Softwire | S. Jiang, Ed. |
Internet-Draft | Huawei Technologies Co., Ltd |
Intended status: Standards Track | Y. Fu, Ed. |
Expires: December 16, 2019 | CNNIC |
C. Xie | |
China Telecom | |
T. Li | |
Tsinghua University | |
M. Boucadair, Ed. | |
Orange | |
June 14, 2019 |
RADIUS Attributes for Address plus Port (A+P) based Softwire Mechanisms
draft-ietf-softwire-map-radius-26
IPv4-over-IPv6 transition mechanisms provide IPv4 connectivity services over IPv6 native networks during the IPv4/IPv6 co-existence period. DHCPv6 options have been defined for configuring clients for Lightweight 4over6, Mapping of Address and Port with Encapsulation, and Mapping of Address and Port using Translation unicast softwire mechanisms, and also multicast softwires. However, in many networks, configuration information is stored in an Authentication, Authorization, and Accounting server which utilizes the RADIUS protocol to provide centralized management for users. When a new transition mechanism is developed, new RADIUS attributes need to be defined correspondingly.
This document defines new RADIUS attributes to carry Address plus Port based softwire configuration parameters from an Authentication, Authorization, and Accounting server to a Broadband Network Gateway. Both unicast and multicast attributes are covered.
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."
This Internet-Draft will expire on December 16, 2019.
Copyright (c) 2019 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
Providers have started deploying and transitioning to IPv6. Several IPv4 service continuity mechanisms based on the Address plus Port (A+P) [RFC6346] have been proposed for providing unicast IPv4 over IPv6-only infrastructure, such as Mapping of Address and Port with Encapsulation (MAP-E) [RFC7597], Mapping of Address and Port using Translation (MAP-T) [RFC7599], and Lightweight 4over6 [RFC7596]. Also, [RFC8114] specifies a generic solution for the delivery of IPv4 multicast services to IPv4 clients over an IPv6 multicast network. For each of these mechanisms, DHCPv6 options have been specified for client configuration.
In many networks, user configuration information is stored in an Authentication, Authorization, and Accounting (AAA) server. AAA servers generally communicate using the Remote Authentication Dial In User Service (RADIUS) [RFC2865] protocol. In a fixed broadband network, a Broadband Network Gateway (BNG) acts as the access gateway for users. That is, the BNG acts as both an AAA client to the AAA server, and a DHCPv6 server for DHCPv6 messages sent by clients. Throughout this document, the term BNG describes a device implementing both the AAA client and DHCPv6 server functions.
Since IPv4-in-IPv6 softwire configuration information is stored in an AAA server, and user configuration information is mainly transmitted through DHCPv6 between the BNGs and Customer Premises Equipment (CEs, a.k.a., CPE), new RADIUS attributes are needed to propagate the information from the AAA servers to BNGs so that they can be provided to CEs using the existing DHCPv6 options.
The RADIUS attributes defined in this document provide configuration to populate the corresponding DHCPv6 options for unicast and multicast softwire configuration, specifically:
The contents of the attributes defined in this document have a 1:1 mapping into the fields of the various DHCPv6 options in [RFC7598], [RFC8026], and [RFC8115]. Table 1 shows how the DHCPv6 options map to the corresponding RADIUS attribute. For detailed mappings between each DHCPv6 option field and the corresponding RADIUS Attribute or field, see Appendix A.
+----------------------------+--------------------------------+ | DHCPv6 Option | RADIUS Attribute | +----------------------------+--------------------------------+ | OPTION_S46_RULE (89) | Softwire46-Rule | | OPTION_S46_BR (90) | Softwire46-BR | | OPTION_S46_DMR (91) | Softwire46-DMR | | OPTION_S46_V4V6BIND (92) | Softwire46-V4V6Bind | | OPTION_S46_PORTPARAMS (93) | Softwire46-PORTPARAMS | | OPTION_S46_PRIORITY (111) | Softwire46-Priority | | OPTION_V6_PREFIX64 (113) | Softwire46-Multicast | +----------------------------+--------------------------------+
Table 1: Mapping between DHCPv6 Options and RADIUS Attributes
A RADIUS attribute for Dual-Stack Lite [RFC6333] is defined in [RFC6519].
This document targets deployments where a trusted relationship is in place between the RADIUS client and server.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.
The reader should be familiar with the concepts and terms defined in [RFC7596], [RFC7597], [RFC7599], and [RFC8026].
The terms "multicast Basic Bridging BroadBand" element (mB4) and "multicast Address Family Transition Router" element (mAFTR) are defined in [RFC8114].
Softwire46 (S46) is used throughout to denote any of the IPv4-in-IPv6 softwire mechanisms listed above. Additionally, the following abbreviations are used within the document:
This section defines the following attributes:
All of these attributes are allocated from the RADIUS "Extended Type" code space per [RFC6929].
All of these attribute designs follow [RFC6158] and [RFC6929].
This document adheres to [RFC8044] for defining the new RADIUS attributes.
This attribute is of type "tlv", as defined in the RADIUS Protocol Extensions [RFC6929]. It contains some sub-attributes, with the following requirements:
The Softwire46-Configuration Attribute is structured as follows:
Type 241 (To be confirmed by IANA). Length Indicates the total length, in bytes, of all fields of this attribute, including the Type, Length, Extended-Type, and the entire length of the embedded attributes. Extended-Type TBD1 Value Contains one or more of the following attributes. Each attribute type may appear at most once: Softwire46-MAP-E For configuring MAP-E clients. For the construction of this attribute, refer to Section 3.1.1.1. Softwire46-MAP-T For configuring MAP-T clients. For the construction of this attribute, refer to Section 3.1.1.2. Softwire46-Lightweight-4over6 For configuring Lightweight 4over6 clients. For the construction of this attribute, refer to Section 3.1.1.3.
The Softwire46-Configuration Attribute is associated with the following identifier: 241.Extended-Type(TBD1).
The Softwire46 attributes can only be encapsulated in the Softwire46-Configuration Attribute. Depending on the deployment scenario, a client might request for more than one transition mechanism at a time. There MUST be at least one Softwire46 attribute encapsulated in one Softwire46-Configuration Attribute. There MUST be at most one instance of each type of Softwire46 attribute encapsulated in one Softwire46-Configuration Attribute.
There are three types of Softwire46 attributes, namely:Section 3.1.3. The hierarchy of the Softwire46 attributes is shown in Figure 1. Section 3.1.2 describes which sub-attributes are mandatory, optional, or not permitted for each defined Softwire46 attribute.
Each type of Softwire46 attribute contains a number of sub-attributes, defined in
/1.Rule-IPv6-Prefix S / | o / | 1.Softwire46-Rule -----+ 2.Rule-IPv4-Prefix f | Softwire46-MAP-E--+ | t | | 2.Softwire46-BR | 3.EA Length w | | \ i | | /1.PSID-Offset r | | | e | | 3.Softwire46-PORTPARAMS -----+ 2.PSID-Len - | \ | C | | 3.PSID o | \ n | f | /1.Rule-IPv6-Prefix i | / | g | | 1.Softwire46-Rule------+ 2.Rule-IPv4-Prefix u | Softwire46-MAP-T--+ | r | | 2.Softwire46-DMR | 3.EA Length a | | \ t | | /1.PSID-Offset i | | | o | | 3.Softwire46-PORTPARAMS------+ 2.PSID-Len n | \ | | | 3.PSID A | \ t | t | /1.IPv4-Address r | / | i | | 1.Softwire46-V4V6Bind -----+ 2.Bind-IPv6-Prefix b | Softwire46- | \ u | Lightweight-4over6+ 2.Softwire46-BR /1.PSID-Offset t \ | | e | 3.Softwire46-PORTPARAMS ----+ 2.PSID-Len \ | | 3.PSID \
Figure 1: Softwire46 Attributes Hierarchy
Softwire46-MAP-E attribute is designed for carrying the configuration information for MAP-E. The structure of Softwire46-MAP-E is shown below:
TLV-Type 1 TLV-Length Indicates the length of this attribute, including the TLV-Type, TLV-Length, and TLV-Value fields. TLV-Value Contains a set of sub-attributes, with the following requirements: It MUST contain Softwire46-Rule, defined in Section 3.1.3.1. It MUST contain Softwire46-BR, defined in Section 3.1.3.2. It MAY contain Softwire46-PORTPARAMS, defined in Section 3.1.3.5.
Softwire46-MAP-T attribute is designed for carrying the configuration information for MAP-T. The structure of Softwire46-MAP-T is shown below:
TLV-Type 2 TLV-Length Indicates the length of this attribute, including the TLV-Type, TLV-Length, and TLV-Value fields. TLV-Value Contains a set of sub-attributes, with the following requirements: It MUST contain Softwire46-Rule, defined in Section 3.1.3.1. It MUST contain Softwire46-DMR, defined in Section 3.1.3.3. It MAY contain Softwire46-PORTPARAMS, defined in Section 3.1.3.5.
Softwire46-Lightweight-4over6 attribute is designed for carrying the configuration information for Lightweight 4over6. The structure of Softwire46-Lightweight-4over6 is shown below:
TLV-Type 3 TLV-Length Indicates the length of this attribute, including the TLV-Type, TLV-Length, and TLV-Value fields. TLV-Value Contains a set of sub-attributes as follows: It MUST contain Softwire46-BR, defined in Section 3.1.3.2. It MUST contain Softwire46-V4V6Bind, defined in Section 3.1.3.4. It MAY contain Softwire46-PORTPARAMS, defined in Section 3.1.3.5.
Table 2 shows which encapsulated sub-attributes are mandatory, optional, or not permitted for each defined Softwire46 attribute.
+-----------------------+-------+-------+--------------------+ | Sub-Attributes | MAP-E | MAP-T | Lightweight 4over6 | +-----------------------+-------+-------+--------------------+ | Softwire46-BR | 1+ | 0 | 1+ | | Softwire46-Rule | 1 | 1 | 0 | | Softwire46-DMR | 0 | 1 | 0 | | Softwire46-V4V6Bind | 0 | 0 | 1 | | Softwire46-PORTPARAMS | 0-1 | 0-1 | 0-1 | +-----------------------+-------+-------+--------------------+
Table 2: Softwire46 Sub-Attributes
The following table defines the meaning of Table 2 entries.
0 Not Permitted 0-1 Optional, zero or one instance of the attribute may be present. 1 Mandatory, only one instance of the attribute must be present. 1+ Mandatory, one or more instances of the attribute may be present.
Softwire46-Rule can only be encapsulated in Softwire46-MAP-E (Section 3.1.1.1) or Softwire46-MAP-T (Section 3.1.1.2). Depending on the deployment scenario, one Basic Mapping Rule (BMR) and zero or more Forwarding Mapping Rules (FMRs) MUST be included in one Softwire46-MAP-E or Softwire46-MAP-T.
Each type of Softwire46-Rule also contains a number of sub-attributes, including Rule-IPv6-Prefix, Rule-IPv4-Prefix, and EA-Length. The structure of the sub-attributes for Softwire46-Rule is defined in Section 3.1.4.
Defining multiple TLV-types achieves the same design goals as the "Softwire46 Rule Flags" defined in Section 4.1 of [RFC7598]. Using TLV-type set to 5 is equivalent to setting the F-flag in the OPTION_S46_RULE S46 Rule Flags field.
TLV-Type 4 Basic Mapping Rule only (not to be used for forwarding) 5 Forwarding Permitted Mapping Rule TLV-Length Indicates the length of this attribute, including the TLV-Type, TLV-Length, and TLV-Value fields. Data Type The attribute Softwire46-Rule is of type tlv (Section 3.13 of [RFC8044]). TLV-Value This field contains a set of attributes as follows: Rule-IPv6-Prefix This attribute contains the IPv6 prefix for use in the MAP rule. Refer to Section 3.1.4.1. Rule-IPv4-Prefix This attribute contains the IPv4 prefix for use in the MAP rule. Refer to Section 3.1.4.2. EA-Length This attribute contains the Embedded-Address (EA) bit length. Refer to Section 3.1.4.3.
Softwire46-BR can only be encapsulated in Softwire46-MAP-E (Section 3.1.1.1) or Softwire46-Lightweight-4over6 (Section 3.1.1.3).
There MUST be at least one Softwire46-BR included in each Softwire46-MAP-E or Softwire46-Lightweight-4over6.
The structure of Softwire46-BR is shown below:
TLV-Type 6 TLV-Length 18 octets Data Type The attribute Softwire46-BR is of type ip6addr (Section 3.9 of [RFC8044]). TLV-Value br-ipv6-address. A fixed-length field of 16 octets that specifies the IPv6 address for the Softwire46 Border Relay (BR).
Softwire46-DMR may only appear in Softwire46-MAP-T (Section 3.1.1.2). There MUST be exactly one Softwire46-DMR included in one Softwire46-MAP-T.
The structure of Softwire46-DMR is shown below:
TLV-Type 7 TLV-Length 4 + length of dmr-ipv6-prefix specified in octets. Data Type The attribute Softwire46-DMR is of type ipv6pref (Section 3.10 of [RFC8044]). TLV-Value A variable-length (dmr-prefix6-len) field specifying the IPv6 prefix (dmr-ipv6-prefix) for the BR. This field is right-padded with zeros to the nearest octet boundary when dmr-prefix6-len is not divisible by 8. Prefixes with length from 0 to 96 are allowed.
Softwire46-V4V6Bind may only be encapsulated in Softwire46-Lightweight-4over6 (Section 3.1.1.3). There MUST be exactly one Softwire46-V4V6Bind included in each Softwire46-Lightweight-4over6.
The structure of Softwire46-V4V6Bind is shown below:
TLV-Type 8 TLV-Length Indicates the length of this attribute, including the TLV-Type, TLV-Length, and TLV-Value fields. Data Type The attribute Softwire46-V4V6Bind is of type tlv (Section 3.13 of [RFC8044]). TLV-Value This field contains a set of attributes as follows: IPv4-Address This attribute contains an IPv4 address, used to specify the full or shared IPv4 address of the CE. Refer to Section 3.1.5.1. Bind-IPv6-Prefix This attribute contains an IPv6 prefix used to indicate which configured prefix the Softwire46 CE should use for constructing the softwire. Refer to Section 3.1.5.2.
Softwire46-PORTPARAMS is optional. It is used to specify port set information for IPv4 address sharing between clients. Softwire46-PORTPARAMS MAY be included in any of the Softwire46 attributes.
The structure of Softwire46-PORTPARAMS is shown below:
TLV-Type 9 TLV-Length Indicates the length of this attribute, including the TLV-Type, TLV-Length, and TLV-Value fields. Data Type The attribute Softwire46-PORTPARAMS is of type tlv (Section 3.13 of [RFC8044]). TLV-Value This field contains a set of attributes as follows: PSID-Offset This attribute specifies the numeric value for the Softwire46 algorithm's excluded port range/offset bits (a bits). Refer to Section 3.1.6.1. PSID-Len This attribute specifies the number of significant bits in the PSID field (also known as 'k'). Refer to Section 3.1.6.2. PSID This attribute specifies PSID value. Refer to Section 3.1.6.3.
There are two types of Softwire46-Rule: the Basic Mapping Rule and the Forwarding Mapping Rule, indicated by the value in the TLV-Type field of Softwire46-Rule (Section 3.1.3.1).
Each type of Softwire46-Rule also contains a number of Sub-attributes as detailed in the following sub-sections.
Rule-IPv6-Prefix is REQUIRED for every Softwire46-Rule. There MUST be exactly one Rule-IPv6-Prefix encapsulated in each type of Softwire46-Rule.
Rule-IPv6-Prefix follows the framed IPv6 prefix designed in [RFC3162] and [RFC8044].
The structure of Rule-IPv6-Prefix is shown below:
TLV-Type 10 TLV-Length 4 + length of rule-ipv6-prefix specified in octets. Data Type The attribute Rule-IPv6-Prefix is of type ipv6pref (Section 3.10 of [RFC8044]). TLV-Value A variable-length field that specifies an IPv6 prefix (rule-ipv6-prefix) appearing in the MAP rule.
This attribute is used to convey the MAP Rule IPv4 prefix. The structure of Rule-IPv4-Prefix is shown below:
TLV-Type 11 TLV-Length 4 + length of rule-ipv4-prefix specified in octets. Data Type The attribute Rule-IPv4-Prefix is of type ipv4pref (Section 3.11 of [RFC8044]). TLV-Value A variable-length field that specifies an IPv4 prefix (rule-ipv4-prefix) appearing in the MAP rule.
This attribute is used to convey the Embedded-Address (EA) bit length. The structure of EA-Length is shown below:
TLV-Type 12 TLV-Length 6 octets Data Type The attribute EA-Length is of type integer (Section 3.1 of [RFC8044]). TLV-Value EA-len; 32-bits long. Specifies the Embedded-Address (EA) bit length. Allowed values range from 0 to 48.
The IPv4-Address MAY be used to specify the full or shared IPv4 address of the CE.
The structure of IPv4-Address is shown below:
TLV-Type 13 TLV-Length 6 octets Data Type The attribute IPv4-Address is of type ipv4addr (Section 3.8 of [RFC8044]). TLV-Value 32-bits long. Specifies the IPv4 address (ipv4-address) to appear in Softwire46-V4V6Bind (Section 3.1.3.4).
The Bind-IPv6-Prefix is used by the CE to identify the correct IPv6 prefix to be used as the tunnel source.
The structure of Bind-IPv6-Prefix is shown below:
TLV-Type 14 TLV-Length 4 + length of bind-ipv6-prefix specified in octets. Data Type The attribute Bind-IPv6-Prefix is of type ipv6pref (Section 3.10 of [RFC8044]). TLV-Value A variable-length field specifying the IPv6 prefix or address for the Softwire46 CE (bind-ipv6-prefix). This field is right-padded with zeros to the nearest octet boundary when the prefix length is not divisible by 8.
This attribute is used to convey the Port Set Identifier offset as defined in [RFC7597]. This attribute is encoded in 32 bits as per the recommendation in Appendix A.2.1 of [RFC6158].
The structure of PSID-Offset is shown below:
TLV-Type 15 TLV-Length 6 octets Data Type The attribute PSID-Offset is of type integer (Section 3.1 of [RFC8044]). TLV-Value Contains the PSID-Offset (8-bits) right justified, and the unused bits in this field MUST be set to zero. This field specifies the numeric value for the Softwire46 algorithm's excluded port range/offset bits (a bits), as per Section 5.1 of [RFC7597]. Default values for this field are specific to the Softwire mechanism being implemented and are defined in the relevant specification document.
This attribute is used to convey the PSID length as defined in [RFC7597]. This attribute is encoded in 32 bits as per the recommendation in Appendix A.2.1 of [RFC6158].
The structure of PSID-Len is shown below:
TLV-Type 16 TLV-Length 6 octets Data Type The attribute PSID-Len is of type integer (Section 3.1 of [RFC8044]). TLV-Value Contains the PSID-len (8-bits) right justified, and the unused bits in this field MUST be set to zero. This field specifies the number of significant bits in the PSID field (also known as 'k'). When set to 0, the PSID field is to be ignored. After the first 'a' bits, there are k bits in the port number representing the value of the PSID. Subsequently, the address sharing ratio would be 2^k.
This attribute is used to convey the PSID as defined in [RFC7597]. This attribute is encoded in 32 bits as per the recommendation in Appendix A.2.1 of [RFC6158].
The structure of PSID is shown below:
TLV-Type 17 TLV-Length 6 octets Data Type The attribute PSID is of type integer (Section 3.1 of [RFC8044]). TLV-Value Contains the PSID (16-bits) right justified, and the unused bits in this field MUST be set to zero. The PSID value algorithmically identifies a set of ports assigned to a CE. The first k bits on the left of this 2-octet field is the PSID value. The remaining (16-k) bits on the right are padding zeros.
The Softwire46-Priority Attribute includes an ordered list of Softwire46 mechanisms allowing the client to prioritize which mechanism to use, corresponding to OPTION_S46_PRIORITY defined in [RFC8026]. The following requirements apply:
Type 241 (To be confirmed by IANA) Length Indicates the length of this attribute, including the Type, Length, Extended-Type and Value fields. Extended-Type TBD5 TLV-Value The attribute includes one or more Softwire46-Option-Code TLVs: A Softwire46-Priority Attribute MUST contain at least one Softwire46-Option-Code TLV (Section 3.2.1). Softwire46 mechanisms are prioritized in the appearance order of the in the Softwire46-Priority Attribute. That is, the first-appearing mechanism is most preferred.
The Softwrie46-Priority Attribute is structured as follows:
The Softwire46-Priority Attribute is associated with the following identifier: 241.Extended-Type (TBD5).
This attribute is used to convey an option code assigned to a Softwire46 mechanism [RFC8026]. This attribute is encoded in 32 bits as per the recommendation in Appendix A.2.1 of [RFC6158].
The structure of Softwire46-Option-Code is shown below:
TLV-Type 18 TLV-Length 6 octets Data Type The attribute Softwire46-Option-Code is of type integer (Section 3.1 of [RFC8044]). TLV-Value A 32-bit IANA-registered option code representing a Softwire46 mechanism (Softwire46-option-code). The codes and their corresponding Softwire46 mechanisms are listed in Section 7.3.
The Softwire46-Multicast Attribute conveys the IPv6 prefixes to be used to synthesize multicast and unicast IPv4-embedded IPv6 addresses as per [RFC8114]. This attribute is of type "tlv" and contains additional TLVs. The following requirements apply:
The Softwire46-Multicast Attribute is structured as follows:
Type 241 (To be confirmed by IANA) Length This field indicates the total length in bytes of all fields of this attribute, including the Type, Length, Extended-Type, and the entire length of the embedded attributes. Extended-Type TBD6 Value This field contains a set of attributes as follows: ASM-Prefix64 This attribute contains the Any-Source Multicast (ASM) IPv6 prefix. Refer to Section 3.3.1. SSM-Prefix64 This attribute contains the Source-Source Multicast (SSM) IPv6 prefix. Refer to Section 3.3.2. U-Prefix64 This attribute contains the IPv4 prefix used for address translation. Refer to Section 3.3.3.
The Softwire46-Multicast Attribute is associated with the following identifier: 241.Extended-Type(TBD6).
The ASM-Prefix64 attribute is structured as follows:
TLV-Type 19 TLV-Length 16 octets. The length of asm-prefix64 must be /96 [RFC8115]. Data Type The attribute ASM-Prefix64 is of type ipv6prefix (Section 3.10 of [RFC8044]). TLV-Value This field specifies the IPv6 multicast prefix (asm-prefix64) to be used to synthesize the IPv4-embedded IPv6 addresses of the multicast groups in the ASM mode. The conveyed multicast IPv6 prefix MUST belong to the ASM range.
The SSM-Prefix64 attribute is structured as follows:
Type 20 TLV-Length 16 octets. The length of ssm-prefix64 must be /96 [RFC8115]. Data Type The attribute SSM-Prefix64 is of type ipv6prefix (Section 3.10 of [RFC8044]). TLV-Type This field specifies the IPv6 multicast prefix (ssm-prefix64) to be used to synthesize the IPv4-embedded IPv6 addresses of the multicast groups in the SSM mode. The conveyed multicast IPv6 prefix MUST belong to the SSM range.
The structure of U-Prefix64 is shown below:
TLV-Type 21 TLV-Length 4 + length of unicast-prefix. As specified in [RFC6052], the unicast-prefix prefix-length MUST be set to 32, 40, 48, 56, 64, or 96. Data Type The attribute U-Prefix64 is of type ipv6prefix (Section 3.10 of [RFC8044]). TLV-Value This field identifies the IPv6 unicast prefix (u-prefix64) to be used in SSM mode for constructing the IPv4-embedded IPv6 addresses representing the IPv4 multicast sources in the IPv6 domain. It may also be used to extract the IPv4 address from the received multicast data flows.
Figure 2 illustrates how the RADIUS and DHCPv6 protocols interwork to provide CE with softwire configuration information.
CE BNG AAA Server | | | |-------1.DHCPv6 Solicit------->| | |(ORO with unicast and/or m'cast| | | container option code(s)) | | | | | | |-------2.Access-Request------->| | | (Softwire46-Configuration | | | Attribute and/or | | |Softwire46-Multicast Attribute)| | | | | |<------3.Access-Accept---------| | | (Softwire46-Configuration | | | Attribute and/or | | |Softwire46-Multicast Attribute)| | | | |<----4.DHCPv6 Advertisement----| | | (container option(s)) | | | | | |-------5.DHCPv6 Request------>| | | (container Option(s)) | | | | | |<--------6.DHCPv6 Reply--------| | | (container option(s)) | | | | | DHCPv6 RADIUS
Figure 2: Interaction between DHCPv6 and AAA Server with RADIUS authentication
The authorization operation could be done independently, after the authentication process. In this case, steps 1-5 are completed as above, then the following steps are performed:
In addition to the above, the following points need to be considered:
In some deployments, the DHCP server may use the Accounting-Request to report to a AAA server the softwire configuration returned to a requesting host. It is the responsibility of the DHCP server to ensure the consistency of the configuration provided to requesting hosts. Reported data to a AAA server may be required for various operational purposes (e.g., regulatory).
A configuration change (e.g., BR address) may result in an exchange of CoA-Requests between the BNG and the AAA server as shown in Figure 3. Concretely, when the BNG receives a CoA-Request message containing Softwire46 attributes, it sends a DHCPv6 Reconfigure message to the appropriate CE to inform that CE that an updated configuration is available. Upon receipt of such message, the CE sends a DHCPv6 Renew or Information-Request in order to receive the updated Softwire46 configuration. In deployments where the BNG embeds a DHCPv6 relay, CoA-Requests can be used following the procedure specified in [RFC6977].
CE BNG AAA Server | | | |---DHCPv6 Solicit--------->| | | |---Access-Request---------->| | |<--Access-Accept------------| | |(Softwire46-Configuration | | | Attribute ...) | .... | | | | |<-----CoA-Request-----------| | |(Softwire46-Configuration | | | Attribute ...) | | |------CoA-Response--------->| |<--DHCPv6 Reconfigure------| | | | | ....
Figure 3: Change of Configuration Example
This document specifies three new RADIUS attributes, and their formats are as follows:
Table 3 describes which attributes may be found, in which kinds of packets and in what quantity.
Request Accept Reject Challenge Acct CoA- # Attribute Req Req 0-1 0-1 0 0 0-1 0-1 241.TBD1 Softwire46- Configuration 0-1 0-1 0 0 0-1 0-1 241.TBD5 Softwire46- Priority 0-1 0-1 0 0 0-1 0-1 241.TBD6 Softwire46- Multicast
Table 3: Table of Attributes
Section 9 of [RFC7596] discusses security issues related to Lightweight 4over6, Section 10 of [RFC7597] discusses security issues related to MAP-E, Section 13 of [RFC7599] discusses security issues related to MAP-T, and Section 9 of [RFC8114] discusses security issues related to the delivery of IPv4 multicast services to IPv4 clients over an IPv6 multicast network.
This document does not introduce any security issues inherently different from those already identified in Section 8 of [RFC2865] and Section 6 of [RFC5176] for CoA messages. Known security vulnerabilities of the RADIUS protocol discussed in Section 7 of [RFC2607] and Section 7 of [RFC2869] apply to this specification. These well-established properties of the RADIUS protocol place some limitations on how it can safely be used, since there is some inherent requirement to trust the counterparty to not misbehave.
Accordingly, this document targets deployments where a trusted relationship is in place between the RADIUS client and server with communication optionally secured by IPsec or Transport Layer Security (TLS) [RFC6614]. The use of IPsec [RFC4301] for providing security when RADIUS is carried in IPv6 is discussed in [RFC3162].
Security considerations for interactions between a Softwire46 CE and the BNG are discussed in Section 9 of [RFC7598] (DHCPv6 options for configuration of softwire46 address and port-mapped clients), Section 3 of [RFC8026] (DHCPv6-based Softwire46 prioritization mechanism), and Section 5 of [RFC8115] (DHCPv6 options for configuration of IPv4-embedded IPv6 prefixes).
IANA is requested to make new code point assignments for RADIUS attributes as described in the following subsections. The assignments should use the RADIUS registry available at https://www.iana.org/assignments/radius-types/.
This document requests IANA to assign the Attribute Types defined in this document from the RADIUS namespace as described in the "IANA Considerations" section of [RFC3575], in accordance with BCP 26 [RFC8126].
This document requests that IANA register three new RADIUS attributes, from the "Short Extended Space" of [RFC6929]. The attributes are: Softwire46-Configuration Attribute, Softwire46-Priority Attribute, and Softwire46-Multicast Attribute:
Type Description Data Type Reference ---- ----------- --------- --------- 241.TBD1 Softwire46-Configuration tlv Section 3.1 241.TBD5 Softwire46-Priority tlv Section 3.2 241.TBD6 Softwire46-Multicast tlv Section 3.3
IANA is requested to create a new registry called "RADIUS Softwire46 Configuration and Multicast Attributes".
All attributes in this registry have one or more parent RADIUS attributes in nesting (refer to [RFC6929]).
This registry must be initially populated with the following values:
Value Description Data Type Reference ----- ----------- --------- --------- 0 Reserved 1 Softwire46-MAP-E tlv Section 3.1.1.1 2 Softwire46-MAP-T tlv Section 3.1.1.2 3 Softwire46-Lightweight-4over6 tlv Section 3.1.1.3 4 Softwire46-Rule (BMR) tlv Section 3.1.3.1 5 Softwire46-Rule (FMR) tlv Section 3.1.3.1 6 Softwire46-BR ipv6addr Section 3.1.3.2 7 Softwire46-DMR ipv6prefix Section 3.1.3.3 8 Softwire46-V4V6Bind tlv Section 3.1.3.4 9 Softwire46-PORTPARAMS tlv Section 3.1.3.5 10 Rule-IPv6-Prefix ipv6prefix Section 3.1.4.1 11 Rule-IPv4-Prefix ipv4prefix Section 3.1.4.2 12 EA-Length integer Section 3.1.4.3 13 IPv4-Address ipv4addr Section 3.1.5.1 14 Bind-IPv6-Prefix ipv6prefix Section 3.1.5.2 15 PSID-Offset integer Section 3.1.6.1 16 PSID-Len integer Section 3.1.6.2 17 PSID integer Section 3.1.6.3 18 Softwire46-Option-Code integer Section 3.2.1 19 ASM-Prefix64 ipv6prefix Section 3.3.1 20 SSM-Prefix64 ipv6prefix Section 3.3.2 21 U-Prefix64 ipv6prefix Section 3.3.3 22-255 Unassigned
The registration procedure for this registry is Standards Action as defined in [RFC8126].
The Softwire46-Priority Attribute conveys an ordered list of option codes assigned to Softwire46 mechanisms, for which IANA is requested to create and maintain a new registry entitled "Option Codes Permitted in the Softwire46-Priority Attribute".
Table 4 shows the initial version of allowed option codes, and the Softwire46 mechanisms that they represent. The option code for DS-Lite is derived from the IANA allocated RADIUS Attribute Type value for DS-Lite [RFC6519]. The option codes for MAP-E, MAP-T, and Lightweight 4over6 are the TLV-Type values for the MAP-E, MAP-T, and Lightweight 4over6 attributes defined in Section 3.1.1.
+-----------+--------------------+-----------+ |Option Code|Softwire46 Mechanism| Reference | +-----------+--------------------+-----------+ | 1 | MAP-E | RFC7597 | | 2 | MAP-T | RFC7599 | | 3 | Lightweight 4over6 | RFC7596 | | 144 | DS-Lite | RFC6519 | +-----------+--------------------+-----------+
Table 4: Option Codes to S46 Mechanisms
Additional option codes may be added to this list in the future using the IETF Review process described in Section 4.8 of [RFC8126].
Bing Liu Huawei Technologies Co., Ltd Q14, Huawei Campus, No.156 Beiqing Road Hai-Dian District, Beijing, 100095 P.R. China Email: leo.liubing@huawei.com Peter Deacon IEA Software, Inc. P.O. Box 1170 Veradale, WA 99037 USA Email: peterd@iea-software.com Qiong Sun China Telecom Beijing China Email: sunqiong@ctbri.com.cn Qi Sun Tsinghua University Department of Computer Science, Tsinghua University Beijing 100084 P.R.China Phone: +86-10-6278-5822 Email: sunqibupt@gmail.com Cathy Zhou Huawei Technologies Bantian, Longgang District Shenzhen 518129 Email: cathy.zhou@huawei.com Tina Tsou Huawei Technologies(USA) 2330 Central Expressway Santa Clara, CA 95050 USA Email: Tina.Tsou.Zouting@huawei.com ZiLong Liu Tsinghua University Beijing 100084 P.R.China Phone: +86-10-6278-5822 Email: liuzilong8266@126.com Yong Cui Tsinghua University Beijing 100084 P.R.China Phone: +86-10-62603059 Email: yong@csnet1.cs.tsinghua.edu.cn
The authors would like to thank the valuable comments made by Peter Lothberg, Wojciech Dec, Ian Farrer, Suresh Krishnan, Qian Wang, Wei Meng, Cui Wang, Alan Dekok, Stefan Winter, and Yu Tianpeng to this document.
This document was merged with [I-D.sun-softwire-lw4over6-radext] and [I-D.wang-radext-multicast-radius-ext], thanks to everyone who contributed to this document.
This document was produced using the xml2rfc tool [RFC7991].
Many thanks to Al Morton, Bernie Volz, Joel Halpern, and Donald Eastlake for the review.
The following sections detail the mappings between the softwire DHCPv6 option fields and the relevant RADIUS attributes as defined in this document.
OPTION_S46_RULE Field | Softwire46-Rule Name | TLV Subfield |
---|---|---|
flags | N/A | TLV-type (TBD7, TBD8) |
ea-len | EA-Length | EA-len |
prefix4-len | Rule-IPv4-Prefix | Prefix-Length |
ipv4-prefix | Rule-IPv4-Prefix | rule-ipv4-prefix |
prefix6-len | Rule-IPv6-Prefix | Prefix-Length |
ipv6-prefix | Rule-IPv6-Prefix | rule-ipv6-prefix |
OPTION_S46_BR Field | Softwire46-BR Subfield |
---|---|
br-ipv6-address | br-ipv6-address |
OPTION_S46_BR Field | Softwire46-DMR Subfield |
---|---|
dmr-prefix6-len | dmr-prefix6-len |
dmr-ipv6-prefix | dmr-ipv6-prefix |
OPTION_S46_V4V6BIND Field | Softwire46-V4V6Bind Name | TLV Subfield |
---|---|---|
ipv4-address | IPv4-Address | ipv4-address |
bindprefix6-len | Bind-IPv6-Prefix | Prefix-Length |
bind-ipv6-prefix | Bind-IPv6-Prefix | bind-ipv6-prefix |
OPTION_S46_PORTPARAMS Field | Softwire46-PORTPARAMS Name | TLV Subfield |
---|---|---|
offset | PSID-Offset | PSID-Offset |
PSID-len | PSID-Len | PSID-len |
PSID | PSID | PSID |
OPTION_S46_PRIORITY Field | Softwire46-Priority Attribute Subfield |
---|---|
s46-option-code | Softwire46-option-code |
OPTION_V6_PREFIX64 Field | Softwire46-Multicast Attribute TLV Name | TLV Subfield |
---|---|---|
asm-length | ASM-Prefix64 | Prefix-Length |
ASM_mPrefix64 | ASM-Prefix64 | asm-prefix64 |
ssm-length | SSM-Prefix64 | Prefix-Length |
SSM_mPrefix64 | SSM-Prefix64 | ssm-prefix64 |
unicast-length | U-Prefix64 | Prefix-Length |
uPrefix64 | U-Prefix64 | u-prefix64 |