Presentation is loading. Please wait.

Presentation is loading. Please wait.

Benoit Lourdelet Wojciech Dec Behcet Sarikaya Glen Zorn July 2009 IPv6 RADIUS attributes for IPv6 access networks IETF-75

Similar presentations


Presentation on theme: "Benoit Lourdelet Wojciech Dec Behcet Sarikaya Glen Zorn July 2009 IPv6 RADIUS attributes for IPv6 access networks IETF-75"— Presentation transcript:

1 Benoit Lourdelet Wojciech Dec Behcet Sarikaya Glen Zorn July 2009 IPv6 RADIUS attributes for IPv6 access networks IETF-75 http://tools.ietf.org/html/draft-lourdelet-radext-ipv6-access-01

2 Problem Statement RFC3162 needs additions to accommodate IPv6 production networks Feedback coming from actual deployments Pioneers time is over and large scale deployments require flexibility These new attributes may be used in DHCP or SLAAC or PBU/PBA or BU/BA (mobile) contexts

3 Requirements (1) IPv6 DNS location needs to be configured on a subscriber basis Wholesale, VPN Implementation can happen in A DHCP context – RFC3646 – Recursive DNS Option A SLAAC context : RFC5006

4 Requirements (2) Individual IPv6 addresses must be offered to the Subscriber concatenation of prefix and interface-id attributes does not cover all cases RFC 5080 Section 2.11 suggests that Framed-IPv6- Prefix is not appropriate to carry an IPv6 address Implementation can happen in A DHCP context – to offer an individual address A SLAAC context : This new attribute could be used in a posteriori check Mobile Networks context – Each node needs per-MN prefixes

5 Requirements (3) More specific routes should be transmitted to the subscriber Multi-homing, multiple attachments Implementation can happen in DHCP context : New DHCPv6 option maps this attribute : draft- dec-dhcpv6-route-option-01 SLACC context : The attributes is mapped into the RA more specific routes. RFC4191 Mobile registration signalling : Request per-MN prefix (PBU), assign specific prefixes (PBA)

6 Requirements (4) Prefix Lifetimes must be configured on a prefix basis Implementation can happen in SLAAC: Valid and Preferred or inserted in the RA sent to the subscriber

7 DHCP Deployment scenario New RADIUS attributes mapping to key DHCPv6 attributes A list of DNS Server IPv6 addresses IPv6 address A list of specific routes DHCP Client DHCP Server RADIUS Client RADIUS Server SOLLICIT ADVERTISE (DNS, IA_NA) REQUEST (DNS, IA_NA) REPLY (DNS, IA_NA) REQUEST ACCEPT (DNS list, IPv6-1, IPv6-2, etc.) Session initiation Session up

8 SLAAC Deployment scenario New RADIUS attributes mapping to key RA fields Valid and Preferred lifetime A list of specific routes DNS addresses Possible validation of IPv6 address DHCP Client DHCP Server RADIUS Client RADIUS Server RA REQUEST ACCEPT (DNS list, IPv6-1, IPv6-2, etc.) Session initiation Session up

9 Simple IP Prefix Authorization Scenario New RADIUS attributes for authorizing prefixes to each user Valid and Preferred lifetime User-ID Request or Renew Release when user disconnects DHCP Client DHCP Server RADIUS Client RADIUS Server RA REQUEST ACCEPT (IPv6-Prefix.,User-ID,Request) Session initiation Session up

10 Attribute Definitions Tag field is introduced as per RADIUS Design Guidelines to group attributes Different tags for IPv6-Prefix IPv6-Route-Option-Preference IPv6-Route- Option-Lifetime or Auth-IPv6-Prefix-Valid-Lifetime Auth-IPv6-Prefix- Prefd-Lifetime Auth-IPv6-Prefix-User-ID Prefix- Lifetime-Service-Type

11 How to move forward Adopt as a WG item

12 Thank you


Download ppt "Benoit Lourdelet Wojciech Dec Behcet Sarikaya Glen Zorn July 2009 IPv6 RADIUS attributes for IPv6 access networks IETF-75"

Similar presentations


Ads by Google