Dean Cheng Jouni Korhonen Mehamed Boucadair

Slides:



Advertisements
Similar presentations
Adapted Multimedia Internet KEYing (AMIKEY): An extension of Multimedia Internet KEYing (MIKEY) Methods for Generic LLN Environments draft-alexander-roll-mikey-lln-key-mgmt-01.txt.
Advertisements

NAT-PT Applicability Statement Design Team IETF #57, IETF V6OPS WG Vienna, Austria July 16, 2003.
Dynamic Allocation of Shared IPv4 Addresses draft-csf-dhc-dynamic-shared-v4allocation-00 Q. Sun, Y. Cui, I. Farrer, Y. Lee, Q. Sun, M. Boucadair IETF 89,
CST Computer Networks NAT CST 415 4/10/2017 CST Computer Networks.
Umut Girit  One of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer.
OSPF Operator Defined TLVs for Agile Service Deployment (previous name self-defined TLVs) draft-chunduri-ospf-operator-defined-tlvs-00 (previously: draft-chunduri-ospf-self-defined-sub-tlvs-03)
Chapter 18 RADIUS. RADIUS  Remote Authentication Dial-In User Service  Protocol used for communication between NAS and AAA server  Supports authentication,
Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 20 RADIUS and Internet Authentication Service.
IPv6 RADIUS attributes for IPv6 access networks draft-lourdelet-radext-ipv6-access-01 Glen Zorn, Benoit Lourdelet Wojciech Dec, Behcet Sarikaya Radext/dhc.
Mobile IP, PMIP, FMC, and a little bit more
Framework & Requirements for an Access Node Control Mechanism in Broadband Multi-Service Networks ANCP WG IETF 70 – Vancouver draft-ietf-ancp-framework-04.txt.
RADIUS Accounting Extensions on Traffic Statistics draft-yeh-radext-ext-traffic-statistics-01 + IETF 82 – Radext Nov. 14 th, 2011 Leaf Y. Yeh Huawei Technologies.
Dean Cheng Jouni Korhonen Mehamed Boucadair
Application Level Control of Ports in a Service Provider NAT environment Dave Thaler Dan Wing Alain Durand 1.
Doc: Submission September 2003 Dorothy Stanley (Agere Systems) IETF Liaison Report September 2003 Dorothy Stanley – Agere Systems IEEE.
Framework & Requirements for an Access Node Control Mechanism in Broadband Multi-Service Networks ANCP WG IETF 71 – Philadelphia draft-ietf-ancp-framework-05.txt.
Jun Li DHCP Option for Access Network Information draft-lijun-dhc-clf-nass-option-01.
QUALCOMM Incorporated 1 Protocol Options for BSN- BSMCS Controller Interface Jun Wang, Kirti Gupta 05/16/2005 Notice: Contributors grant a free, irrevocable.
Real-time Flow Management 2 BOF: Remote Packet Capture Extensions Jürgen Quittek NEC Europe Ltd, Heidelberg, Germany Georg Carle GMD.
RADIUS issues in IPv6 deployments draft-hu-v6ops-radius-issues-ipv6-01 J. Hu, YL. Ouyang, Q. Wang, J. Qin,
Extended Attributes RADEXT - IETF 79 Alan DeKok FreeRADIUS Avi Lior Bridgewater.
Exposing Source IP Address Type Requirements with DHCPv6 D. Moses, A. Yegin draft-moses-dmm-dhcp-ondemand-mobility-00.
1 RADIUS Attribute Harmonization and Informational guidelines for PWLAN Farid Adrangi Intel Corporation ( )
Carrying Location Objects in RADIUS Hannes Tschofenig, Farid Adrangi, Avi Lior, Mark Jones.
Dean Cheng Xiaohu Xu Joel Halpern Mohamed Boucadair
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 11: Network Address Translation for IPv4 Routing And Switching.
© 2005,2006 NeoAccel Inc. Partners Presentation Authentication & Access Control.
1 HRPD Roamer Authentication Zhibi Wang, Sarvar Patel, Simon Mizikovsky, Nancy Lee.
1 Bandwidth Profile Negotiation over AAA Farid Adrangi, Paul Congdon, Chuck Black, Avi Lior, Farooq Bari draft-adrangi-radius-bandwidth-capability-01.txt.
RADEXT WG IETF 81 Agenda July 25, Please join the Jabber room:
A Framework for Session Initiation Protocol User Agent Profile Delivery (draft-ietf-sipping-config-framework-11) SIPPING – IETF 68 Mar 19, 2007 Sumanth.
Dean Cheng 81 st IETF Quebec City RADIUS Extensions for CGN Configurations draft-cheng-behave-cgn-cfg-radius-ext
IETF 77 RADEXT WG RADIUS Accounting extensions for IPv6 draft-maglione-radext-ipv6-acct-extensions-01 R. Maglione – Telecom Italia B. Varga - Magyar Telekom.
DHCP options for PAA Status report of draft-ietf-dhc-paa-option-01.txt Lionel Morand IETF-65, Dallas.
Slide #1 Nov 6 -11, 2005SIP WG IETF64 Feature Tags with SIP REFER draft-ietf-sip-refer-feature-param-00 Orit
Diameter SIP Application
Extended Attributes RADEXT - IETF 81 Alan DeKok FreeRADIUS Avi Lior Bridgewater.
Extended Attributes RADEXT - Interim Alan DeKok FreeRADIUS.
62 nd IETF RADIUS Bandwidth Capability Avi Lior, Bridgewater Systems Farid Adrangi, Intel Paul Congdon, ProCurve Networking Business Chuck Black, ProCurve.
V6OPS WG IETF-72 IPv6 in Broadband Networks draft-kaippallimalil-v6ops-ipv6-bbnet Presented by: David Miles Kaippallimalil John Frank Xia July 2008.
YANG Data Model for IPv4-in-IPv6 Softwire draft-sun-softwire-yang November 2014 Q. Sun, H. Wang, Y. Cui, I. Farrer (presenter), M. Boucadair.
Session-Independent Policies draft-ietf-sipping-session-indep-policy-00 Volker Hilt Gonzalo Camarillo
IETF 78 RADIUS extensions for DS-Lite draft-maglione-softwire-dslite-radius-ext-00 R. Maglione – Telecom Italia A. Durand – Juniper Networks.
Draft-psenak-ospf-segment-routing-ospf-extension-03 draft-psenak-ospf-segment-routing-ospfv3-extension-00 IETF 88, November 3-8, 2013 P. Psenak, S.Previdi,
Exposing Source IP Address Type Requirements with DHCPv6 D. Moses, A. Yegin draft-moses-dmm-dhcp-ondemand-mobility-02.
RADIUS attributes commonly used in fixed networks draft-klammorrissette-radext-very-common-vsas-00 Devasena Morrissette, Frederic Klamm, Lionel Morand.
Lightweight 4over6: An Extension to DS-Lite Architecture draft-cui-softwire-b4-translated-ds-lite-09 Y. Cui, Q. Sun, M. Boucadair, T. Tsou, Y. Lee and.
IETF 85 Use cases for MAP-T draft-maglione-softwire-map-t-scenarios-01 R. Maglione.
PCEP extensions for GMPLS CCAMP WG, IETF 79th, Beijing, China draft-ietf-pce-gmpls-pcep-extensions-01 Cyril Margaria Nokia Siemens Networks Oscar González.
Attribute-Value Pairs For Provisioning Customer Equipment Supporting IPv4-Over-IPv6 Transitional Solutions Cathy Zhou; Tom Taylor; Qiong Sun draft-zhou-dime-4over6-provisioning-01.
WholeSale Model 10. WholeSale Model This feature enables the Nomadix device to act as an L2TP Access Concentrator (LAC) and initiate single or multiple.
3GPP MBMS protocol stack
NAT State Synchronization using SCSP draft-xu-behave-nat-state-sync-01
Lionel Morand DHCP options for PAA Lionel Morand
Instructor Materials Chapter 9: NAT for IPv4
Routing and Switching Essentials v6.0
Handover Keys Using AAA (draft-vidya-mipshop-handover-keys-aaa-03.txt)
Radius Attribute for MAP draft-jiang-softwire-map-radius-03
CIS 82 Routing Protocols and Concepts Chapter 11 NAT
By - Ricardo Sanchez, Ken Wolters and William Hibbard
Instructor Materials Chapter 9: NAT for IPv4
Use Cases of CASM (Coordinated Address Space Management) draft-xie-ps-centralized-address-management-02 draft-kumar-casm-problem-and-use-cases-00 Chongfeng.
Chapter 11: Network Address Translation for IPv4
PMIP6 extensions for inter-access handovers and flow mobility
Dayong GUO Sheng JIANG (Speaker) Remi Despres
Editors: Bala’zs Varga, Jouni Korhonen
BGP VPN service for SRv6 Plus IETF 105, Montreal
O&M Area Working Group WG
M. Boucadair, J. Touch, P. Levis and R. Penno
Data Thursday. Port Forwarding III HG532e
Presentation transcript:

Dean Cheng Jouni Korhonen Mehamed Boucadair Senthil Sivakumar IETF Toronto July, 2014 RADIUS Extensions for IP Port Configuration and Reporting draft-ietf-radext-ip-port-radius-ext

Draft Status Adopted as a WG document in May txt was posted on May (based on individual draft). Comments received on mailing list since London meeting  Thanks to Alan DeKok, Lionel Morand, Peter Deacon, etc. 01.txt was posted on June with significant changes incorporating most of the comments including:  Defined IP-Port-Type TLV.  Defined one TLV for each data field.  Changed to allow multiple instances for all proposed attributes.  Defined mandatory and optional TLVs within each proposed attribute. 2

Motivation Scenario (in a broadband network, WiFi network, etc.)  A port-set device, capable of performing mapping on IP address and port need to communicate with a RADIUS server.  Examples: o A CGN acquires TCP/UDP port limit for a given user from the RADIUS server o A CGN reports a range of TCP/UDP ports allocated/de-allocated for a given user to the RADIUS server o A CGN acquires a forwarding port for a given user from the RADIUS server o A WiFi server (CPE) reports a range of TCP/UDP ports allocated/de-allocated for a visiting UE to the RADIUS server Use RADIUS protocol for communication between a RADIUS server and a port-set device where NAS resides 3

Proposed Radius Attributes IP-Port-Limit Attribute o To configure the max number of IP ports associated with a specific or all IPv4 address for an IP service subscriber. IP-Port-Range Attribute o To report to the Radius server that a range IP ports that have been allocated or de-allocated associated with a specific IPv4 address for an IP service subscriber by a port set device. IP-Port-Forwarding-Map Attribute o To define the mapping between an internal IP port (associated with an internal IP address or customer’s local identifier) and an external IP port (associated with an external IPv4 address). 4

Extended Type & IP-Port-Type TLV Type: TBA1 - Extended-Type-1 (241), Extended-Type-2 (242), Extended- Type-3 (243), or Extended-Type-4 (244) per [RFC6929]. Length: This field indicates the total length in bytes of all fields this attribute, including the Type, Length, Extended-Type, and the embedded TLVs. Extended-Type: TBA2. TLV1-Type: Type field of IP-Port-Type TLV. This one byte field indicates the IP port type as follows: 5

Extended Type & IP-Port-Type TLV (cont.) TBA2-1: Refer to TCP port, UDP port, and ICMP identifier as a whole. TBA2-2: Refer to TCP port and UDP port as a whole. TBA2-3: Refer to TCP port only. TBA2-4: Refer to UDP port only. TBA2-5: Refer to ICMP identifier only. TLV1-Length: Length field of IP-Port-Type TLV. This field indicates the total length in bytes of the TLV1, including the field of TLV1-Type, TLV1-Length, and the Value. Value: Value field of IP-Port-Type TLV. This field contains one or more TLVs. 6

Proposed Radius TLVs IP-Port-Limit TLV o To specify the max number of IP ports. IP-Port-Ext-IPv4-Addr TLV o To specify the external IPv4 address. IP-Port-Int-IP-Addr TLV o To specify the internal IPv4 or IPv6 address. IP-Port-Alloc TLV o To specify either allocation or de-allocation of IP ports. IP-Port-Range-Start TLV o To specify the largest port number of a contiguous IP ports. IP-Port-Range-End TLV o To specify the smallest port number of a contiguous IP ports. IP-Port-Int-Port TLV o To specify an internal IP port (associated with an internal IP address). IP-Port-Ext-Port TLV o To specify an external IP port (associated with an external IPv4 address). IP-Port-Local-Id TLV o To specify a customer-local significant identifier (e.g., a MAC address). 7

Attributes and Embedded TLVs IP-Port-Limit Attribute IP-Port-Range Attribute IP-Port-Forwarding-Map Attribute IP-Port-Limit TLV M n/a IP-Port-Ext-IPv4-Addr TLV O n1 O O IP-Port-Int-IP-Addr TLV n/a M n3 IP-Port-Int-Port TLV n/a M IP-Port-Ext-Port TLV n/a M IP-Port-Alloc TLV n/a M IP-Port-Range-Start TLV n/a M n2 n/a IP-Port-Range-End TLV n/a M n2 n/a IP-Port-Local-Id TLV n/a O M n3 n1: If not included, the port limit as specified in IP-Port-Limit TLV applied to IPv4 addresses. n2: For port allocation, these two TLVs are mandatory. For port de-allocation, if these two TLVs are present, all ports are de- allocated. n3: Either IP-Port-Int-IP-Addr TLV or IP-Port-Local-Id TLV must be included. 8

Identifiers of the three Attributes IP-Port-Limit Attribute o Type.Extended-Type.IP-Port-Type TLV{TBA2-1..TBA2-5}. [IP-Port-Limit TLV, {IP-Port-Ext-IPv4-Addr TLV }]. IP-Port-Range Attribute o Type.Extended-Type.IP-Port-Type TLV{TBA2-1..TBA2-5}. [IP-Port-Alloc TLV, {IP-Port-Range-Start TLV, IP-Port-Range-End TLV}, {IP-Port-Ext-IPv4-Addr TLV}, {IP-Port-Local-Id TLV}]. IP-Port-Forwarding-Map Attribute o Type.Extended-Type.IP-Port-Type TLV{TBA2-1..TBA2-5}. [IP-Port-Int-Port TLV, IP-Port-Ext-Port TLV, {IP-Port-Int-IP-Addr TLV}, {IP-Port-Ext-IPv4-Addr TLV}]. 9

IANA Considerations Name Reference Value Type FieldSection TBA1 Extended FieldSection TBA2 IP-Port-Type TLVSection 3.1.1TBA2-1:TCP/UDP port and ICMP identifier TBA2-2:TCP/UDP port TBA2-3:TCP port TBA2-4:UDP port TBA2-5:ICMP identifier IP-Port-Limit TLVSection TBA3 IP-Port-Ext-IPv4-Addr TLVSection TBA4 IP-Port-Int-IP-Addr TLVSection TBA5 IP-Port-Int-Port TLVSection TBA6 IP-Port-Ext-Port TLVSection TBA7 IP-Port-Alloc TLVSection TBA8 IP-Port-Range-Start TLVSection TBA9 IP-Port-Range-End TLVSection TBA10 IP-Port-Local-Id TLVSection TBA11 10

Next step … Request the WG to review and provide comments…. 11

Backup Slides

Configure NAT44 TCP/UDP Session Limit via RADIUS AAA Server Access Request Service Request NAT44/NAS BNG User profile: Username pwd, IPv4 address, CGN TCP/UDP, Session Limit Access-Accept Port-Session-Limit (TCP/UDP ports) Service Granted (other parameters) User RADIUSPPPoE/DHCP Account Request Port-Session-Limit (TCP/UDP ports) (NAT44 external port allocation and IPv4 address assignment)

Change NAT44 TCP/UDP Session Limit via RADIUS AAA Server NAT44/NAS BNG User profile: Username pwd, IPv4 address, CGN TCP/UDP, Session Limit User TCP/UDP Port Limit (1024) CoA Request Port-Session-Limit (TCP/UDP ports) TCP/UDP Port Limit (2048) CoA Response Port-Session-Limit (TCP/UDP ports)

Report NAT44 TCP/UDP Port Allocation Range via RADIUS AAA Server Access Request Service Request NAT44/NAS BNG User profile: Username pwd, IPv4 address, CGN TCP/UDP, Session Limit Access-Accept Service Granted User RADIUSPPPoE/DHCP Account Request Port-Session-Range for de-allocation CGN allocates a TCP/UDP port range for the user Account Request Port-Session-Range for allocation CGN de-allocates a TCP/UDP port range for the user

Report Port Allocation/De-allocation for a UE AAA Server Access Request Service Request BNG/NAS Access-Accept Service Granted (parameters) UE Account Request Port-Session-Range for de-allocation CPE withdraws a TCP/UDP port range for the UE Account Request Port-Session-Range for allocation CPE CPE assigns IP address and a TCP/UDP port range to the UE

NAT44 Port Forwarding Configuration via RADIUS AAA Server Access Request Service Request NAT44/NAS BNG User profile: Username pwd IPv4 address Internal port External port Access-Accept Port-Forwarding-Map Service Granted (other parameters) Account Request Port-Forwarding-Map User (Create a port mapping for the user, and associate it with the internal and external IP address) RADIUSPPPoE/DHCP

Change NAT44 TCP/UDP Port Mapping via RADIUS AAA Server NAT44/NAS BNG User Internal IP Address Port Map (a:X) CoA Request Port-Forwarding-Map) Internal IP Address Port Map (a:Y)) CoA Response Port-Forwarding-Map) User profile: Username pwd IPv4 address Internal port External port RADIUSPPPoE/DHCP

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.