
behavior for users can be configured on the RADIUS server. When a users can be configured on the RADIUS server. When a user signs in
user signs in to the Internet service, the associated parameters can to the Internet service, the associated parameters can be conveyed to
be conveyed to the NAS, and proper configuration is accomplished on the NAS, and proper configuration is accomplished on the CGN device
the CGN device for that user. for that user.
Also, CGN operation status such as CGN port/identifier allocation and Also, CGN operation status such as CGN port allocation and
deallocation for a specific user on the BNG can also be transmitted deallocation for a specific user on the BNG can also be transmitted
back to the RADIUS server for accounting purpose using the RADIUS back to the RADIUS server for accounting purpose using the RADIUS
protocol. protocol.
RADIUS protocol has already been widely deployed in broadband RADIUS protocol has already been widely deployed in broadband
networks to manage BNG, thus the functionality described in this networks to manage BNG, thus the functionality described in this
specification introduces little overhead to the existing network specification introduces little overhead to the existing network
operation. operation.
In the following sub-sections, we describe how to manage CGN behavior In the following sub-sections, we describe how to manage CGN behavior
skipping to change at page 24, line 23 skipping to change at page 24, line 33
shared IPv4 addresses, such as Carrier Grade NAT [RFC6888], Dual- shared IPv4 addresses, such as Carrier Grade NAT [RFC6888], Dual-
Stack Lite [RFC6333], NAT64 [RFC6146], etc. As a result, a single Stack Lite [RFC6333], NAT64 [RFC6146], etc. As a result, a single
IPv4 public address may be shared by hundreds or even thousands of IPv4 public address may be shared by hundreds or even thousands of
users. As indicated in [RFC6269], it is therefore necessary to users. As indicated in [RFC6269], it is therefore necessary to
impose limits on the total number of ports available to an individual impose limits on the total number of ports available to an individual
user to ensure that the shared resource, i.e., the IPv4 address, user to ensure that the shared resource, i.e., the IPv4 address,
remains available in some capacity to all the users using it. The remains available in some capacity to all the users using it. The
support of IP port limit is also documented in [RFC6888] as a support of IP port limit is also documented in [RFC6888] as a
requirement for CGN. requirement for CGN.
The IP port limit imposed to a specific user may be on the total The IP port limit imposed to an end user may be on the total number
number of TCP and UDP ports plus the number of ICMP identifiers, or of IP source transport ports, or a specific IP transport protocol as
with other granularities as defined in Section 3.1.1. defined in Section 3.1.1.
The per-user based IP port limit is configured on a RADIUS server, The per-user based IP port limit is configured on a RADIUS server,
along with other user information such as credentials. The value of along with other user information such as credentials. The value of
this IP port limit is based on service agreement and its this IP port limit is based on service agreement and its
specification is out of the scope of this document. specification is out of the scope of this document.
When a user signs in to the Internet service successfully, the IP When a user signs in to the Internet service successfully, the IP
port limit for the subscriber is passed by the RADIUS server to the port limit for the subscriber is passed by the RADIUS server to the
BNG, acting as a NAS and co-located with the CGN, using a new RADIUS BNG, acting as a NAS and co-located with the CGN, using a new RADIUS
attribute called IP-Port-Limit-Info (defined in Section 3.1.1), along attribute called IP-Port-Limit-Info (defined in Section 3.1.1), along
with other configuration parameters. While some parameters are with other configuration parameters. While some parameters are
passed to the user, the IP port limit is recorded on the CGN device passed to the user, the IP port limit is recorded on the CGN device
for imposing the usage of TCP/UDP ports and ICMP identifiers for that for imposing the usage of IP transport ports for that user.
user.
Figure 15 illustrates how RADIUS protocol is used to configure the Figure 15 illustrates how RADIUS protocol is used to configure the
maximum number of TCP/UDP ports for a given user on a NAT44 device. maximum number of TCP/UDP ports for a given user on a NAT44 device.
User NAT44/NAS AAA User NAT44/NAS AAA
| BNG Server | BNG Server
| | | | | |
| | | | | |
|----Service Request------>| | |----Service Request------>| |
| | | | | |
skipping to change at page 26, line 8 skipping to change at page 26, line 8
| TCP/UDP Port Limit (2048) | | TCP/UDP Port Limit (2048) |
| | | | | |
| |---------CoA Response--------->| | |---------CoA Response--------->|
| | | | | |
Figure 16: RADIUS Message Flow for changing a user's NAT44 port limit Figure 16: RADIUS Message Flow for changing a user's NAT44 port limit
4.1.2. Report IP Port Allocation/Deallocation 4.1.2. Report IP Port Allocation/Deallocation
Upon obtaining the IP port limit for a user, the CGN device needs to Upon obtaining the IP port limit for a user, the CGN device needs to
allocate a TCP/UDP port or an ICMP identifiers for the user when allocate an IP transport port for the user when receiving a new IP
receiving a new IP flow sent from that user. flow sent from that user.
As one practice, a CGN may allocate a bulk of TCP/UDP ports or ICMP As one practice, a CGN may allocate a block of IP ports for a
identifiers one at a time for a specific user, instead of one port/ specific user, instead of one port at a time, and within each port
identifier at a time, and within each port bulk, the ports/ block, the ports may be randomly distributed or in consecutive
identifiers may be randomly distributed or in consecutive fashion. fashion. When a CGN device allocates a block of transport ports, the
When a CGN device allocates bulk of TCP/UDP ports and ICMP information can be easily conveyed to the RADIUS server by a new
identifiers, the information can be easily conveyed to the RADIUS RADIUS attribute called the IP-Port-Range (defined in Section 3.1.2).
server by a new RADIUS attribute called the IP-Port-Range (defined in The CGN device may allocate one or more IP port ranges, where each
Section 3.1.2). The CGN device may allocate one or more TCP/UDP port range contains a set of numbers representing IP transport ports, and
ranges or ICMP identifier ranges, or generally called IP port ranges, the total number of ports MUST be less or equal to the associated IP
where each range contains a set of numbers representing TCP/UDP ports port limit imposed for that user. A CGN device may choose to
or ICMP identifiers, and the total number of ports/identifiers must allocate a small port range, and allocate more at a later time as
be less or equal to the associated IP port limit imposed for that needed; such practice is good because its randomization in nature.
user. A CGN device may choose to allocate a small port range, and
allocate more at a later time as needed; such practice is good
because its randomization in nature.
At the same time, the CGN device also needs to decide the shared IPv4 At the same time, the CGN device also needs to decide the shared IPv4
address for that user. The shared IPv4 address and the pre-allocated address for that user. The shared IPv4 address and the pre-allocated
IP port range are both passed to the RADIUS server. IP port range are both passed to the RADIUS server.
When a user initiates an IP flow, the CGN device randomly selects a When a user initiates an IP flow, the CGN device randomly selects a
TCP/UDP port or ICMP identifier from the associated and pre-allocated transport port number from the associated and pre-allocated IP port
IP port range for that user to replace the original source TCP/UDP range for that user to replace the original source port number, along
port or ICMP identifier, along with the replacement of the source IP with the replacement of the source IP address by the shared IPv4
address by the shared IPv4 address. address.
A CGN device may decide to "free" a previously assigned set of TCP/ A CGN device may decide to "free" a previously assigned set of IP
UDP ports or ICMP identifiers that have been allocated for a specific ports that have been allocated for a specific user but not currently
user but not currently in use, and with that, the CGN device must in use, and with that, the CGN device must send the information of
send the information of the deallocated IP port range along with the the deallocated IP port range along with the shared IPv4 address to
shared IPv4 address to the RADIUS server. the RADIUS server.
Figure 17 illustrates how RADIUS protocol is used to report a set of Figure 17 illustrates how RADIUS protocol is used to report a set of
ports allocated and deallocated, respectively, by a NAT44 device for ports allocated and deallocated, respectively, by a NAT44 device for
a specific user to the RADIUS server. a specific user to the RADIUS server.
Host NAT44/NAS AAA Host NAT44/NAS AAA
| BNG Server | BNG Server
| | | | | |
| | | | | |
|----Service Request------>| | |----Service Request------>| |
skipping to change at page 32, line 28 skipping to change at page 32, line 28
6. Security Considerations 6. Security Considerations
This document does not introduce any security issue other than the This document does not introduce any security issue other than the
ones already identified in RADIUS [RFC2865] and [RFC5176] for CoA ones already identified in RADIUS [RFC2865] and [RFC5176] for CoA
messages. Known RADIUS vulnerabilities apply to this specification. messages. Known RADIUS vulnerabilities apply to this specification.
For example, if RADIUS packets are sent in the clear, an attacker in For example, if RADIUS packets are sent in the clear, an attacker in
the communication path between the RADIUS client and server may glean the communication path between the RADIUS client and server may glean
information that it will use to prevent a legitimate user to access information that it will use to prevent a legitimate user to access
the service by appropriately setting the maximum number of IP ports the service by appropriately setting the maximum number of IP ports
conveyed in an IP-Port-Limit-Info attribute, exhaust the port quota conveyed in an IP-Port-Limit-Info Attribute, exhaust the port quota
of a user by installing many mapping entries (IP-Port-Forwarding-Map of a user by installing many mapping entries (IP-Port-Forwarding-Map
attribute), prevent incoming traffic to be delivered to its Attribute), prevent incoming traffic to be delivered to its
legitimate destination by manipulating the mapping entries installed legitimate destination by manipulating the mapping entries installed
by means of an IP-Port-Forwarding-Map attribute, discover the IP by means of an IP-Port-Forwarding-Map Attribute, discover the IP
address and port range assigned to a given user and which is reported address and port range assigned to a given user and which is reported
in an IP-Port-Range attribute, etc. The root cause of these attack in an IP-Port-Range Attribute, etc. The root cause of these attack
vectors is the communication between the RADIUS client and server. vectors is the communication between the RADIUS client and server.
The IP-Port-Local-Id TLV includes an identifier of which the type and
length is deployment and implementation dependent. This identifier
might carry privacy sensitive information. It is therefore
RECOMMENDED to utilize identifiers that do not have such privacy
concerns.
This document targets deployed where a trusted relationship is in This document targets deployed where a trusted relationship is in
place between the RADIUS client and server with communication place between the RADIUS client and server with communication
optionally secured by IPsec or Transport Layer Security (TLS) optionally secured by IPsec or Transport Layer Security (TLS)
[RFC6614]. [RFC6614].
7. IANA Considerations 7. IANA Considerations
This document requires new code point assignments for both IPFIX This document requires new code point assignments for both IPFIX
Information Elements and RADIUS attributes as explained in the Information Elements and RADIUS attributes as explained in the
following sub-sections. following sub-sections.
It is assumed that Extended-Type-1 "241" will be used for RADIUS It is assumed that Extended-Type-1 "241" will be used for RADIUS
attributes in Section 7.2. attributes in Section 7.2.
7.1. IANA Considerations on New IPFIX Information Elements 7.1. IANA Considerations on New IPFIX Information Elements
The following are code point assignments for new IPFIX Information The following is a new IPFIX Information Element as requested by this
Elements as requested by this document: document:
o transportType (refer to Section 3.2.1): The identifier of this o sourceTransportPortsLimit (refer to Section 3.2.2):
IPFIX Information Element is TBAx1. The data type of this IPFIX
Information Element is unsigned8, the data type semantics is
identifier, the data unit is null, and the data value range is 1
to 5 inclusively. The Element's value indicates TCP/UDP ports and
ICMP Identifiers (1), TCP/UDP ports (2), TCP ports (3), UDP ports
(4) or ICMP identifiers (5).
o natTransportLimit (refer to Section 3.2.2): The identifier of this * Name: sourceTransportPortsLimit.
IPFIX Information Element is TBAx2. The data type of this IPFIX
Information Element is unsigned16, the data type semantics is
totalCounter, the data type unit is ports, and the data value
range is from 1 to 65535. The Element's value is the max number
of IP transport ports to be assigned to an end user associated
with one or more IPv4 addresses.
o localID (refer to Section 3.2.11): The identifier of this IPFIX * Element ID: TBAx1.
Information Element is TBAx3. The data type of this IPFIX
Information Element is string, the data type semantics is default, * Description: This Information Element contains the maximum
the data type unit is null. The Element's value is an IPv4 or number of IP source transport ports that is a limit for an end
IPv6 address, a MAC address, a VLAN ID, etc. user to use and is associated with one or more IPv4 or IPv6
addresses.
* Data type: unsigned16.
* Data type semantics: totalCounter.
* Data type unit: ports.
* Data value range: from 1 to 65535.
7.2. IANA Considerations on New RADIUS Attributes 7.2. IANA Considerations on New RADIUS Attributes
The authors request that Attribute Types and Attribute Values defined The authors request that Attribute Types and Attribute Values defined
in this document be registered by the Internet Assigned Numbers in this document be registered by the Internet Assigned Numbers
Authority (IANA) from the RADIUS namespaces as described in the "IANA Authority (IANA) from the RADIUS namespaces as described in the "IANA
Considerations" section of [RFC3575], in accordance with BCP 26 Considerations" section of [RFC3575], in accordance with BCP 26
[RFC5226]. For RADIUS packets, attributes and registries created by [RFC5226]. For RADIUS packets, attributes and registries created by
this document IANA is requested to place them at this document IANA is requested to place them at
http://www.iana.org/assignments/radius-types. http://www.iana.org/assignments/radius-types.
skipping to change at page 34, line 36 skipping to change at page 34, line 36
Thaler, Alan Dekok, Lionel Morand, and Peter Deacon for their useful Thaler, Alan Dekok, Lionel Morand, and Peter Deacon for their useful
comments and suggestions. comments and suggestions.
Special thanks to Lionel Morand for the Shepherd review and to Special thanks to Lionel Morand for the Shepherd review and to
Kathleen Moriarty for the AD review. Kathleen Moriarty for the AD review.
9. References 9. References
9.1. Normative References 9.1. Normative References
[I-D.ietf-radext-datatypes]
DeKok, A., "Data Types in the Remote Authentication Dial-
In User Service Protocol (RADIUS)", draft-ietf-radext-
datatypes-07 (work in progress), August 2016.
[IPFIX] IANA, "IP Flow Information Export (IPFIX) Entities", [IPFIX] IANA, "IP Flow Information Export (IPFIX) Entities",
<http://www.iana.org/assignments/ipfix/ipfix.xhtml>. <http://www.iana.org/assignments/ipfix/ipfix.xhtml>.
[ProtocolNumbers]
IANA, "Service Name and Transport Protocol Port Number",
<http://www.iana.org/assignments/protocol-numbers/
protocol-numbers.xhtml>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<http://www.rfc-editor.org/info/rfc2119>. <http://www.rfc-editor.org/info/rfc2119>.
[RFC2865] Rigney, C., Willens, S., Rubens, A., and W. Simpson, [RFC2865] Rigney, C., Willens, S., Rubens, A., and W. Simpson,
"Remote Authentication Dial In User Service (RADIUS)", "Remote Authentication Dial In User Service (RADIUS)",
RFC 2865, DOI 10.17487/RFC2865, June 2000, RFC 2865, DOI 10.17487/RFC2865, June 2000,
<http://www.rfc-editor.org/info/rfc2865>. <http://www.rfc-editor.org/info/rfc2865>.
skipping to change at page 35, line 28 skipping to change at page 35, line 38
<http://www.rfc-editor.org/info/rfc7012>. <http://www.rfc-editor.org/info/rfc7012>.
9.2. Informative References 9.2. Informative References
[I-D.gundavelli-v6ops-community-wifi-svcs] [I-D.gundavelli-v6ops-community-wifi-svcs]
Gundavelli, S., Grayson, M., Seite, P., and Y. Lee, Gundavelli, S., Grayson, M., Seite, P., and Y. Lee,
"Service Provider Wi-Fi Services Over Residential "Service Provider Wi-Fi Services Over Residential
Architectures", draft-gundavelli-v6ops-community-wifi- Architectures", draft-gundavelli-v6ops-community-wifi-
svcs-06 (work in progress), April 2013. svcs-06 (work in progress), April 2013.
[RFC1918] Rekhter, Y., Moskowitz, B., Karrenberg, D., de Groot, G.,
and E. Lear, "Address Allocation for Private Internets",
BCP 5, RFC 1918, DOI 10.17487/RFC1918, February 1996,
<http://www.rfc-editor.org/info/rfc1918>.
[RFC3022] Srisuresh, P. and K. Egevang, "Traditional IP Network [RFC3022] Srisuresh, P. and K. Egevang, "Traditional IP Network
Address Translator (Traditional NAT)", RFC 3022, Address Translator (Traditional NAT)", RFC 3022,
DOI 10.17487/RFC3022, January 2001, DOI 10.17487/RFC3022, January 2001,
<http://www.rfc-editor.org/info/rfc3022>. <http://www.rfc-editor.org/info/rfc3022>.
[RFC4340] Kohler, E., Handley, M., and S. Floyd, "Datagram
Congestion Control Protocol (DCCP)", RFC 4340,
DOI 10.17487/RFC4340, March 2006,
<http://www.rfc-editor.org/info/rfc4340>.
[RFC4960] Stewart, R., Ed., "Stream Control Transmission Protocol",
RFC 4960, DOI 10.17487/RFC4960, September 2007,
<http://www.rfc-editor.org/info/rfc4960>.
[RFC5176] Chiba, M., Dommety, G., Eklund, M., Mitton, D., and B. [RFC5176] Chiba, M., Dommety, G., Eklund, M., Mitton, D., and B.
Aboba, "Dynamic Authorization Extensions to Remote Aboba, "Dynamic Authorization Extensions to Remote
Authentication Dial In User Service (RADIUS)", RFC 5176, Authentication Dial In User Service (RADIUS)", RFC 5176,
DOI 10.17487/RFC5176, January 2008, DOI 10.17487/RFC5176, January 2008,
<http://www.rfc-editor.org/info/rfc5176>. <http://www.rfc-editor.org/info/rfc5176>.
[RFC6146] Bagnulo, M., Matthews, P., and I. van Beijnum, "Stateful [RFC6146] Bagnulo, M., Matthews, P., and I. van Beijnum, "Stateful
NAT64: Network Address and Protocol Translation from IPv6 NAT64: Network Address and Protocol Translation from IPv6
Clients to IPv4 Servers", RFC 6146, DOI 10.17487/RFC6146, Clients to IPv4 Servers", RFC 6146, DOI 10.17487/RFC6146,
April 2011, <http://www.rfc-editor.org/info/rfc6146>. April 2011, <http://www.rfc-editor.org/info/rfc6146>.
skipping to change at page 36, line 5 skipping to change at page 36, line 30
[RFC6269] Ford, M., Ed., Boucadair, M., Durand, A., Levis, P., and [RFC6269] Ford, M., Ed., Boucadair, M., Durand, A., Levis, P., and
P. Roberts, "Issues with IP Address Sharing", RFC 6269, P. Roberts, "Issues with IP Address Sharing", RFC 6269,
DOI 10.17487/RFC6269, June 2011, DOI 10.17487/RFC6269, June 2011,
<http://www.rfc-editor.org/info/rfc6269>. <http://www.rfc-editor.org/info/rfc6269>.
[RFC6333] Durand, A., Droms, R., Woodyatt, J., and Y. Lee, "Dual- [RFC6333] Durand, A., Droms, R., Woodyatt, J., and Y. Lee, "Dual-
Stack Lite Broadband Deployments Following IPv4 Stack Lite Broadband Deployments Following IPv4
Exhaustion", RFC 6333, DOI 10.17487/RFC6333, August 2011, Exhaustion", RFC 6333, DOI 10.17487/RFC6333, August 2011,
<http://www.rfc-editor.org/info/rfc6333>. <http://www.rfc-editor.org/info/rfc6333>.
[RFC6598] Weil, J., Kuarsingh, V., Donley, C., Liljenstolpe, C., and
M. Azinger, "IANA-Reserved IPv4 Prefix for Shared Address
Space", BCP 153, RFC 6598, DOI 10.17487/RFC6598, April
2012, <http://www.rfc-editor.org/info/rfc6598>.
[RFC6614] Winter, S., McCauley, M., Venaas, S., and K. Wierenga, [RFC6614] Winter, S., McCauley, M., Venaas, S., and K. Wierenga,
"Transport Layer Security (TLS) Encryption for RADIUS", "Transport Layer Security (TLS) Encryption for RADIUS",
RFC 6614, DOI 10.17487/RFC6614, May 2012, RFC 6614, DOI 10.17487/RFC6614, May 2012,
<http://www.rfc-editor.org/info/rfc6614>. <http://www.rfc-editor.org/info/rfc6614>.
[RFC6619] Arkko, J., Eggert, L., and M. Townsley, "Scalable
Operation of Address Translators with Per-Interface
Bindings", RFC 6619, DOI 10.17487/RFC6619, June 2012,
<http://www.rfc-editor.org/info/rfc6619>.
[RFC6887] Wing, D., Ed., Cheshire, S., Boucadair, M., Penno, R., and [RFC6887] Wing, D., Ed., Cheshire, S., Boucadair, M., Penno, R., and
P. Selkirk, "Port Control Protocol (PCP)", RFC 6887, P. Selkirk, "Port Control Protocol (PCP)", RFC 6887,
DOI 10.17487/RFC6887, April 2013, DOI 10.17487/RFC6887, April 2013,
<http://www.rfc-editor.org/info/rfc6887>. <http://www.rfc-editor.org/info/rfc6887>.
[RFC6888] Perreault, S., Ed., Yamagata, I., Miyakawa, S., Nakagawa, [RFC6888] Perreault, S., Ed., Yamagata, I., Miyakawa, S., Nakagawa,
A., and H. Ashida, "Common Requirements for Carrier-Grade A., and H. Ashida, "Common Requirements for Carrier-Grade
NATs (CGNs)", BCP 127, RFC 6888, DOI 10.17487/RFC6888, NATs (CGNs)", BCP 127, RFC 6888, DOI 10.17487/RFC6888,
April 2013, <http://www.rfc-editor.org/info/rfc6888>. April 2013, <http://www.rfc-editor.org/info/rfc6888>.
[RFC6967] Boucadair, M., Touch, J., Levis, P., and R. Penno, [RFC6967] Boucadair, M., Touch, J., Levis, P., and R. Penno,
"Analysis of Potential Solutions for Revealing a Host "Analysis of Potential Solutions for Revealing a Host
Identifier (HOST_ID) in Shared Address Deployments", Identifier (HOST_ID) in Shared Address Deployments",
RFC 6967, DOI 10.17487/RFC6967, June 2013, RFC 6967, DOI 10.17487/RFC6967, June 2013,
<http://www.rfc-editor.org/info/rfc6967>. <http://www.rfc-editor.org/info/rfc6967>.
[RFC7596] Cui, Y., Sun, Q., Boucadair, M., Tsou, T., Lee, Y., and I.
Farrer, "Lightweight 4over6: An Extension to the Dual-
Stack Lite Architecture", RFC 7596, DOI 10.17487/RFC7596,
July 2015, <http://www.rfc-editor.org/info/rfc7596>.
[TR-146] Broadband Forum, "TR-146: Subscriber Sessions", [TR-146] Broadband Forum, "TR-146: Subscriber Sessions",
<http://www.broadband-forum.org/technical/download/ <http://www.broadband-forum.org/technical/download/
TR-146.pdf>. TR-146.pdf>.
Authors' Addresses Authors' Addresses
Dean Cheng Dean Cheng
Huawei Huawei
2330 Central Expressway 2330 Central Expressway
Santa Clara, California 95050 Santa Clara, California 95050
 End of changes. 113 change blocks. 
271 lines changed or deleted 313 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/