rfc:rfc8658
Internet Engineering Task Force (IETF) S. Jiang, Ed. Request for Comments: 8658 Huawei Category: Standards Track Y. Fu, Ed. ISSN: 2070-1721 CNNIC
C. Xie
China Telecom
T. Li
Tsinghua University
M. Boucadair, Ed.
Orange
November 2019
RADIUS Attributes for Softwire Mechanisms Based on
Address plus Port (A+P)
Abstract
IPv4-over-IPv6 transition mechanisms provide IPv4 connectivity services over IPv6 native networks during the IPv4/IPv6 coexistence period. DHCPv6 options have been defined to configure clients for Lightweight 4over6, Mapping of Address and Port with Encapsulation (MAP-E), Mapping of Address and Port using Translation (MAP-T) unicast softwire mechanisms, and multicast softwires. However, in many networks, configuration information is stored in an Authentication, Authorization, and Accounting (AAA) server, which utilizes the Remote Authentication Dial In User Service (RADIUS) protocol to provide centralized management for users. When a new transition mechanism is developed, new RADIUS attributes need to be defined correspondingly.
This document defines new RADIUS attributes to carry softwire configuration parameters based on Address plus Port from a AAA server to a Broadband Network Gateway. Both unicast and multicast attributes are covered.
Status of This Memo
This is an Internet Standards Track document.
This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 7841.
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at https://www.rfc-editor.org/info/rfc8658.
Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
Table of Contents
1. Introduction
2. Terminology
3. New RADIUS Attributes
3.1. Softwire46-Configuration Attribute
3.1.1. Softwire46 Attributes
3.1.1.1. Softwire46-MAP-E Attribute
3.1.1.2. Softwire46-MAP-T Attribute
3.1.1.3. Softwire46-Lightweight-4over6 Attribute
3.1.2. Softwire46 Sub-attributes
3.1.3. Specification of the Softwire46 Sub-attributes
3.1.3.1. Softwire46-Rule Attribute
3.1.3.2. Softwire46-BR Attribute
3.1.3.3. Softwire46-DMR Attribute
3.1.3.4. Softwire46-V4V6Bind Attribute
3.1.3.5. Softwire46-PORTPARAMS Attribute
3.1.4. Sub-attributes for Softwire46-Rule
3.1.4.1. Rule-IPv6-Prefix Attribute
3.1.4.2. Rule-IPv4-Prefix Attribute
3.1.4.3. EA-Length Attribute
3.1.5. Attributes for Softwire46-v4v6Bind
3.1.5.1. IPv4-Address Attribute
3.1.5.2. Bind-IPv6-Prefix Attribute
3.1.6. Attributes for Softwire46-PORTPARAMS
3.1.6.1. PSID-Offset Attribute
3.1.6.2. PSID-Len Attribute
3.1.6.3. PSID Attribute
3.2. Softwire46-Priority Attribute
3.2.1. Softwire46-Option-Code
3.3. Softwire46-Multicast Attribute
3.3.1. ASM-Prefix64 Attribute
3.3.2. SSM-Prefix64 Attribute
3.3.3. U-Prefix64 Attribute
4. A Sample Configuration Process with RADIUS
5. Table of Attributes
6. Security Considerations
7. IANA Considerations
7.1. New RADIUS Attributes
7.2. RADIUS Softwire46 Configuration and Multicast
Attributes
7.3. Softwire46 Mechanisms and Their Identifying Option
Codes
8. References
8.1. Normative References
8.2. Informative References
Appendix A. DHCPv6 to RADIUS Field Mappings
A.1. OPTION_S46_RULE (89) to Softwire46-Rule Sub-TLV Field
Mappings
A.2. OPTION_S46_BR (90) to Softwire46-BR Field Mappings
A.3. OPTION_S46_DMR (91) to Softwire46-DMR
A.4. OPTION_S46_V4V6BIND (92) to Softwire46-V4V6Bind
A.5. OPTION_S46_PORTPARAMS (93) to Softwire46-PORTPARAMS
Field Mappings
A.6. OPTION_S46_PRIORITY (111) to Softwire46-PORTPARAMS
Field Mappings
A.7. OPTION_V6_PREFIX64 (113) to Softwire46-Multicast
Attribute Field Mappings
Acknowledgements
Contributors
Authors' Addresses
1. Introduction
Providers have started deploying and transitioning to IPv6. Several IPv4 service continuity mechanisms based on Address plus Port (A+P) [RFC6346] have been proposed for providing unicast IPv4-over- IPv6-only infrastructure, such as Mapping of Address and Port with Encapsulation (MAP-E) [RFC7597], Mapping of Address and Port using Translation (MAP-T) [RFC7599], and Lightweight 4over6 [RFC7596]. Also, [RFC8114] specifies a generic solution for the delivery of IPv4 multicast services to IPv4 clients over an IPv6 multicast network. For each of these mechanisms, DHCPv6 options have been specified for client configuration.
In many networks, user configuration information is stored in an Authentication, Authorization, and Accounting (AAA) server. AAA servers generally communicate using the Remote Authentication Dial In User Service (RADIUS) [RFC2865] protocol. In a fixed broadband network, a Broadband Network Gateway (BNG) acts as the access gateway for users. That is, the BNG acts as both a AAA client to the AAA server and a DHCPv6 server for DHCPv6 messages sent by clients. Throughout this document, the term "BNG" describes a device implementing both the AAA client and DHCPv6 server functions.
Since IPv4-in-IPv6 softwire configuration information is stored in a AAA server and user configuration information is mainly transmitted through DHCPv6 between the BNGs and Customer Premises Equipment (CEs, a.k.a., CPE), new RADIUS attributes are needed to propagate the information from the AAA servers to BNGs so that they can be provided to CEs using the existing DHCPv6 options.
The RADIUS attributes defined in this document provide the configuration to populate the corresponding DHCPv6 options for unicast and multicast softwire configurations, specifically:
- "Mapping of Address and Port with Encapsulation (MAP-E)" [RFC7597]
(DHCPv6 options defined in [RFC7598]).
- "Mapping of Address and Port using Translation (MAP-T)" [RFC7599]
(DHCPv6 options defined in [RFC7598]).
- "Lightweight 4over6: An Extension to the Dual-Stack Lite
Architecture" [RFC7596] (DHCPv6 options defined in [RFC7598]).
- "Unified IPv4-in-IPv6 Softwire Customer Premises Equipment (CPE):
A DHCPv6-Based Prioritization Mechanism" [RFC8026].
- "Delivery of IPv4 Multicast Services to IPv4 Clients over an IPv6
Multicast Network" [RFC8114] (DHCPv6 options defined in
[RFC8115]).
The contents of the attributes defined in this document have a 1:1 mapping into the fields of the various DHCPv6 options in [RFC7598], [RFC8026], and [RFC8115]. Table 1 shows how the DHCPv6 options map to the corresponding RADIUS attribute. For detailed mappings between each DHCPv6 option field and the corresponding RADIUS attribute or field, see Appendix A.
+----------------------------+-----------------------+
| DHCPv6 Option | RADIUS Attribute |
+============================+=======================+
| OPTION_S46_RULE (89) | Softwire46-Rule |
+----------------------------+-----------------------+
| OPTION_S46_BR (90) | Softwire46-BR |
+----------------------------+-----------------------+
| OPTION_S46_DMR (91) | Softwire46-DMR |
+----------------------------+-----------------------+
| OPTION_S46_V4V6BIND (92) | Softwire46-V4V6Bind |
+----------------------------+-----------------------+
| OPTION_S46_PORTPARAMS (93) | Softwire46-PORTPARAMS |
+----------------------------+-----------------------+
| OPTION_S46_PRIORITY (111) | Softwire46-Priority |
+----------------------------+-----------------------+
| OPTION_V6_PREFIX64 (113) | Softwire46-Multicast |
+----------------------------+-----------------------+
Table 1: Mapping between DHCPv6 Options and
RADIUS Attributes
A RADIUS attribute for Dual-Stack Lite [RFC6333] is defined in [RFC6519].
This document targets deployments where a trusted relationship is in place between the RADIUS client and server.
2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.
The reader should be familiar with the concepts and terms defined in [RFC7596], [RFC7597], [RFC7599], and [RFC8026].
The terms "multicast Basic Bridging BroadBand" element (mB4) and "multicast Address Family Transition Router" element (mAFTR) are defined in [RFC8114].
Softwire46 (S46) is used throughout to denote any of the IPv4-in-IPv6 softwire mechanisms listed above. Additionally, the following abbreviations are used within the document:
BNG: Broadband Network Gateway
BR: Border Relay
CE: Customer Edge
CoA: Change-of-Authorization
DMR: Default Mapping Rule
EA: Embedded Address
lwAFTR: Lightweight Address Family Transition Router
MAP-E: Mapping of Address and Port with Encapsulation
MAP-T: Mapping of Address and Port using Translation
PSID: Port Set Identifier
TLV: Type, Length, Value
3. New RADIUS Attributes
This section defines the following attributes:
1. Softwire46-Configuration Attribute (Section 3.1):
This attribute carries the configuration information for MAP-E,
MAP-T, and Lightweight 4over6. The configuration information for
each Softwire46 mechanism is carried in the corresponding
Softwire46 attributes. Different attributes are required for
each Softwire46 mechanism.
2. Softwire46-Priority Attribute (Section 3.2):
Depending on the deployment scenario, a client may support
several different Softwire46 mechanisms. Therefore, a client may
request configuration for more than one Softwire46 mechanism at a
time. The Softwire46-Priority Attribute contains information
allowing the client to prioritize which mechanism to use,
corresponding to OPTION_S46_PRIORITY defined in [RFC8026].
3. Softwire46-Multicast Attribute (Section 3.3):
This attribute conveys the IPv6 prefixes to be used in [RFC8114]
to synthesize IPv4-embedded IPv6 addresses. The BNG uses the
IPv6 prefixes returned in the RADIUS Softwire46-Multicast
Attribute to populate the DHCPv6 PREFIX64 Option [RFC8115].
All of these attributes are allocated from the RADIUS "Extended Type" code space per [RFC6929].
All of these attribute designs follow [RFC6158] and [RFC6929].
This document adheres to the guidance in [RFC8044] for defining new RADIUS attributes.
3.1. Softwire46-Configuration Attribute
This attribute is of type "tlv", as defined in "Remote Authentication Dial-In User Service (RADIUS) Protocol Extensions" [RFC6929]. It contains some sub-attributes, with the following requirements:
- The Softwire46-Configuration Attribute MUST contain one or more of
the following attributes: Softwire46-MAP-E, Softwire46-MAP-T, and/
or Softwire46-Lightweight-4over6.
- The Softwire46-Configuration Attribute conveys the configuration
information for MAP-E, MAP-T, or Lightweight 4over6. The BNG
SHALL use the configuration information returned in the RADIUS
attribute to populate the DHCPv6 Softwire46 container option(s)
defined in Section 5 of [RFC7598].
- The Softwire46-Configuration Attribute MAY appear in an Access-
Accept packet. It MAY also appear in an Access-Request packet to
indicate a preferred Softwire46 configuration. However, the
server is not required to honor such a preference.
- The Softwire46-Configuration Attribute MAY appear in a CoA-Request
packet.
- The Softwire46-Configuration Attribute MAY appear in an
Accounting-Request packet.
- The Softwire46-Configuration Attribute MUST NOT appear in any
other RADIUS packet.
The Softwire46-Configuration Attribute is structured as follows:
Type
241
Length
Indicates the total length, in bytes, of all fields of this
attribute, including the Type, Length, Extended-Type, and the
entire length of the embedded attributes.
Extended-Type
9
Value
Contains one or more of the following attributes. Each attribute
type may appear once at most:
Softwire46-MAP-E
For configuring MAP-E clients. For the construction of this
attribute, refer to Section 3.1.1.1.
Softwire46-MAP-T
For configuring MAP-T clients. For the construction of this
attribute, refer to Section 3.1.1.2.
Softwire46-Lightweight-4over6
For configuring Lightweight 4over6 clients. For the
construction of this attribute, refer to Section 3.1.1.3.
The Softwire46-Configuration Attribute is associated with the following identifier: 241.9.
3.1.1. Softwire46 Attributes
The Softwire46 attributes can only be encapsulated in the Softwire46-Configuration Attribute. Depending on the deployment scenario, a client might request more than one transition mechanism at a time. There MUST be at least one Softwire46 attribute encapsulated in one Softwire46-Configuration Attribute. There MUST be at most one instance of each type of Softwire46 attribute encapsulated in one Softwire46-Configuration Attribute.
There are three types of Softwire46 attributes, namely:
1. Softwire46-MAP-E (Section 3.1.1.1)
2. Softwire46-MAP-T (Section 3.1.1.2)
3. Softwire46-Lightweight 4over6 (Section 3.1.1.3)
Each type of Softwire46 attribute contains a number of sub- attributes, defined in Section 3.1.3. The hierarchy of the Softwire46 attributes is shown in Figure 1. Section 3.1.2 describes which sub-attributes are mandatory, optional, or not permitted for each defined Softwire46 attribute.
/1.Rule-IPv6-Prefix
S / |
o / | 1.Softwire46-Rule --+ 2.Rule-IPv4-Prefix
f | Softwire46-MAP-E--+ |
t | | 2.Softwire46-BR | 3.EA-Length
w | | \
i | | /1.PSID-Offset
r | | |
e | | 3.Softwire46-PORTPARAMS -----+ 2.PSID-Len
4 | \ |
6 | | 3.PSID
- | \
C |
o | /1.Rule-IPv6-Prefix
n | / |
f | | 1.Softwire46-Rule---+ 2.Rule-IPv4-Prefix
i | Softwire46-MAP-T--+ |
g | | 2.Softwire46-DMR | 3.EA-Length
u | | \
r | | /1.PSID-Offset
a | | |
t | | 3.Softwire46-PORTPARAMS------+ 2.PSID-Len
i | \ |
o | | 3.PSID
n | \
|
A | /1.IPv4-Address
t | / |
t | | 1.Softwire46-V4V6Bind --+ 2.Bind-IPv6-Prefix
r | Softwire46- | \
i | Lightweight-4over6+ 2.Softwire46-BR /1.PSID-Offset
b \ | |
u | 3.Softwire46-PORTPARAMS ----+ 2.PSID-Len
t \ |
e | 3.PSID
\
Figure 1: Softwire46 Attribute Hierarchy
3.1.1.1. Softwire46-MAP-E Attribute
The Softwire46-MAP-E attribute is designed to carry the configuration information for MAP-E. The structure of Softwire46-MAP-E is shown below:
TLV-Type
1
TLV-Length
Indicates the length of this attribute, including the TLV-Type,
TLV-Length, and TLV-Value fields.
TLV-Value
Contains a set of sub-attributes, with the following requirements:
It MUST contain Softwire46-Rule, defined in Section 3.1.3.1.
It MUST contain Softwire46-BR, defined in Section 3.1.3.2.
It MAY contain Softwire46-PORTPARAMS, defined in Section 3.1.3.5.
3.1.1.2. Softwire46-MAP-T Attribute
The Softwire46-MAP-T attribute is designed to carry the configuration information for MAP-T. The structure of Softwire46-MAP-T is shown below:
TLV-Type
2
TLV-Length
Indicates the length of this attribute, including the TLV-Type,
TLV-Length, and TLV-Value fields.
TLV-Value
Contains a set of sub-attributes, with the following requirements:
It MUST contain Softwire46-Rule, defined in Section 3.1.3.1.
It MUST contain Softwire46-DMR, defined in Section 3.1.3.3.
It MAY contain Softwire46-PORTPARAMS, defined in Section 3.1.3.5.
3.1.1.3. Softwire46-Lightweight-4over6 Attribute
The Softwire46-Lightweight-4over6 attribute is designed to carry the configuration information for Lightweight 4over6. The structure of Softwire46-Lightweight-4over6 is shown below:
TLV-Type
3
TLV-Length
Indicates the length of this attribute, including the TLV-Type,
TLV-Length, and TLV-Value fields.
TLV-Value
Contains a set of sub-attributes as follows:
It MUST contain Softwire46-BR, defined in Section 3.1.3.2.
It MUST contain Softwire46-V4V6Bind, defined in Section 3.1.3.4.
It MAY contain Softwire46-PORTPARAMS, defined in Section 3.1.3.5.
3.1.2. Softwire46 Sub-attributes
Table 2 shows which encapsulated sub-attributes are mandatory, optional, or not permitted for each defined Softwire46 attribute.
+-----------------------+-------+-------+--------------------+
| Sub-attributes | MAP-E | MAP-T | Lightweight 4over6 |
+=======================+=======+=======+====================+
| Softwire46-BR | 1+ | 0 | 1+ |
+-----------------------+-------+-------+--------------------+
| Softwire46-Rule | 1 | 1 | 0 |
+-----------------------+-------+-------+--------------------+
| Softwire46-DMR | 0 | 1 | 0 |
+-----------------------+-------+-------+--------------------+
| Softwire46-V4V6Bind | 0 | 0 | 1 |
+-----------------------+-------+-------+--------------------+
| Softwire46-PORTPARAMS | 0-1 | 0-1 | 0-1 |
+-----------------------+-------+-------+--------------------+
Table 2: Softwire46 Sub-attributes
The following list defines the meaning of the Table 2 entries.
0 Not permitted
0-1 Optional; zero or one instance of the attribute may be present.
1 Mandatory; only one instance of the attribute must be present.
1+ Mandatory; one or more instances of the attribute may be
present.
3.1.3. Specification of the Softwire46 Sub-attributes
3.1.3.1. Softwire46-Rule Attribute
Softwire46-Rule can only be encapsulated in Softwire46-MAP-E (Section 3.1.1.1) or Softwire46-MAP-T (Section 3.1.1.2). Depending on the deployment scenario, one Basic Mapping Rule (BMR) and zero or more Forwarding Mapping Rules (FMRs) MUST be included in Softwire46-MAP-E and Softwire46-MAP-T.
Each type of Softwire46-Rule also contains a number of sub- attributes, including Rule-IPv6-Prefix, Rule-IPv4-Prefix, and EA- Length. The structure of the sub-attributes for Softwire46-Rule is defined in Section 3.1.4.
Defining multiple TLV types achieves the same design goals as the "Softwire46 Rule Flags" defined in Section 4.1 of [RFC7598]. Using a TLV type set to 5 is equivalent to setting the F flag in the OPTION_S46_RULE S46 Rule Flags field.
TLV-Type
4 Basic Mapping Rule only (not to be used for forwarding)
5 Forwarding Permitted Mapping Rule
TLV-Length
Indicates the length of this attribute, including the TLV-Type,
TLV-Length, and TLV-Value fields.
Data Type
The attribute Softwire46-Rule is of type "tlv" (Section 3.13 of
[RFC8044]).
TLV-Value
This field contains a set of attributes as follows:
Rule-IPv6-Prefix
This attribute contains the IPv6 prefix for use in the MAP
rule. Refer to Section 3.1.4.1.
Rule-IPv4-Prefix
This attribute contains the IPv4 prefix for use in the MAP
rule. Refer to Section 3.1.4.2.
EA-Length
This attribute contains the Embedded Address (EA) bit length.
Refer to Section 3.1.4.3.
3.1.3.2. Softwire46-BR Attribute
Softwire46-BR can only be encapsulated in Softwire46-MAP-E (Section 3.1.1.1) or Softwire46-Lightweight-4over6 (Section 3.1.1.3).
There MUST be at least one Softwire46-BR included in each Softwire46-MAP-E or Softwire46-Lightweight-4over6.
The structure of Softwire46-BR is shown below:
TLV-Type
6
TLV-Length
18 octets
Data Type
The attribute Softwire46-BR is of type "ipv6addr" (Section 3.9 of
[RFC8044]).
TLV-Value
br-ipv6-address. A fixed-length field of 16 octets that specifies
the IPv6 address for the Softwire46 Border Relay (BR).
3.1.3.3. Softwire46-DMR Attribute
Softwire46-DMR may only appear in Softwire46-MAP-T (Section 3.1.1.2). There MUST be exactly one Softwire46-DMR included in one Softwire46- MAP-T.
The structure of Softwire46-DMR is shown below:
TLV-Type
7
TLV-Length
4 + length of dmr-ipv6-prefix specified in octets.
Data Type
The attribute Softwire46-DMR is of type "ipv6prefix" (Section 3.10
of [RFC8044]).
TLV-Value
A variable-length (dmr-prefix6-len) field specifying the IPv6
prefix (dmr-ipv6-prefix) for the BR. This field is right-padded
with zeros to the nearest octet boundary when dmr-prefix6-len is
not divisible by 8. Prefixes with lengths from 0 to 96 are
allowed.
3.1.3.4. Softwire46-V4V6Bind Attribute
Softwire46-V4V6Bind may only be encapsulated in Softwire46- Lightweight-4over6 (Section 3.1.1.3). There MUST be exactly one Softwire46-V4V6Bind included in each Softwire46-Lightweight-4over6.
The structure of Softwire46-V4V6Bind is shown below:
TLV-Type
8
TLV-Length
Indicates the length of this attribute, including the TLV-Type,
TLV-Length, and TLV-Value fields.
Data Type
The attribute Softwire46-V4V6Bind is of type "tlv" (Section 3.13
of [RFC8044]).
TLV-Value
This field contains a set of attributes as follows:
IPv4-Address
This attribute contains an IPv4 address, used to specify the
full or shared IPv4 address of the CE. Refer to
Section 3.1.5.1.
Bind-IPv6-Prefix
This attribute contains an IPv6 prefix used to indicate which
configured prefix the Softwire46 CE should use for constructing
the softwire. Refer to Section 3.1.5.2.
3.1.3.5. Softwire46-PORTPARAMS Attribute
Softwire46-PORTPARAMS is optional. It is used to specify port set information for IPv4 address sharing between clients. Softwire46-PORTPARAMS MAY be included in any of the Softwire46 attributes.
The structure of Softwire46-PORTPARAMS is shown below:
TLV-Type
9
TLV-Length
Indicates the length of this attribute, including the TLV-Type,
TLV-Length, and TLV-Value fields.
Data Type
The attribute Softwire46-PORTPARAMS is of type "tlv" (Section 3.13
of [RFC8044]).
TLV-Value
This field contains a set of attributes as follows:
PSID-Offset
This attribute specifies the numeric value for the Softwire46
algorithm's excluded port range/offset bits (a bits). Refer to
Section 3.1.6.1.
PSID-Len
This attribute specifies the number of significant bits in the
PSID field (also known as 'k'). Refer to Section 3.1.6.2.
PSID
This attribute specifies the PSID value. Refer to
Section 3.1.6.3.
3.1.4. Sub-attributes for Softwire46-Rule
There are two types of Softwire46-Rule: the Basic Mapping Rule and the Forwarding Mapping Rule, indicated by the value in the TLV-Type field of Softwire46-Rule (Section 3.1.3.1).
Each type of Softwire46-Rule also contains a number of sub-attributes as detailed in the following subsections.
3.1.4.1. Rule-IPv6-Prefix Attribute
Rule-IPv6-Prefix is REQUIRED for every Softwire46-Rule. There MUST be exactly one Rule-IPv6-Prefix encapsulated in each type of Softwire46-Rule.
Rule-IPv6-Prefix follows the framed IPv6 prefix designed in [RFC3162] and [RFC8044].
The structure of Rule-IPv6-Prefix is shown below:
TLV-Type
10
TLV-Length
4 + length of rule-ipv6-prefix specified in octets.
Data Type
The attribute Rule-IPv6-Prefix is of type "ipv6prefix"
(Section 3.10 of [RFC8044]).
TLV-Value
A variable-length field that specifies an IPv6 prefix (rule-
ipv6-prefix) appearing in the MAP rule.
3.1.4.2. Rule-IPv4-Prefix Attribute
This attribute is used to convey the MAP Rule IPv4 prefix. The structure of Rule-IPv4-Prefix is shown below:
TLV-Type
11
TLV-Length
4 + length of rule-ipv4-prefix specified in octets.
Data Type
The attribute Rule-IPv4-Prefix is of type "ipv4prefix"
(Section 3.11 of [RFC8044]).
TLV-Value
A variable-length field that specifies an IPv4 prefix (rule-
ipv4-prefix) appearing in the MAP rule.
3.1.4.3. EA-Length Attribute
This attribute is used to convey the Embedded Address (EA) bit length. The structure of EA-Length is shown below:
TLV-Type
12
TLV-Length
6 octets
Data Type
The attribute EA-Length is of type "integer" (Section 3.1 of
[RFC8044]).
TLV-Value
EA-len; 32 bits long. Specifies the Embedded Address (EA) bit
length. Allowed values range from 0 to 48.
3.1.5. Attributes for Softwire46-v4v6Bind
3.1.5.1. IPv4-Address Attribute
The IPv4-Address MAY be used to specify the full or shared IPv4 address of the CE.
The structure of IPv4-Address is shown below:
TLV-Type
13
TLV-Length
6 octets
Data Type
The attribute IPv4-Address is of type "ipv4addr" (Section 3.8 of
[RFC8044]).
TLV-Value
32 bits long. Specifies the IPv4 address (ipv4-address) to appear
in Softwire46-V4V6Bind (Section 3.1.3.4).
3.1.5.2. Bind-IPv6-Prefix Attribute
The Bind-IPv6-Prefix is used by the CE to identify the correct IPv6 prefix to be used as the tunnel source.
The structure of Bind-IPv6-Prefix is shown below:
TLV-Type
14
TLV-Length
4 + length of bind-ipv6-prefix specified in octets.
Data Type
The attribute Bind-IPv6-Prefix is of type "ipv6prefix"
(Section 3.10 of [RFC8044]).
TLV-Value
A variable-length field specifying the IPv6 prefix or address for
the Softwire46 CE (bind-ipv6-prefix). This field is right-padded
with zeros to the nearest octet boundary when the prefix length is
not divisible by 8.
3.1.6. Attributes for Softwire46-PORTPARAMS
3.1.6.1. PSID-Offset Attribute
This attribute is used to convey the Port Set Identifier offset as defined in [RFC7597]. This attribute is encoded in 32 bits as per the recommendation in Appendix A.2.1 of [RFC6158].
The structure of PSID-Offset is shown below:
TLV-Type
15
TLV-Length
6 octets
Data Type
The attribute PSID-Offset is of type "integer" (Section 3.1 of
[RFC8044]).
TLV-Value
Contains the PSID-Offset (8 bits) right justified, and the unused
bits in this field MUST be set to zero. This field specifies the
numeric value for the Softwire46 algorithm's excluded port range/
offset bits (a bits), as per Section 5.1 of [RFC7597].
Default values for this field are specific to the softwire
mechanism being implemented and are defined in the relevant
specification document.
3.1.6.2. PSID-Len Attribute
This attribute is used to convey the PSID length as defined in [RFC7597]. This attribute is encoded in 32 bits as per the recommendation in Appendix A.2.1 of [RFC6158].
The structure of PSID-Len is shown below:
TLV-Type
16
TLV-Length
6 octets
Data Type
The attribute PSID-Len is of type "integer" (Section 3.1 of
[RFC8044]).
TLV-Value
Contains the PSID-len (8 bits) right justified, and the unused
bits in this field MUST be set to zero. This field specifies the
number of significant bits in the PSID field (also known as 'k').
When set to 0, the PSID field is to be ignored. After the first a
bits, there are k bits in the port number representing the value
of the PSID. Subsequently, the address-sharing ratio would be
2^k.
3.1.6.3. PSID Attribute
This attribute is used to convey the PSID as defined in [RFC7597]. This attribute is encoded in 32 bits as per the recommendation in Appendix A.2.1 of [RFC6158].
The structure of PSID is shown below:
TLV-Type
17
TLV-Length
6 octets
Data Type
The attribute PSID is of type "integer" (Section 3.1 of
[RFC8044]).
TLV-Value
Contains the PSID (16 bits) right justified, and the unused bits
in this field MUST be set to zero.
The PSID value algorithmically identifies a set of ports assigned
to a CE. The first k bits on the left of this 2-octet field are
the PSID value. The remaining (16-k) bits on the right are
padding zeros.
3.2. Softwire46-Priority Attribute
The Softwire46-Priority Attribute includes an ordered list of Softwire46 mechanisms allowing the client to prioritize which mechanism to use, corresponding to OPTION_S46_PRIORITY defined in [RFC8026]. The following requirements apply:
The Softwire46-Priority Attribute MAY appear in an Access-Accept
packet. It MAY also appear in an Access-Request packet.
The Softwire46-Priority Attribute MAY appear in a CoA-Request
packet.
The Softwire46-Priority Attribute MAY appear in an Accounting-
Request packet.
The Softwire46-Priority Attribute MUST NOT appear in any other
RADIUS packet.
The Softwire46-Priority Attribute is structured as follows:
Type
241
Length
Indicates the length of this attribute, including the Type,
Length, Extended-Type and Value fields.
Extended-Type
10
TLV-Value
The attribute includes one or more Softwire46-Option-Code TLVs: A
Softwire46-Priority Attribute MUST contain at least one
Softwire46-Option-Code TLV (Section 3.2.1).
Softwire46 mechanisms are prioritized in the appearance order in
the Softwire46-Priority Attribute. That is, the first-appearing
mechanism is most preferred.
The Softwire46-Priority Attribute is associated with the following identifier: 241.10.
3.2.1. Softwire46-Option-Code
This attribute is used to convey an option code assigned to a Softwire46 mechanism [RFC8026]. This attribute is encoded in 32 bits as per the recommendation in Appendix A.2.1 of [RFC6158].
The structure of Softwire46-Option-Code is shown below:
TLV-Type
18
TLV-Length
6 octets
Data Type
The attribute Softwire46-Option-Code is of type "integer"
(Section 3.1 of [RFC8044]).
TLV-Value
A 32-bit IANA-registered option code representing a Softwire46
mechanism (Softwire46-option-code). The codes and their
corresponding Softwire46 mechanisms are listed in Section 7.3.
3.3. Softwire46-Multicast Attribute
The Softwire46-Multicast Attribute conveys the IPv6 prefixes to be used to synthesize multicast and unicast IPv4-embedded IPv6 addresses as per [RFC8114]. This attribute is of type "tlv" and contains additional TLVs. The following requirements apply:
- The BNG SHALL use the IPv6 prefixes returned in the RADIUS
Softwire46-Multicast Attribute to populate the DHCPv6 PREFIX64
Option [RFC8115].
- This attribute MAY be used in Access-Request packets as a hint to
the RADIUS server. For example, if the BNG is preconfigured for
Softwire46-Multicast, these prefixes may be inserted in the
attribute. The RADIUS server MAY ignore the hint sent by the BNG,
and it MAY assign a different Softwire46-Multicast Attribute.
- The Softwire46-Multicast Attribute MAY appear in an Access-
Request, Access-Accept, CoA-Request, and Accounting-Request
packet.
- The Softwire46-Multicast Attribute MUST NOT appear in any other
RADIUS packet.
- The Softwire46-Multicast Attribute MAY contain ASM-Prefix64
(Section 3.3.1), SSM-Prefix64 (Section 3.3.2), and U-Prefix64
(Section 3.3.3).
- The Softwire46-Multicast Attribute MUST include ASM-Prefix64 or
SSM-Prefix64, and it MAY include both.
- The U-Prefix64 MUST be present when SSM-Prefix64 is present.
U-Prefix64 MAY be present when ASM-Prefix64 is present.
The Softwire46-Multicast Attribute is structured as follows:
Type
241
Length
This field indicates the total length in bytes of all fields of
this attribute, including the Type, Length, Extended-Type, and the
entire length of the embedded attributes.
Extended-Type
11
Value
This field contains a set of attributes as follows:
ASM-Prefix64
This attribute contains the Any-Source Multicast (ASM) IPv6
prefix. Refer to Section 3.3.1.
SSM-Prefix64
This attribute contains the Source-Source Multicast (SSM) IPv6
prefix. Refer to Section 3.3.2.
U-Prefix64
This attribute contains the IPv4 prefix used for address
translation. Refer to Section 3.3.3.
The Softwire46-Multicast Attribute is associated with the following identifier: 241.11.
3.3.1. ASM-Prefix64 Attribute
The ASM-Prefix64 attribute is structured as follows:
TLV-Type
19
TLV-Length
16 octets. The length of asm-prefix64 must be /96 [RFC8115].
Data Type
The attribute ASM-Prefix64 is of type "ipv6prefix" (Section 3.10
of [RFC8044]).
TLV-Value
This field specifies the IPv6 multicast prefix (asm-prefix64) to
be used to synthesize the IPv4-embedded IPv6 addresses of the
multicast groups in the ASM mode. The conveyed multicast IPv6
prefix MUST belong to the ASM range.
3.3.2. SSM-Prefix64 Attribute
The SSM-Prefix64 attribute is structured as follows:
Type
20
TLV-Length
16 octets. The length of ssm-prefix64 must be /96 [RFC8115].
Data Type
The attribute SSM-Prefix64 is of type "ipv6prefix" (Section 3.10
of [RFC8044]).
TLV-Type
This field specifies the IPv6 multicast prefix (ssm-prefix64) to
be used to synthesize the IPv4-embedded IPv6 addresses of the
multicast groups in the SSM mode. The conveyed multicast IPv6
prefix MUST belong to the SSM range.
3.3.3. U-Prefix64 Attribute
The structure of U-Prefix64 is shown below:
TLV-Type
21
TLV-Length
4 + length of unicast-prefix. As specified in [RFC6052], the
unicast-prefix prefix length MUST be set to 32, 40, 48, 56, 64, or
96.
Data Type
The attribute U-Prefix64 is of type "ipv6prefix" (Section 3.10 of
[RFC8044]).
TLV-Value
This field identifies the IPv6 unicast prefix (u-prefix64) to be
used in the SSM mode for constructing the IPv4-embedded IPv6
addresses representing the IPv4 multicast sources in the IPv6
domain. It may also be used to extract the IPv4 address from the
received multicast data flows.
4. A Sample Configuration Process with RADIUS
Figure 2 illustrates how the RADIUS and DHCPv6 protocols interwork to provide CE with softwire configuration information.
CE BNG AAA Server
| | |
|-------1.DHCPv6 Solicit------->| |
|(ORO with unicast and/or | |
| multicast container option | |
| codes(s)) | |
| |-------2.Access-Request------->|
| | (Softwire46-Configuration |
| | Attribute and/or |
| |Softwire46-Multicast Attribute)|
| | |
| |<------3.Access-Accept---------|
| | (Softwire46-Configuration |
| | Attribute and/or |
| |Softwire46-Multicast Attribute)|
| | |
|<----4.DHCPv6 Advertisement----| |
| (container option(s)) | |
| | |
|-------5.DHCPv6 Request------>| |
| (container option(s)) | |
| | |
|<--------6.DHCPv6 Reply--------| |
| (container option(s)) | |
| | |
DHCPv6 RADIUS
Figure 2: Interaction between DHCPv6 and AAA Server with
RADIUS Authentication
1. The CE creates a DHCPv6 Solicit message. For unicast softwire configuration, the message includes an OPTION_REQUEST_OPTION (6) with the Softwire46 Container option code(s) as defined in [RFC7598]. OPTION_S46_CONT_MAPE (94) should be included for MAP- E, OPTION_S46_CONT_MAPT (95) for MAP-T, and OPTION_S46_CONT_LW (96) for Lightweight 4over6. For multicast configuration, the option number for OPTION_V6_PREFIX64 (113) is included in the client's Option Request Option (ORO). The message is sent to the BNG.
2. On receipt of the DHCPv6 Solicit message, the BNG constructs a RADIUS Access-Request message containing a User-Name Attribute (1) (containing either a CE Media Access Control (MAC) address, interface-id, or both) and a User-Password Attribute (2) (with a preconfigured shared password between the CE and AAA server as defined in [RFC2865]). The Softwire46-Configuration Attribute and/or Softwire46-Multicast Attribute are also included (as requested by the client). The resulting message is sent to the AAA server.
3. The AAA server authenticates the request. If this is successful,
and a suitable configuration is available, an Access-Accept
message is sent to the BNG containing the requested
Softwire46-Configuration Attribute or Softwire46-Multicast
Attribute. It is the responsibility of the AAA server to ensure
the consistency of the provided configuration.
4. The BNG maps the received softwire configuration into the
corresponding fields in the DHCPv6 softwire configuration
option(s). These are included in the DHCPv6 Advertise message,
which is sent to the CE.
5. The CE sends a DHCPv6 Request message. In the ORO, the option codes of any of the required softwire options that were received in the DHCPv6 Advertise message are included.
6. The BNG sends a DHCPv6 Reply message to the client containing the
softwire container option(s) enumerated in the ORO.
The authorization operation could be done independently after the authentication process. In this case, steps 1-5 are completed as above, then the following steps are performed:
6a. When the BNG receives the DHCPv6 Request, it constructs a RADIUS
Access-Request message, which contains a Service-Type Attribute
(6) with the value "Authorize Only" (17), the corresponding
Softwire46-Configuration Attribute, and a State Attribute
obtained from the previous authentication process according to
[RFC5080]. The resulting message is sent to the AAA server.
7a. The AAA server checks the authorization request. If it is
approved, an Access-Accept message is returned to the BNG with
the corresponding Softwire46-Configuration Attribute.
8a. The BNG sends a Reply message to the client containing the
softwire container options enumerated in the ORO.
In addition to the above, the following points need to be considered:
- In the configuration message flows described above, the Message-
Authenticator (type 80) [RFC2869] should be used to protect both
Access-Request and Access-Accept messages.
- If the BNG does not receive the corresponding
Softwire46-Configuration Attribute in the Access-Accept message,
it may fall back to creating the DHCPv6 softwire configuration
options using the preconfigured Softwire46 configuration if this
is present.
- If the BNG receives an Access-Reject from the AAA server, then the
Softwire46 configuration must not be supplied to the client.
- As specified in Section 18.2.5 of [RFC8415] ("Creation and
Transmission of Rebind Messages") if the DHCPv6 server to which
the DHCPv6 Renew message was sent at time T1 has not responded by time T2, the CE (DHCPv6 client) should enter the Rebind state and attempt to contact any available server. In this situation, a secondary BNG receiving the DHCPv6 message must initiate a new Access-Request message towards the AAA server. The secondary BNG includes the Softwire46-Configuration Attribute in this Access- Request message.
- For Lightweight 4over6, the CE's binding state needs to be
synchronized between the clients and the Lightweight AFTR
(lwAFTR)/BR. This can be achieved in two ways: static
preconfiguration of the bindings on both the AAA server and lwAFTR
or on demand, whereby the AAA server updates the lwAFTR with the
CE's binding state as it is created or deleted.
In some deployments, the DHCP server may use the Accounting-Request to report the softwire configuration returned to a requesting host to a AAA server. It is the responsibility of the DHCP server to ensure the consistency of the configuration provided to the requesting hosts. Reported data to a AAA server may be required for various operational purposes (e.g., regulatory).
A configuration change (e.g., BR address) may result in an exchange of CoA-Requests between the BNG and the AAA server, as shown in Figure 3. Concretely, when the BNG receives a CoA-Request message containing Softwire46 attributes, it sends a DHCPv6 Reconfigure message to the appropriate CE to inform that CE that an updated configuration is available. Upon receipt of such a message, the CE sends a DHCPv6 Renew or Information-Request in order to receive the updated Softwire46 configuration. In deployments where the BNG embeds a DHCPv6 relay, CoA-Requests can be used following the procedure specified in [RFC6977].
CE BNG AAA Server
| | |
|---DHCPv6 Solicit--------->| |
| |---Access-Request---------->|
| |<--Access-Accept------------|
| |(Softwire46-Configuration |
| | Attribute ...) |
....
| | |
| |<-----CoA-Request-----------|
| |(Softwire46-Configuration |
| | Attribute ...) |
| |------CoA-Response--------->|
|<--DHCPv6 Reconfigure------| |
| | |
....
Figure 3: Change of Configuration Example
5. Table of Attributes
This document specifies three new RADIUS attributes, and their formats are as follows:
- Softwire46-Configuration Attribute: 241.9
- Softwire46-Priority Attribute: 241.10
- Softwire46-Multicast Attribute: 241.11
Table 3 describes which attributes may be found in which kinds of packets and in what quantity.
+-------+------+------+---------+----+-------+------+---------------+ |Request|Accept|Reject|Challenge|Acct|CoA-Req| # | Attribute | | | | | |Req | | | | +=======+======+======+=========+====+=======+======+===============+ | 0-1 | 0-1 | 0 | 0 |0-1 | 0-1 |241.9 | Softwire46- | | | | | | | | | Configuration | +-------+------+------+---------+----+-------+------+---------------+ | 0-1 | 0-1 | 0 | 0 |0-1 | 0-1 |241.10| Softwire46- | | | | | | | | | Priority | +-------+------+------+---------+----+-------+------+---------------+ | 0-1 | 0-1 | 0 | 0 |0-1 | 0-1 |241.11| Softwire46- | | | | | | | | | Multicast | +-------+------+------+---------+----+-------+------+---------------+
Table 3: Table of Attributes
6. Security Considerations
Section 9 of [RFC7596] discusses security issues related to Lightweight 4over6; Section 10 of [RFC7597] discusses security issues related to MAP-E; Section 13 of [RFC7599] discusses security issues related to MAP-T; and Section 9 of [RFC8114] discusses security issues related to the delivery of IPv4 multicast services to IPv4 clients over an IPv6 multicast network.
This document does not introduce any security issues inherently different from those already identified in Section 8 of [RFC2865] and Section 6 of [RFC5176] for CoA messages. Known security vulnerabilities of the RADIUS protocol discussed in Section 7 of [RFC2607] and Section 7 of [RFC2869] apply to this specification. These well-established properties of the RADIUS protocol place some limitations on how it can safely be used, since there is some inherent requirement to trust the counterparty to not misbehave.
Accordingly, this document targets deployments where a trusted relationship is in place between the RADIUS client and server, with communication optionally secured by IPsec or Transport Layer Security (TLS) [RFC6614]. The use of IPsec [RFC4301] for providing security when RADIUS is carried in IPv6 is discussed in [RFC3162].
Security considerations for interactions between a Softwire46 CE and the BNG are discussed in Section 9 of [RFC7598] (DHCPv6 options for the configuration of Softwire46 address and port-mapped clients), Section 3 of [RFC8026] (a DHCPv6-based Softwire46 prioritization mechanism), and Section 5 of [RFC8115] (DHCPv6 options for configuration of IPv4-embedded IPv6 prefixes).
7. IANA Considerations
IANA has made new code point assignments for RADIUS attributes as described in the following subsections. The assignments should use the RADIUS registry available at <https://www.iana.org/assignments/ radius-types/>.
7.1. New RADIUS Attributes
IANA has assigned the attribute types defined in this document from the RADIUS namespace as described in Section 2 (IANA Considerations) of [RFC3575], in accordance with BCP 26 [RFC8126].
IANA has registered three new RADIUS attributes from the "Short Extended Space" section of [RFC6929]. The attributes are the Softwire46-Configuration Attribute, Softwire46-Priority Attribute, and Softwire46-Multicast Attribute:
+--------+--------------------------+-----------+-------------+
| Type | Description | Data Type | Reference |
+========+==========================+===========+=============+
| 241.9 | Softwire46-Configuration | tlv | Section 3.1 |
+--------+--------------------------+-----------+-------------+
| 241.10 | Softwire46-Priority | tlv | Section 3.2 |
+--------+--------------------------+-----------+-------------+
| 241.11 | Softwire46-Multicast | tlv | Section 3.3 |
+--------+--------------------------+-----------+-------------+
Table 4: New RADIUS Attributes
7.2. RADIUS Softwire46 Configuration and Multicast Attributes
IANA has created a new registry called "RADIUS Softwire46 Configuration and Multicast Attributes".
All attributes in this registry have one or more parent RADIUS attributes in nesting (refer to [RFC6929]).
This registry has been initially populated with the following values:
+--------+-------------------------------+------------+-----------+ | Value | Description | Data Type | Reference | +========+===============================+============+===========+ | 0 | Reserved | | | +--------+-------------------------------+------------+-----------+ | 1 | Softwire46-MAP-E | tlv | Section | | | | | 3.1.1.1 | +--------+-------------------------------+------------+-----------+ | 2 | Softwire46-MAP-T | tlv | Section | | | | | 3.1.1.2 | +--------+-------------------------------+------------+-----------+ | 3 | Softwire46-Lightweight-4over6 | tlv | Section | | | | | 3.1.1.3 | +--------+-------------------------------+------------+-----------+ | 4 | Softwire46-Rule (BMR) | tlv | Section | | | | | 3.1.3.1 | +--------+-------------------------------+------------+-----------+ | 5 | Softwire46-Rule (FMR) | tlv | Section | | | | | 3.1.3.1 | +--------+-------------------------------+------------+-----------+ | 6 | Softwire46-BR | ipv6addr | Section | | | | | 3.1.3.2 | +--------+-------------------------------+------------+-----------+ | 7 | Softwire46-DMR | ipv6prefix | Section | | | | | 3.1.3.3 | +--------+-------------------------------+------------+-----------+ | 8 | Softwire46-V4V6Bind | tlv | Section | | | | | 3.1.3.4 | +--------+-------------------------------+------------+-----------+ | 9 | Softwire46-PORTPARAMS | tlv | Section | | | | | 3.1.3.5 | +--------+-------------------------------+------------+-----------+ | 10 | Rule-IPv6-Prefix | ipv6prefix | Section | | | | | 3.1.4.1 | +--------+-------------------------------+------------+-----------+ | 11 | Rule-IPv4-Prefix | ipv4prefix | Section | | | | | 3.1.4.2 | +--------+-------------------------------+------------+-----------+ | 12 | EA-Length | integer | Section | | | | | 3.1.4.3 | +--------+-------------------------------+------------+-----------+ | 13 | IPv4-Address | ipv4addr | Section | | | | | 3.1.5.1 | +--------+-------------------------------+------------+-----------+ | 14 | Bind-IPv6-Prefix | ipv6prefix | Section | | | | | 3.1.5.2 | +--------+-------------------------------+------------+-----------+ | 15 | PSID-Offset | integer | Section | | | | | 3.1.6.1 | +--------+-------------------------------+------------+-----------+ | 16 | PSID-Len | integer | Section | | | | | 3.1.6.2 | +--------+-------------------------------+------------+-----------+ | 17 | PSID | integer | Section | | | | | 3.1.6.3 | +--------+-------------------------------+------------+-----------+ | 18 | Softwire46-Option-Code | integer | Section | | | | | 3.2.1 | +--------+-------------------------------+------------+-----------+ | 19 | ASM-Prefix64 | ipv6prefix | Section | | | | | 3.3.1 | +--------+-------------------------------+------------+-----------+ | 20 | SSM-Prefix64 | ipv6prefix | Section | | | | | 3.3.2 | +--------+-------------------------------+------------+-----------+ | 21 | U-Prefix64 | ipv6prefix | Section | | | | | 3.3.3 | +--------+-------------------------------+------------+-----------+ | 22-255 | Unassigned | | | +--------+-------------------------------+------------+-----------+
Table 5: RADIUS Softwire46 Configuration and Multicast Attributes
The registration procedure for this registry is Standards Action as defined in [RFC8126].
7.3. Softwire46 Mechanisms and Their Identifying Option Codes
The Softwire46-Priority Attribute conveys an ordered list of option codes assigned to Softwire46 mechanisms, for which IANA has created and will maintain a new registry titled "Option Codes Permitted in the Softwire46-Priority Attribute".
Table 6 shows the initial version of allowed option codes and the Softwire46 mechanisms that they represent. The option code for DS- Lite is derived from the IANA-allocated RADIUS Attribute Type value for DS-Lite [RFC6519]. The option codes for MAP-E, MAP-T, and Lightweight 4over6 are the TLV-Type values for the MAP-E, MAP-T, and Lightweight 4over6 attributes defined in Section 3.1.1.
+-------------+----------------------+-----------+
| Option Code | Softwire46 Mechanism | Reference |
+=============+======================+===========+
| 1 | MAP-E | [RFC7597] |
+-------------+----------------------+-----------+
| 2 | MAP-T | [RFC7599] |
+-------------+----------------------+-----------+
| 3 | Lightweight 4over6 | [RFC7596] |
+-------------+----------------------+-----------+
| 144 | DS-Lite | [RFC6519] |
+-------------+----------------------+-----------+
Table 6: Option Codes to S46 Mechanisms
Additional option codes may be added to this list in the future using the IETF Review process described in Section 4.8 of [RFC8126].
8. References
8.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>.
[RFC2865] Rigney, C., Willens, S., Rubens, A., and W. Simpson,
"Remote Authentication Dial In User Service (RADIUS)",
RFC 2865, DOI 10.17487/RFC2865, June 2000,
<https://www.rfc-editor.org/info/rfc2865>.
[RFC3162] Aboba, B., Zorn, G., and D. Mitton, "RADIUS and IPv6",
RFC 3162, DOI 10.17487/RFC3162, August 2001,
<https://www.rfc-editor.org/info/rfc3162>.
[RFC3575] Aboba, B., "IANA Considerations for RADIUS (Remote
Authentication Dial In User Service)", RFC 3575,
DOI 10.17487/RFC3575, July 2003,
<https://www.rfc-editor.org/info/rfc3575>.
[RFC5080] Nelson, D. and A. DeKok, "Common Remote Authentication
Dial In User Service (RADIUS) Implementation Issues and
Suggested Fixes", RFC 5080, DOI 10.17487/RFC5080, December
2007, <https://www.rfc-editor.org/info/rfc5080>.
[RFC5176] Chiba, M., Dommety, G., Eklund, M., Mitton, D., and B.
Aboba, "Dynamic Authorization Extensions to Remote
Authentication Dial In User Service (RADIUS)", RFC 5176,
DOI 10.17487/RFC5176, January 2008,
<https://www.rfc-editor.org/info/rfc5176>.
[RFC6052] Bao, C., Huitema, C., Bagnulo, M., Boucadair, M., and X.
Li, "IPv6 Addressing of IPv4/IPv6 Translators", RFC 6052,
DOI 10.17487/RFC6052, October 2010,
<https://www.rfc-editor.org/info/rfc6052>.
[RFC6158] DeKok, A., Ed. and G. Weber, "RADIUS Design Guidelines",
BCP 158, RFC 6158, DOI 10.17487/RFC6158, March 2011,
<https://www.rfc-editor.org/info/rfc6158>.
[RFC6929] DeKok, A. and A. Lior, "Remote Authentication Dial In User
Service (RADIUS) Protocol Extensions", RFC 6929,
DOI 10.17487/RFC6929, April 2013,
<https://www.rfc-editor.org/info/rfc6929>.
[RFC8026] Boucadair, M. and I. Farrer, "Unified IPv4-in-IPv6
Softwire Customer Premises Equipment (CPE): A DHCPv6-Based
Prioritization Mechanism", RFC 8026, DOI 10.17487/RFC8026,
November 2016, <https://www.rfc-editor.org/info/rfc8026>.
[RFC8044] DeKok, A., "Data Types in RADIUS", RFC 8044,
DOI 10.17487/RFC8044, January 2017,
<https://www.rfc-editor.org/info/rfc8044>.
[RFC8115] Boucadair, M., Qin, J., Tsou, T., and X. Deng, "DHCPv6
Option for IPv4-Embedded Multicast and Unicast IPv6
Prefixes", RFC 8115, DOI 10.17487/RFC8115, March 2017,
<https://www.rfc-editor.org/info/rfc8115>.
[RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for
Writing an IANA Considerations Section in RFCs", BCP 26,
RFC 8126, DOI 10.17487/RFC8126, June 2017,
<https://www.rfc-editor.org/info/rfc8126>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>.
[RFC8415] Mrugalski, T., Siodelski, M., Volz, B., Yourtchenko, A.,
Richardson, M., Jiang, S., Lemon, T., and T. Winters,
"Dynamic Host Configuration Protocol for IPv6 (DHCPv6)",
RFC 8415, DOI 10.17487/RFC8415, November 2018,
<https://www.rfc-editor.org/info/rfc8415>.
8.2. Informative References
[LIGHTWEIGHT-4OVER6]
Xie, C., Sun, Q., Qiong, Q., Zhou, C., Tsou, T., and Z.
Liu, "Radius Extension for Lightweight 4over6", Work in
Progress, Internet-Draft, draft-sun-softwire-lw4over6-
radext-01, 6 March 2014, <https://tools.ietf.org/html/
draft-sun-softwire-lw4over6-radext-01>.
[RADIUS-EXT]
Wang, Q., Meng, W., Wang, C., and M. Boucadair, "RADIUS
Extensions for IPv4-Embedded Multicast and Unicast IPv6
Prefixes", Work in Progress, Internet-Draft, draft-wang-
radext-multicast-radius-ext-00, 2 December 2015,
<https://tools.ietf.org/html/draft-wang-radext-multicast-
radius-ext-00>.
[RFC2607] Aboba, B. and J. Vollbrecht, "Proxy Chaining and Policy
Implementation in Roaming", RFC 2607,
DOI 10.17487/RFC2607, June 1999,
<https://www.rfc-editor.org/info/rfc2607>.
[RFC2869] Rigney, C., Willats, W., and P. Calhoun, "RADIUS
Extensions", RFC 2869, DOI 10.17487/RFC2869, June 2000,
<https://www.rfc-editor.org/info/rfc2869>.
[RFC4301] Kent, S. and K. Seo, "Security Architecture for the
Internet Protocol", RFC 4301, DOI 10.17487/RFC4301,
December 2005, <https://www.rfc-editor.org/info/rfc4301>.
[RFC6333] Durand, A., Droms, R., Woodyatt, J., and Y. Lee, "Dual-
Stack Lite Broadband Deployments Following IPv4
Exhaustion", RFC 6333, DOI 10.17487/RFC6333, August 2011,
<https://www.rfc-editor.org/info/rfc6333>.
[RFC6346] Bush, R., Ed., "The Address plus Port (A+P) Approach to
the IPv4 Address Shortage", RFC 6346,
DOI 10.17487/RFC6346, August 2011,
<https://www.rfc-editor.org/info/rfc6346>.
[RFC6519] Maglione, R. and A. Durand, "RADIUS Extensions for Dual-
Stack Lite", RFC 6519, DOI 10.17487/RFC6519, February
2012, <https://www.rfc-editor.org/info/rfc6519>.
[RFC6614] Winter, S., McCauley, M., Venaas, S., and K. Wierenga,
"Transport Layer Security (TLS) Encryption for RADIUS",
RFC 6614, DOI 10.17487/RFC6614, May 2012,
<https://www.rfc-editor.org/info/rfc6614>.
[RFC6977] Boucadair, M. and X. Pougnard, "Triggering DHCPv6
Reconfiguration from Relay Agents", RFC 6977,
DOI 10.17487/RFC6977, July 2013,
<https://www.rfc-editor.org/info/rfc6977>.
[RFC7596] Cui, Y., Sun, Q., Boucadair, M., Tsou, T., Lee, Y., and I.
Farrer, "Lightweight 4over6: An Extension to the Dual-
Stack Lite Architecture", RFC 7596, DOI 10.17487/RFC7596,
July 2015, <https://www.rfc-editor.org/info/rfc7596>.
[RFC7597] Troan, O., Ed., Dec, W., Li, X., Bao, C., Matsushima, S.,
Murakami, T., and T. Taylor, Ed., "Mapping of Address and
Port with Encapsulation (MAP-E)", RFC 7597,
DOI 10.17487/RFC7597, July 2015,
<https://www.rfc-editor.org/info/rfc7597>.
[RFC7598] Mrugalski, T., Troan, O., Farrer, I., Perreault, S., Dec,
W., Bao, C., Yeh, L., and X. Deng, "DHCPv6 Options for
Configuration of Softwire Address and Port-Mapped
Clients", RFC 7598, DOI 10.17487/RFC7598, July 2015,
<https://www.rfc-editor.org/info/rfc7598>.
[RFC7599] Li, X., Bao, C., Dec, W., Ed., Troan, O., Matsushima, S.,
and T. Murakami, "Mapping of Address and Port using
Translation (MAP-T)", RFC 7599, DOI 10.17487/RFC7599, July
2015, <https://www.rfc-editor.org/info/rfc7599>.
[RFC8114] Boucadair, M., Qin, C., Jacquenet, C., Lee, Y., and Q.
Wang, "Delivery of IPv4 Multicast Services to IPv4 Clients
over an IPv6 Multicast Network", RFC 8114,
DOI 10.17487/RFC8114, March 2017,
<https://www.rfc-editor.org/info/rfc8114>.
Appendix A. DHCPv6 to RADIUS Field Mappings
The following sections detail the mappings between the softwire DHCPv6 option fields and the relevant RADIUS attributes as defined in this document.
A.1. OPTION_S46_RULE (89) to Softwire46-Rule Sub-TLV Field Mappings
+-----------------------+----------------------+------------------+ | OPTION_S46_RULE Field | Softwire46-Rule Name | TLV Subfield | +=======================+======================+==================+ | flags | N/A | TLV-type (4, 5) | +-----------------------+----------------------+------------------+ | ea-len | EA-Length | EA-len | +-----------------------+----------------------+------------------+ | prefix4-len | Rule-IPv4-Prefix | Prefix-Length | +-----------------------+----------------------+------------------+ | ipv4-prefix | Rule-IPv4-Prefix | rule-ipv4-prefix | +-----------------------+----------------------+------------------+ | prefix6-len | Rule-IPv6-Prefix | Prefix-Length | +-----------------------+----------------------+------------------+ | ipv6-prefix | Rule-IPv6-Prefix | rule-ipv6-prefix | +-----------------------+----------------------+------------------+
Table 7: OPTION_S46_RULE to Softwire46-Rule Sub-TLV Field Mappings
A.2. OPTION_S46_BR (90) to Softwire46-BR Field Mappings
+---------------------+------------------------+
| OPTION_S46_BR Field | Softwire46-BR Subfield |
+=====================+========================+
| br-ipv6-address | br-ipv6-address |
+---------------------+------------------------+
Table 8: OPTION_S46_BR to Softwire46-BR
Field Mappings
A.3. OPTION_S46_DMR (91) to Softwire46-DMR
+----------------------+-------------------------+
| OPTION_S46_DMR Field | Softwire46-DMR Subfield |
+======================+=========================+
| dmr-prefix6-len | dmr-prefix6-len |
+----------------------+-------------------------+
| dmr-ipv6-prefix | dmr-ipv6-prefix |
+----------------------+-------------------------+
Table 9: OPTION_S46_DMR to Softwire46-DMR
Field Mappings
A.4. OPTION_S46_V4V6BIND (92) to Softwire46-V4V6Bind
+---------------------+---------------------+------------------+ | OPTION_S46_V4V6BIND | Softwire46-V4V6Bind | TLV Subfield | | Field | Name | | +=====================+=====================+==================+ | ipv4-address | IPv4-Address | ipv4-address | +---------------------+---------------------+------------------+ | bindprefix6-len | Bind-IPv6-Prefix | Prefix-Length | +---------------------+---------------------+------------------+ | bind-ipv6-prefix | Bind-IPv6-Prefix | bind-ipv6-prefix | +---------------------+---------------------+------------------+
Table 10: OPTION_S46_V4V6BIND to Softwire46-V4V6Bind
Field Mappings
A.5. OPTION_S46_PORTPARAMS (93) to Softwire46-PORTPARAMS Field Mappings
+-----------------------------+-----------------------+-------------+ | OPTION_S46_PORTPARAMS | Softwire46-PORTPARAMS | TLV | | Field | Name | Subfield | +=============================+=======================+=============+ | offset | PSID-Offset | PSID-Offset | +-----------------------------+-----------------------+-------------+ | PSID-len | PSID-Len | PSID-len | +-----------------------------+-----------------------+-------------+ | PSID | PSID | PSID | +-----------------------------+-----------------------+-------------+
Table 11: OPTION_S46_PORTPARAMS to Softwire46-PORTPARAMS
Field Mappings
A.6. OPTION_S46_PRIORITY (111) to Softwire46-PORTPARAMS Field Mappings
+---------------------------+------------------------+
| OPTION_S46_PRIORITY Field | Softwire46-Priority |
| | Attribute Subfield |
+===========================+========================+
| s46-option-code | Softwire46-option-code |
+---------------------------+------------------------+
Table 12: OPTION_S46_PRIORITY to
Softwire46-PORTPARAMS Field Mappings
A.7. OPTION_V6_PREFIX64 (113) to Softwire46-Multicast Attribute Field
Mappings
+--------------------------+----------------------+---------------+ | OPTION_V6_PREFIX64 Field | Softwire46-Multicast | TLV Subfield | | | Attribute TLV Name | | +==========================+======================+===============+ | asm-length | ASM-Prefix64 | Prefix-Length | +--------------------------+----------------------+---------------+ | ASM_mPrefix64 | ASM-Prefix64 | asm-prefix64 | +--------------------------+----------------------+---------------+ | ssm-length | SSM-Prefix64 | Prefix-Length | +--------------------------+----------------------+---------------+ | SSM_mPrefix64 | SSM-Prefix64 | ssm-prefix64 | +--------------------------+----------------------+---------------+ | unicast-length | U-Prefix64 | Prefix-Length | +--------------------------+----------------------+---------------+ | uPrefix64 | U-Prefix64 | u-prefix64 | +--------------------------+----------------------+---------------+
Table 13: OPTION_V6_PREFIX64 to Softwire46-Multicast Field Mappings
Acknowledgements
The authors would like to thank Peter Lothberg, Wojciech Dec, Ian Farrer, Suresh Krishnan, Qian Wang, Wei Meng, Cui Wang, Alan Dekok, Stefan Winter, and Yu Tianpeng for their valuable comments regarding this document.
This document was merged with [LIGHTWEIGHT-4OVER6] and [RADIUS-EXT]. Thanks to everyone who contributed to this document.
Many thanks to Al Morton, Bernie Volz, Joel Halpern, and Donald Eastlake for the review.
Contributors
Bing Liu Huawei Technologies Co., Ltd. China
Email: leo.liubing@huawei.com
Peter Deacon IEA Software, Inc. United States of America
Email: peterd@iea-software.com
Qiong Sun China Telecom China
Email: sunqiong@ctbri.com.cn
Qi Sun Tsinghua University China
Email: sunqibupt@gmail.com
Cathy Zhou Huawei Technologies China
Email: cathy.zhou@huawei.com
Tina Tsou Huawei Technologies (USA) United States of America
Email: Tina.Tsou.Zouting@huawei.com
ZiLong Liu Tsinghua University China
Email: liuzilong8266@126.com
Yong Cui Tsinghua University China
Email: yong@csnet1.cs.tsinghua.edu.cn
Authors' Addresses
Sheng Jiang (editor) China Hai-Dian District, Beijing, 100095 Q14, Huawei Campus, No.156 Beiqing Road Huawei Technologies Co., Ltd.
Email: jiangsheng@huawei.com
Yu Fu (editor) China Hai-Dian District, Beijing, 100190 No.4 South 4th Street, Zhongguancun CNNIC
Email: eleven711711@foxmail.com
Chongfeng Xie China Beijing China Telecom
Email: xiechf.bri@chinatelecom.cn
Tianxiang Li China 100084 Beijing Tsinghua University
Email: peter416733@gmail.com
Mohamed Boucadair (editor) Orange 35000 Rennes France
Email: mohamed.boucadair@orange.com
/home/gen.uk/domains/wiki.gen.uk/public_html/data/pages/rfc/rfc8658.txt · Last modified: 2019/11/12 00:09 by 127.0.0.1