Download presentation
Presentation is loading. Please wait.
Published byPatrick McCracken Modified over 11 years ago
1
Benoit Lourdelet Wojciech Dec Behcet Sarikaya Glen Zorn July 2009 IPv6 RADIUS attributes for IPv6 access networks IETF-75 http://tools.ietf.org/html/draft-lourdelet-radext-ipv6-access-01
2
Problem Statement RFC3162 needs additions to accommodate IPv6 production networks Feedback coming from actual deployments Pioneers time is over and large scale deployments require flexibility These new attributes may be used in DHCP or SLAAC or PBU/PBA or BU/BA (mobile) contexts
3
Requirements (1) IPv6 DNS location needs to be configured on a subscriber basis Wholesale, VPN Implementation can happen in A DHCP context – RFC3646 – Recursive DNS Option A SLAAC context : RFC5006
4
Requirements (2) Individual IPv6 addresses must be offered to the Subscriber concatenation of prefix and interface-id attributes does not cover all cases RFC 5080 Section 2.11 suggests that Framed-IPv6- Prefix is not appropriate to carry an IPv6 address Implementation can happen in A DHCP context – to offer an individual address A SLAAC context : This new attribute could be used in a posteriori check Mobile Networks context – Each node needs per-MN prefixes
5
Requirements (3) More specific routes should be transmitted to the subscriber Multi-homing, multiple attachments Implementation can happen in DHCP context : New DHCPv6 option maps this attribute : draft- dec-dhcpv6-route-option-01 SLACC context : The attributes is mapped into the RA more specific routes. RFC4191 Mobile registration signalling : Request per-MN prefix (PBU), assign specific prefixes (PBA)
6
Requirements (4) Prefix Lifetimes must be configured on a prefix basis Implementation can happen in SLAAC: Valid and Preferred or inserted in the RA sent to the subscriber
7
DHCP Deployment scenario New RADIUS attributes mapping to key DHCPv6 attributes A list of DNS Server IPv6 addresses IPv6 address A list of specific routes DHCP Client DHCP Server RADIUS Client RADIUS Server SOLLICIT ADVERTISE (DNS, IA_NA) REQUEST (DNS, IA_NA) REPLY (DNS, IA_NA) REQUEST ACCEPT (DNS list, IPv6-1, IPv6-2, etc.) Session initiation Session up
8
SLAAC Deployment scenario New RADIUS attributes mapping to key RA fields Valid and Preferred lifetime A list of specific routes DNS addresses Possible validation of IPv6 address DHCP Client DHCP Server RADIUS Client RADIUS Server RA REQUEST ACCEPT (DNS list, IPv6-1, IPv6-2, etc.) Session initiation Session up
9
Simple IP Prefix Authorization Scenario New RADIUS attributes for authorizing prefixes to each user Valid and Preferred lifetime User-ID Request or Renew Release when user disconnects DHCP Client DHCP Server RADIUS Client RADIUS Server RA REQUEST ACCEPT (IPv6-Prefix.,User-ID,Request) Session initiation Session up
10
Attribute Definitions Tag field is introduced as per RADIUS Design Guidelines to group attributes Different tags for IPv6-Prefix IPv6-Route-Option-Preference IPv6-Route- Option-Lifetime or Auth-IPv6-Prefix-Valid-Lifetime Auth-IPv6-Prefix- Prefd-Lifetime Auth-IPv6-Prefix-User-ID Prefix- Lifetime-Service-Type
11
How to move forward Adopt as a WG item
12
Thank you
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.