IPv6 RADIUS attributes for IPv6 access networks

draft-lourdelet-radext-ipv6-access-01

Glen Zorn, Benoit Lourdelet

Wojciech Dec, Behcet Sarikaya

Radext/dhc WG group

IETF 74, 03/27/2008

Problem Statement

• RFC3162 needs additions to accommodate IPv6 production networks – Feedback coming from actual deployments– Pionners time is over and large scale

deployments requires flexibility

• These new attributes may be used in DHCP or SLAAC contexts

Requirements (1)

• IPv6 DNS location needs to be configured on a subscriber basis

• Wholesale, VPN

• Implementation can happen in• A DHCP context – RFC3646 – Recursive DNS Option• A SLAAC context : RFC5006

Requirements (2)

• Individual IPv6 addresses must be offered to the Subscriber

• concatenation of prefix and interface-id attributes does not cover all cases

• RFC 5080 Section 2.11 suggests that   “Framed-IPv6-Prefix” is not appropriate to carry an IPv6 address

• Implementation can happen in• A DHCP context – to offer an individual address• A SLAAC context : This new attribute could be used in “a posteriori”

check

Requirements (3)

• More specific routes should be transmitted to the subscriber

• Multi-homing, multiple attachments

• Implementation can happen in• DHCP context : New DHCPv6 option maps this attribute : draft-

dec-dhcpv6-route-option-01

• SLACC context : The attributes is mapped into the RA more specific routes. RFC4191

Requirements (4)

• Prefix Lifetimes must be configured on a prefix basis

• Implementation can happen in• SLAAC: Valid and Prefered inserted in the RA sent to the

subscriber• In the context of “RADIUS Support for Prefix Authorization “

– draft-sarikaya-radext-prefix-authorization-03

DHCP Deployment scenario

• New RADIUS attributes mapping to key DHCPv6 attributes• A list of DNS Server IPv6 addresses• IPv6 address• A list of specific routes

DHCP ClientDHCP Server

RADIUS Client RADIUS Server

SOLLICIT

ADVERTISE (DNS, IA_NA)

REQUEST (DNS, IA_NA)

REPLY (DNS, IA_NA)

REQUEST

ACCEPT (DNS list, IPv6-1, IPv6-2, etc.)

Session initiation

Session up

SLAAC Deployment scenario

• New RADIUS attributes mapping to key RA fields• Valid and Preferred lifetime• A list of specific routes• DNS addresses

• Possible validation of IPv6 address

DHCP ClientDHCP Server

RADIUS Client RADIUS Server

RA

REQUEST

ACCEPT (DNS list, IPv6-1, IPv6-2, etc.)

Session initiation

Session up

How to move forward

• Acknowledge the DHCP independence of the attributes

• Agree on the documentation path– RFC3162 bis (too lengthy)– Separate document (preferred)

• Adopt as a WG item (with the changes to -00 as explained)

Thank You !