idnits 2.17.00 (12 Aug 2021) /tmp/idnits11328/draft-ietf-softwire-map-radius-26.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There is 1 instance of too long lines in the document, the longest one being 1 character in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 1292 has weird spacing: '...uration tlv ...' -- The document date (June 14, 2019) is 1065 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Downref: Normative reference to an Informational RFC: RFC 5176 Summary: 2 errors (**), 0 flaws (~~), 2 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Softwire S. Jiang, Ed. 3 Internet-Draft Huawei Technologies Co., Ltd 4 Intended status: Standards Track Y. Fu, Ed. 5 Expires: December 16, 2019 CNNIC 6 C. Xie 7 China Telecom 8 T. Li 9 Tsinghua University 10 M. Boucadair, Ed. 11 Orange 12 June 14, 2019 14 RADIUS Attributes for Address plus Port (A+P) based Softwire Mechanisms 15 draft-ietf-softwire-map-radius-26 17 Abstract 19 IPv4-over-IPv6 transition mechanisms provide IPv4 connectivity 20 services over IPv6 native networks during the IPv4/IPv6 co-existence 21 period. DHCPv6 options have been defined for configuring clients for 22 Lightweight 4over6, Mapping of Address and Port with Encapsulation, 23 and Mapping of Address and Port using Translation unicast softwire 24 mechanisms, and also multicast softwires. However, in many networks, 25 configuration information is stored in an Authentication, 26 Authorization, and Accounting server which utilizes the RADIUS 27 protocol to provide centralized management for users. When a new 28 transition mechanism is developed, new RADIUS attributes need to be 29 defined correspondingly. 31 This document defines new RADIUS attributes to carry Address plus 32 Port based softwire configuration parameters from an Authentication, 33 Authorization, and Accounting server to a Broadband Network Gateway. 34 Both unicast and multicast attributes are covered. 36 Status of This Memo 38 This Internet-Draft is submitted in full conformance with the 39 provisions of BCP 78 and BCP 79. 41 Internet-Drafts are working documents of the Internet Engineering 42 Task Force (IETF). Note that other groups may also distribute 43 working documents as Internet-Drafts. The list of current Internet- 44 Drafts is at https://datatracker.ietf.org/drafts/current/. 46 Internet-Drafts are draft documents valid for a maximum of six months 47 and may be updated, replaced, or obsoleted by other documents at any 48 time. It is inappropriate to use Internet-Drafts as reference 49 material or to cite them other than as "work in progress." 51 This Internet-Draft will expire on December 16, 2019. 53 Copyright Notice 55 Copyright (c) 2019 IETF Trust and the persons identified as the 56 document authors. All rights reserved. 58 This document is subject to BCP 78 and the IETF Trust's Legal 59 Provisions Relating to IETF Documents 60 (https://trustee.ietf.org/license-info) in effect on the date of 61 publication of this document. Please review these documents 62 carefully, as they describe your rights and restrictions with respect 63 to this document. Code Components extracted from this document must 64 include Simplified BSD License text as described in Section 4.e of 65 the Trust Legal Provisions and are provided without warranty as 66 described in the Simplified BSD License. 68 Table of Contents 70 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 71 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5 72 3. New RADIUS Attributes . . . . . . . . . . . . . . . . . . . . 6 73 3.1. Softwire46-Configuration Attribute . . . . . . . . . . . 7 74 3.1.1. Softwire46 Attributes . . . . . . . . . . . . . . . . 8 75 3.1.1.1. Softwire46-MAP-E Attribute . . . . . . . . . . . 10 76 3.1.1.2. Softwire46-MAP-T Attribute . . . . . . . . . . . 10 77 3.1.1.3. Softwire46-Lightweight-4over6 Attribute . . . . . 11 78 3.1.2. Softwire46 Sub-Attributes . . . . . . . . . . . . . . 11 79 3.1.3. Specification of the Softwire46 Sub-Attributes . . . 12 80 3.1.3.1. Softwire46-Rule Attribute . . . . . . . . . . . . 12 81 3.1.3.2. Softwire46-BR Attribute . . . . . . . . . . . . . 13 82 3.1.3.3. Softwire46-DMR Attribute . . . . . . . . . . . . 14 83 3.1.3.4. Softwire46-V4V6Bind Attribute . . . . . . . . . . 14 84 3.1.3.5. Softwire46-PORTPARAMS Attribute . . . . . . . . . 15 85 3.1.4. Sub-Attributes for Sofwtire46-Rule . . . . . . . . . 16 86 3.1.4.1. Rule-IPv6-Prefix Attribute . . . . . . . . . . . 16 87 3.1.4.2. Rule-IPv4-Prefix Attribute . . . . . . . . . . . 17 88 3.1.4.3. EA-Length Attribute . . . . . . . . . . . . . . . 17 89 3.1.5. Attributes for Softwire46-v4v6Bind . . . . . . . . . 18 90 3.1.5.1. IPv4-Address Attribute . . . . . . . . . . . . . 18 91 3.1.5.2. Bind-IPv6-Prefix Attribute . . . . . . . . . . . 18 92 3.1.6. Attributes for Softwire46-PORTPARAMS . . . . . . . . 19 93 3.1.6.1. PSID-Offset Attribute . . . . . . . . . . . . . . 19 94 3.1.6.2. PSID-Len Attribute . . . . . . . . . . . . . . . 20 95 3.1.6.3. PSID Attribute . . . . . . . . . . . . . . . . . 20 97 3.2. Softwire46-Priority Attribute . . . . . . . . . . . . . . 21 98 3.2.1. Softwire46-Option-Code . . . . . . . . . . . . . . . 22 99 3.3. Softwire46-Multicast Attribute . . . . . . . . . . . . . 23 100 3.3.1. ASM-Prefix64 Attribute . . . . . . . . . . . . . . . 24 101 3.3.2. SSM-Prefix64 Attribute . . . . . . . . . . . . . . . 25 102 3.3.3. U-Prefix64 Attribute . . . . . . . . . . . . . . . . 25 103 4. A Sample Configuration Process with RADIUS . . . . . . . . . 25 104 5. Table of Attributes . . . . . . . . . . . . . . . . . . . . . 29 105 6. Security Considerations . . . . . . . . . . . . . . . . . . . 30 106 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 30 107 7.1. New RADIUS Attributes . . . . . . . . . . . . . . . . . . 30 108 7.2. RADIUS Softwire46 Configuration and Multicast Attributes 31 109 7.3. Softwire46 Mechanisms and Their Identifying Option Codes 32 110 8. Contributing Authors . . . . . . . . . . . . . . . . . . . . 32 111 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 34 112 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 34 113 10.1. Normative References . . . . . . . . . . . . . . . . . . 34 114 10.2. Informative References . . . . . . . . . . . . . . . . . 36 115 Appendix A. DHCPv6 to RADIUS Field Mappings . . . . . . . . . . 37 116 A.1. OPTION_S46_RULE (89) to Softwire46-Rule Sub-TLV Field 117 Mappings . . . . . . . . . . . . . . . . . . . . . . . . 37 118 A.2. OPTION_S46_BR (90) to Softwire46-BR Field Mappings . . . 38 119 A.3. OPTION_S46_DMR (91) to Softwire46-DMR . . . . . . . . . . 38 120 A.4. OPTION_S46_V4V6BIND (92) to Softwire46-V4V6Bind . . . . . 38 121 A.5. OPTION_S46_PORTPARAMS (93) to Softwire46-PORTPARAMS Field 122 Mappings . . . . . . . . . . . . . . . . . . . . . . . . 38 123 A.6. OPTION_S46_PRIORITY (111) to Softwire46-PORTPARAMS Field 124 Mappings . . . . . . . . . . . . . . . . . . . . . . . . 39 125 A.7. OPTION_V6_PREFIX64 (113) to Softwire46-Multicast 126 Attribute Field Mappings . . . . . . . . . . . . . . . . 39 127 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 39 129 1. Introduction 131 Providers have started deploying and transitioning to IPv6. Several 132 IPv4 service continuity mechanisms based on the Address plus Port 133 (A+P) [RFC6346] have been proposed for providing unicast IPv4 over 134 IPv6-only infrastructure, such as Mapping of Address and Port with 135 Encapsulation (MAP-E) [RFC7597], Mapping of Address and Port using 136 Translation (MAP-T) [RFC7599], and Lightweight 4over6 [RFC7596]. 137 Also, [RFC8114] specifies a generic solution for the delivery of IPv4 138 multicast services to IPv4 clients over an IPv6 multicast network. 139 For each of these mechanisms, DHCPv6 options have been specified for 140 client configuration. 142 In many networks, user configuration information is stored in an 143 Authentication, Authorization, and Accounting (AAA) server. AAA 144 servers generally communicate using the Remote Authentication Dial In 145 User Service (RADIUS) [RFC2865] protocol. In a fixed broadband 146 network, a Broadband Network Gateway (BNG) acts as the access gateway 147 for users. That is, the BNG acts as both an AAA client to the AAA 148 server, and a DHCPv6 server for DHCPv6 messages sent by clients. 149 Throughout this document, the term BNG describes a device 150 implementing both the AAA client and DHCPv6 server functions. 152 Since IPv4-in-IPv6 softwire configuration information is stored in an 153 AAA server, and user configuration information is mainly transmitted 154 through DHCPv6 between the BNGs and Customer Premises Equipment (CEs, 155 a.k.a., CPE), new RADIUS attributes are needed to propagate the 156 information from the AAA servers to BNGs so that they can be provided 157 to CEs using the existing DHCPv6 options. 159 The RADIUS attributes defined in this document provide configuration 160 to populate the corresponding DHCPv6 options for unicast and 161 multicast softwire configuration, specifically: 163 o "Mapping of Address and Port with Encapsulation (MAP-E)" [RFC7597] 164 (DHCPv6 options defined in [RFC7598]). 166 o "Mapping of Address and Port using Translation (MAP-T)" [RFC7599] 167 (DHCPv6 options defined in [RFC7598]). 169 o "Lightweight 4over6: An Extension to the Dual-Stack Lite 170 Architecture" [RFC7596] (DHCPv6 options defined in [RFC7598]). 172 o "Unified IPv4-in-IPv6 Softwire Customer Premises Equipment (CPE): 173 A DHCPv6-Based Prioritization Mechanism" [RFC8026]. 175 o "Delivery of IPv4 Multicast Services to IPv4 Clients over an IPv6 176 Multicast Network" [RFC8114] (DHCPv6 options defined in 177 [RFC8115]). 179 The contents of the attributes defined in this document have a 1:1 180 mapping into the fields of the various DHCPv6 options in [RFC7598], 181 [RFC8026], and [RFC8115]. Table 1 shows how the DHCPv6 options map 182 to the corresponding RADIUS attribute. For detailed mappings between 183 each DHCPv6 option field and the corresponding RADIUS Attribute or 184 field, see Appendix A. 186 +----------------------------+--------------------------------+ 187 | DHCPv6 Option | RADIUS Attribute | 188 +----------------------------+--------------------------------+ 189 | OPTION_S46_RULE (89) | Softwire46-Rule | 190 | OPTION_S46_BR (90) | Softwire46-BR | 191 | OPTION_S46_DMR (91) | Softwire46-DMR | 192 | OPTION_S46_V4V6BIND (92) | Softwire46-V4V6Bind | 193 | OPTION_S46_PORTPARAMS (93) | Softwire46-PORTPARAMS | 194 | OPTION_S46_PRIORITY (111) | Softwire46-Priority | 195 | OPTION_V6_PREFIX64 (113) | Softwire46-Multicast | 196 +----------------------------+--------------------------------+ 198 Table 1: Mapping between DHCPv6 Options and RADIUS Attributes 200 A RADIUS attribute for Dual-Stack Lite [RFC6333] is defined in 201 [RFC6519]. 203 This document targets deployments where a trusted relationship is in 204 place between the RADIUS client and server. 206 2. Terminology 208 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 209 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 210 "OPTIONAL" in this document are to be interpreted as described in BCP 211 14 [RFC2119] [RFC8174] when, and only when, they appear in all 212 capitals, as shown here. 214 The reader should be familiar with the concepts and terms defined in 215 [RFC7596], [RFC7597], [RFC7599], and [RFC8026]. 217 The terms "multicast Basic Bridging BroadBand" element (mB4) and 218 "multicast Address Family Transition Router" element (mAFTR) are 219 defined in [RFC8114]. 221 Softwire46 (S46) is used throughout to denote any of the IPv4-in-IPv6 222 softwire mechanisms listed above. Additionally, the following 223 abbreviations are used within the document: 225 o BNG: Broadband Network Gateway 227 o BR: Border Relay 229 o CE: Customer Edge 231 o DMR: Default Mapping Rule 233 o lwAFTR: Lightweight AFTR 234 o PSID: Port Set Identifier 236 o TLV: Type, Length, Value 238 o MAP-E: Mapping of Address and Port with Encapsulation 240 o MAP-T: Mapping of Address and Port using Translation 242 3. New RADIUS Attributes 244 This section defines the following attributes: 246 1. Softwire46-Configuration Attribute (Section 3.1): 248 This attribute carries the configuration information for MAP-E, 249 MAP-T, and Lightweight 4over6. The configuration information for 250 each Softwire46 mechanism is carried in the corresponding 251 Softwire46 attributes. Different attributes are required for 252 each Softwire46 mechanism. 254 2. Softwire46-Priority Attribute (Section 3.2): 256 Depending on the deployment scenario, a client may support 257 several different Softwire46 mechanisms. Therefore, a client may 258 request configuration for more than one Softwire46 mechanism at a 259 time. The Softwire46-Priority Attribute contains information 260 allowing the client to prioritize which mechanism to use, 261 corresponding to OPTION_S46_PRIORITY defined in [RFC8026]. 263 3. Softwire46-Multicast Attribute (Section 3.3): 265 This attribute conveys the IPv6 prefixes to be used in [RFC8114] 266 to synthesize IPv4-embedded IPv6 addresses. The BNG uses the 267 IPv6 prefixes returned in the RADIUS Softwire46-Multicast 268 Attribute to populate the DHCPv6 PREFIX64 Option [RFC8115]. 270 All of these attributes are allocated from the RADIUS "Extended Type" 271 code space per [RFC6929]. 273 All of these attribute designs follow [RFC6158] and [RFC6929]. 275 This document adheres to [RFC8044] for defining the new RADIUS 276 attributes. 278 3.1. Softwire46-Configuration Attribute 280 This attribute is of type "tlv", as defined in the RADIUS Protocol 281 Extensions [RFC6929]. It contains some sub-attributes, with the 282 following requirements: 284 The Softwire46-Configuration Attribute MUST contain one or more of 285 the following attributes: Softwire46-MAP-E, Softwire46-MAP-T, and/ 286 or Softwire46-Lightweight-4over6. 288 The Softwire46-Configuration Attribute conveys the configuration 289 information for MAP-E, MAP-T, or Lightweight 4over6. The BNG 290 SHALL use the configuration information returned in the RADIUS 291 attribute to populate the DHCPv6 Softwire46 Container Option(s) 292 defined in Section 5 of [RFC7598]. 294 The Softwire46-Configuration Attribute MAY appear in an Access- 295 Accept packet. It MAY also appear in an Access-Request packet to 296 indicate a preferred Softwire46 configuration. However, the 297 server is not required to honor such a preference. 299 The Softwire46-Configuration Attribute MAY appear in a CoA-Request 300 packet. 302 The Softwire46-Configuration Attribute MAY appear in an 303 Accounting-Request packet. 305 The Softwire46-Configuration Attribute MUST NOT appear in any 306 other RADIUS packet. 308 The Softwire46-Configuration Attribute is structured as follows: 310 Type 311 241 (To be confirmed by IANA). 313 Length 314 Indicates the total length, in bytes, of all fields of 315 this attribute, including the Type, Length, Extended-Type, 316 and the entire length of the embedded attributes. 318 Extended-Type 319 TBD1 321 Value 322 Contains one or more of the following attributes. Each attribute 323 type may appear at most once: 325 Softwire46-MAP-E 326 For configuring MAP-E clients. For the construction of 327 this attribute, refer to Section 3.1.1.1. 329 Softwire46-MAP-T 330 For configuring MAP-T clients. For the construction of 331 this attribute, refer to Section 3.1.1.2. 333 Softwire46-Lightweight-4over6 334 For configuring Lightweight 4over6 clients. For the 335 construction of this attribute, refer to Section 3.1.1.3. 337 The Softwire46-Configuration Attribute is associated with the 338 following identifier: 241.Extended-Type(TBD1). 340 3.1.1. Softwire46 Attributes 342 The Softwire46 attributes can only be encapsulated in the 343 Softwire46-Configuration Attribute. Depending on the deployment 344 scenario, a client might request for more than one transition 345 mechanism at a time. There MUST be at least one Softwire46 attribute 346 encapsulated in one Softwire46-Configuration Attribute. There MUST 347 be at most one instance of each type of Softwire46 attribute 348 encapsulated in one Softwire46-Configuration Attribute. 350 There are three types of Softwire46 attributes, namely: 352 1. Softwire46-MAP-E (Section 3.1.1.1) 354 2. Softwire46-MAP-T (Section 3.1.1.2) 356 3. Softwire46-Lightweight 4over6 (Section 3.1.1.3) 357 Each type of Softwire46 attribute contains a number of sub- 358 attributes, defined in Section 3.1.3. The hierarchy of the 359 Softwire46 attributes is shown in Figure 1. Section 3.1.2 describes 360 which sub-attributes are mandatory, optional, or not permitted for 361 each defined Softwire46 attribute. 363 /1.Rule-IPv6-Prefix 364 S / | 365 o / | 1.Softwire46-Rule -----+ 2.Rule-IPv4-Prefix 366 f | Softwire46-MAP-E--+ | 367 t | | 2.Softwire46-BR | 3.EA Length 368 w | | \ 369 i | | /1.PSID-Offset 370 r | | | 371 e | | 3.Softwire46-PORTPARAMS -----+ 2.PSID-Len 372 - | \ | 373 C | | 3.PSID 374 o | \ 375 n | 376 f | /1.Rule-IPv6-Prefix 377 i | / | 378 g | | 1.Softwire46-Rule------+ 2.Rule-IPv4-Prefix 379 u | Softwire46-MAP-T--+ | 380 r | | 2.Softwire46-DMR | 3.EA Length 381 a | | \ 382 t | | /1.PSID-Offset 383 i | | | 384 o | | 3.Softwire46-PORTPARAMS------+ 2.PSID-Len 385 n | \ | 386 | | 3.PSID 387 A | \ 388 t | 389 t | /1.IPv4-Address 390 r | / | 391 i | | 1.Softwire46-V4V6Bind -----+ 2.Bind-IPv6-Prefix 392 b | Softwire46- | \ 393 u | Lightweight-4over6+ 2.Softwire46-BR /1.PSID-Offset 394 t \ | | 395 e | 3.Softwire46-PORTPARAMS ----+ 2.PSID-Len 396 \ | 397 | 3.PSID 398 \ 400 Figure 1: Softwire46 Attributes Hierarchy 402 3.1.1.1. Softwire46-MAP-E Attribute 404 Softwire46-MAP-E attribute is designed for carrying the configuration 405 information for MAP-E. The structure of Softwire46-MAP-E is shown 406 below: 408 TLV-Type 409 1 411 TLV-Length 412 Indicates the length of this attribute, including 413 the TLV-Type, TLV-Length, and TLV-Value fields. 415 TLV-Value 416 Contains a set of sub-attributes, with the following requirements: 418 It MUST contain Softwire46-Rule, defined in Section 3.1.3.1. 420 It MUST contain Softwire46-BR, defined in Section 3.1.3.2. 422 It MAY contain Softwire46-PORTPARAMS, defined in Section 3.1.3.5. 424 3.1.1.2. Softwire46-MAP-T Attribute 426 Softwire46-MAP-T attribute is designed for carrying the configuration 427 information for MAP-T. The structure of Softwire46-MAP-T is shown 428 below: 430 TLV-Type 431 2 433 TLV-Length 434 Indicates the length of this attribute, including 435 the TLV-Type, TLV-Length, and TLV-Value fields. 437 TLV-Value 438 Contains a set of sub-attributes, with the following requirements: 440 It MUST contain Softwire46-Rule, defined in Section 3.1.3.1. 442 It MUST contain Softwire46-DMR, defined in Section 3.1.3.3. 444 It MAY contain Softwire46-PORTPARAMS, defined in Section 3.1.3.5. 446 3.1.1.3. Softwire46-Lightweight-4over6 Attribute 448 Softwire46-Lightweight-4over6 attribute is designed for carrying the 449 configuration information for Lightweight 4over6. The structure of 450 Softwire46-Lightweight-4over6 is shown below: 452 TLV-Type 453 3 455 TLV-Length 456 Indicates the length of this attribute, including 457 the TLV-Type, TLV-Length, and TLV-Value fields. 459 TLV-Value 460 Contains a set of sub-attributes as follows: 462 It MUST contain Softwire46-BR, defined in Section 3.1.3.2. 464 It MUST contain Softwire46-V4V6Bind, defined in Section 3.1.3.4. 466 It MAY contain Softwire46-PORTPARAMS, defined in Section 3.1.3.5. 468 3.1.2. Softwire46 Sub-Attributes 470 Table 2 shows which encapsulated sub-attributes are mandatory, 471 optional, or not permitted for each defined Softwire46 attribute. 473 +-----------------------+-------+-------+--------------------+ 474 | Sub-Attributes | MAP-E | MAP-T | Lightweight 4over6 | 475 +-----------------------+-------+-------+--------------------+ 476 | Softwire46-BR | 1+ | 0 | 1+ | 477 | Softwire46-Rule | 1 | 1 | 0 | 478 | Softwire46-DMR | 0 | 1 | 0 | 479 | Softwire46-V4V6Bind | 0 | 0 | 1 | 480 | Softwire46-PORTPARAMS | 0-1 | 0-1 | 0-1 | 481 +-----------------------+-------+-------+--------------------+ 483 Table 2: Softwire46 Sub-Attributes 485 The following table defines the meaning of Table 2 entries. 487 0 Not Permitted 488 0-1 Optional, zero or one instance of the attribute 489 may be present. 490 1 Mandatory, only one instance of the attribute 491 must be present. 492 1+ Mandatory, one or more instances of the attribute 493 may be present. 495 3.1.3. Specification of the Softwire46 Sub-Attributes 497 3.1.3.1. Softwire46-Rule Attribute 499 Softwire46-Rule can only be encapsulated in Softwire46-MAP-E 500 (Section 3.1.1.1) or Softwire46-MAP-T (Section 3.1.1.2). Depending 501 on the deployment scenario, one Basic Mapping Rule (BMR) and zero or 502 more Forwarding Mapping Rules (FMRs) MUST be included in one 503 Softwire46-MAP-E or Softwire46-MAP-T. 505 Each type of Softwire46-Rule also contains a number of sub- 506 attributes, including Rule-IPv6-Prefix, Rule-IPv4-Prefix, and EA- 507 Length. The structure of the sub-attributes for Softwire46-Rule is 508 defined in Section 3.1.4. 510 Defining multiple TLV-types achieves the same design goals as the 511 "Softwire46 Rule Flags" defined in Section 4.1 of [RFC7598]. Using 512 TLV-type set to 5 is equivalent to setting the F-flag in the 513 OPTION_S46_RULE S46 Rule Flags field. 515 TLV-Type 516 4 Basic Mapping Rule only (not to be used for forwarding) 517 5 Forwarding Permitted Mapping Rule 519 TLV-Length 520 Indicates the length of this attribute, including 521 the TLV-Type, TLV-Length, and TLV-Value fields. 523 Data Type 524 The attribute Softwire46-Rule is of type tlv (Section 3.13 of 525 [RFC8044]). 527 TLV-Value 528 This field contains a set of attributes as follows: 530 Rule-IPv6-Prefix 531 This attribute contains the IPv6 prefix for use in the MAP rule. 532 Refer to Section 3.1.4.1. 534 Rule-IPv4-Prefix 535 This attribute contains the IPv4 prefix for use in the MAP rule. 536 Refer to Section 3.1.4.2. 538 EA-Length 539 This attribute contains the Embedded-Address (EA) bit length. 540 Refer to Section 3.1.4.3. 542 3.1.3.2. Softwire46-BR Attribute 544 Softwire46-BR can only be encapsulated in Softwire46-MAP-E 545 (Section 3.1.1.1) or Softwire46-Lightweight-4over6 (Section 3.1.1.3). 547 There MUST be at least one Softwire46-BR included in each 548 Softwire46-MAP-E or Softwire46-Lightweight-4over6. 550 The structure of Softwire46-BR is shown below: 552 TLV-Type 553 6 555 TLV-Length 556 18 octets 558 Data Type 559 The attribute Softwire46-BR is of type ip6addr (Section 3.9 of 560 [RFC8044]). 562 TLV-Value 563 br-ipv6-address. A fixed-length field of 16 octets that 564 specifies the IPv6 address for the Softwire46 Border Relay (BR). 566 3.1.3.3. Softwire46-DMR Attribute 568 Softwire46-DMR may only appear in Softwire46-MAP-T (Section 3.1.1.2). 569 There MUST be exactly one Softwire46-DMR included in one Softwire46- 570 MAP-T. 572 The structure of Softwire46-DMR is shown below: 574 TLV-Type 575 7 577 TLV-Length 578 4 + length of dmr-ipv6-prefix specified in octets. 580 Data Type 581 The attribute Softwire46-DMR is of type ipv6pref (Section 3.10 of 582 [RFC8044]). 584 TLV-Value 585 A variable-length (dmr-prefix6-len) field 586 specifying the IPv6 prefix (dmr-ipv6-prefix) for the BR. This field 587 is right-padded with zeros to the nearest octet boundary when 588 dmr-prefix6-len is not divisible by 8. Prefixes with length from 589 0 to 96 are allowed. 591 3.1.3.4. Softwire46-V4V6Bind Attribute 593 Softwire46-V4V6Bind may only be encapsulated in Softwire46- 594 Lightweight-4over6 (Section 3.1.1.3). There MUST be exactly one 595 Softwire46-V4V6Bind included in each Softwire46-Lightweight-4over6. 597 The structure of Softwire46-V4V6Bind is shown below: 599 TLV-Type 600 8 602 TLV-Length 603 Indicates the length of this attribute, including 604 the TLV-Type, TLV-Length, and TLV-Value fields. 606 Data Type 607 The attribute Softwire46-V4V6Bind is of type tlv (Section 3.13 of 608 [RFC8044]). 610 TLV-Value 611 This field contains a set of attributes as follows: 613 IPv4-Address 614 This attribute contains an IPv4 address, used to specify 615 the full or shared IPv4 address of the CE. Refer to 616 Section 3.1.5.1. 618 Bind-IPv6-Prefix 619 This attribute contains an IPv6 prefix used to indicate which 620 configured prefix the Softwire46 CE should use for constructing 621 the softwire. Refer to Section 3.1.5.2. 623 3.1.3.5. Softwire46-PORTPARAMS Attribute 625 Softwire46-PORTPARAMS is optional. It is used to specify port set 626 information for IPv4 address sharing between clients. 627 Softwire46-PORTPARAMS MAY be included in any of the Softwire46 628 attributes. 630 The structure of Softwire46-PORTPARAMS is shown below: 632 TLV-Type 633 9 635 TLV-Length 636 Indicates the length of this attribute, including 637 the TLV-Type, TLV-Length, and TLV-Value fields. 639 Data Type 640 The attribute Softwire46-PORTPARAMS is of type tlv (Section 3.13 641 of [RFC8044]). 643 TLV-Value 644 This field contains a set of attributes as follows: 646 PSID-Offset 647 This attribute specifies the numeric value for the Softwire46 648 algorithm's excluded port range/offset bits (a bits). Refer to 649 Section 3.1.6.1. 651 PSID-Len 652 This attribute specifies the number of significant bits in the 653 PSID field (also known as 'k'). Refer to Section 3.1.6.2. 655 PSID 656 This attribute specifies PSID value. Refer to Section 3.1.6.3. 658 3.1.4. Sub-Attributes for Sofwtire46-Rule 660 There are two types of Softwire46-Rule: the Basic Mapping Rule and 661 the Forwarding Mapping Rule, indicated by the value in the TLV-Type 662 field of Softwire46-Rule (Section 3.1.3.1). 664 Each type of Softwire46-Rule also contains a number of Sub-attributes 665 as detailed in the following sub-sections. 667 3.1.4.1. Rule-IPv6-Prefix Attribute 669 Rule-IPv6-Prefix is REQUIRED for every Softwire46-Rule. There MUST 670 be exactly one Rule-IPv6-Prefix encapsulated in each type of 671 Softwire46-Rule. 673 Rule-IPv6-Prefix follows the framed IPv6 prefix designed in [RFC3162] 674 and [RFC8044]. 676 The structure of Rule-IPv6-Prefix is shown below: 678 TLV-Type 679 10 681 TLV-Length 682 4 + length of rule-ipv6-prefix specified in octets. 684 Data Type 685 The attribute Rule-IPv6-Prefix is of type ipv6pref (Section 3.10 686 of [RFC8044]). 688 TLV-Value 689 A variable-length field that specifies an IPv6 690 prefix (rule-ipv6-prefix) appearing in the MAP rule. 692 3.1.4.2. Rule-IPv4-Prefix Attribute 694 This attribute is used to convey the MAP Rule IPv4 prefix. The 695 structure of Rule-IPv4-Prefix is shown below: 697 TLV-Type 698 11 700 TLV-Length 701 4 + length of rule-ipv4-prefix specified in octets. 703 Data Type 704 The attribute Rule-IPv4-Prefix is of type ipv4pref (Section 3.11 705 of [RFC8044]). 707 TLV-Value 708 A variable-length field that specifies 709 an IPv4 prefix (rule-ipv4-prefix) appearing in the MAP rule. 711 3.1.4.3. EA-Length Attribute 713 This attribute is used to convey the Embedded-Address (EA) bit 714 length. The structure of EA-Length is shown below: 716 TLV-Type 717 12 719 TLV-Length 720 6 octets 722 Data Type 723 The attribute EA-Length is of type integer (Section 3.1 of 724 [RFC8044]). 726 TLV-Value 727 EA-len; 32-bits long. Specifies the Embedded-Address (EA) bit 728 length. Allowed values range from 0 to 48. 730 3.1.5. Attributes for Softwire46-v4v6Bind 732 3.1.5.1. IPv4-Address Attribute 734 The IPv4-Address MAY be used to specify the full or shared IPv4 735 address of the CE. 737 The structure of IPv4-Address is shown below: 739 TLV-Type 740 13 742 TLV-Length 743 6 octets 745 Data Type 746 The attribute IPv4-Address is of type ipv4addr (Section 3.8 747 of [RFC8044]). 749 TLV-Value 750 32-bits long. Specifies the IPv4 address (ipv4-address) to 751 appear in Softwire46-V4V6Bind (Section 3.1.3.4). 753 3.1.5.2. Bind-IPv6-Prefix Attribute 755 The Bind-IPv6-Prefix is used by the CE to identify the correct IPv6 756 prefix to be used as the tunnel source. 758 The structure of Bind-IPv6-Prefix is shown below: 760 TLV-Type 761 14 763 TLV-Length 764 4 + length of bind-ipv6-prefix specified in octets. 766 Data Type 767 The attribute Bind-IPv6-Prefix is of type ipv6pref (Section 3.10 768 of [RFC8044]). 770 TLV-Value 771 A variable-length field specifying the IPv6 772 prefix or address for the Softwire46 CE (bind-ipv6-prefix). 773 This field is right-padded with zeros to the nearest octet 774 boundary when the prefix length is not divisible by 8. 776 3.1.6. Attributes for Softwire46-PORTPARAMS 778 3.1.6.1. PSID-Offset Attribute 780 This attribute is used to convey the Port Set Identifier offset as 781 defined in [RFC7597]. This attribute is encoded in 32 bits as per 782 the recommendation in Appendix A.2.1 of [RFC6158]. 784 The structure of PSID-Offset is shown below: 786 TLV-Type 787 15 789 TLV-Length 790 6 octets 792 Data Type 793 The attribute PSID-Offset is of type integer (Section 3.1 794 of [RFC8044]). 796 TLV-Value 797 Contains the PSID-Offset (8-bits) right 798 justified, and the unused bits in this field MUST 799 be set to zero. This field specifies the 800 numeric value for the Softwire46 algorithm's excluded 801 port range/offset bits (a bits), as per Section 5.1 802 of [RFC7597]. 803 Default values for this field are specific to the 804 Softwire mechanism being implemented and are defined 805 in the relevant specification document. 807 3.1.6.2. PSID-Len Attribute 809 This attribute is used to convey the PSID length as defined in 810 [RFC7597]. This attribute is encoded in 32 bits as per the 811 recommendation in Appendix A.2.1 of [RFC6158]. 813 The structure of PSID-Len is shown below: 815 TLV-Type 816 16 818 TLV-Length 819 6 octets 821 Data Type 822 The attribute PSID-Len is of type integer (Section 3.1 823 of [RFC8044]). 825 TLV-Value 826 Contains the PSID-len (8-bits) right 827 justified, and the unused bits in this field MUST 828 be set to zero. This field specifies the number of 829 significant bits in the PSID field (also known as 830 'k'). When set to 0, the PSID field is to be ignored. 831 After the first 'a' bits, there are k bits in the 832 port number representing the value of the PSID. 833 Subsequently, the address sharing ratio would be 834 2^k. 836 3.1.6.3. PSID Attribute 838 This attribute is used to convey the PSID as defined in [RFC7597]. 839 This attribute is encoded in 32 bits as per the recommendation in 840 Appendix A.2.1 of [RFC6158]. 842 The structure of PSID is shown below: 844 TLV-Type 845 17 847 TLV-Length 848 6 octets 850 Data Type 851 The attribute PSID is of type integer (Section 3.1 852 of [RFC8044]). 854 TLV-Value 855 Contains the PSID (16-bits) right justified, and the unused bits 856 in this field MUST be set to zero. 857 The PSID value algorithmically identifies a set of ports 858 assigned to a CE. The first k bits on the left of this 859 2-octet field is the PSID value. The remaining (16-k) bits 860 on the right are padding zeros. 862 3.2. Softwire46-Priority Attribute 864 The Softwire46-Priority Attribute includes an ordered list of 865 Softwire46 mechanisms allowing the client to prioritize which 866 mechanism to use, corresponding to OPTION_S46_PRIORITY defined in 867 [RFC8026]. The following requirements apply: 869 The Softwire46-Priority Attribute MAY appear in an Access-Accept 870 packet. It MAY also appear in an Access-Request packet. 872 The Softwire46-Priority Attribute MAY appear in a CoA-Request 873 packet. 875 The Softwire46-Priority Attribute MAY appear in an Accounting- 876 Request packet. 878 The Softwire46-Priority Attribute MUST NOT appear in any other 879 RADIUS packet. 881 The Softwrie46-Priority Attribute is structured as follows: 883 Type 884 241 (To be confirmed by IANA) 886 Length 887 Indicates the length of this attribute, 888 including the Type, Length, Extended-Type and Value fields. 890 Extended-Type 891 TBD5 893 TLV-Value 894 The attribute includes one or more Softwire46-Option-Code TLVs: 895 A Softwire46-Priority Attribute MUST contain at least one 896 Softwire46-Option-Code TLV (Section 3.2.1). 898 Softwire46 mechanisms are prioritized in the appearance order 899 of the in the Softwire46-Priority Attribute. That is, 900 the first-appearing mechanism is most preferred. 902 The Softwire46-Priority Attribute is associated with the following 903 identifier: 241.Extended-Type (TBD5). 905 3.2.1. Softwire46-Option-Code 907 This attribute is used to convey an option code assigned to a 908 Softwire46 mechanism [RFC8026]. This attribute is encoded in 32 bits 909 as per the recommendation in Appendix A.2.1 of [RFC6158]. 911 The structure of Softwire46-Option-Code is shown below: 913 TLV-Type 914 18 916 TLV-Length 917 6 octets 919 Data Type 920 The attribute Softwire46-Option-Code is of type integer 921 (Section 3.1 of [RFC8044]). 923 TLV-Value 924 A 32-bit IANA-registered option code representing a Softwire46 925 mechanism (Softwire46-option-code). The codes and their 926 corresponding Softwire46 mechanisms are listed in Section 7.3. 928 3.3. Softwire46-Multicast Attribute 930 The Softwire46-Multicast Attribute conveys the IPv6 prefixes to be 931 used to synthesize multicast and unicast IPv4-embedded IPv6 addresses 932 as per [RFC8114]. This attribute is of type "tlv" and contains 933 additional TLVs. The following requirements apply: 935 The BNG SHALL use the IPv6 prefixes returned in the RADIUS 936 Softwire46-Multicast Attribute to populate the DHCPv6 PREFIX64 937 Option [RFC8115]. 939 This attribute MAY be used in Access-Request packets as a hint to 940 the RADIUS server. For example, if the BNG is pre-configured for 941 Softwire46-Multicast, these prefixes may be inserted in the 942 attribute. The RADIUS server MAY ignore the hint sent by the BNG, 943 and it MAY assign a different Softwire46-Multicast Attribute. 945 The Softwire46-Multicast Attribute MAY appear in an Access- 946 Request, Access-Accept, CoA-Request, and Accounting-Request 947 packet. 949 The Softwire46-Multicast Attribute MUST NOT appear in any other 950 RADIUS packet. 952 The Softwire46-Multicast Attribute MAY contain ASM-Prefix64 953 (Section 3.3.1), SSM-Prefix64 (Section 3.3.2), and U-Prefix64 954 (Section 3.3.3). 956 The Softwire46-Multicast Attribute MUST include ASM-Prefix64 or 957 SSM-Prefix64, and it MAY include both. 959 The U-Prefix64 MUST be present when SSM-Prefix64 is present. 960 U-Prefix64 MAY be present when ASM-Prefix64 is present. 962 The Softwire46-Multicast Attribute is structured as follows: 964 Type 965 241 (To be confirmed by IANA) 967 Length 968 This field indicates the total length in bytes of all fields of 969 this attribute, including the Type, Length, Extended-Type, and the 970 entire length of the embedded attributes. 972 Extended-Type 973 TBD6 975 Value 976 This field contains a set of attributes as follows: 978 ASM-Prefix64 979 This attribute contains the Any-Source Multicast (ASM) 980 IPv6 prefix. Refer to Section 3.3.1. 982 SSM-Prefix64 983 This attribute contains the Source-Source Multicast (SSM) 984 IPv6 prefix. Refer to Section 3.3.2. 986 U-Prefix64 987 This attribute contains the IPv4 prefix used for address 988 translation. Refer to Section 3.3.3. 990 The Softwire46-Multicast Attribute is associated with the following 991 identifier: 241.Extended-Type(TBD6). 993 3.3.1. ASM-Prefix64 Attribute 995 The ASM-Prefix64 attribute is structured as follows: 997 TLV-Type 998 19 1000 TLV-Length 1001 16 octets. The length of asm-prefix64 must be /96 [RFC8115]. 1003 Data Type 1004 The attribute ASM-Prefix64 is of type ipv6prefix (Section 3.10 of 1005 [RFC8044]). 1007 TLV-Value 1008 This field specifies the IPv6 multicast prefix (asm-prefix64) 1009 to be used to synthesize the IPv4-embedded IPv6 addresses of the 1010 multicast groups in the ASM mode. The conveyed multicast IPv6 1011 prefix MUST belong to the ASM range. 1013 3.3.2. SSM-Prefix64 Attribute 1015 The SSM-Prefix64 attribute is structured as follows: 1017 Type 1018 20 1020 TLV-Length 1021 16 octets. The length of ssm-prefix64 must be /96 [RFC8115]. 1023 Data Type 1024 The attribute SSM-Prefix64 is of type ipv6prefix (Section 3.10 of 1025 [RFC8044]). 1027 TLV-Type 1028 This field specifies the IPv6 multicast prefix (ssm-prefix64) 1029 to be used to synthesize the IPv4-embedded IPv6 addresses of the 1030 multicast groups in the SSM mode. The conveyed multicast IPv6 1031 prefix MUST belong to the SSM range. 1033 3.3.3. U-Prefix64 Attribute 1035 The structure of U-Prefix64 is shown below: 1037 TLV-Type 1038 21 1040 TLV-Length 1041 4 + length of unicast-prefix. As specified in [RFC6052], 1042 the unicast-prefix prefix-length MUST be set to 32, 40, 48, 1043 56, 64, or 96. 1045 Data Type 1046 The attribute U-Prefix64 is of type ipv6prefix (Section 3.10 of 1047 [RFC8044]). 1049 TLV-Value 1050 This field identifies the IPv6 unicast prefix (u-prefix64) to 1051 be used in SSM mode for constructing the IPv4-embedded IPv6 1052 addresses representing the IPv4 multicast sources in the IPv6 1053 domain. It may also be used to extract the IPv4 address from the 1054 received multicast data flows. 1056 4. A Sample Configuration Process with RADIUS 1058 Figure 2 illustrates how the RADIUS and DHCPv6 protocols interwork to 1059 provide CE with softwire configuration information. 1061 CE BNG AAA Server 1062 | | | 1063 |-------1.DHCPv6 Solicit------->| | 1064 |(ORO with unicast and/or m'cast| | 1065 | container option code(s)) | | 1066 | | | 1067 | |-------2.Access-Request------->| 1068 | | (Softwire46-Configuration | 1069 | | Attribute and/or | 1070 | |Softwire46-Multicast Attribute)| 1071 | | | 1072 | |<------3.Access-Accept---------| 1073 | | (Softwire46-Configuration | 1074 | | Attribute and/or | 1075 | |Softwire46-Multicast Attribute)| 1076 | | | 1077 |<----4.DHCPv6 Advertisement----| | 1078 | (container option(s)) | | 1079 | | | 1080 |-------5.DHCPv6 Request------>| | 1081 | (container Option(s)) | | 1082 | | | 1083 |<--------6.DHCPv6 Reply--------| | 1084 | (container option(s)) | | 1085 | | | 1086 DHCPv6 RADIUS 1088 Figure 2: Interaction between DHCPv6 and AAA Server with RADIUS 1089 authentication 1091 1. The CE creates a DHCPv6 Solicit message. For unicast softwire 1092 configuration, the message includes an OPTION_REQUEST_OPTION (6) 1093 with the Softwire46 Container option code(s) as defined in 1094 [RFC7598]. OPTION_S46_CONT_MAPE (94) should be included for MAP- 1095 E, OPTION_S46_CONT_MAPT (95) for MAP-T, and OPTION_S46_CONT_LW 1096 (96) for Lightweight 4over6. For multicast configuration, the 1097 option number for OPTION_V6_PREFIX64 (113) is included in the 1098 client's ORO. The message is sent to the BNG. 1100 2. On receipt of the Solicit message, the BNG constructs a RADIUS 1101 Access-Request message containing a User-Name Attribute (1) 1102 (containing either a CE MAC address, interface-id, or both), a 1103 User-Password Attribute (2) (with a pre-configured shared 1104 password between the CE and AAA server as defined in [RFC2865]). 1105 The Softwire46-Configuration Attribute and/or 1106 Softwire46-Multicast Attribute are also included (as requested by 1107 the client). The resulting message is sent to the AAA server. 1109 3. The AAA server authenticates the request. If this is successful, 1110 and suitable configuration is available, an Access-Accept message 1111 is sent to the BNG containing the requested 1112 Softwire46-Configuration Attribute or Softwire46-Multicast 1113 Attribute. It is the responsibility of the AAA server to ensure 1114 the consistency of the provided configuration. 1116 4. The BNG maps the received softwire configuration into the 1117 corresponding fields in the DHCPv6 softwire configuration 1118 option(s). These are included in the DHCPv6 Advertise message 1119 which is sent to the CE. 1121 5. The CE sends a DHCPv6 Request message. In the ORO, the option 1122 code(s) of any of the required softwire options that were 1123 received in the Advertise message are included. 1125 6. The BNG sends a DHCPv6 Reply message to the client containing the 1126 softwire container option(s) enumerated in the ORO. 1128 The authorization operation could be done independently, after the 1129 authentication process. In this case, steps 1-5 are completed as 1130 above, then the following steps are performed: 1132 6a. When the BNG receives the DHCPv6 Request, it constructs a RADIUS 1133 Access-Request message, which contains a Service-Type Attribute 1134 (6) with the value "Authorize Only" (17), the corresponding 1135 Softwire46-Configuration Attribute, and a State Attribute 1136 obtained from the previous authentication process according to 1137 [RFC5080]. The resulting message is sent to the AAA server. 1139 7a. The AAA checks the authorization request. If it is approved, an 1140 Access-Accept message is returned to the BNG with the 1141 corresponding Softwire46-Configuration Attribute. 1143 8a. The BNG sends a Reply message to the client containing the 1144 softwire container options enumerated in the ORO. 1146 In addition to the above, the following points need to be considered: 1148 o In the configuration message flows described above the Message- 1149 Authenticator (type 80) [RFC2869] should be used to protect both 1150 Access-Request and Access-Accept messages. 1152 o If the BNG does not receive the corresponding 1153 Softwire46-Configuration Attribute in the Access-Accept message it 1154 may fall back to creating the DHCPv6 softwire configuration 1155 options using pre-configured Softwire46 configuration, if this is 1156 present. 1158 o If the BNG receives an Access-Reject from the AAA server, then 1159 Softwire46 configuration must not be supplied to the client. 1161 o As specified in [RFC8415], Section 18.2.5, "Creation and 1162 Transmission of Rebind Messages", if the DHCPv6 server to which 1163 the DHCPv6 Renew message was sent at time T1 has not responded by 1164 time T2, the CE (DHCPv6 client) should enter the Rebind state and 1165 attempt to contact any available server. In this situation, a 1166 secondary BNG receiving the DHCPv6 message must initiate a new 1167 Access-Request message towards the AAA server. The secondary BNG 1168 includes the Softwire46-Configuration Attribute in this Access- 1169 Request message. 1171 o For Lightweight 4over6, the CE's binding state needs to be 1172 synchronized between the clients and the Lightweight AFTR 1173 (lwAFTR)/BR. This can be achieved in two ways: static pre- 1174 configuration of the bindings on both the AAA server and lwAFTR, 1175 or on-demand whereby the AAA server updates the lwAFTR with the 1176 CE's binding state as it is created or deleted. 1178 In some deployments, the DHCP server may use the Accounting-Request 1179 to report to a AAA server the softwire configuration returned to a 1180 requesting host. It is the responsibility of the DHCP server to 1181 ensure the consistency of the configuration provided to requesting 1182 hosts. Reported data to a AAA server may be required for various 1183 operational purposes (e.g., regulatory). 1185 A configuration change (e.g., BR address) may result in an exchange 1186 of CoA-Requests between the BNG and the AAA server as shown in 1187 Figure 3. Concretely, when the BNG receives a CoA-Request message 1188 containing Softwire46 attributes, it sends a DHCPv6 Reconfigure 1189 message to the appropriate CE to inform that CE that an updated 1190 configuration is available. Upon receipt of such message, the CE 1191 sends a DHCPv6 Renew or Information-Request in order to receive the 1192 updated Softwire46 configuration. In deployments where the BNG 1193 embeds a DHCPv6 relay, CoA-Requests can be used following the 1194 procedure specified in [RFC6977]. 1196 CE BNG AAA Server 1197 | | | 1198 |---DHCPv6 Solicit--------->| | 1199 | |---Access-Request---------->| 1200 | |<--Access-Accept------------| 1201 | |(Softwire46-Configuration | 1202 | | Attribute ...) | 1203 .... 1204 | | | 1205 | |<-----CoA-Request-----------| 1206 | |(Softwire46-Configuration | 1207 | | Attribute ...) | 1208 | |------CoA-Response--------->| 1209 |<--DHCPv6 Reconfigure------| | 1210 | | | 1211 .... 1213 Figure 3: Change of Configuration Example 1215 5. Table of Attributes 1217 This document specifies three new RADIUS attributes, and their 1218 formats are as follows: 1220 o Softwire46-Configuration Attribute: 241.TBD1 1222 o Softwire46-Priority Attribute: 241.TBD5 1224 o Softwire46-Multicast Attribute: 241.TBD6 1226 Table 3 describes which attributes may be found, in which kinds of 1227 packets and in what quantity. 1229 Request Accept Reject Challenge Acct CoA- # Attribute 1230 Req Req 1231 0-1 0-1 0 0 0-1 0-1 241.TBD1 Softwire46- 1232 Configuration 1233 0-1 0-1 0 0 0-1 0-1 241.TBD5 Softwire46- 1234 Priority 1235 0-1 0-1 0 0 0-1 0-1 241.TBD6 Softwire46- 1236 Multicast 1238 Table 3: Table of Attributes 1240 6. Security Considerations 1242 Section 9 of [RFC7596] discusses security issues related to 1243 Lightweight 4over6, Section 10 of [RFC7597] discusses security issues 1244 related to MAP-E, Section 13 of [RFC7599] discusses security issues 1245 related to MAP-T, and Section 9 of [RFC8114] discusses security 1246 issues related to the delivery of IPv4 multicast services to IPv4 1247 clients over an IPv6 multicast network. 1249 This document does not introduce any security issues inherently 1250 different from those already identified in Section 8 of [RFC2865] and 1251 Section 6 of [RFC5176] for CoA messages. Known security 1252 vulnerabilities of the RADIUS protocol discussed in Section 7 of 1253 [RFC2607] and Section 7 of [RFC2869] apply to this specification. 1254 These well-established properties of the RADIUS protocol place some 1255 limitations on how it can safely be used, since there is some 1256 inherent requirement to trust the counterparty to not misbehave. 1258 Accordingly, this document targets deployments where a trusted 1259 relationship is in place between the RADIUS client and server with 1260 communication optionally secured by IPsec or Transport Layer Security 1261 (TLS) [RFC6614]. The use of IPsec [RFC4301] for providing security 1262 when RADIUS is carried in IPv6 is discussed in [RFC3162]. 1264 Security considerations for interactions between a Softwire46 CE and 1265 the BNG are discussed in Section 9 of [RFC7598] (DHCPv6 options for 1266 configuration of softwire46 address and port-mapped clients), 1267 Section 3 of [RFC8026] (DHCPv6-based Softwire46 prioritization 1268 mechanism), and Section 5 of [RFC8115] (DHCPv6 options for 1269 configuration of IPv4-embedded IPv6 prefixes). 1271 7. IANA Considerations 1273 IANA is requested to make new code point assignments for RADIUS 1274 attributes as described in the following subsections. The 1275 assignments should use the RADIUS registry available at 1276 https://www.iana.org/assignments/radius-types/. 1278 7.1. New RADIUS Attributes 1280 This document requests IANA to assign the Attribute Types defined in 1281 this document from the RADIUS namespace as described in the "IANA 1282 Considerations" section of [RFC3575], in accordance with BCP 26 1283 [RFC8126]. 1285 This document requests that IANA register three new RADIUS 1286 attributes, from the "Short Extended Space" of [RFC6929]. The 1287 attributes are: Softwire46-Configuration Attribute, 1288 Softwire46-Priority Attribute, and Softwire46-Multicast Attribute: 1290 Type Description Data Type Reference 1291 ---- ----------- --------- --------- 1292 241.TBD1 Softwire46-Configuration tlv Section 3.1 1293 241.TBD5 Softwire46-Priority tlv Section 3.2 1294 241.TBD6 Softwire46-Multicast tlv Section 3.3 1296 7.2. RADIUS Softwire46 Configuration and Multicast Attributes 1298 IANA is requested to create a new registry called "RADIUS Softwire46 1299 Configuration and Multicast Attributes". 1301 All attributes in this registry have one or more parent RADIUS 1302 attributes in nesting (refer to [RFC6929]). 1304 This registry must be initially populated with the following values: 1306 Value Description Data Type Reference 1307 ----- ----------- --------- --------- 1308 0 Reserved 1309 1 Softwire46-MAP-E tlv Section 3.1.1.1 1310 2 Softwire46-MAP-T tlv Section 3.1.1.2 1311 3 Softwire46-Lightweight-4over6 tlv Section 3.1.1.3 1312 4 Softwire46-Rule (BMR) tlv Section 3.1.3.1 1313 5 Softwire46-Rule (FMR) tlv Section 3.1.3.1 1314 6 Softwire46-BR ipv6addr Section 3.1.3.2 1315 7 Softwire46-DMR ipv6prefix Section 3.1.3.3 1316 8 Softwire46-V4V6Bind tlv Section 3.1.3.4 1317 9 Softwire46-PORTPARAMS tlv Section 3.1.3.5 1318 10 Rule-IPv6-Prefix ipv6prefix Section 3.1.4.1 1319 11 Rule-IPv4-Prefix ipv4prefix Section 3.1.4.2 1320 12 EA-Length integer Section 3.1.4.3 1321 13 IPv4-Address ipv4addr Section 3.1.5.1 1322 14 Bind-IPv6-Prefix ipv6prefix Section 3.1.5.2 1323 15 PSID-Offset integer Section 3.1.6.1 1324 16 PSID-Len integer Section 3.1.6.2 1325 17 PSID integer Section 3.1.6.3 1326 18 Softwire46-Option-Code integer Section 3.2.1 1327 19 ASM-Prefix64 ipv6prefix Section 3.3.1 1328 20 SSM-Prefix64 ipv6prefix Section 3.3.2 1329 21 U-Prefix64 ipv6prefix Section 3.3.3 1330 22-255 Unassigned 1332 The registration procedure for this registry is Standards Action as 1333 defined in [RFC8126]. 1335 7.3. Softwire46 Mechanisms and Their Identifying Option Codes 1337 The Softwire46-Priority Attribute conveys an ordered list of option 1338 codes assigned to Softwire46 mechanisms, for which IANA is requested 1339 to create and maintain a new registry entitled "Option Codes 1340 Permitted in the Softwire46-Priority Attribute". 1342 Table 4 shows the initial version of allowed option codes, and the 1343 Softwire46 mechanisms that they represent. The option code for DS- 1344 Lite is derived from the IANA allocated RADIUS Attribute Type value 1345 for DS-Lite [RFC6519]. The option codes for MAP-E, MAP-T, and 1346 Lightweight 4over6 are the TLV-Type values for the MAP-E, MAP-T, and 1347 Lightweight 4over6 attributes defined in Section 3.1.1. 1349 +-----------+--------------------+-----------+ 1350 |Option Code|Softwire46 Mechanism| Reference | 1351 +-----------+--------------------+-----------+ 1352 | 1 | MAP-E | RFC7597 | 1353 | 2 | MAP-T | RFC7599 | 1354 | 3 | Lightweight 4over6 | RFC7596 | 1355 | 144 | DS-Lite | RFC6519 | 1356 +-----------+--------------------+-----------+ 1358 Table 4: Option Codes to S46 Mechanisms 1360 Additional option codes may be added to this list in the future using 1361 the IETF Review process described in Section 4.8 of [RFC8126]. 1363 8. Contributing Authors 1365 Bing Liu 1366 Huawei Technologies Co., Ltd 1367 Q14, Huawei Campus, No.156 Beiqing Road 1368 Hai-Dian District, Beijing, 100095 1369 P.R. China 1371 Email: leo.liubing@huawei.com 1373 Peter Deacon 1374 IEA Software, Inc. 1375 P.O. Box 1170 1376 Veradale, WA 99037 1377 USA 1379 Email: peterd@iea-software.com 1381 Qiong Sun 1382 China Telecom 1383 Beijing China 1385 Email: sunqiong@ctbri.com.cn 1387 Qi Sun 1388 Tsinghua University 1389 Department of Computer Science, Tsinghua University 1390 Beijing 100084 1391 P.R.China 1392 Phone: +86-10-6278-5822 1394 Email: sunqibupt@gmail.com 1396 Cathy Zhou 1397 Huawei Technologies 1398 Bantian, Longgang District 1399 Shenzhen 518129 1401 Email: cathy.zhou@huawei.com 1403 Tina Tsou 1404 Huawei Technologies(USA) 1405 2330 Central Expressway 1406 Santa Clara, CA 95050 1407 USA 1409 Email: Tina.Tsou.Zouting@huawei.com 1411 ZiLong Liu 1412 Tsinghua University 1413 Beijing 100084 1414 P.R.China 1415 Phone: +86-10-6278-5822 1417 Email: liuzilong8266@126.com 1419 Yong Cui 1420 Tsinghua University 1421 Beijing 100084 1422 P.R.China 1423 Phone: +86-10-62603059 1425 Email: yong@csnet1.cs.tsinghua.edu.cn 1427 9. Acknowledgements 1429 The authors would like to thank the valuable comments made by Peter 1430 Lothberg, Wojciech Dec, Ian Farrer, Suresh Krishnan, Qian Wang, Wei 1431 Meng, Cui Wang, Alan Dekok, Stefan Winter, and Yu Tianpeng to this 1432 document. 1434 This document was merged with [I-D.sun-softwire-lw4over6-radext] and 1435 [I-D.wang-radext-multicast-radius-ext], thanks to everyone who 1436 contributed to this document. 1438 This document was produced using the xml2rfc tool [RFC7991]. 1440 Many thanks to Al Morton, Bernie Volz, Joel Halpern, and Donald 1441 Eastlake for the review. 1443 10. References 1445 10.1. Normative References 1447 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1448 Requirement Levels", BCP 14, RFC 2119, 1449 DOI 10.17487/RFC2119, March 1997, 1450 . 1452 [RFC2865] Rigney, C., Willens, S., Rubens, A., and W. Simpson, 1453 "Remote Authentication Dial In User Service (RADIUS)", 1454 RFC 2865, DOI 10.17487/RFC2865, June 2000, 1455 . 1457 [RFC3162] Aboba, B., Zorn, G., and D. Mitton, "RADIUS and IPv6", 1458 RFC 3162, DOI 10.17487/RFC3162, August 2001, 1459 . 1461 [RFC3575] Aboba, B., "IANA Considerations for RADIUS (Remote 1462 Authentication Dial In User Service)", RFC 3575, 1463 DOI 10.17487/RFC3575, July 2003, 1464 . 1466 [RFC5080] Nelson, D. and A. DeKok, "Common Remote Authentication 1467 Dial In User Service (RADIUS) Implementation Issues and 1468 Suggested Fixes", RFC 5080, DOI 10.17487/RFC5080, December 1469 2007, . 1471 [RFC5176] Chiba, M., Dommety, G., Eklund, M., Mitton, D., and B. 1472 Aboba, "Dynamic Authorization Extensions to Remote 1473 Authentication Dial In User Service (RADIUS)", RFC 5176, 1474 DOI 10.17487/RFC5176, January 2008, 1475 . 1477 [RFC6052] Bao, C., Huitema, C., Bagnulo, M., Boucadair, M., and X. 1478 Li, "IPv6 Addressing of IPv4/IPv6 Translators", RFC 6052, 1479 DOI 10.17487/RFC6052, October 2010, 1480 . 1482 [RFC6158] DeKok, A., Ed. and G. Weber, "RADIUS Design Guidelines", 1483 BCP 158, RFC 6158, DOI 10.17487/RFC6158, March 2011, 1484 . 1486 [RFC6929] DeKok, A. and A. Lior, "Remote Authentication Dial In User 1487 Service (RADIUS) Protocol Extensions", RFC 6929, 1488 DOI 10.17487/RFC6929, April 2013, 1489 . 1491 [RFC8026] Boucadair, M. and I. Farrer, "Unified IPv4-in-IPv6 1492 Softwire Customer Premises Equipment (CPE): A DHCPv6-Based 1493 Prioritization Mechanism", RFC 8026, DOI 10.17487/RFC8026, 1494 November 2016, . 1496 [RFC8044] DeKok, A., "Data Types in RADIUS", RFC 8044, 1497 DOI 10.17487/RFC8044, January 2017, 1498 . 1500 [RFC8115] Boucadair, M., Qin, J., Tsou, T., and X. Deng, "DHCPv6 1501 Option for IPv4-Embedded Multicast and Unicast IPv6 1502 Prefixes", RFC 8115, DOI 10.17487/RFC8115, March 2017, 1503 . 1505 [RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for 1506 Writing an IANA Considerations Section in RFCs", BCP 26, 1507 RFC 8126, DOI 10.17487/RFC8126, June 2017, 1508 . 1510 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 1511 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 1512 May 2017, . 1514 [RFC8415] Mrugalski, T., Siodelski, M., Volz, B., Yourtchenko, A., 1515 Richardson, M., Jiang, S., Lemon, T., and T. Winters, 1516 "Dynamic Host Configuration Protocol for IPv6 (DHCPv6)", 1517 RFC 8415, DOI 10.17487/RFC8415, November 2018, 1518 . 1520 10.2. Informative References 1522 [I-D.sun-softwire-lw4over6-radext] 1523 Xie, C., Sun, Q., Qiong, Q., Zhou, C., Tsou, T., and Z. 1524 Liu, "Radius Extension for Lightweight 4over6", draft-sun- 1525 softwire-lw4over6-radext-01 (work in progress), March 1526 2014. 1528 [I-D.wang-radext-multicast-radius-ext] 1529 Wang, Q., Meng, W., Wang, C., and M. Boucadair, "RADIUS 1530 Extensions for IPv4-Embedded Multicast and Unicast IPv6 1531 Prefixes", draft-wang-radext-multicast-radius-ext-00 (work 1532 in progress), December 2015. 1534 [RFC2607] Aboba, B. and J. Vollbrecht, "Proxy Chaining and Policy 1535 Implementation in Roaming", RFC 2607, 1536 DOI 10.17487/RFC2607, June 1999, 1537 . 1539 [RFC2869] Rigney, C., Willats, W., and P. Calhoun, "RADIUS 1540 Extensions", RFC 2869, DOI 10.17487/RFC2869, June 2000, 1541 . 1543 [RFC4301] Kent, S. and K. Seo, "Security Architecture for the 1544 Internet Protocol", RFC 4301, DOI 10.17487/RFC4301, 1545 December 2005, . 1547 [RFC6333] Durand, A., Droms, R., Woodyatt, J., and Y. Lee, "Dual- 1548 Stack Lite Broadband Deployments Following IPv4 1549 Exhaustion", RFC 6333, DOI 10.17487/RFC6333, August 2011, 1550 . 1552 [RFC6346] Bush, R., Ed., "The Address plus Port (A+P) Approach to 1553 the IPv4 Address Shortage", RFC 6346, 1554 DOI 10.17487/RFC6346, August 2011, 1555 . 1557 [RFC6519] Maglione, R. and A. Durand, "RADIUS Extensions for Dual- 1558 Stack Lite", RFC 6519, DOI 10.17487/RFC6519, February 1559 2012, . 1561 [RFC6614] Winter, S., McCauley, M., Venaas, S., and K. Wierenga, 1562 "Transport Layer Security (TLS) Encryption for RADIUS", 1563 RFC 6614, DOI 10.17487/RFC6614, May 2012, 1564 . 1566 [RFC6977] Boucadair, M. and X. Pougnard, "Triggering DHCPv6 1567 Reconfiguration from Relay Agents", RFC 6977, 1568 DOI 10.17487/RFC6977, July 2013, 1569 . 1571 [RFC7596] Cui, Y., Sun, Q., Boucadair, M., Tsou, T., Lee, Y., and I. 1572 Farrer, "Lightweight 4over6: An Extension to the Dual- 1573 Stack Lite Architecture", RFC 7596, DOI 10.17487/RFC7596, 1574 July 2015, . 1576 [RFC7597] Troan, O., Ed., Dec, W., Li, X., Bao, C., Matsushima, S., 1577 Murakami, T., and T. Taylor, Ed., "Mapping of Address and 1578 Port with Encapsulation (MAP-E)", RFC 7597, 1579 DOI 10.17487/RFC7597, July 2015, 1580 . 1582 [RFC7598] Mrugalski, T., Troan, O., Farrer, I., Perreault, S., Dec, 1583 W., Bao, C., Yeh, L., and X. Deng, "DHCPv6 Options for 1584 Configuration of Softwire Address and Port-Mapped 1585 Clients", RFC 7598, DOI 10.17487/RFC7598, July 2015, 1586 . 1588 [RFC7599] Li, X., Bao, C., Dec, W., Ed., Troan, O., Matsushima, S., 1589 and T. Murakami, "Mapping of Address and Port using 1590 Translation (MAP-T)", RFC 7599, DOI 10.17487/RFC7599, July 1591 2015, . 1593 [RFC7991] Hoffman, P., "The "xml2rfc" Version 3 Vocabulary", 1594 RFC 7991, DOI 10.17487/RFC7991, December 2016, 1595 . 1597 [RFC8114] Boucadair, M., Qin, C., Jacquenet, C., Lee, Y., and Q. 1598 Wang, "Delivery of IPv4 Multicast Services to IPv4 Clients 1599 over an IPv6 Multicast Network", RFC 8114, 1600 DOI 10.17487/RFC8114, March 2017, 1601 . 1603 Appendix A. DHCPv6 to RADIUS Field Mappings 1605 The following sections detail the mappings between the softwire 1606 DHCPv6 option fields and the relevant RADIUS attributes as defined in 1607 this document. 1609 A.1. OPTION_S46_RULE (89) to Softwire46-Rule Sub-TLV Field Mappings 1610 +---------------------+----------------------+----------------------+ 1611 | OPTION_S46_RULE | Softwire46-Rule Name | TLV Subfield | 1612 | Field | | | 1613 +---------------------+----------------------+----------------------+ 1614 | flags | N/A | TLV-type (TBD7, | 1615 | | | TBD8) | 1616 | ea-len | EA-Length | EA-len | 1617 | prefix4-len | Rule-IPv4-Prefix | Prefix-Length | 1618 | ipv4-prefix | Rule-IPv4-Prefix | rule-ipv4-prefix | 1619 | prefix6-len | Rule-IPv6-Prefix | Prefix-Length | 1620 | ipv6-prefix | Rule-IPv6-Prefix | rule-ipv6-prefix | 1621 +---------------------+----------------------+----------------------+ 1623 A.2. OPTION_S46_BR (90) to Softwire46-BR Field Mappings 1625 +---------------------+------------------------+ 1626 | OPTION_S46_BR Field | Softwire46-BR Subfield | 1627 +---------------------+------------------------+ 1628 | br-ipv6-address | br-ipv6-address | 1629 +---------------------+------------------------+ 1631 A.3. OPTION_S46_DMR (91) to Softwire46-DMR 1633 +---------------------+-------------------------+ 1634 | OPTION_S46_BR Field | Softwire46-DMR Subfield | 1635 +---------------------+-------------------------+ 1636 | dmr-prefix6-len | dmr-prefix6-len | 1637 | dmr-ipv6-prefix | dmr-ipv6-prefix | 1638 +---------------------+-------------------------+ 1640 A.4. OPTION_S46_V4V6BIND (92) to Softwire46-V4V6Bind 1642 +-----------------------+------------------------+------------------+ 1643 | OPTION_S46_V4V6BIND | Softwire46-V4V6Bind | TLV Subfield | 1644 | Field | Name | | 1645 +-----------------------+------------------------+------------------+ 1646 | ipv4-address | IPv4-Address | ipv4-address | 1647 | bindprefix6-len | Bind-IPv6-Prefix | Prefix-Length | 1648 | bind-ipv6-prefix | Bind-IPv6-Prefix | bind-ipv6-prefix | 1649 +-----------------------+------------------------+------------------+ 1651 A.5. OPTION_S46_PORTPARAMS (93) to Softwire46-PORTPARAMS Field Mappings 1652 +--------------------------+--------------------------+-------------+ 1653 | OPTION_S46_PORTPARAMS | Softwire46-PORTPARAMS | TLV | 1654 | Field | Name | Subfield | 1655 +--------------------------+--------------------------+-------------+ 1656 | offset | PSID-Offset | PSID-Offset | 1657 | PSID-len | PSID-Len | PSID-len | 1658 | PSID | PSID | PSID | 1659 +--------------------------+--------------------------+-------------+ 1661 A.6. OPTION_S46_PRIORITY (111) to Softwire46-PORTPARAMS Field Mappings 1663 +---------------------------+---------------------------------------+ 1664 | OPTION_S46_PRIORITY Field | Softwire46-Priority Attribute | 1665 | | Subfield | 1666 +---------------------------+---------------------------------------+ 1667 | s46-option-code | Softwire46-option-code | 1668 +---------------------------+---------------------------------------+ 1670 A.7. OPTION_V6_PREFIX64 (113) to Softwire46-Multicast Attribute Field 1671 Mappings 1673 +--------------------+------------------------------+---------------+ 1674 | OPTION_V6_PREFIX64 | Softwire46-Multicast | TLV Subfield | 1675 | Field | Attribute TLV Name | | 1676 +--------------------+------------------------------+---------------+ 1677 | asm-length | ASM-Prefix64 | Prefix-Length | 1678 | ASM_mPrefix64 | ASM-Prefix64 | asm-prefix64 | 1679 | ssm-length | SSM-Prefix64 | Prefix-Length | 1680 | SSM_mPrefix64 | SSM-Prefix64 | ssm-prefix64 | 1681 | unicast-length | U-Prefix64 | Prefix-Length | 1682 | uPrefix64 | U-Prefix64 | u-prefix64 | 1683 +--------------------+------------------------------+---------------+ 1685 Authors' Addresses 1687 Sheng Jiang 1688 Huawei Technologies Co., Ltd 1689 Q14, Huawei Campus, No.156 Beiqing Road 1690 Hai-Dian District, Beijing, 100095 1691 P.R. China 1693 Email: jiangsheng@huawei.com 1694 Yu Fu 1695 CNNIC 1696 No.4 South 4th Street, Zhongguancun 1697 Hai-Dian District, Beijing, 100190 1698 P.R. China 1700 Email: eleven711711@foxmail.com 1702 Chongfeng Xie 1703 China Telecom 1704 Beijing 1705 P.R. China 1707 Email: xiechf.bri@chinatelecom.cn 1709 Tianxiang Li 1710 Tsinghua University 1711 Beijing 100084 1712 P.R.China 1714 Email: peter416733@gmail.com 1716 Mohamed Boucadair (editor) 1717 Orange 1718 Rennes, 35000 1719 France 1721 Email: mohamed.boucadair@orange.com