draft-ietf-radext-ip-port-radius-ext-13.txt   draft-ietf-radext-ip-port-radius-ext-14.txt 
Network Working Group D. Cheng Network Working Group D. Cheng
Internet-Draft Huawei Internet-Draft Huawei
Intended status: Standards Track J. Korhonen Intended status: Standards Track J. Korhonen
Expires: April 8, 2017 Broadcom Corporation Expires: April 21, 2017 Broadcom Corporation
M. Boucadair M. Boucadair
Orange Orange
S. Sivakumar S. Sivakumar
Cisco Systems Cisco Systems
October 5, 2016 October 18, 2016
RADIUS Extensions for IP Port Configuration and Reporting RADIUS Extensions for IP Port Configuration and Reporting
draft-ietf-radext-ip-port-radius-ext-13 draft-ietf-radext-ip-port-radius-ext-14
Abstract Abstract
This document defines three new RADIUS attributes. For devices that This document defines three new RADIUS attributes. For devices that
implement IP port ranges, these attributes are used to communicate implement IP port ranges, these attributes are used to communicate
with a RADIUS server in order to configure and report IP transport with a RADIUS server in order to configure and report IP transport
ports, as well as mapping behavior for specific hosts. This ports, as well as mapping behavior for specific hosts. This
mechanism can be used in various deployment scenarios such as mechanism can be used in various deployment scenarios such as
Carrier-Grade NAT, IPv4/IPv6 translators, Provider WLAN Gateway, etc. Carrier-Grade NAT, IPv4/IPv6 translators, Provider WLAN Gateway, etc.
This document defines a mapping between some RADIUS attributes and This document defines a mapping between some RADIUS attributes and
skipping to change at page 1, line 48 skipping to change at page 1, line 48
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on April 8, 2017. This Internet-Draft will expire on April 21, 2017.
Copyright Notice Copyright Notice
Copyright (c) 2016 IETF Trust and the persons identified as the Copyright (c) 2016 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 3, line 26 skipping to change at page 3, line 26
RADIUS server [RFC2865]. At the time when a user initiates an IP RADIUS server [RFC2865]. At the time when a user initiates an IP
connection request, if this request is authorized, the RADIUS server connection request, if this request is authorized, the RADIUS server
will populate the user's configuration information to the Network will populate the user's configuration information to the Network
Access Server (NAS), which is often referred to as a Broadband Access Server (NAS), which is often referred to as a Broadband
Network Gateway (BNG) in broadband access networks. The Carrier- Network Gateway (BNG) in broadband access networks. The Carrier-
Grade NAT (CGN) function may also be implemented on the BNG. Within Grade NAT (CGN) function may also be implemented on the BNG. Within
this document, the CGN may perform NAT44 [RFC3022], NAT64 [RFC6146], this document, the CGN may perform NAT44 [RFC3022], NAT64 [RFC6146],
or Dual-Stack Lite AFTR [RFC6333] function. In such case, the CGN IP or Dual-Stack Lite AFTR [RFC6333] function. In such case, the CGN IP
transport port (e.g., TCP/UDP port) mapping(s) behavior(s) can be transport port (e.g., TCP/UDP port) mapping(s) behavior(s) can be
part of the configuration information sent from the RADIUS server to part of the configuration information sent from the RADIUS server to
the NAS/BNG. The NAS/BNG may also report to the RADIUS Server the the NAS/BNG. The NAS/BNG may also report to the RADIUS Server the IP
port/identifier mapping behavior applied by the CGN to a user session port mapping behavior applied by the CGN to a user session to the
to the RADIUS server, as part of the accounting information sent from RADIUS server, as part of the accounting information sent from the
the NAS/BNG to a RADIUS server. NAS/BNG to a RADIUS server.
When IP packets traverse the CGN, it performs mapping on the IP When IP packets traverse the CGN, it performs mapping on the IP
transport (e.g., TCP/UDP) source port as required. An IP transport transport (e.g., TCP/UDP) source port as required. An IP transport
source port, along with source IP address, destination IP address, source port, along with source IP address, destination IP address,
destination port and protocol identifier if applicable, uniquely destination port and protocol identifier if applicable, uniquely
identify a mapping. Since the number space of IP transport ports in identify a mapping. Since the number space of IP transport ports in
CGN's external realm is shared among multiple users assigned with the CGN's external realm is shared among multiple users assigned with the
same IPv4 address, the total number of a user's simultaneous IP same IPv4 address, the total number of a user's simultaneous IP
mappings is likely to be subject to port quota (see Section 5 of mappings is likely to be subject to port quota (see Section 5 of
[RFC6269]). [RFC6269]).
skipping to change at page 34, line 11 skipping to change at page 34, line 11
This document requires new code point assignments for both IPFIX This document requires new code point assignments for both IPFIX
Information Elements and RADIUS attributes as explained in the Information Elements and RADIUS attributes as explained in the
following sub-sections. following sub-sections.
It is assumed that Extended-Type-1 "241" will be used for RADIUS It is assumed that Extended-Type-1 "241" will be used for RADIUS
attributes in Section 7.2. attributes in Section 7.2.
7.1. IANA Considerations on New IPFIX Information Elements 7.1. IANA Considerations on New IPFIX Information Elements
The following is a new IPFIX Information Element as requested by this The following is a new IPFIX Information Element as requested by this
document: document (refer to Section 3.2.2) :
o sourceTransportPortsLimit (refer to Section 3.2.2): o sourceTransportPortsLimit:
* Name: sourceTransportPortsLimit. * Name: sourceTransportPortsLimit.
* Element ID: TBAx1. * Element ID: TBAx1.
* Description: This Information Element contains the maximum * Description: This Information Element contains the maximum
number of IP source transport ports that is a limit for an end number of IP source transport ports that can be used by an end
user to use and is associated with one or more IPv4 or IPv6 user when sending IP packets; each user is associated with one
addresses. or more (source) IPv4 or IPv6 addresses. This IE is
particularly useful in address sharing deployments that adhere
to REQ-4 of [RFC6888]. Limiting the number of ports assigned
to each user ensures fairness among users and mitigates the
denial-of-service attack that a user could launch against other
users through the address sharing device in order to grab more
ports.
* Data type: unsigned16. * Data type: unsigned16.
* Data type semantics: totalCounter. * Data type semantics: totalCounter.
* Data type unit: ports. * Data type unit: ports.
* Data value range: from 1 to 65535. * Data value range: from 1 to 65535.
7.2. IANA Considerations on New RADIUS Attributes 7.2. IANA Considerations on New RADIUS Attributes
 End of changes. 8 change blocks. 
13 lines changed or deleted 19 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/