Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dean Cheng Jouni Korhonen Mehamed Boucadair

Published byWilfred Kennedy Modified over 9 years ago

Similar presentations

Presentation on theme: "Dean Cheng Jouni Korhonen Mehamed Boucadair"— Presentation transcript:

1 Dean Cheng (dean.cheng@huawei.com)dean.cheng@huawei.com Jouni Korhonen (jouni.nospam@gmail.com)jouni.nospam@gmail.com Mehamed Boucadair (mohamed.boucadair@oragne.com)mohamed.boucadair@oragne.com Senthil Sivakumar (ssenthil@cisco.com)ssenthil@cisco.com IETF Toronto July, 2014 RADIUS Extensions for IP Port Configuration and Reporting draft-ietf-radext-ip-port-radius-ext-01 1 1

2 Draft Status Adopted as a WG document in May 2014 00.txt was posted on May 9 2014 (based on individual draft). Comments received on mailing list since London meeting  Thanks to Alan DeKok, Lionel Morand, Peter Deacon, etc. 01.txt was posted on June 12 2014 with significant changes incorporating most of the comments including:  Defined IP-Port-Type TLV.  Defined one TLV for each data field.  Changed to allow multiple instances for all proposed attributes.  Defined mandatory and optional TLVs within each proposed attribute. 2

3 Motivation Scenario (in a broadband network, WiFi network, etc.)  A port-set device, capable of performing mapping on IP address and port need to communicate with a RADIUS server.  Examples: o A CGN acquires TCP/UDP port limit for a given user from the RADIUS server o A CGN reports a range of TCP/UDP ports allocated/de-allocated for a given user to the RADIUS server o A CGN acquires a forwarding port for a given user from the RADIUS server o A WiFi server (CPE) reports a range of TCP/UDP ports allocated/de-allocated for a visiting UE to the RADIUS server Use RADIUS protocol for communication between a RADIUS server and a port-set device where NAS resides 3

4 Proposed Radius Attributes IP-Port-Limit Attribute o To configure the max number of IP ports associated with a specific or all IPv4 address for an IP service subscriber. IP-Port-Range Attribute o To report to the Radius server that a range IP ports that have been allocated or de-allocated associated with a specific IPv4 address for an IP service subscriber by a port set device. IP-Port-Forwarding-Map Attribute o To define the mapping between an internal IP port (associated with an internal IP address or customer’s local identifier) and an external IP port (associated with an external IPv4 address). 4

5 Extended Type & IP-Port-Type TLV Type: TBA1 - Extended-Type-1 (241), Extended-Type-2 (242), Extended- Type-3 (243), or Extended-Type-4 (244) per [RFC6929]. Length: This field indicates the total length in bytes of all fields this attribute, including the Type, Length, Extended-Type, and the embedded TLVs. Extended-Type: TBA2. TLV1-Type: Type field of IP-Port-Type TLV. This one byte field indicates the IP port type as follows: 5

6 Extended Type & IP-Port-Type TLV (cont.) TBA2-1: Refer to TCP port, UDP port, and ICMP identifier as a whole. TBA2-2: Refer to TCP port and UDP port as a whole. TBA2-3: Refer to TCP port only. TBA2-4: Refer to UDP port only. TBA2-5: Refer to ICMP identifier only. TLV1-Length: Length field of IP-Port-Type TLV. This field indicates the total length in bytes of the TLV1, including the field of TLV1-Type, TLV1-Length, and the Value. Value: Value field of IP-Port-Type TLV. This field contains one or more TLVs. 6

7 Proposed Radius TLVs IP-Port-Limit TLV o To specify the max number of IP ports. IP-Port-Ext-IPv4-Addr TLV o To specify the external IPv4 address. IP-Port-Int-IP-Addr TLV o To specify the internal IPv4 or IPv6 address. IP-Port-Alloc TLV o To specify either allocation or de-allocation of IP ports. IP-Port-Range-Start TLV o To specify the largest port number of a contiguous IP ports. IP-Port-Range-End TLV o To specify the smallest port number of a contiguous IP ports. IP-Port-Int-Port TLV o To specify an internal IP port (associated with an internal IP address). IP-Port-Ext-Port TLV o To specify an external IP port (associated with an external IPv4 address). IP-Port-Local-Id TLV o To specify a customer-local significant identifier (e.g., a MAC address). 7

8 Attributes and Embedded TLVs IP-Port-Limit Attribute IP-Port-Range Attribute IP-Port-Forwarding-Map Attribute IP-Port-Limit TLV M n/a IP-Port-Ext-IPv4-Addr TLV O n1 O O IP-Port-Int-IP-Addr TLV n/a M n3 IP-Port-Int-Port TLV n/a M IP-Port-Ext-Port TLV n/a M IP-Port-Alloc TLV n/a M IP-Port-Range-Start TLV n/a M n2 n/a IP-Port-Range-End TLV n/a M n2 n/a IP-Port-Local-Id TLV n/a O M n3 n1: If not included, the port limit as specified in IP-Port-Limit TLV applied to IPv4 addresses. n2: For port allocation, these two TLVs are mandatory. For port de-allocation, if these two TLVs are present, all ports are de- allocated. n3: Either IP-Port-Int-IP-Addr TLV or IP-Port-Local-Id TLV must be included. 8

9 Identifiers of the three Attributes IP-Port-Limit Attribute o Type.Extended-Type.IP-Port-Type TLV{TBA2-1..TBA2-5}. [IP-Port-Limit TLV, {IP-Port-Ext-IPv4-Addr TLV }]. IP-Port-Range Attribute o Type.Extended-Type.IP-Port-Type TLV{TBA2-1..TBA2-5}. [IP-Port-Alloc TLV, {IP-Port-Range-Start TLV, IP-Port-Range-End TLV}, {IP-Port-Ext-IPv4-Addr TLV}, {IP-Port-Local-Id TLV}]. IP-Port-Forwarding-Map Attribute o Type.Extended-Type.IP-Port-Type TLV{TBA2-1..TBA2-5}. [IP-Port-Int-Port TLV, IP-Port-Ext-Port TLV, {IP-Port-Int-IP-Addr TLV}, {IP-Port-Ext-IPv4-Addr TLV}]. 9

10 IANA Considerations Name Reference Value Type FieldSection 3.1.1 TBA1 Extended FieldSection 3.1.1 TBA2 IP-Port-Type TLVSection 3.1.1TBA2-1:TCP/UDP port and ICMP identifier TBA2-2:TCP/UDP port TBA2-3:TCP port TBA2-4:UDP port TBA2-5:ICMP identifier IP-Port-Limit TLVSection 3.1.2 TBA3 IP-Port-Ext-IPv4-Addr TLVSection 3.2.2 TBA4 IP-Port-Int-IP-Addr TLVSection 3.2.3 TBA5 IP-Port-Int-Port TLVSection 3.2.4 TBA6 IP-Port-Ext-Port TLVSection 3.2.5 TBA7 IP-Port-Alloc TLVSection 3.2.6 TBA8 IP-Port-Range-Start TLVSection 3.2.7 TBA9 IP-Port-Range-End TLVSection 3.2.8 TBA10 IP-Port-Local-Id TLVSection 3.2.9 TBA11 10

11 Next step … Request the WG to review and provide comments…. 11

12 Backup Slides

13 Configure NAT44 TCP/UDP Session Limit via RADIUS AAA Server Access Request Service Request NAT44/NAS BNG User profile: Username pwd, IPv4 address, CGN TCP/UDP, Session Limit Access-Accept Port-Session-Limit (TCP/UDP ports) Service Granted (other parameters) User RADIUSPPPoE/DHCP Account Request Port-Session-Limit (TCP/UDP ports) (NAT44 external port allocation and IPv4 address assignment)

14 Change NAT44 TCP/UDP Session Limit via RADIUS AAA Server NAT44/NAS BNG User profile: Username pwd, IPv4 address, CGN TCP/UDP, Session Limit User TCP/UDP Port Limit (1024) CoA Request Port-Session-Limit (TCP/UDP ports) TCP/UDP Port Limit (2048) CoA Response Port-Session-Limit (TCP/UDP ports)

15 Report NAT44 TCP/UDP Port Allocation Range via RADIUS AAA Server Access Request Service Request NAT44/NAS BNG User profile: Username pwd, IPv4 address, CGN TCP/UDP, Session Limit Access-Accept Service Granted User RADIUSPPPoE/DHCP Account Request Port-Session-Range for de-allocation CGN allocates a TCP/UDP port range for the user Account Request Port-Session-Range for allocation CGN de-allocates a TCP/UDP port range for the user

16 Report Port Allocation/De-allocation for a UE AAA Server Access Request Service Request BNG/NAS Access-Accept Service Granted (parameters) UE Account Request Port-Session-Range for de-allocation CPE withdraws a TCP/UDP port range for the UE Account Request Port-Session-Range for allocation CPE CPE assigns IP address and a TCP/UDP port range to the UE

17 NAT44 Port Forwarding Configuration via RADIUS AAA Server Access Request Service Request NAT44/NAS BNG User profile: Username pwd IPv4 address Internal port External port Access-Accept Port-Forwarding-Map Service Granted (other parameters) Account Request Port-Forwarding-Map User (Create a port mapping for the user, and associate it with the internal and external IP address) RADIUSPPPoE/DHCP

18 Change NAT44 TCP/UDP Port Mapping via RADIUS AAA Server NAT44/NAS BNG User Internal IP Address Port Map (a:X) CoA Request Port-Forwarding-Map) Internal IP Address Port Map (a:Y)) CoA Response Port-Forwarding-Map) User profile: Username pwd IPv4 address Internal port External port RADIUSPPPoE/DHCP

Download ppt "Dean Cheng Jouni Korhonen Mehamed Boucadair"

Similar presentations

Adapted Multimedia Internet KEYing (AMIKEY): An extension of Multimedia Internet KEYing (MIKEY) Methods for Generic LLN Environments draft-alexander-roll-mikey-lln-key-mgmt-01.txt.

Adapted Multimedia Internet KEYing (AMIKEY): An extension of Multimedia Internet KEYing (MIKEY) Methods for Generic LLN Environments draft-alexander-roll-mikey-lln-key-mgmt-01.txt.
NAT-PT Applicability Statement Design Team IETF #57, IETF V6OPS WG Vienna, Austria July 16, 2003.

NAT-PT Applicability Statement Design Team IETF #57, IETF V6OPS WG Vienna, Austria July 16, 2003.
Dynamic Allocation of Shared IPv4 Addresses draft-csf-dhc-dynamic-shared-v4allocation-00 Q. Sun, Y. Cui, I. Farrer, Y. Lee, Q. Sun, M. Boucadair IETF 89,

Dynamic Allocation of Shared IPv4 Addresses draft-csf-dhc-dynamic-shared-v4allocation-00 Q. Sun, Y. Cui, I. Farrer, Y. Lee, Q. Sun, M. Boucadair IETF 89,
CST 415 - Computer Networks NAT CST 415 4/10/2017 CST 415 - Computer Networks.

CST Computer Networks NAT CST 415 4/10/2017 CST Computer Networks.
Umut Girit 200535027.  One of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer.

Umut Girit  One of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer.
OSPF Operator Defined TLVs for Agile Service Deployment (previous name self-defined TLVs) draft-chunduri-ospf-operator-defined-tlvs-00 (previously: draft-chunduri-ospf-self-defined-sub-tlvs-03)

OSPF Operator Defined TLVs for Agile Service Deployment (previous name self-defined TLVs) draft-chunduri-ospf-operator-defined-tlvs-00 (previously: draft-chunduri-ospf-self-defined-sub-tlvs-03)
Chapter 18 RADIUS. RADIUS  Remote Authentication Dial-In User Service  Protocol used for communication between NAS and AAA server  Supports authentication,

Chapter 18 RADIUS. RADIUS  Remote Authentication Dial-In User Service  Protocol used for communication between NAS and AAA server  Supports authentication,
Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 20 RADIUS and Internet Authentication Service.

Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 20 RADIUS and Internet Authentication Service.
IPv6 RADIUS attributes for IPv6 access networks draft-lourdelet-radext-ipv6-access-01 Glen Zorn, Benoit Lourdelet Wojciech Dec, Behcet Sarikaya Radext/dhc.

IPv6 RADIUS attributes for IPv6 access networks draft-lourdelet-radext-ipv6-access-01 Glen Zorn, Benoit Lourdelet Wojciech Dec, Behcet Sarikaya Radext/dhc.
Mobile IP, PMIP, FMC, and a little bit more

Mobile IP, PMIP, FMC, and a little bit more
Framework & Requirements for an Access Node Control Mechanism in Broadband Multi-Service Networks ANCP WG IETF 70 – Vancouver draft-ietf-ancp-framework-04.txt.

Framework & Requirements for an Access Node Control Mechanism in Broadband Multi-Service Networks ANCP WG IETF 70 – Vancouver draft-ietf-ancp-framework-04.txt.
RADIUS Accounting Extensions on Traffic Statistics draft-yeh-radext-ext-traffic-statistics-01 + IETF 82 – Radext Nov. 14 th, 2011 Leaf Y. Yeh Huawei Technologies.

RADIUS Accounting Extensions on Traffic Statistics draft-yeh-radext-ext-traffic-statistics-01 + IETF 82 – Radext Nov. 14 th, 2011 Leaf Y. Yeh Huawei Technologies.
Dean Cheng Jouni Korhonen Mehamed Boucadair

Dean Cheng Jouni Korhonen Mehamed Boucadair
Application Level Control of Ports in a Service Provider NAT environment Dave Thaler Dan Wing Alain Durand 1.

Application Level Control of Ports in a Service Provider NAT environment Dave Thaler Dan Wing Alain Durand 1.
Doc: 11-03-0763-00-0000 Submission September 2003 Dorothy Stanley (Agere Systems) IETF Liaison Report September 2003 Dorothy Stanley – Agere Systems IEEE.

Doc: Submission September 2003 Dorothy Stanley (Agere Systems) IETF Liaison Report September 2003 Dorothy Stanley – Agere Systems IEEE.
Framework & Requirements for an Access Node Control Mechanism in Broadband Multi-Service Networks ANCP WG IETF 71 – Philadelphia draft-ietf-ancp-framework-05.txt.

Framework & Requirements for an Access Node Control Mechanism in Broadband Multi-Service Networks ANCP WG IETF 71 – Philadelphia draft-ietf-ancp-framework-05.txt.
Jun Li DHCP Option for Access Network Information draft-lijun-dhc-clf-nass-option-01.

Jun Li DHCP Option for Access Network Information draft-lijun-dhc-clf-nass-option-01.
QUALCOMM Incorporated 1 Protocol Options for BSN- BSMCS Controller Interface Jun Wang, Kirti Gupta 05/16/2005 Notice: Contributors grant a free, irrevocable.

QUALCOMM Incorporated 1 Protocol Options for BSN- BSMCS Controller Interface Jun Wang, Kirti Gupta 05/16/2005 Notice: Contributors grant a free, irrevocable.
Real-time Flow Management 2 BOF: Remote Packet Capture Extensions Jürgen Quittek NEC Europe Ltd, Heidelberg, Germany Georg Carle GMD.

Real-time Flow Management 2 BOF: Remote Packet Capture Extensions Jürgen Quittek NEC Europe Ltd, Heidelberg, Germany Georg Carle GMD.
RADIUS issues in IPv6 deployments draft-hu-v6ops-radius-issues-ipv6-01 J. Hu, YL. Ouyang, Q. Wang, J. Qin,

RADIUS issues in IPv6 deployments draft-hu-v6ops-radius-issues-ipv6-01 J. Hu, YL. Ouyang, Q. Wang, J. Qin,

Similar presentations

Ads by Google