Internet DRAFT - draft-ietf-softwire-map-radius
draft-ietf-softwire-map-radius
Softwire S. Jiang, Ed.
Internet-Draft Huawei Technologies Co., Ltd
Intended status: Standards Track Y. Fu, Ed.
Expires: December 16, 2019 CNNIC
C. Xie
China Telecom
T. Li
Tsinghua University
M. Boucadair, Ed.
Orange
June 14, 2019
RADIUS Attributes for Address plus Port (A+P) based Softwire Mechanisms
draft-ietf-softwire-map-radius-26
Abstract
IPv4-over-IPv6 transition mechanisms provide IPv4 connectivity
services over IPv6 native networks during the IPv4/IPv6 co-existence
period. DHCPv6 options have been defined for configuring clients for
Lightweight 4over6, Mapping of Address and Port with Encapsulation,
and Mapping of Address and Port using Translation unicast softwire
mechanisms, and also multicast softwires. However, in many networks,
configuration information is stored in an Authentication,
Authorization, and Accounting server which utilizes the RADIUS
protocol to provide centralized management for users. When a new
transition mechanism is developed, new RADIUS attributes need to be
defined correspondingly.
This document defines new RADIUS attributes to carry Address plus
Port based softwire configuration parameters from an Authentication,
Authorization, and Accounting server to a Broadband Network Gateway.
Both unicast and multicast attributes are covered.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
Jiang, Ed., et al. Expires December 16, 2019 [Page 1]
�
Internet-Draft A+P RADIUS Attributes June 2019
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on December 16, 2019.
Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5
3. New RADIUS Attributes . . . . . . . . . . . . . . . . . . . . 6
3.1. Softwire46-Configuration Attribute . . . . . . . . . . . 7
3.1.1. Softwire46 Attributes . . . . . . . . . . . . . . . . 8
3.1.1.1. Softwire46-MAP-E Attribute . . . . . . . . . . . 10
3.1.1.2. Softwire46-MAP-T Attribute . . . . . . . . . . . 10
3.1.1.3. Softwire46-Lightweight-4over6 Attribute . . . . . 11
3.1.2. Softwire46 Sub-Attributes . . . . . . . . . . . . . . 11
3.1.3. Specification of the Softwire46 Sub-Attributes . . . 12
3.1.3.1. Softwire46-Rule Attribute . . . . . . . . . . . . 12
3.1.3.2. Softwire46-BR Attribute . . . . . . . . . . . . . 13
3.1.3.3. Softwire46-DMR Attribute . . . . . . . . . . . . 14
3.1.3.4. Softwire46-V4V6Bind Attribute . . . . . . . . . . 14
3.1.3.5. Softwire46-PORTPARAMS Attribute . . . . . . . . . 15
3.1.4. Sub-Attributes for Sofwtire46-Rule . . . . . . . . . 16
3.1.4.1. Rule-IPv6-Prefix Attribute . . . . . . . . . . . 16
3.1.4.2. Rule-IPv4-Prefix Attribute . . . . . . . . . . . 17
3.1.4.3. EA-Length Attribute . . . . . . . . . . . . . . . 17
3.1.5. Attributes for Softwire46-v4v6Bind . . . . . . . . . 18
3.1.5.1. IPv4-Address Attribute . . . . . . . . . . . . . 18
3.1.5.2. Bind-IPv6-Prefix Attribute . . . . . . . . . . . 18
3.1.6. Attributes for Softwire46-PORTPARAMS . . . . . . . . 19
3.1.6.1. PSID-Offset Attribute . . . . . . . . . . . . . . 19
3.1.6.2. PSID-Len Attribute . . . . . . . . . . . . . . . 20
3.1.6.3. PSID Attribute . . . . . . . . . . . . . . . . . 20
Jiang, Ed., et al. Expires December 16, 2019 [Page 2]
�
Internet-Draft A+P RADIUS Attributes June 2019
3.2. Softwire46-Priority Attribute . . . . . . . . . . . . . . 21
3.2.1. Softwire46-Option-Code . . . . . . . . . . . . . . . 22
3.3. Softwire46-Multicast Attribute . . . . . . . . . . . . . 23
3.3.1. ASM-Prefix64 Attribute . . . . . . . . . . . . . . . 24
3.3.2. SSM-Prefix64 Attribute . . . . . . . . . . . . . . . 25
3.3.3. U-Prefix64 Attribute . . . . . . . . . . . . . . . . 25
4. A Sample Configuration Process with RADIUS . . . . . . . . . 25
5. Table of Attributes . . . . . . . . . . . . . . . . . . . . . 29
6. Security Considerations . . . . . . . . . . . . . . . . . . . 30
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 30
7.1. New RADIUS Attributes . . . . . . . . . . . . . . . . . . 30
7.2. RADIUS Softwire46 Configuration and Multicast Attributes 31
7.3. Softwire46 Mechanisms and Their Identifying Option Codes 32
8. Contributing Authors . . . . . . . . . . . . . . . . . . . . 32
9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 34
10. References . . . . . . . . . . . . . . . . . . . . . . . . . 34
10.1. Normative References . . . . . . . . . . . . . . . . . . 34
10.2. Informative References . . . . . . . . . . . . . . . . . 36
Appendix A. DHCPv6 to RADIUS Field Mappings . . . . . . . . . . 37
A.1. OPTION_S46_RULE (89) to Softwire46-Rule Sub-TLV Field
Mappings . . . . . . . . . . . . . . . . . . . . . . . . 37
A.2. OPTION_S46_BR (90) to Softwire46-BR Field Mappings . . . 38
A.3. OPTION_S46_DMR (91) to Softwire46-DMR . . . . . . . . . . 38
A.4. OPTION_S46_V4V6BIND (92) to Softwire46-V4V6Bind . . . . . 38
A.5. OPTION_S46_PORTPARAMS (93) to Softwire46-PORTPARAMS Field
Mappings . . . . . . . . . . . . . . . . . . . . . . . . 38
A.6. OPTION_S46_PRIORITY (111) to Softwire46-PORTPARAMS Field
Mappings . . . . . . . . . . . . . . . . . . . . . . . . 39
A.7. OPTION_V6_PREFIX64 (113) to Softwire46-Multicast
Attribute Field Mappings . . . . . . . . . . . . . . . . 39
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 39
1. Introduction
Providers have started deploying and transitioning to IPv6. Several
IPv4 service continuity mechanisms based on the Address plus Port
(A+P) [RFC6346] have been proposed for providing unicast IPv4 over
IPv6-only infrastructure, such as Mapping of Address and Port with
Encapsulation (MAP-E) [RFC7597], Mapping of Address and Port using
Translation (MAP-T) [RFC7599], and Lightweight 4over6 [RFC7596].
Also, [RFC8114] specifies a generic solution for the delivery of IPv4
multicast services to IPv4 clients over an IPv6 multicast network.
For each of these mechanisms, DHCPv6 options have been specified for
client configuration.
In many networks, user configuration information is stored in an
Authentication, Authorization, and Accounting (AAA) server. AAA
servers generally communicate using the Remote Authentication Dial In
Jiang, Ed., et al. Expires December 16, 2019 [Page 3]
�
Internet-Draft A+P RADIUS Attributes June 2019
User Service (RADIUS) [RFC2865] protocol. In a fixed broadband
network, a Broadband Network Gateway (BNG) acts as the access gateway
for users. That is, the BNG acts as both an AAA client to the AAA
server, and a DHCPv6 server for DHCPv6 messages sent by clients.
Throughout this document, the term BNG describes a device
implementing both the AAA client and DHCPv6 server functions.
Since IPv4-in-IPv6 softwire configuration information is stored in an
AAA server, and user configuration information is mainly transmitted
through DHCPv6 between the BNGs and Customer Premises Equipment (CEs,
a.k.a., CPE), new RADIUS attributes are needed to propagate the
information from the AAA servers to BNGs so that they can be provided
to CEs using the existing DHCPv6 options.
The RADIUS attributes defined in this document provide configuration
to populate the corresponding DHCPv6 options for unicast and
multicast softwire configuration, specifically:
o "Mapping of Address and Port with Encapsulation (MAP-E)" [RFC7597]
(DHCPv6 options defined in [RFC7598]).
o "Mapping of Address and Port using Translation (MAP-T)" [RFC7599]
(DHCPv6 options defined in [RFC7598]).
o "Lightweight 4over6: An Extension to the Dual-Stack Lite
Architecture" [RFC7596] (DHCPv6 options defined in [RFC7598]).
o "Unified IPv4-in-IPv6 Softwire Customer Premises Equipment (CPE):
A DHCPv6-Based Prioritization Mechanism" [RFC8026].
o "Delivery of IPv4 Multicast Services to IPv4 Clients over an IPv6
Multicast Network" [RFC8114] (DHCPv6 options defined in
[RFC8115]).
The contents of the attributes defined in this document have a 1:1
mapping into the fields of the various DHCPv6 options in [RFC7598],
[RFC8026], and [RFC8115]. Table 1 shows how the DHCPv6 options map
to the corresponding RADIUS attribute. For detailed mappings between
each DHCPv6 option field and the corresponding RADIUS Attribute or
field, see Appendix A.
Jiang, Ed., et al. Expires December 16, 2019 [Page 4]
�
Internet-Draft A+P RADIUS Attributes June 2019
+----------------------------+--------------------------------+
| DHCPv6 Option | RADIUS Attribute |
+----------------------------+--------------------------------+
| OPTION_S46_RULE (89) | Softwire46-Rule |
| OPTION_S46_BR (90) | Softwire46-BR |
| OPTION_S46_DMR (91) | Softwire46-DMR |
| OPTION_S46_V4V6BIND (92) | Softwire46-V4V6Bind |
| OPTION_S46_PORTPARAMS (93) | Softwire46-PORTPARAMS |
| OPTION_S46_PRIORITY (111) | Softwire46-Priority |
| OPTION_V6_PREFIX64 (113) | Softwire46-Multicast |
+----------------------------+--------------------------------+
Table 1: Mapping between DHCPv6 Options and RADIUS Attributes
A RADIUS attribute for Dual-Stack Lite [RFC6333] is defined in
[RFC6519].
This document targets deployments where a trusted relationship is in
place between the RADIUS client and server.
2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP
14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.
The reader should be familiar with the concepts and terms defined in
[RFC7596], [RFC7597], [RFC7599], and [RFC8026].
The terms "multicast Basic Bridging BroadBand" element (mB4) and
"multicast Address Family Transition Router" element (mAFTR) are
defined in [RFC8114].
Softwire46 (S46) is used throughout to denote any of the IPv4-in-IPv6
softwire mechanisms listed above. Additionally, the following
abbreviations are used within the document:
o BNG: Broadband Network Gateway
o BR: Border Relay
o CE: Customer Edge
o DMR: Default Mapping Rule
o lwAFTR: Lightweight AFTR
Jiang, Ed., et al. Expires December 16, 2019 [Page 5]
�
Internet-Draft A+P RADIUS Attributes June 2019
o PSID: Port Set Identifier
o TLV: Type, Length, Value
o MAP-E: Mapping of Address and Port with Encapsulation
o MAP-T: Mapping of Address and Port using Translation
3. New RADIUS Attributes
This section defines the following attributes:
1. Softwire46-Configuration Attribute (Section 3.1):
This attribute carries the configuration information for MAP-E,
MAP-T, and Lightweight 4over6. The configuration information for
each Softwire46 mechanism is carried in the corresponding
Softwire46 attributes. Different attributes are required for
each Softwire46 mechanism.
2. Softwire46-Priority Attribute (Section 3.2):
Depending on the deployment scenario, a client may support
several different Softwire46 mechanisms. Therefore, a client may
request configuration for more than one Softwire46 mechanism at a
time. The Softwire46-Priority Attribute contains information
allowing the client to prioritize which mechanism to use,
corresponding to OPTION_S46_PRIORITY defined in [RFC8026].
3. Softwire46-Multicast Attribute (Section 3.3):
This attribute conveys the IPv6 prefixes to be used in [RFC8114]
to synthesize IPv4-embedded IPv6 addresses. The BNG uses the
IPv6 prefixes returned in the RADIUS Softwire46-Multicast
Attribute to populate the DHCPv6 PREFIX64 Option [RFC8115].
All of these attributes are allocated from the RADIUS "Extended Type"
code space per [RFC6929].
All of these attribute designs follow [RFC6158] and [RFC6929].
This document adheres to [RFC8044] for defining the new RADIUS
attributes.
Jiang, Ed., et al. Expires December 16, 2019 [Page 6]
�
Internet-Draft A+P RADIUS Attributes June 2019
3.1. Softwire46-Configuration Attribute
This attribute is of type "tlv", as defined in the RADIUS Protocol
Extensions [RFC6929]. It contains some sub-attributes, with the
following requirements:
The Softwire46-Configuration Attribute MUST contain one or more of
the following attributes: Softwire46-MAP-E, Softwire46-MAP-T, and/
or Softwire46-Lightweight-4over6.
The Softwire46-Configuration Attribute conveys the configuration
information for MAP-E, MAP-T, or Lightweight 4over6. The BNG
SHALL use the configuration information returned in the RADIUS
attribute to populate the DHCPv6 Softwire46 Container Option(s)
defined in Section 5 of [RFC7598].
The Softwire46-Configuration Attribute MAY appear in an Access-
Accept packet. It MAY also appear in an Access-Request packet to
indicate a preferred Softwire46 configuration. However, the
server is not required to honor such a preference.
The Softwire46-Configuration Attribute MAY appear in a CoA-Request
packet.
The Softwire46-Configuration Attribute MAY appear in an
Accounting-Request packet.
The Softwire46-Configuration Attribute MUST NOT appear in any
other RADIUS packet.
The Softwire46-Configuration Attribute is structured as follows:
Jiang, Ed., et al. Expires December 16, 2019 [Page 7]
�
Internet-Draft A+P RADIUS Attributes June 2019
Type
241 (To be confirmed by IANA).
Length
Indicates the total length, in bytes, of all fields of
this attribute, including the Type, Length, Extended-Type,
and the entire length of the embedded attributes.
Extended-Type
TBD1
Value
Contains one or more of the following attributes. Each attribute
type may appear at most once:
Softwire46-MAP-E
For configuring MAP-E clients. For the construction of
this attribute, refer to Section 3.1.1.1.
Softwire46-MAP-T
For configuring MAP-T clients. For the construction of
this attribute, refer to Section 3.1.1.2.
Softwire46-Lightweight-4over6
For configuring Lightweight 4over6 clients. For the
construction of this attribute, refer to Section 3.1.1.3.
The Softwire46-Configuration Attribute is associated with the
following identifier: 241.Extended-Type(TBD1).
3.1.1. Softwire46 Attributes
The Softwire46 attributes can only be encapsulated in the
Softwire46-Configuration Attribute. Depending on the deployment
scenario, a client might request for more than one transition
mechanism at a time. There MUST be at least one Softwire46 attribute
encapsulated in one Softwire46-Configuration Attribute. There MUST
be at most one instance of each type of Softwire46 attribute
encapsulated in one Softwire46-Configuration Attribute.
There are three types of Softwire46 attributes, namely:
1. Softwire46-MAP-E (Section 3.1.1.1)
2. Softwire46-MAP-T (Section 3.1.1.2)
3. Softwire46-Lightweight 4over6 (Section 3.1.1.3)
Jiang, Ed., et al. Expires December 16, 2019 [Page 8]
�
Internet-Draft A+P RADIUS Attributes June 2019
Each type of Softwire46 attribute contains a number of sub-
attributes, defined in Section 3.1.3. The hierarchy of the
Softwire46 attributes is shown in Figure 1. Section 3.1.2 describes
which sub-attributes are mandatory, optional, or not permitted for
each defined Softwire46 attribute.
/1.Rule-IPv6-Prefix
S / |
o / | 1.Softwire46-Rule -----+ 2.Rule-IPv4-Prefix
f | Softwire46-MAP-E--+ |
t | | 2.Softwire46-BR | 3.EA Length
w | | \
i | | /1.PSID-Offset
r | | |
e | | 3.Softwire46-PORTPARAMS -----+ 2.PSID-Len
- | \ |
C | | 3.PSID
o | \
n |
f | /1.Rule-IPv6-Prefix
i | / |
g | | 1.Softwire46-Rule------+ 2.Rule-IPv4-Prefix
u | Softwire46-MAP-T--+ |
r | | 2.Softwire46-DMR | 3.EA Length
a | | \
t | | /1.PSID-Offset
i | | |
o | | 3.Softwire46-PORTPARAMS------+ 2.PSID-Len
n | \ |
| | 3.PSID
A | \
t |
t | /1.IPv4-Address
r | / |
i | | 1.Softwire46-V4V6Bind -----+ 2.Bind-IPv6-Prefix
b | Softwire46- | \
u | Lightweight-4over6+ 2.Softwire46-BR /1.PSID-Offset
t \ | |
e | 3.Softwire46-PORTPARAMS ----+ 2.PSID-Len
\ |
| 3.PSID
\
Figure 1: Softwire46 Attributes Hierarchy
Jiang, Ed., et al. Expires December 16, 2019 [Page 9]
�
Internet-Draft A+P RADIUS Attributes June 2019
3.1.1.1. Softwire46-MAP-E Attribute
Softwire46-MAP-E attribute is designed for carrying the configuration
information for MAP-E. The structure of Softwire46-MAP-E is shown
below:
TLV-Type
1
TLV-Length
Indicates the length of this attribute, including
the TLV-Type, TLV-Length, and TLV-Value fields.
TLV-Value
Contains a set of sub-attributes, with the following requirements:
It MUST contain Softwire46-Rule, defined in Section 3.1.3.1.
It MUST contain Softwire46-BR, defined in Section 3.1.3.2.
It MAY contain Softwire46-PORTPARAMS, defined in Section 3.1.3.5.
3.1.1.2. Softwire46-MAP-T Attribute
Softwire46-MAP-T attribute is designed for carrying the configuration
information for MAP-T. The structure of Softwire46-MAP-T is shown
below:
TLV-Type
2
TLV-Length
Indicates the length of this attribute, including
the TLV-Type, TLV-Length, and TLV-Value fields.
TLV-Value
Contains a set of sub-attributes, with the following requirements:
It MUST contain Softwire46-Rule, defined in Section 3.1.3.1.
It MUST contain Softwire46-DMR, defined in Section 3.1.3.3.
It MAY contain Softwire46-PORTPARAMS, defined in Section 3.1.3.5.
Jiang, Ed., et al. Expires December 16, 2019 [Page 10]
�
Internet-Draft A+P RADIUS Attributes June 2019
3.1.1.3. Softwire46-Lightweight-4over6 Attribute
Softwire46-Lightweight-4over6 attribute is designed for carrying the
configuration information for Lightweight 4over6. The structure of
Softwire46-Lightweight-4over6 is shown below:
TLV-Type
3
TLV-Length
Indicates the length of this attribute, including
the TLV-Type, TLV-Length, and TLV-Value fields.
TLV-Value
Contains a set of sub-attributes as follows:
It MUST contain Softwire46-BR, defined in Section 3.1.3.2.
It MUST contain Softwire46-V4V6Bind, defined in Section 3.1.3.4.
It MAY contain Softwire46-PORTPARAMS, defined in Section 3.1.3.5.
3.1.2. Softwire46 Sub-Attributes
Table 2 shows which encapsulated sub-attributes are mandatory,
optional, or not permitted for each defined Softwire46 attribute.
+-----------------------+-------+-------+--------------------+
| Sub-Attributes | MAP-E | MAP-T | Lightweight 4over6 |
+-----------------------+-------+-------+--------------------+
| Softwire46-BR | 1+ | 0 | 1+ |
| Softwire46-Rule | 1 | 1 | 0 |
| Softwire46-DMR | 0 | 1 | 0 |
| Softwire46-V4V6Bind | 0 | 0 | 1 |
| Softwire46-PORTPARAMS | 0-1 | 0-1 | 0-1 |
+-----------------------+-------+-------+--------------------+
Table 2: Softwire46 Sub-Attributes
The following table defines the meaning of Table 2 entries.
Jiang, Ed., et al. Expires December 16, 2019 [Page 11]
�
Internet-Draft A+P RADIUS Attributes June 2019
0 Not Permitted
0-1 Optional, zero or one instance of the attribute
may be present.
1 Mandatory, only one instance of the attribute
must be present.
1+ Mandatory, one or more instances of the attribute
may be present.
3.1.3. Specification of the Softwire46 Sub-Attributes
3.1.3.1. Softwire46-Rule Attribute
Softwire46-Rule can only be encapsulated in Softwire46-MAP-E
(Section 3.1.1.1) or Softwire46-MAP-T (Section 3.1.1.2). Depending
on the deployment scenario, one Basic Mapping Rule (BMR) and zero or
more Forwarding Mapping Rules (FMRs) MUST be included in one
Softwire46-MAP-E or Softwire46-MAP-T.
Each type of Softwire46-Rule also contains a number of sub-
attributes, including Rule-IPv6-Prefix, Rule-IPv4-Prefix, and EA-
Length. The structure of the sub-attributes for Softwire46-Rule is
defined in Section 3.1.4.
Defining multiple TLV-types achieves the same design goals as the
"Softwire46 Rule Flags" defined in Section 4.1 of [RFC7598]. Using
TLV-type set to 5 is equivalent to setting the F-flag in the
OPTION_S46_RULE S46 Rule Flags field.
Jiang, Ed., et al. Expires December 16, 2019 [Page 12]
�
Internet-Draft A+P RADIUS Attributes June 2019
TLV-Type
4 Basic Mapping Rule only (not to be used for forwarding)
5 Forwarding Permitted Mapping Rule
TLV-Length
Indicates the length of this attribute, including
the TLV-Type, TLV-Length, and TLV-Value fields.
Data Type
The attribute Softwire46-Rule is of type tlv (Section 3.13 of
[RFC8044]).
TLV-Value
This field contains a set of attributes as follows:
Rule-IPv6-Prefix
This attribute contains the IPv6 prefix for use in the MAP rule.
Refer to Section 3.1.4.1.
Rule-IPv4-Prefix
This attribute contains the IPv4 prefix for use in the MAP rule.
Refer to Section 3.1.4.2.
EA-Length
This attribute contains the Embedded-Address (EA) bit length.
Refer to Section 3.1.4.3.
3.1.3.2. Softwire46-BR Attribute
Softwire46-BR can only be encapsulated in Softwire46-MAP-E
(Section 3.1.1.1) or Softwire46-Lightweight-4over6 (Section 3.1.1.3).
There MUST be at least one Softwire46-BR included in each
Softwire46-MAP-E or Softwire46-Lightweight-4over6.
The structure of Softwire46-BR is shown below:
Jiang, Ed., et al. Expires December 16, 2019 [Page 13]
�
Internet-Draft A+P RADIUS Attributes June 2019
TLV-Type
6
TLV-Length
18 octets
Data Type
The attribute Softwire46-BR is of type ip6addr (Section 3.9 of
[RFC8044]).
TLV-Value
br-ipv6-address. A fixed-length field of 16 octets that
specifies the IPv6 address for the Softwire46 Border Relay (BR).
3.1.3.3. Softwire46-DMR Attribute
Softwire46-DMR may only appear in Softwire46-MAP-T (Section 3.1.1.2).
There MUST be exactly one Softwire46-DMR included in one Softwire46-
MAP-T.
The structure of Softwire46-DMR is shown below:
TLV-Type
7
TLV-Length
4 + length of dmr-ipv6-prefix specified in octets.
Data Type
The attribute Softwire46-DMR is of type ipv6pref (Section 3.10 of
[RFC8044]).
TLV-Value
A variable-length (dmr-prefix6-len) field
specifying the IPv6 prefix (dmr-ipv6-prefix) for the BR. This field
is right-padded with zeros to the nearest octet boundary when
dmr-prefix6-len is not divisible by 8. Prefixes with length from
0 to 96 are allowed.
3.1.3.4. Softwire46-V4V6Bind Attribute
Softwire46-V4V6Bind may only be encapsulated in Softwire46-
Lightweight-4over6 (Section 3.1.1.3). There MUST be exactly one
Softwire46-V4V6Bind included in each Softwire46-Lightweight-4over6.
The structure of Softwire46-V4V6Bind is shown below:
Jiang, Ed., et al. Expires December 16, 2019 [Page 14]
�
Internet-Draft A+P RADIUS Attributes June 2019
TLV-Type
8
TLV-Length
Indicates the length of this attribute, including
the TLV-Type, TLV-Length, and TLV-Value fields.
Data Type
The attribute Softwire46-V4V6Bind is of type tlv (Section 3.13 of
[RFC8044]).
TLV-Value
This field contains a set of attributes as follows:
IPv4-Address
This attribute contains an IPv4 address, used to specify
the full or shared IPv4 address of the CE. Refer to
Section 3.1.5.1.
Bind-IPv6-Prefix
This attribute contains an IPv6 prefix used to indicate which
configured prefix the Softwire46 CE should use for constructing
the softwire. Refer to Section 3.1.5.2.
3.1.3.5. Softwire46-PORTPARAMS Attribute
Softwire46-PORTPARAMS is optional. It is used to specify port set
information for IPv4 address sharing between clients.
Softwire46-PORTPARAMS MAY be included in any of the Softwire46
attributes.
The structure of Softwire46-PORTPARAMS is shown below:
Jiang, Ed., et al. Expires December 16, 2019 [Page 15]
�
Internet-Draft A+P RADIUS Attributes June 2019
TLV-Type
9
TLV-Length
Indicates the length of this attribute, including
the TLV-Type, TLV-Length, and TLV-Value fields.
Data Type
The attribute Softwire46-PORTPARAMS is of type tlv (Section 3.13
of [RFC8044]).
TLV-Value
This field contains a set of attributes as follows:
PSID-Offset
This attribute specifies the numeric value for the Softwire46
algorithm's excluded port range/offset bits (a bits). Refer to
Section 3.1.6.1.
PSID-Len
This attribute specifies the number of significant bits in the
PSID field (also known as 'k'). Refer to Section 3.1.6.2.
PSID
This attribute specifies PSID value. Refer to Section 3.1.6.3.
3.1.4. Sub-Attributes for Sofwtire46-Rule
There are two types of Softwire46-Rule: the Basic Mapping Rule and
the Forwarding Mapping Rule, indicated by the value in the TLV-Type
field of Softwire46-Rule (Section 3.1.3.1).
Each type of Softwire46-Rule also contains a number of Sub-attributes
as detailed in the following sub-sections.
3.1.4.1. Rule-IPv6-Prefix Attribute
Rule-IPv6-Prefix is REQUIRED for every Softwire46-Rule. There MUST
be exactly one Rule-IPv6-Prefix encapsulated in each type of
Softwire46-Rule.
Rule-IPv6-Prefix follows the framed IPv6 prefix designed in [RFC3162]
and [RFC8044].
The structure of Rule-IPv6-Prefix is shown below:
Jiang, Ed., et al. Expires December 16, 2019 [Page 16]
�
Internet-Draft A+P RADIUS Attributes June 2019
TLV-Type
10
TLV-Length
4 + length of rule-ipv6-prefix specified in octets.
Data Type
The attribute Rule-IPv6-Prefix is of type ipv6pref (Section 3.10
of [RFC8044]).
TLV-Value
A variable-length field that specifies an IPv6
prefix (rule-ipv6-prefix) appearing in the MAP rule.
3.1.4.2. Rule-IPv4-Prefix Attribute
This attribute is used to convey the MAP Rule IPv4 prefix. The
structure of Rule-IPv4-Prefix is shown below:
TLV-Type
11
TLV-Length
4 + length of rule-ipv4-prefix specified in octets.
Data Type
The attribute Rule-IPv4-Prefix is of type ipv4pref (Section 3.11
of [RFC8044]).
TLV-Value
A variable-length field that specifies
an IPv4 prefix (rule-ipv4-prefix) appearing in the MAP rule.
3.1.4.3. EA-Length Attribute
This attribute is used to convey the Embedded-Address (EA) bit
length. The structure of EA-Length is shown below:
Jiang, Ed., et al. Expires December 16, 2019 [Page 17]
�
Internet-Draft A+P RADIUS Attributes June 2019
TLV-Type
12
TLV-Length
6 octets
Data Type
The attribute EA-Length is of type integer (Section 3.1 of
[RFC8044]).
TLV-Value
EA-len; 32-bits long. Specifies the Embedded-Address (EA) bit
length. Allowed values range from 0 to 48.
3.1.5. Attributes for Softwire46-v4v6Bind
3.1.5.1. IPv4-Address Attribute
The IPv4-Address MAY be used to specify the full or shared IPv4
address of the CE.
The structure of IPv4-Address is shown below:
TLV-Type
13
TLV-Length
6 octets
Data Type
The attribute IPv4-Address is of type ipv4addr (Section 3.8
of [RFC8044]).
TLV-Value
32-bits long. Specifies the IPv4 address (ipv4-address) to
appear in Softwire46-V4V6Bind (Section 3.1.3.4).
3.1.5.2. Bind-IPv6-Prefix Attribute
The Bind-IPv6-Prefix is used by the CE to identify the correct IPv6
prefix to be used as the tunnel source.
The structure of Bind-IPv6-Prefix is shown below:
Jiang, Ed., et al. Expires December 16, 2019 [Page 18]
�
Internet-Draft A+P RADIUS Attributes June 2019
TLV-Type
14
TLV-Length
4 + length of bind-ipv6-prefix specified in octets.
Data Type
The attribute Bind-IPv6-Prefix is of type ipv6pref (Section 3.10
of [RFC8044]).
TLV-Value
A variable-length field specifying the IPv6
prefix or address for the Softwire46 CE (bind-ipv6-prefix).
This field is right-padded with zeros to the nearest octet
boundary when the prefix length is not divisible by 8.
3.1.6. Attributes for Softwire46-PORTPARAMS
3.1.6.1. PSID-Offset Attribute
This attribute is used to convey the Port Set Identifier offset as
defined in [RFC7597]. This attribute is encoded in 32 bits as per
the recommendation in Appendix A.2.1 of [RFC6158].
The structure of PSID-Offset is shown below:
TLV-Type
15
TLV-Length
6 octets
Data Type
The attribute PSID-Offset is of type integer (Section 3.1
of [RFC8044]).
TLV-Value
Contains the PSID-Offset (8-bits) right
justified, and the unused bits in this field MUST
be set to zero. This field specifies the
numeric value for the Softwire46 algorithm's excluded
port range/offset bits (a bits), as per Section 5.1
of [RFC7597].
Default values for this field are specific to the
Softwire mechanism being implemented and are defined
in the relevant specification document.
Jiang, Ed., et al. Expires December 16, 2019 [Page 19]
�
Internet-Draft A+P RADIUS Attributes June 2019
3.1.6.2. PSID-Len Attribute
This attribute is used to convey the PSID length as defined in
[RFC7597]. This attribute is encoded in 32 bits as per the
recommendation in Appendix A.2.1 of [RFC6158].
The structure of PSID-Len is shown below:
TLV-Type
16
TLV-Length
6 octets
Data Type
The attribute PSID-Len is of type integer (Section 3.1
of [RFC8044]).
TLV-Value
Contains the PSID-len (8-bits) right
justified, and the unused bits in this field MUST
be set to zero. This field specifies the number of
significant bits in the PSID field (also known as
'k'). When set to 0, the PSID field is to be ignored.
After the first 'a' bits, there are k bits in the
port number representing the value of the PSID.
Subsequently, the address sharing ratio would be
2^k.
3.1.6.3. PSID Attribute
This attribute is used to convey the PSID as defined in [RFC7597].
This attribute is encoded in 32 bits as per the recommendation in
Appendix A.2.1 of [RFC6158].
The structure of PSID is shown below:
Jiang, Ed., et al. Expires December 16, 2019 [Page 20]
�
Internet-Draft A+P RADIUS Attributes June 2019
TLV-Type
17
TLV-Length
6 octets
Data Type
The attribute PSID is of type integer (Section 3.1
of [RFC8044]).
TLV-Value
Contains the PSID (16-bits) right justified, and the unused bits
in this field MUST be set to zero.
The PSID value algorithmically identifies a set of ports
assigned to a CE. The first k bits on the left of this
2-octet field is the PSID value. The remaining (16-k) bits
on the right are padding zeros.
3.2. Softwire46-Priority Attribute
The Softwire46-Priority Attribute includes an ordered list of
Softwire46 mechanisms allowing the client to prioritize which
mechanism to use, corresponding to OPTION_S46_PRIORITY defined in
[RFC8026]. The following requirements apply:
The Softwire46-Priority Attribute MAY appear in an Access-Accept
packet. It MAY also appear in an Access-Request packet.
The Softwire46-Priority Attribute MAY appear in a CoA-Request
packet.
The Softwire46-Priority Attribute MAY appear in an Accounting-
Request packet.
The Softwire46-Priority Attribute MUST NOT appear in any other
RADIUS packet.
The Softwrie46-Priority Attribute is structured as follows:
Jiang, Ed., et al. Expires December 16, 2019 [Page 21]
�
Internet-Draft A+P RADIUS Attributes June 2019
Type
241 (To be confirmed by IANA)
Length
Indicates the length of this attribute,
including the Type, Length, Extended-Type and Value fields.
Extended-Type
TBD5
TLV-Value
The attribute includes one or more Softwire46-Option-Code TLVs:
A Softwire46-Priority Attribute MUST contain at least one
Softwire46-Option-Code TLV (Section 3.2.1).
Softwire46 mechanisms are prioritized in the appearance order
of the in the Softwire46-Priority Attribute. That is,
the first-appearing mechanism is most preferred.
The Softwire46-Priority Attribute is associated with the following
identifier: 241.Extended-Type (TBD5).
3.2.1. Softwire46-Option-Code
This attribute is used to convey an option code assigned to a
Softwire46 mechanism [RFC8026]. This attribute is encoded in 32 bits
as per the recommendation in Appendix A.2.1 of [RFC6158].
The structure of Softwire46-Option-Code is shown below:
TLV-Type
18
TLV-Length
6 octets
Data Type
The attribute Softwire46-Option-Code is of type integer
(Section 3.1 of [RFC8044]).
TLV-Value
A 32-bit IANA-registered option code representing a Softwire46
mechanism (Softwire46-option-code). The codes and their
corresponding Softwire46 mechanisms are listed in Section 7.3.
Jiang, Ed., et al. Expires December 16, 2019 [Page 22]
�
Internet-Draft A+P RADIUS Attributes June 2019
3.3. Softwire46-Multicast Attribute
The Softwire46-Multicast Attribute conveys the IPv6 prefixes to be
used to synthesize multicast and unicast IPv4-embedded IPv6 addresses
as per [RFC8114]. This attribute is of type "tlv" and contains
additional TLVs. The following requirements apply:
The BNG SHALL use the IPv6 prefixes returned in the RADIUS
Softwire46-Multicast Attribute to populate the DHCPv6 PREFIX64
Option [RFC8115].
This attribute MAY be used in Access-Request packets as a hint to
the RADIUS server. For example, if the BNG is pre-configured for
Softwire46-Multicast, these prefixes may be inserted in the
attribute. The RADIUS server MAY ignore the hint sent by the BNG,
and it MAY assign a different Softwire46-Multicast Attribute.
The Softwire46-Multicast Attribute MAY appear in an Access-
Request, Access-Accept, CoA-Request, and Accounting-Request
packet.
The Softwire46-Multicast Attribute MUST NOT appear in any other
RADIUS packet.
The Softwire46-Multicast Attribute MAY contain ASM-Prefix64
(Section 3.3.1), SSM-Prefix64 (Section 3.3.2), and U-Prefix64
(Section 3.3.3).
The Softwire46-Multicast Attribute MUST include ASM-Prefix64 or
SSM-Prefix64, and it MAY include both.
The U-Prefix64 MUST be present when SSM-Prefix64 is present.
U-Prefix64 MAY be present when ASM-Prefix64 is present.
The Softwire46-Multicast Attribute is structured as follows:
Jiang, Ed., et al. Expires December 16, 2019 [Page 23]
�
Internet-Draft A+P RADIUS Attributes June 2019
Type
241 (To be confirmed by IANA)
Length
This field indicates the total length in bytes of all fields of
this attribute, including the Type, Length, Extended-Type, and the
entire length of the embedded attributes.
Extended-Type
TBD6
Value
This field contains a set of attributes as follows:
ASM-Prefix64
This attribute contains the Any-Source Multicast (ASM)
IPv6 prefix. Refer to Section 3.3.1.
SSM-Prefix64
This attribute contains the Source-Source Multicast (SSM)
IPv6 prefix. Refer to Section 3.3.2.
U-Prefix64
This attribute contains the IPv4 prefix used for address
translation. Refer to Section 3.3.3.
The Softwire46-Multicast Attribute is associated with the following
identifier: 241.Extended-Type(TBD6).
3.3.1. ASM-Prefix64 Attribute
The ASM-Prefix64 attribute is structured as follows:
TLV-Type
19
TLV-Length
16 octets. The length of asm-prefix64 must be /96 [RFC8115].
Data Type
The attribute ASM-Prefix64 is of type ipv6prefix (Section 3.10 of
[RFC8044]).
TLV-Value
This field specifies the IPv6 multicast prefix (asm-prefix64)
to be used to synthesize the IPv4-embedded IPv6 addresses of the
multicast groups in the ASM mode. The conveyed multicast IPv6
prefix MUST belong to the ASM range.
Jiang, Ed., et al. Expires December 16, 2019 [Page 24]
�
Internet-Draft A+P RADIUS Attributes June 2019
3.3.2. SSM-Prefix64 Attribute
The SSM-Prefix64 attribute is structured as follows:
Type
20
TLV-Length
16 octets. The length of ssm-prefix64 must be /96 [RFC8115].
Data Type
The attribute SSM-Prefix64 is of type ipv6prefix (Section 3.10 of
[RFC8044]).
TLV-Type
This field specifies the IPv6 multicast prefix (ssm-prefix64)
to be used to synthesize the IPv4-embedded IPv6 addresses of the
multicast groups in the SSM mode. The conveyed multicast IPv6
prefix MUST belong to the SSM range.
3.3.3. U-Prefix64 Attribute
The structure of U-Prefix64 is shown below:
TLV-Type
21
TLV-Length
4 + length of unicast-prefix. As specified in [RFC6052],
the unicast-prefix prefix-length MUST be set to 32, 40, 48,
56, 64, or 96.
Data Type
The attribute U-Prefix64 is of type ipv6prefix (Section 3.10 of
[RFC8044]).
TLV-Value
This field identifies the IPv6 unicast prefix (u-prefix64) to
be used in SSM mode for constructing the IPv4-embedded IPv6
addresses representing the IPv4 multicast sources in the IPv6
domain. It may also be used to extract the IPv4 address from the
received multicast data flows.
4. A Sample Configuration Process with RADIUS
Figure 2 illustrates how the RADIUS and DHCPv6 protocols interwork to
provide CE with softwire configuration information.
Jiang, Ed., et al. Expires December 16, 2019 [Page 25]
�
Internet-Draft A+P RADIUS Attributes June 2019
CE BNG AAA Server
| | |
|-------1.DHCPv6 Solicit------->| |
|(ORO with unicast and/or m'cast| |
| container option code(s)) | |
| | |
| |-------2.Access-Request------->|
| | (Softwire46-Configuration |
| | Attribute and/or |
| |Softwire46-Multicast Attribute)|
| | |
| |<------3.Access-Accept---------|
| | (Softwire46-Configuration |
| | Attribute and/or |
| |Softwire46-Multicast Attribute)|
| | |
|<----4.DHCPv6 Advertisement----| |
| (container option(s)) | |
| | |
|-------5.DHCPv6 Request------>| |
| (container Option(s)) | |
| | |
|<--------6.DHCPv6 Reply--------| |
| (container option(s)) | |
| | |
DHCPv6 RADIUS
Figure 2: Interaction between DHCPv6 and AAA Server with RADIUS
authentication
1. The CE creates a DHCPv6 Solicit message. For unicast softwire
configuration, the message includes an OPTION_REQUEST_OPTION (6)
with the Softwire46 Container option code(s) as defined in
[RFC7598]. OPTION_S46_CONT_MAPE (94) should be included for MAP-
E, OPTION_S46_CONT_MAPT (95) for MAP-T, and OPTION_S46_CONT_LW
(96) for Lightweight 4over6. For multicast configuration, the
option number for OPTION_V6_PREFIX64 (113) is included in the
client's ORO. The message is sent to the BNG.
2. On receipt of the Solicit message, the BNG constructs a RADIUS
Access-Request message containing a User-Name Attribute (1)
(containing either a CE MAC address, interface-id, or both), a
User-Password Attribute (2) (with a pre-configured shared
password between the CE and AAA server as defined in [RFC2865]).
The Softwire46-Configuration Attribute and/or
Softwire46-Multicast Attribute are also included (as requested by
the client). The resulting message is sent to the AAA server.
Jiang, Ed., et al. Expires December 16, 2019 [Page 26]
�
Internet-Draft A+P RADIUS Attributes June 2019
3. The AAA server authenticates the request. If this is successful,
and suitable configuration is available, an Access-Accept message
is sent to the BNG containing the requested
Softwire46-Configuration Attribute or Softwire46-Multicast
Attribute. It is the responsibility of the AAA server to ensure
the consistency of the provided configuration.
4. The BNG maps the received softwire configuration into the
corresponding fields in the DHCPv6 softwire configuration
option(s). These are included in the DHCPv6 Advertise message
which is sent to the CE.
5. The CE sends a DHCPv6 Request message. In the ORO, the option
code(s) of any of the required softwire options that were
received in the Advertise message are included.
6. The BNG sends a DHCPv6 Reply message to the client containing the
softwire container option(s) enumerated in the ORO.
The authorization operation could be done independently, after the
authentication process. In this case, steps 1-5 are completed as
above, then the following steps are performed:
6a. When the BNG receives the DHCPv6 Request, it constructs a RADIUS
Access-Request message, which contains a Service-Type Attribute
(6) with the value "Authorize Only" (17), the corresponding
Softwire46-Configuration Attribute, and a State Attribute
obtained from the previous authentication process according to
[RFC5080]. The resulting message is sent to the AAA server.
7a. The AAA checks the authorization request. If it is approved, an
Access-Accept message is returned to the BNG with the
corresponding Softwire46-Configuration Attribute.
8a. The BNG sends a Reply message to the client containing the
softwire container options enumerated in the ORO.
In addition to the above, the following points need to be considered:
o In the configuration message flows described above the Message-
Authenticator (type 80) [RFC2869] should be used to protect both
Access-Request and Access-Accept messages.
o If the BNG does not receive the corresponding
Softwire46-Configuration Attribute in the Access-Accept message it
may fall back to creating the DHCPv6 softwire configuration
options using pre-configured Softwire46 configuration, if this is
present.
Jiang, Ed., et al. Expires December 16, 2019 [Page 27]
�
Internet-Draft A+P RADIUS Attributes June 2019
o If the BNG receives an Access-Reject from the AAA server, then
Softwire46 configuration must not be supplied to the client.
o As specified in [RFC8415], Section 18.2.5, "Creation and
Transmission of Rebind Messages", if the DHCPv6 server to which
the DHCPv6 Renew message was sent at time T1 has not responded by
time T2, the CE (DHCPv6 client) should enter the Rebind state and
attempt to contact any available server. In this situation, a
secondary BNG receiving the DHCPv6 message must initiate a new
Access-Request message towards the AAA server. The secondary BNG
includes the Softwire46-Configuration Attribute in this Access-
Request message.
o For Lightweight 4over6, the CE's binding state needs to be
synchronized between the clients and the Lightweight AFTR
(lwAFTR)/BR. This can be achieved in two ways: static pre-
configuration of the bindings on both the AAA server and lwAFTR,
or on-demand whereby the AAA server updates the lwAFTR with the
CE's binding state as it is created or deleted.
In some deployments, the DHCP server may use the Accounting-Request
to report to a AAA server the softwire configuration returned to a
requesting host. It is the responsibility of the DHCP server to
ensure the consistency of the configuration provided to requesting
hosts. Reported data to a AAA server may be required for various
operational purposes (e.g., regulatory).
A configuration change (e.g., BR address) may result in an exchange
of CoA-Requests between the BNG and the AAA server as shown in
Figure 3. Concretely, when the BNG receives a CoA-Request message
containing Softwire46 attributes, it sends a DHCPv6 Reconfigure
message to the appropriate CE to inform that CE that an updated
configuration is available. Upon receipt of such message, the CE
sends a DHCPv6 Renew or Information-Request in order to receive the
updated Softwire46 configuration. In deployments where the BNG
embeds a DHCPv6 relay, CoA-Requests can be used following the
procedure specified in [RFC6977].
Jiang, Ed., et al. Expires December 16, 2019 [Page 28]
�
Internet-Draft A+P RADIUS Attributes June 2019
CE BNG AAA Server
| | |
|---DHCPv6 Solicit--------->| |
| |---Access-Request---------->|
| |<--Access-Accept------------|
| |(Softwire46-Configuration |
| | Attribute ...) |
....
| | |
| |<-----CoA-Request-----------|
| |(Softwire46-Configuration |
| | Attribute ...) |
| |------CoA-Response--------->|
|<--DHCPv6 Reconfigure------| |
| | |
....
Figure 3: Change of Configuration Example
5. Table of Attributes
This document specifies three new RADIUS attributes, and their
formats are as follows:
o Softwire46-Configuration Attribute: 241.TBD1
o Softwire46-Priority Attribute: 241.TBD5
o Softwire46-Multicast Attribute: 241.TBD6
Table 3 describes which attributes may be found, in which kinds of
packets and in what quantity.
Request Accept Reject Challenge Acct CoA- # Attribute
Req Req
0-1 0-1 0 0 0-1 0-1 241.TBD1 Softwire46-
Configuration
0-1 0-1 0 0 0-1 0-1 241.TBD5 Softwire46-
Priority
0-1 0-1 0 0 0-1 0-1 241.TBD6 Softwire46-
Multicast
Table 3: Table of Attributes
Jiang, Ed., et al. Expires December 16, 2019 [Page 29]
�
Internet-Draft A+P RADIUS Attributes June 2019
6. Security Considerations
Section 9 of [RFC7596] discusses security issues related to
Lightweight 4over6, Section 10 of [RFC7597] discusses security issues
related to MAP-E, Section 13 of [RFC7599] discusses security issues
related to MAP-T, and Section 9 of [RFC8114] discusses security
issues related to the delivery of IPv4 multicast services to IPv4
clients over an IPv6 multicast network.
This document does not introduce any security issues inherently
different from those already identified in Section 8 of [RFC2865] and
Section 6 of [RFC5176] for CoA messages. Known security
vulnerabilities of the RADIUS protocol discussed in Section 7 of
[RFC2607] and Section 7 of [RFC2869] apply to this specification.
These well-established properties of the RADIUS protocol place some
limitations on how it can safely be used, since there is some
inherent requirement to trust the counterparty to not misbehave.
Accordingly, this document targets deployments where a trusted
relationship is in place between the RADIUS client and server with
communication optionally secured by IPsec or Transport Layer Security
(TLS) [RFC6614]. The use of IPsec [RFC4301] for providing security
when RADIUS is carried in IPv6 is discussed in [RFC3162].
Security considerations for interactions between a Softwire46 CE and
the BNG are discussed in Section 9 of [RFC7598] (DHCPv6 options for
configuration of softwire46 address and port-mapped clients),
Section 3 of [RFC8026] (DHCPv6-based Softwire46 prioritization
mechanism), and Section 5 of [RFC8115] (DHCPv6 options for
configuration of IPv4-embedded IPv6 prefixes).
7. IANA Considerations
IANA is requested to make new code point assignments for RADIUS
attributes as described in the following subsections. The
assignments should use the RADIUS registry available at
https://www.iana.org/assignments/radius-types/.
7.1. New RADIUS Attributes
This document requests IANA to assign the Attribute Types defined in
this document from the RADIUS namespace as described in the "IANA
Considerations" section of [RFC3575], in accordance with BCP 26
[RFC8126].
This document requests that IANA register three new RADIUS
attributes, from the "Short Extended Space" of [RFC6929]. The
Jiang, Ed., et al. Expires December 16, 2019 [Page 30]
�
Internet-Draft A+P RADIUS Attributes June 2019
attributes are: Softwire46-Configuration Attribute,
Softwire46-Priority Attribute, and Softwire46-Multicast Attribute:
Type Description Data Type Reference
---- ----------- --------- ---------
241.TBD1 Softwire46-Configuration tlv Section 3.1
241.TBD5 Softwire46-Priority tlv Section 3.2
241.TBD6 Softwire46-Multicast tlv Section 3.3
7.2. RADIUS Softwire46 Configuration and Multicast Attributes
IANA is requested to create a new registry called "RADIUS Softwire46
Configuration and Multicast Attributes".
All attributes in this registry have one or more parent RADIUS
attributes in nesting (refer to [RFC6929]).
This registry must be initially populated with the following values:
Value Description Data Type Reference
----- ----------- --------- ---------
0 Reserved
1 Softwire46-MAP-E tlv Section 3.1.1.1
2 Softwire46-MAP-T tlv Section 3.1.1.2
3 Softwire46-Lightweight-4over6 tlv Section 3.1.1.3
4 Softwire46-Rule (BMR) tlv Section 3.1.3.1
5 Softwire46-Rule (FMR) tlv Section 3.1.3.1
6 Softwire46-BR ipv6addr Section 3.1.3.2
7 Softwire46-DMR ipv6prefix Section 3.1.3.3
8 Softwire46-V4V6Bind tlv Section 3.1.3.4
9 Softwire46-PORTPARAMS tlv Section 3.1.3.5
10 Rule-IPv6-Prefix ipv6prefix Section 3.1.4.1
11 Rule-IPv4-Prefix ipv4prefix Section 3.1.4.2
12 EA-Length integer Section 3.1.4.3
13 IPv4-Address ipv4addr Section 3.1.5.1
14 Bind-IPv6-Prefix ipv6prefix Section 3.1.5.2
15 PSID-Offset integer Section 3.1.6.1
16 PSID-Len integer Section 3.1.6.2
17 PSID integer Section 3.1.6.3
18 Softwire46-Option-Code integer Section 3.2.1
19 ASM-Prefix64 ipv6prefix Section 3.3.1
20 SSM-Prefix64 ipv6prefix Section 3.3.2
21 U-Prefix64 ipv6prefix Section 3.3.3
22-255 Unassigned
The registration procedure for this registry is Standards Action as
defined in [RFC8126].
Jiang, Ed., et al. Expires December 16, 2019 [Page 31]
�
Internet-Draft A+P RADIUS Attributes June 2019
7.3. Softwire46 Mechanisms and Their Identifying Option Codes
The Softwire46-Priority Attribute conveys an ordered list of option
codes assigned to Softwire46 mechanisms, for which IANA is requested
to create and maintain a new registry entitled "Option Codes
Permitted in the Softwire46-Priority Attribute".
Table 4 shows the initial version of allowed option codes, and the
Softwire46 mechanisms that they represent. The option code for DS-
Lite is derived from the IANA allocated RADIUS Attribute Type value
for DS-Lite [RFC6519]. The option codes for MAP-E, MAP-T, and
Lightweight 4over6 are the TLV-Type values for the MAP-E, MAP-T, and
Lightweight 4over6 attributes defined in Section 3.1.1.
+-----------+--------------------+-----------+
|Option Code|Softwire46 Mechanism| Reference |
+-----------+--------------------+-----------+
| 1 | MAP-E | RFC7597 |
| 2 | MAP-T | RFC7599 |
| 3 | Lightweight 4over6 | RFC7596 |
| 144 | DS-Lite | RFC6519 |
+-----------+--------------------+-----------+
Table 4: Option Codes to S46 Mechanisms
Additional option codes may be added to this list in the future using
the IETF Review process described in Section 4.8 of [RFC8126].
8. Contributing Authors
Bing Liu
Huawei Technologies Co., Ltd
Q14, Huawei Campus, No.156 Beiqing Road
Hai-Dian District, Beijing, 100095
P.R. China
Email: leo.liubing@huawei.com
Peter Deacon
IEA Software, Inc.
P.O. Box 1170
Veradale, WA 99037
USA
Email: peterd@iea-software.com
Qiong Sun
China Telecom
Jiang, Ed., et al. Expires December 16, 2019 [Page 32]
�
Internet-Draft A+P RADIUS Attributes June 2019
Beijing China
Email: sunqiong@ctbri.com.cn
Qi Sun
Tsinghua University
Department of Computer Science, Tsinghua University
Beijing 100084
P.R.China
Phone: +86-10-6278-5822
Email: sunqibupt@gmail.com
Cathy Zhou
Huawei Technologies
Bantian, Longgang District
Shenzhen 518129
Email: cathy.zhou@huawei.com
Tina Tsou
Huawei Technologies(USA)
2330 Central Expressway
Santa Clara, CA 95050
USA
Email: Tina.Tsou.Zouting@huawei.com
ZiLong Liu
Tsinghua University
Beijing 100084
P.R.China
Phone: +86-10-6278-5822
Email: liuzilong8266@126.com
Yong Cui
Tsinghua University
Beijing 100084
P.R.China
Phone: +86-10-62603059
Email: yong@csnet1.cs.tsinghua.edu.cn
Jiang, Ed., et al. Expires December 16, 2019 [Page 33]
�
Internet-Draft A+P RADIUS Attributes June 2019
9. Acknowledgements
The authors would like to thank the valuable comments made by Peter
Lothberg, Wojciech Dec, Ian Farrer, Suresh Krishnan, Qian Wang, Wei
Meng, Cui Wang, Alan Dekok, Stefan Winter, and Yu Tianpeng to this
document.
This document was merged with [I-D.sun-softwire-lw4over6-radext] and
[I-D.wang-radext-multicast-radius-ext], thanks to everyone who
contributed to this document.
This document was produced using the xml2rfc tool [RFC7991].
Many thanks to Al Morton, Bernie Volz, Joel Halpern, and Donald
Eastlake for the review.
10. References
10.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>.
[RFC2865] Rigney, C., Willens, S., Rubens, A., and W. Simpson,
"Remote Authentication Dial In User Service (RADIUS)",
RFC 2865, DOI 10.17487/RFC2865, June 2000,
<https://www.rfc-editor.org/info/rfc2865>.
[RFC3162] Aboba, B., Zorn, G., and D. Mitton, "RADIUS and IPv6",
RFC 3162, DOI 10.17487/RFC3162, August 2001,
<https://www.rfc-editor.org/info/rfc3162>.
[RFC3575] Aboba, B., "IANA Considerations for RADIUS (Remote
Authentication Dial In User Service)", RFC 3575,
DOI 10.17487/RFC3575, July 2003,
<https://www.rfc-editor.org/info/rfc3575>.
[RFC5080] Nelson, D. and A. DeKok, "Common Remote Authentication
Dial In User Service (RADIUS) Implementation Issues and
Suggested Fixes", RFC 5080, DOI 10.17487/RFC5080, December
2007, <https://www.rfc-editor.org/info/rfc5080>.
Jiang, Ed., et al. Expires December 16, 2019 [Page 34]
�
Internet-Draft A+P RADIUS Attributes June 2019
[RFC5176] Chiba, M., Dommety, G., Eklund, M., Mitton, D., and B.
Aboba, "Dynamic Authorization Extensions to Remote
Authentication Dial In User Service (RADIUS)", RFC 5176,
DOI 10.17487/RFC5176, January 2008,
<https://www.rfc-editor.org/info/rfc5176>.
[RFC6052] Bao, C., Huitema, C., Bagnulo, M., Boucadair, M., and X.
Li, "IPv6 Addressing of IPv4/IPv6 Translators", RFC 6052,
DOI 10.17487/RFC6052, October 2010,
<https://www.rfc-editor.org/info/rfc6052>.
[RFC6158] DeKok, A., Ed. and G. Weber, "RADIUS Design Guidelines",
BCP 158, RFC 6158, DOI 10.17487/RFC6158, March 2011,
<https://www.rfc-editor.org/info/rfc6158>.
[RFC6929] DeKok, A. and A. Lior, "Remote Authentication Dial In User
Service (RADIUS) Protocol Extensions", RFC 6929,
DOI 10.17487/RFC6929, April 2013,
<https://www.rfc-editor.org/info/rfc6929>.
[RFC8026] Boucadair, M. and I. Farrer, "Unified IPv4-in-IPv6
Softwire Customer Premises Equipment (CPE): A DHCPv6-Based
Prioritization Mechanism", RFC 8026, DOI 10.17487/RFC8026,
November 2016, <https://www.rfc-editor.org/info/rfc8026>.
[RFC8044] DeKok, A., "Data Types in RADIUS", RFC 8044,
DOI 10.17487/RFC8044, January 2017,
<https://www.rfc-editor.org/info/rfc8044>.
[RFC8115] Boucadair, M., Qin, J., Tsou, T., and X. Deng, "DHCPv6
Option for IPv4-Embedded Multicast and Unicast IPv6
Prefixes", RFC 8115, DOI 10.17487/RFC8115, March 2017,
<https://www.rfc-editor.org/info/rfc8115>.
[RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for
Writing an IANA Considerations Section in RFCs", BCP 26,
RFC 8126, DOI 10.17487/RFC8126, June 2017,
<https://www.rfc-editor.org/info/rfc8126>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>.
[RFC8415] Mrugalski, T., Siodelski, M., Volz, B., Yourtchenko, A.,
Richardson, M., Jiang, S., Lemon, T., and T. Winters,
"Dynamic Host Configuration Protocol for IPv6 (DHCPv6)",
RFC 8415, DOI 10.17487/RFC8415, November 2018,
<https://www.rfc-editor.org/info/rfc8415>.
Jiang, Ed., et al. Expires December 16, 2019 [Page 35]
�
Internet-Draft A+P RADIUS Attributes June 2019
10.2. Informative References
[I-D.sun-softwire-lw4over6-radext]
Xie, C., Sun, Q., Qiong, Q., Zhou, C., Tsou, T., and Z.
Liu, "Radius Extension for Lightweight 4over6", draft-sun-
softwire-lw4over6-radext-01 (work in progress), March
2014.
[I-D.wang-radext-multicast-radius-ext]
Wang, Q., Meng, W., Wang, C., and M. Boucadair, "RADIUS
Extensions for IPv4-Embedded Multicast and Unicast IPv6
Prefixes", draft-wang-radext-multicast-radius-ext-00 (work
in progress), December 2015.
[RFC2607] Aboba, B. and J. Vollbrecht, "Proxy Chaining and Policy
Implementation in Roaming", RFC 2607,
DOI 10.17487/RFC2607, June 1999,
<https://www.rfc-editor.org/info/rfc2607>.
[RFC2869] Rigney, C., Willats, W., and P. Calhoun, "RADIUS
Extensions", RFC 2869, DOI 10.17487/RFC2869, June 2000,
<https://www.rfc-editor.org/info/rfc2869>.
[RFC4301] Kent, S. and K. Seo, "Security Architecture for the
Internet Protocol", RFC 4301, DOI 10.17487/RFC4301,
December 2005, <https://www.rfc-editor.org/info/rfc4301>.
[RFC6333] Durand, A., Droms, R., Woodyatt, J., and Y. Lee, "Dual-
Stack Lite Broadband Deployments Following IPv4
Exhaustion", RFC 6333, DOI 10.17487/RFC6333, August 2011,
<https://www.rfc-editor.org/info/rfc6333>.
[RFC6346] Bush, R., Ed., "The Address plus Port (A+P) Approach to
the IPv4 Address Shortage", RFC 6346,
DOI 10.17487/RFC6346, August 2011,
<https://www.rfc-editor.org/info/rfc6346>.
[RFC6519] Maglione, R. and A. Durand, "RADIUS Extensions for Dual-
Stack Lite", RFC 6519, DOI 10.17487/RFC6519, February
2012, <https://www.rfc-editor.org/info/rfc6519>.
[RFC6614] Winter, S., McCauley, M., Venaas, S., and K. Wierenga,
"Transport Layer Security (TLS) Encryption for RADIUS",
RFC 6614, DOI 10.17487/RFC6614, May 2012,
<https://www.rfc-editor.org/info/rfc6614>.
Jiang, Ed., et al. Expires December 16, 2019 [Page 36]
�
Internet-Draft A+P RADIUS Attributes June 2019
[RFC6977] Boucadair, M. and X. Pougnard, "Triggering DHCPv6
Reconfiguration from Relay Agents", RFC 6977,
DOI 10.17487/RFC6977, July 2013,
<https://www.rfc-editor.org/info/rfc6977>.
[RFC7596] Cui, Y., Sun, Q., Boucadair, M., Tsou, T., Lee, Y., and I.
Farrer, "Lightweight 4over6: An Extension to the Dual-
Stack Lite Architecture", RFC 7596, DOI 10.17487/RFC7596,
July 2015, <https://www.rfc-editor.org/info/rfc7596>.
[RFC7597] Troan, O., Ed., Dec, W., Li, X., Bao, C., Matsushima, S.,
Murakami, T., and T. Taylor, Ed., "Mapping of Address and
Port with Encapsulation (MAP-E)", RFC 7597,
DOI 10.17487/RFC7597, July 2015,
<https://www.rfc-editor.org/info/rfc7597>.
[RFC7598] Mrugalski, T., Troan, O., Farrer, I., Perreault, S., Dec,
W., Bao, C., Yeh, L., and X. Deng, "DHCPv6 Options for
Configuration of Softwire Address and Port-Mapped
Clients", RFC 7598, DOI 10.17487/RFC7598, July 2015,
<https://www.rfc-editor.org/info/rfc7598>.
[RFC7599] Li, X., Bao, C., Dec, W., Ed., Troan, O., Matsushima, S.,
and T. Murakami, "Mapping of Address and Port using
Translation (MAP-T)", RFC 7599, DOI 10.17487/RFC7599, July
2015, <https://www.rfc-editor.org/info/rfc7599>.
[RFC7991] Hoffman, P., "The "xml2rfc" Version 3 Vocabulary",
RFC 7991, DOI 10.17487/RFC7991, December 2016,
<https://www.rfc-editor.org/info/rfc7991>.
[RFC8114] Boucadair, M., Qin, C., Jacquenet, C., Lee, Y., and Q.
Wang, "Delivery of IPv4 Multicast Services to IPv4 Clients
over an IPv6 Multicast Network", RFC 8114,
DOI 10.17487/RFC8114, March 2017,
<https://www.rfc-editor.org/info/rfc8114>.
Appendix A. DHCPv6 to RADIUS Field Mappings
The following sections detail the mappings between the softwire
DHCPv6 option fields and the relevant RADIUS attributes as defined in
this document.
A.1. OPTION_S46_RULE (89) to Softwire46-Rule Sub-TLV Field Mappings
Jiang, Ed., et al. Expires December 16, 2019 [Page 37]
�
Internet-Draft A+P RADIUS Attributes June 2019
+---------------------+----------------------+----------------------+
| OPTION_S46_RULE | Softwire46-Rule Name | TLV Subfield |
| Field | | |
+---------------------+----------------------+----------------------+
| flags | N/A | TLV-type (TBD7, |
| | | TBD8) |
| ea-len | EA-Length | EA-len |
| prefix4-len | Rule-IPv4-Prefix | Prefix-Length |
| ipv4-prefix | Rule-IPv4-Prefix | rule-ipv4-prefix |
| prefix6-len | Rule-IPv6-Prefix | Prefix-Length |
| ipv6-prefix | Rule-IPv6-Prefix | rule-ipv6-prefix |
+---------------------+----------------------+----------------------+
A.2. OPTION_S46_BR (90) to Softwire46-BR Field Mappings
+---------------------+------------------------+
| OPTION_S46_BR Field | Softwire46-BR Subfield |
+---------------------+------------------------+
| br-ipv6-address | br-ipv6-address |
+---------------------+------------------------+
A.3. OPTION_S46_DMR (91) to Softwire46-DMR
+---------------------+-------------------------+
| OPTION_S46_BR Field | Softwire46-DMR Subfield |
+---------------------+-------------------------+
| dmr-prefix6-len | dmr-prefix6-len |
| dmr-ipv6-prefix | dmr-ipv6-prefix |
+---------------------+-------------------------+
A.4. OPTION_S46_V4V6BIND (92) to Softwire46-V4V6Bind
+-----------------------+------------------------+------------------+
| OPTION_S46_V4V6BIND | Softwire46-V4V6Bind | TLV Subfield |
| Field | Name | |
+-----------------------+------------------------+------------------+
| ipv4-address | IPv4-Address | ipv4-address |
| bindprefix6-len | Bind-IPv6-Prefix | Prefix-Length |
| bind-ipv6-prefix | Bind-IPv6-Prefix | bind-ipv6-prefix |
+-----------------------+------------------------+------------------+
A.5. OPTION_S46_PORTPARAMS (93) to Softwire46-PORTPARAMS Field Mappings
Jiang, Ed., et al. Expires December 16, 2019 [Page 38]
�
Internet-Draft A+P RADIUS Attributes June 2019
+--------------------------+--------------------------+-------------+
| OPTION_S46_PORTPARAMS | Softwire46-PORTPARAMS | TLV |
| Field | Name | Subfield |
+--------------------------+--------------------------+-------------+
| offset | PSID-Offset | PSID-Offset |
| PSID-len | PSID-Len | PSID-len |
| PSID | PSID | PSID |
+--------------------------+--------------------------+-------------+
A.6. OPTION_S46_PRIORITY (111) to Softwire46-PORTPARAMS Field Mappings
+---------------------------+---------------------------------------+
| OPTION_S46_PRIORITY Field | Softwire46-Priority Attribute |
| | Subfield |
+---------------------------+---------------------------------------+
| s46-option-code | Softwire46-option-code |
+---------------------------+---------------------------------------+
A.7. OPTION_V6_PREFIX64 (113) to Softwire46-Multicast Attribute Field
Mappings
+--------------------+------------------------------+---------------+
| OPTION_V6_PREFIX64 | Softwire46-Multicast | TLV Subfield |
| Field | Attribute TLV Name | |
+--------------------+------------------------------+---------------+
| asm-length | ASM-Prefix64 | Prefix-Length |
| ASM_mPrefix64 | ASM-Prefix64 | asm-prefix64 |
| ssm-length | SSM-Prefix64 | Prefix-Length |
| SSM_mPrefix64 | SSM-Prefix64 | ssm-prefix64 |
| unicast-length | U-Prefix64 | Prefix-Length |
| uPrefix64 | U-Prefix64 | u-prefix64 |
+--------------------+------------------------------+---------------+
Authors' Addresses
Sheng Jiang
Huawei Technologies Co., Ltd
Q14, Huawei Campus, No.156 Beiqing Road
Hai-Dian District, Beijing, 100095
P.R. China
Email: jiangsheng@huawei.com
Jiang, Ed., et al. Expires December 16, 2019 [Page 39]
�
Internet-Draft A+P RADIUS Attributes June 2019
Yu Fu
CNNIC
No.4 South 4th Street, Zhongguancun
Hai-Dian District, Beijing, 100190
P.R. China
Email: eleven711711@foxmail.com
Chongfeng Xie
China Telecom
Beijing
P.R. China
Email: xiechf.bri@chinatelecom.cn
Tianxiang Li
Tsinghua University
Beijing 100084
P.R.China
Email: peter416733@gmail.com
Mohamed Boucadair (editor)
Orange
Rennes, 35000
France
Email: mohamed.boucadair@orange.com
Jiang, Ed., et al. Expires December 16, 2019 [Page 40]
