Upload
bennett-lynch
View
213
Download
0
Embed Size (px)
Citation preview
IPv6 RADIUS attributes for IPv6 access networks
draft-lourdelet-radext-ipv6-access-01
Glen Zorn, Benoit Lourdelet
Wojciech Dec, Behcet Sarikaya
Radext/dhc WG group
IETF 74, 03/27/2008
Problem Statement
• RFC3162 needs additions to accommodate IPv6 production networks – Feedback coming from actual deployments– Pionners time is over and large scale
deployments requires flexibility
• These new attributes may be used in DHCP or SLAAC contexts
Requirements (1)
• IPv6 DNS location needs to be configured on a subscriber basis
• Wholesale, VPN
• Implementation can happen in• A DHCP context – RFC3646 – Recursive DNS Option• A SLAAC context : RFC5006
Requirements (2)
• Individual IPv6 addresses must be offered to the Subscriber
• concatenation of prefix and interface-id attributes does not cover all cases
• RFC 5080 Section 2.11 suggests that “Framed-IPv6-Prefix” is not appropriate to carry an IPv6 address
• Implementation can happen in• A DHCP context – to offer an individual address• A SLAAC context : This new attribute could be used in “a posteriori”
check
Requirements (3)
• More specific routes should be transmitted to the subscriber
• Multi-homing, multiple attachments
• Implementation can happen in• DHCP context : New DHCPv6 option maps this attribute : draft-
dec-dhcpv6-route-option-01
• SLACC context : The attributes is mapped into the RA more specific routes. RFC4191
Requirements (4)
• Prefix Lifetimes must be configured on a prefix basis
• Implementation can happen in• SLAAC: Valid and Prefered inserted in the RA sent to the
subscriber• In the context of “RADIUS Support for Prefix Authorization “
– draft-sarikaya-radext-prefix-authorization-03
DHCP Deployment scenario
• New RADIUS attributes mapping to key DHCPv6 attributes• A list of DNS Server IPv6 addresses• IPv6 address• A list of specific routes
DHCP ClientDHCP Server
RADIUS Client RADIUS Server
SOLLICIT
ADVERTISE (DNS, IA_NA)
REQUEST (DNS, IA_NA)
REPLY (DNS, IA_NA)
REQUEST
ACCEPT (DNS list, IPv6-1, IPv6-2, etc.)
Session initiation
Session up
SLAAC Deployment scenario
• New RADIUS attributes mapping to key RA fields• Valid and Preferred lifetime• A list of specific routes• DNS addresses
• Possible validation of IPv6 address
DHCP ClientDHCP Server
RADIUS Client RADIUS Server
RA
REQUEST
ACCEPT (DNS list, IPv6-1, IPv6-2, etc.)
Session initiation
Session up
How to move forward
• Acknowledge the DHCP independence of the attributes
• Agree on the documentation path– RFC3162 bis (too lengthy)– Separate document (preferred)
• Adopt as a WG item (with the changes to -00 as explained)
Thank You !