Presentation is loading. Please wait.

Presentation is loading. Please wait.

Extended Attributes RADEXT - IETF 79 Alan DeKok FreeRADIUS Avi Lior Bridgewater.

Published byMartin Barber Modified over 8 years ago

Similar presentations

Presentation on theme: "Extended Attributes RADEXT - IETF 79 Alan DeKok FreeRADIUS Avi Lior Bridgewater."— Presentation transcript:

1 Extended Attributes RADEXT - IETF 79 Alan DeKok FreeRADIUS Avi Lior Bridgewater

2 RADEXT - IETF 79 Requirements More RADIUS Attribute Types 256 is too limited Standard support for “long” attributes > 253 octets Better grouping RFC 2868 tags are inadequate

3 RADEXT - IETF 79 Un-Requirements Systems which were discussed and rejected too complex too limited which can’t be applied to existing RFCs

4 RADEXT - IETF 79 Current Attributes Type 1 octet Length 1 octet Value … 1..253 octets

5 RADEXT - IETF 79 Extended Attributes Type 1 octet Length 1 octet Ext-Type 1 octet Value … 1..252 octets

6 RADEXT - IETF 79 That’s pretty much it. “Steal” one octet of “value” for extended types Allocate 4 attributes of this format 241, 242, 243, 244 Solves the “need more attributes” problem Allows for ~1K new attributes

7 RADEXT - IETF 79 Naming We need to name the new attributes types. Use OID style “dotted number” 241.{1-255} 241.1 “This-Is-A-New-attr” Versus 1 “User-Name” Naming applies only for the IANA registry

8 RADEXT - IETF 79 Grouping Better grouping by defining a TLV data type Already in WiMAX, 3GPP2, and other SDOs / vendors.

9 RADEXT - IETF 79 TLV Data Type TLV-Type 1 octet TLV-Length 1 octet Value … 1..253 octets

10 RADEXT - IETF 79 TLV in Ext-Attribute Type 1 octet Length 1 octet = 9 Ext-Type 1 octet TLV-Type 1 octet TLV-Length 1 octet = 6 Value … 4 octets

11 RADEXT - IETF 79 TLVs in Ext-Attribute Type 1 octet Length 1 octet = 29 Ext-Type 1 octet TLV-Type 1 octet TLV-Length 1 octet = 6 Value … 4 octets TLV-Type’ 1 octet TLV-Length’ 1 octet = 20 Value’ … 18 octets

12 RADEXT - IETF 79 TLV Properties Can carry any existing or future data type Including TLVs. Multiple TLVs can be carried in one Ext-Attr Nested or concatenated Nesting is limited only by TLV-Length field 253 / 3 =~ 80 Practicalities show a depth of 5 is sufficient

13 RADEXT - IETF 79 TLV Naming Leverage the same “dotted number” notation! 241.1.2 RADIUS Attr 241, of type “ext-attr” Extended Attr 1, data type “tlv” TLV 2, data type “integer” Allows for ~250 fields in a struct Extends type space past 1K attributes

14 RADEXT - IETF 79 “Long” Attributes Leverage the Ext-Type format Allocate 2 attributes of this type 245, 246 Add another field: “flags” Standard way to say “more than 253 octets of data”

15 RADEXT - IETF 79 Long Ext Attributes Type 1 octet Length 1 octet Ext-Type 1 octet Flags 1 octet Value … 1..251 octets

16 RADEXT - IETF 79 Flags 1 bit of “C” for Continuation Same meaning as existing ext-attrs / WiMAX 7 bits of “reserved” We have no idea what to do with these It’s likely that these will never be used

17 RADEXT - IETF 79 Additional notes 24{1-6}.26 are VSAs Allows for many more VSAs 24{1-6}.{241-255} are reserved No “experimental” or “implementation- specific” They have not been useful Detailed instructions for IANA are included

18 RADEXT - IETF 79 Motivation RADEXT discussions have been long We need a solution soon (i.e. within 2-3 years) All other solutions are more complex Attribute audit shows the needs to be simple

19 Attribute Audit CountData Type 2257 integer 1762 text 273 IPv4 Address 235 string 96 other data types 35 IPv6 Address 18 date 4 Interface Id 3 IPv6 Prefix 4683 Total Public dictionaries ~100 vendors 55% or more are “short” (<20 bytes) ~20 “long” attrs (253+ octets) a “simple” solution seems to be best

20 RADEXT - IETF 79 Implementations In FreeRADIUS “stable” branch http://git.freeradius.org Implements TLVs, basic type No support for “long attrs” IEA Software http://www.iea-software.com/products/radlogin4.cfm Full support

21 RADEXT - IETF 79 To Do Define a “VSA” data type To be used by the 6 new “VSA” attributes Easier than repeating attribute definitions More “guideline” recommendations Hopefully simple More examples More clarifications

22 RADEXT - IETF 79 Summary > 1K of new attribute space With TLVs, potentially many 1000’s Grouping via TLVs Proven to work in SDO VSAs Standard way to have “long” attrs No more “ad hoc method”

23 RADEXT - IETF 79 Questions?

Download ppt "Extended Attributes RADEXT - IETF 79 Alan DeKok FreeRADIUS Avi Lior Bridgewater."

Similar presentations

IP Addressing Introductory material.

IP Addressing Introductory material.
IETF draft-jeyatharan-mext-flow-tftemp-reference-01 Mohana Jeyatharan panasonic.com Chan-Wah Ng 1 IETF.

IETF draft-jeyatharan-mext-flow-tftemp-reference-01 Mohana Jeyatharan panasonic.com Chan-Wah Ng 1 IETF.
Overview of draft-ietf-sidr-roa-format-01.txt Matt Lepinski BBN Technologies.

Overview of draft-ietf-sidr-roa-format-01.txt Matt Lepinski BBN Technologies.
L3VPN WG2012-Jul-301 MVPN/BGP Support for Customers That Use mLDP RFCs 6513/6514: support Multicast VPN Service for customers that use PIM provide extensive.

L3VPN WG2012-Jul-301 MVPN/BGP Support for Customers That Use mLDP RFCs 6513/6514: support Multicast VPN Service for customers that use PIM provide extensive.
KMIP Vendor Extension Management KMIP supports ‘extensions’ but provides no mechanism for coordination of values between clients and servers or between.

KMIP Vendor Extension Management KMIP supports ‘extensions’ but provides no mechanism for coordination of values between clients and servers or between.
Oct 21, 2004CS573: Network Protocols and Standards1 IP: Addressing, ARP, Routing Network Protocols and Standards Autumn 2004-2005.

Oct 21, 2004CS573: Network Protocols and Standards1 IP: Addressing, ARP, Routing Network Protocols and Standards Autumn
Format for the Session Initiation Protocol (SIP) Common Log Format (CLF) draft-ietf-sipclf-format-01 (G. Salgueiro, V. Gurbani, and A. B. Roach) Presenter:

Format for the Session Initiation Protocol (SIP) Common Log Format (CLF) draft-ietf-sipclf-format-01 (G. Salgueiro, V. Gurbani, and A. B. Roach) Presenter:
Chapter 21 IP Addressing “If we all did the things we are capable of doing, we would literally astound ourselves” - Thomas Alva Edison, 1847-1931.

Chapter 21 IP Addressing “If we all did the things we are capable of doing, we would literally astound ourselves” - Thomas Alva Edison,
CS 6401 Efficient Addressing Outline Addressing Subnetting Supernetting.

CS 6401 Efficient Addressing Outline Addressing Subnetting Supernetting.
1 TCOM 509 – Internet Protocols (TCP/IP) Lecture 02_b Instructor: Dr. Li-Chuan Chen Date: 09/08/2003 Based in part upon slides of Prof. J. Kurose (U Mass),

1 TCOM 509 – Internet Protocols (TCP/IP) Lecture 02_b Instructor: Dr. Li-Chuan Chen Date: 09/08/2003 Based in part upon slides of Prof. J. Kurose (U Mass),
IP Addressing. Dotted Decimal Notation IP addresses are written in a so-called dotted decimal notation Each byte is identified by a decimal number in.

IP Addressing. Dotted Decimal Notation IP addresses are written in a so-called dotted decimal notation Each byte is identified by a decimal number in.
1 Internet Addresses (You should read Chapter 4 in Forouzan) IP Address is 32 Bits Long Conceptually the address is the pair ( NETID, HOSTID ) Addresses.

1 Internet Addresses (You should read Chapter 4 in Forouzan) IP Address is 32 Bits Long Conceptually the address is the pair ( NETID, HOSTID ) Addresses.
LECTURE # 20 IP ADDRESSING 1. Binary 2  All digital electronics use a binary method for communication.  Binary can be expressed using only two values:

LECTURE # 20 IP ADDRESSING 1. Binary 2  All digital electronics use a binary method for communication.  Binary can be expressed using only two values:
INTRODUCTION TO IP ADDRESS Ravi Chandra Gurung. IP ADDRESSES.

INTRODUCTION TO IP ADDRESS Ravi Chandra Gurung. IP ADDRESSES.
RADIUS Accounting Extensions on Traffic Statistics draft-yeh-radext-ext-traffic-statistics-01 + IETF 82 – Radext Nov. 14 th, 2011 Leaf Y. Yeh Huawei Technologies.

RADIUS Accounting Extensions on Traffic Statistics draft-yeh-radext-ext-traffic-statistics-01 + IETF 82 – Radext Nov. 14 th, 2011 Leaf Y. Yeh Huawei Technologies.
Dean Cheng Jouni Korhonen Mehamed Boucadair

Dean Cheng Jouni Korhonen Mehamed Boucadair
IETF SFC: Service Chain Header draft-zhang-sfc-sch-01

IETF SFC: Service Chain Header draft-zhang-sfc-sch-01
Draft-ietf-ospf-segment-routing-extensions-01 draft-psenak-ospf-segment-routing-ospfv3-extension- 02 IETF 88, November 3-8, 2013 P. Psenak, S.Previdi,

Draft-ietf-ospf-segment-routing-extensions-01 draft-psenak-ospf-segment-routing-ospfv3-extension- 02 IETF 88, November 3-8, 2013 P. Psenak, S.Previdi,
Efficient Addressing Outline Addressing Subnetting Supernetting CS 640.

Efficient Addressing Outline Addressing Subnetting Supernetting CS 640.
Handling MPLS-TP OAM Packets Targeted at Internal MIPs draft-farrel-mpls-tp-mip-mep-map-04 H. Endo, A. Farrel, Y. Koike, M. Paul, R. Winter.

Handling MPLS-TP OAM Packets Targeted at Internal MIPs draft-farrel-mpls-tp-mip-mep-map-04 H. Endo, A. Farrel, Y. Koike, M. Paul, R. Winter.

Similar presentations

Ads by Google