1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
|
<pre>Internet Engineering Task Force (IETF) W. Dec, Ed.
Request for Comments: 6911 Cisco Systems, Inc.
Category: Standards Track B. Sarikaya
ISSN: 2070-1721 Huawei USA
G. Zorn, Ed.
Network Zen
D. Miles
Google
B. Lourdelet
Juniper Networks
April 2013
<span class="h1">RADIUS Attributes for IPv6 Access Networks</span>
Abstract
This document specifies additional IPv6 RADIUS Attributes useful in
residential broadband network deployments. The Attributes, which are
used for authorization and accounting, enable assignment of a host
IPv6 address and an IPv6 DNS server address via DHCPv6, assignment of
an IPv6 route announced via router advertisement, assignment of a
named IPv6 delegated prefix pool, and assignment of a named IPv6 pool
for host DHCPv6 addressing.
Status of This Memo
This is an Internet Standards Track document.
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by the
Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in <a href="./rfc5741#section-2">Section 2 of RFC 5741</a>.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
<a href="http://www.rfc-editor.org/info/rfc6911">http://www.rfc-editor.org/info/rfc6911</a>.
<span class="grey">Dec, et al. Standards Track [Page 1]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-2" ></span>
<span class="grey"><a href="./rfc6911">RFC 6911</a> RADIUS IPv6 Access April 2013</span>
Copyright Notice
Copyright (c) 2013 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to <a href="https://www.rfc-editor.org/bcp/bcp78">BCP 78</a> and the IETF Trust's Legal
Provisions Relating to IETF Documents
(<a href="http://trustee.ietf.org/license-info">http://trustee.ietf.org/license-info</a>) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
<a href="#section-1">1</a>. Introduction . . . . . . . . . . . . . . . . . . . . . . . . <a href="#page-3">3</a>
<a href="#section-1.1">1.1</a>. Requirements Language . . . . . . . . . . . . . . . . . . <a href="#page-3">3</a>
<a href="#section-2">2</a>. Deployment Scenarios . . . . . . . . . . . . . . . . . . . . <a href="#page-3">3</a>
<a href="#section-2.1">2.1</a>. IPv6 Address Assignment . . . . . . . . . . . . . . . . . <a href="#page-4">4</a>
<a href="#section-2.2">2.2</a>. DNS Servers . . . . . . . . . . . . . . . . . . . . . . . <a href="#page-5">5</a>
<a href="#section-2.3">2.3</a>. IPv6 Route Information . . . . . . . . . . . . . . . . . <a href="#page-5">5</a>
<a href="#section-2.4">2.4</a>. Delegated IPv6 Prefix Pool . . . . . . . . . . . . . . . <a href="#page-6">6</a>
<a href="#section-2.5">2.5</a>. Stateful IPv6 Address Pool . . . . . . . . . . . . . . . <a href="#page-6">6</a>
<a href="#section-3">3</a>. Attributes . . . . . . . . . . . . . . . . . . . . . . . . . <a href="#page-6">6</a>
<a href="#section-3.1">3.1</a>. Framed-IPv6-Address . . . . . . . . . . . . . . . . . . . <a href="#page-6">6</a>
<a href="#section-3.2">3.2</a>. DNS-Server-IPv6-Address . . . . . . . . . . . . . . . . . <a href="#page-8">8</a>
<a href="#section-3.3">3.3</a>. Route-IPv6-Information . . . . . . . . . . . . . . . . . <a href="#page-9">9</a>
<a href="#section-3.4">3.4</a>. Delegated-IPv6-Prefix-Pool . . . . . . . . . . . . . . . <a href="#page-10">10</a>
<a href="#section-3.5">3.5</a>. Stateful-IPv6-Address-Pool . . . . . . . . . . . . . . . <a href="#page-11">11</a>
<a href="#section-3.6">3.6</a>. Table of Attributes . . . . . . . . . . . . . . . . . . . <a href="#page-11">11</a>
<a href="#section-4">4</a>. Diameter Considerations . . . . . . . . . . . . . . . . . . . <a href="#page-12">12</a>
<a href="#section-5">5</a>. Security Considerations . . . . . . . . . . . . . . . . . . . <a href="#page-12">12</a>
<a href="#section-6">6</a>. IANA Considerations . . . . . . . . . . . . . . . . . . . . . <a href="#page-12">12</a>
<a href="#section-7">7</a>. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . <a href="#page-13">13</a>
<a href="#section-8">8</a>. References . . . . . . . . . . . . . . . . . . . . . . . . . <a href="#page-13">13</a>
<a href="#section-8.1">8.1</a>. Normative References . . . . . . . . . . . . . . . . . . <a href="#page-13">13</a>
<a href="#section-8.2">8.2</a>. Informative References . . . . . . . . . . . . . . . . . <a href="#page-13">13</a>
<span class="grey">Dec, et al. Standards Track [Page 2]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-3" ></span>
<span class="grey"><a href="./rfc6911">RFC 6911</a> RADIUS IPv6 Access April 2013</span>
<span class="h2"><a class="selflink" id="section-1" href="#section-1">1</a>. Introduction</span>
This document specifies additional RADIUS Attributes used to support
configuration of DHCPv6 and/or ICMPv6 Router Advertisement (RA)
parameters on a per-user basis. The Attributes, which complement
those defined in [<a href="./rfc3162" title=""RADIUS and IPv6"">RFC3162</a>] and [<a href="./rfc4818" title=""RADIUS Delegated-IPv6-Prefix Attribute"">RFC4818</a>], support the following:
o The assignment of specific IPv6 addresses to hosts via DHCPv6.
o The assignment of an IPv6 DNS server address, via DHCPv6 or Router
Advertisement [<a href="./rfc6106" title=""IPv6 Router Advertisement Options for DNS Configuration"">RFC6106</a>].
o The configuration of more specific routes to be announced to the
user via the Route Information Option defined in <a href="./rfc4191#section-2.3">[RFC4191],
Section 2.3</a>.
o The assignment of a named delegated prefix pool for use with "IPv6
Prefix Options for Dynamic Host Configuration Protocol (DHCP)
version 6" [<a href="./rfc3633" title=""IPv6 Prefix Options for Dynamic Host Configuration Protocol (DHCP) version 6"">RFC3633</a>].
o The assignment of a named stateful address pool for use with
DHCPv6 stateful address assignment [<a href="./rfc3315" title=""Dynamic Host Configuration Protocol for IPv6 (DHCPv6)"">RFC3315</a>].
<span class="h3"><a class="selflink" id="section-1.1" href="#section-1.1">1.1</a>. Requirements Language</span>
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in <a href="./rfc2119">RFC 2119</a> [<a href="./rfc2119" title=""Key words for use in RFCs to Indicate Requirement Levels"">RFC2119</a>].
<span class="h2"><a class="selflink" id="section-2" href="#section-2">2</a>. Deployment Scenarios</span>
The extensions in this document are intended to be applicable across
a wide variety of network access scenarios in which RADIUS is
involved. One such typical network scenario is illustrated in Figure
1. It is composed of an IP Routing Residential Gateway (RG) or host;
a Layer 2 Access Node (AN), e.g., a Digital Subscriber Line Access
Multiplexer (DSLAM); an IP Network Access Server (NAS) (incorporating
an Authentication, Authorization, and Accounting (AAA) client); and a
AAA server.
<span class="grey">Dec, et al. Standards Track [Page 3]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-4" ></span>
<span class="grey"><a href="./rfc6911">RFC 6911</a> RADIUS IPv6 Access April 2013</span>
+-----+
| AAA |
| |
+--+--+
^
.
.(RADIUS)
.
v
+------+ +---+---+
+------+ | | | |
| RG/ +-------| AN +-----------+----------+ NAS |
| host | | | | |
+------+ (DSL) +------+ (Ethernet) +-------+
Figure 1
In the depicted scenario, the NAS may utilize an IP address
configuration protocol (e.g., DHCPv6) to handle address assignment to
RGs/hosts. The RADIUS server authenticates each RG/host and returns
the Attributes used for authorization and accounting. These
Attributes can include a host's IPv6 address, a DNS server address,
and a set of IPv6 routes to be advertised via any suitable protocol,
e.g., ICMPv6 (Neighbor Discovery). The name of a prefix pool to be
used for DHCPv6 Prefix Delegation or the name of an address pool to
be used for DHCPv6 address assignment can also be Attributes provided
to the NAS by the RADIUS AAA server.
The following subsections discuss how these Attributes are used in
more detail.
<span class="h3"><a class="selflink" id="section-2.1" href="#section-2.1">2.1</a>. IPv6 Address Assignment</span>
DHCPv6 [<a href="./rfc3315" title=""Dynamic Host Configuration Protocol for IPv6 (DHCPv6)"">RFC3315</a>] provides a mechanism to assign one or more non-
temporary IPv6 addresses to hosts. To provide a DHCPv6 server
residing on a NAS with one or more IPv6 addresses to be assigned,
this document specifies the Framed-IPv6-Address Attribute
(<a href="#section-3.1">Section 3.1</a>).
While [<a href="./rfc3162" title=""RADIUS and IPv6"">RFC3162</a>] permits the specification of an IPv6 address via the
combination of the Framed-Interface-Id and Framed-IPv6-Prefix
Attributes, this separation is more natural for use with PPP's IPv6
Control Protocol than it is for use with DHCPv6, and the use of a
single IPv6 address Attribute makes for easier processing of
accounting records.
<span class="grey">Dec, et al. Standards Track [Page 4]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-5" ></span>
<span class="grey"><a href="./rfc6911">RFC 6911</a> RADIUS IPv6 Access April 2013</span>
Because DHCPv6 can be deployed on the same network as ICMPv6
stateless address autoconfiguration (SLAAC) [<a href="./rfc4862" title=""IPv6 Stateless Address Autoconfiguration"">RFC4862</a>], it is possible
that the NAS will require both stateful and stateless configuration
information. Therefore, it is possible for the Framed-IPv6-Address,
Framed-IPv6-Prefix, and Framed-Interface-Id Attributes [<a href="./rfc3162" title=""RADIUS and IPv6"">RFC3162</a>] to
be included within the same packet. To avoid ambiguity in this case,
the Framed-IPv6-Address Attribute is intended for authorization and
accounting of DHCPv6-assigned addresses, and the Framed-IPv6-Prefix
and Framed-Interface-Id Attributes are used for authorization and
accounting of addresses assigned via SLAAC.
<span class="h3"><a class="selflink" id="section-2.2" href="#section-2.2">2.2</a>. DNS Servers</span>
DHCPv6 provides an option for configuring a host with the IPv6
address of a DNS server. The IPv6 address of a DNS server can also
be conveyed to the host using ICMPv6 with Router Advertisements, via
the Recursive DNS Server Option [<a href="./rfc6106" title=""IPv6 Router Advertisement Options for DNS Configuration"">RFC6106</a>]. To provide the NAS with
the IPv6 address of one or more DNS servers, this document specifies
the DNS-Server-IPv6-Address Attribute (<a href="#section-3.2">Section 3.2</a>).
<span class="h3"><a class="selflink" id="section-2.3" href="#section-2.3">2.3</a>. IPv6 Route Information</span>
The IPv6 Route Information Option [<a href="./rfc4191" title=""Default Router Preferences and More-Specific Routes"">RFC4191</a>], is intended to be used
to inform a host connected to the NAS that a specific route is
reachable via any given NAS.
This document specifies the Route-IPv6-Information Attribute
(<a href="#section-3.3">Section 3.3</a>) that allows the AAA server to provision the
announcement by the NAS of a specific Route Information Option to an
accessing host. The NAS may advertise this route using the method
defined in <a href="./rfc4191">RFC 4191</a> or other equivalent methods. Any other
information, such as preference or lifetime values, that is to be
present in the actual announcement using a given method is assumed to
be determined by the NAS using means not specified by this document
(e.g., local configuration on the NAS).
While the Framed-IPv6-Prefix Attribute (<a href="./rfc3162#section-2.3">[RFC3162], Section 2.3</a>)
allows the route to be advertised in an RA, it cannot be used to
configure more specific routes. While the Framed-IPv6-Route
Attribute (<a href="./rfc3162#section-2.5">[RFC3162], Section 2.5</a>) causes the route to be configured
on the NAS and potentially to be announced via an IP routing
protocol, depending on the value of Framed-Routing, it does not
result in the route being announced in an RA.
<span class="grey">Dec, et al. Standards Track [Page 5]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-6" ></span>
<span class="grey"><a href="./rfc6911">RFC 6911</a> RADIUS IPv6 Access April 2013</span>
<span class="h3"><a class="selflink" id="section-2.4" href="#section-2.4">2.4</a>. Delegated IPv6 Prefix Pool</span>
DHCPv6 Prefix Delegation (DHCPv6-PD) [<a href="./rfc3633" title=""IPv6 Prefix Options for Dynamic Host Configuration Protocol (DHCP) version 6"">RFC3633</a>] involves a delegating
router selecting a prefix and delegating it on a temporary basis to a
requesting router. The delegating router may implement a number of
strategies as to how it chooses what prefix is to be delegated to a
requesting router, one of them being the use of a local named prefix
pool. The Delegated-IPv6-Prefix-Pool Attribute (<a href="#section-3.4">Section 3.4</a>) allows
the RADIUS server to convey a prefix pool name to a NAS that is
hosting a DHCPv6-PD server and that is acting as a delegating router.
Because DHCPv6 Prefix Delegation can be used with SLAAC on the same
network, it is possible for the Delegated-IPv6-Prefix-Pool and
Framed-IPv6-Pool Attributes to be included within the same packet.
To avoid ambiguity in this scenario, use of the Delegated-IPv6-
Prefix-Pool Attribute should be restricted to authorization and
accounting of prefix pools used in DHCPv6 Prefix Delegation, and the
Framed-IPv6-Pool Attribute should be used for authorization and
accounting of prefix pools used in SLAAC.
<span class="h3"><a class="selflink" id="section-2.5" href="#section-2.5">2.5</a>. Stateful IPv6 Address Pool</span>
DHCPv6 [<a href="./rfc3315" title=""Dynamic Host Configuration Protocol for IPv6 (DHCPv6)"">RFC3315</a>] provides a mechanism to assign one or more non-
temporary IPv6 addresses to hosts. <a href="#section-3.1">Section 3.1</a> introduces the
Framed-IPv6-Address Attribute to be used to provide a DHCPv6 server
residing on a NAS with one or more IPv6 addresses to be assigned to
the clients. An alternative way to achieve a similar result is for
the NAS to select the IPv6 address to be assigned from an address
pool configured for this purpose on the NAS. This document specifies
the Stateful-IPv6-Address-Pool Attribute (<a href="#section-3.5">Section 3.5</a>) to allow the
RADIUS server to convey a pool name to be used for such stateful
DHCPv6-based addressing and for any subsequent accounting.
<span class="h2"><a class="selflink" id="section-3" href="#section-3">3</a>. Attributes</span>
The fields shown in the diagrams below are transmitted from left to
right.
<span class="h3"><a class="selflink" id="section-3.1" href="#section-3.1">3.1</a>. Framed-IPv6-Address</span>
The Framed-IPv6-Address Attribute indicates an IPv6 address that is
assigned to the NAS-facing interface of the RG/host. It MAY be used
in Access-Accept packets and MAY appear multiple times. It MAY be
used in an Access-Request packet as a hint by the NAS to the RADIUS
server that it would prefer this IPv6 address, but the RADIUS server
is not required to honor the hint. Because it is assumed that the
<span class="grey">Dec, et al. Standards Track [Page 6]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-7" ></span>
<span class="grey"><a href="./rfc6911">RFC 6911</a> RADIUS IPv6 Access April 2013</span>
NAS will add a route corresponding to the address, it is not
necessary for the RADIUS server to also send a host Framed-IPv6-Route
Attribute for the same address.
This Attribute can be used by a DHCPv6 process on the NAS to assign a
unique IPv6 address to the RG/host.
A summary of the Framed-IPv6-Address Attribute format is shown below.
The format of the Address field is identical to that of the
corresponding field in the NAS-IPv6-Address Attribute [<a href="./rfc3162" title=""RADIUS and IPv6"">RFC3162</a>].
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Address
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Address (cont)
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Address (cont)
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Address (cont)
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Address (cont) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
168 for Framed-IPv6-Address
Length
18
Address
A 128-bit IPv6 address.
<span class="grey">Dec, et al. Standards Track [Page 7]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-8" ></span>
<span class="grey"><a href="./rfc6911">RFC 6911</a> RADIUS IPv6 Access April 2013</span>
<span class="h3"><a class="selflink" id="section-3.2" href="#section-3.2">3.2</a>. DNS-Server-IPv6-Address</span>
The DNS-Server-IPv6-Address Attribute contains the IPv6 address of a
DNS server. This Attribute MAY be included multiple times in Access-
Accept packets when the intention is for a NAS to announce more than
one DNS server address to an RG/host. The Attribute MAY be used in
an Access-Request packet as a hint by the NAS to the RADIUS server
regarding the DNS IPv6 address, but the RADIUS server is not required
to honor the hint.
The content of this Attribute can be copied to an instance of the
DHCPv6 DNS Recursive Name Server Option [<a href="./rfc3646" title=""DNS Configuration options for Dynamic Host Configuration Protocol for IPv6 (DHCPv6)"">RFC3646</a>] or to an IPv6
Router Advertisement Recursive DNS Server Option [<a href="./rfc6106" title=""IPv6 Router Advertisement Options for DNS Configuration"">RFC6106</a>]. If more
than one DNS-Server-IPv6-Address Attribute is present in the Access-
Accept packet, the addresses from the Attributes SHOULD be copied in
the same order as received.
A summary of the DNS-Server-IPv6-Address Attribute format is given
below. The format of the Address field is the same as that of the
corresponding field in the NAS-IPv6-Address Attribute [<a href="./rfc3162" title=""RADIUS and IPv6"">RFC3162</a>].
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Address
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Address (cont)
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Address (cont)
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Address (cont)
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Address (cont) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
169 for DNS-Server-IPv6-Address
Length
18
Address
The 128-bit IPv6 address of a DNS server.
<span class="grey">Dec, et al. Standards Track [Page 8]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-9" ></span>
<span class="grey"><a href="./rfc6911">RFC 6911</a> RADIUS IPv6 Access April 2013</span>
<span class="h3"><a class="selflink" id="section-3.3" href="#section-3.3">3.3</a>. Route-IPv6-Information</span>
The Route-IPv6-Information Attribute specifies a prefix (and
corresponding route) for the user on the NAS, which is to be
announced using the Route Information Option defined in "Default
Router Preferences and More Specific Routes" <a href="./rfc4191#section-2.3">[RFC4191], Section 2.3</a>.
It is used in the Access-Accept packet and can appear multiple times.
It MAY be used in an Access-Request packet as a hint by the NAS to
the RADIUS server, but the RADIUS server is not required to honor the
hint. The Route-IPv6-Information Attribute format is depicted below.
The format of the prefix is as per [<a href="./rfc3162" title=""RADIUS and IPv6"">RFC3162</a>].
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Reserved | Prefix-Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
. Prefix (variable) .
. .
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
170 for Route-IPv6-Information
Length
Length, in bytes. At least 4 and no larger than 20; typically, 12
or less.
Prefix Length
8-bit unsigned integer. The number of leading bits in the prefix
that are valid. The value can range from 0 to 128. The prefix
field is 0, 8, or 16 octets depending on Length.
Prefix
Variable-length field containing an IP prefix. The prefix length
field contains the number of valid leading bits in the prefix.
The bits in the prefix after the prefix length, if any, are
reserved and MUST be initialized to zero.
<span class="grey">Dec, et al. Standards Track [Page 9]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-10" ></span>
<span class="grey"><a href="./rfc6911">RFC 6911</a> RADIUS IPv6 Access April 2013</span>
<span class="h3"><a class="selflink" id="section-3.4" href="#section-3.4">3.4</a>. Delegated-IPv6-Prefix-Pool</span>
The Delegated-IPv6-Prefix-Pool Attribute contains the name of an
assigned pool that SHOULD be used to select an IPv6 delegated prefix
for the user on the NAS. If a NAS does not support prefix pools, the
NAS MUST ignore this Attribute. It MAY be used in an Access-Request
packet as a hint by the NAS to the RADIUS server regarding the pool,
but the RADIUS server is not required to honor the hint.
A summary of the Delegated-IPv6-Prefix-Pool Attribute format is shown
below.
0 1 2
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | String...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
171 for Delegated-IPv6-Prefix-Pool
Length
Length, in bytes. At least 3.
String
The string field contains the name of an assigned IPv6 prefix pool
configured on the NAS. The field is not NULL (hexadecimal 00)
terminated.
Note: The string data type is as documented in [<a href="./rfc6158" title=""RADIUS Design Guidelines"">RFC6158</a>] and carries
binary data that is external to the RADIUS protocol, e.g., the name
of a pool of prefixes configured on the NAS.
<span class="grey">Dec, et al. Standards Track [Page 10]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-11" ></span>
<span class="grey"><a href="./rfc6911">RFC 6911</a> RADIUS IPv6 Access April 2013</span>
<span class="h3"><a class="selflink" id="section-3.5" href="#section-3.5">3.5</a>. Stateful-IPv6-Address-Pool</span>
The Stateful-IPv6-Address-Pool Attribute contains the name of an
assigned pool that SHOULD be used to select an IPv6 address for the
user on the NAS. If a NAS does not support address pools, the NAS
MUST ignore this Attribute. A summary of the Stateful-IPv6-Address-
Pool Attribute format is shown below. It MAY be used in an Access-
Request packet as a hint by the NAS to the RADIUS server regarding
the pool, but the RADIUS server is not required to honor the hint.
0 1 2
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | String...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
172 for Stateful-IPv6-Address-Pool
Length
Length, in bytes. At least 3.
String
The string field contains the name of an assigned IPv6 stateful
address pool configured on the NAS. The field is not NULL
(hexadecimal 00) terminated.
Note: The string data type is as documented in [<a href="./rfc6158" title=""RADIUS Design Guidelines"">RFC6158</a>] and carries
binary data that is external to the RADIUS protocol, e.g., the name
of a pool of addresses configured on the NAS.
<span class="h3"><a class="selflink" id="section-3.6" href="#section-3.6">3.6</a>. Table of Attributes</span>
The following table provides a guide to which Attributes may be found
in which kinds of packets, and in what quantity. The optional
inclusion of the options in Access Request messages is intended to
allow for a NAS to provide the RADIUS server with a hint of the
Attributes in advance of user authentication, which may be useful in
cases in which a user reconnects or has a static address. The server
is under no obligation to honor such hints.
<span class="grey">Dec, et al. Standards Track [Page 11]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-12" ></span>
<span class="grey"><a href="./rfc6911">RFC 6911</a> RADIUS IPv6 Access April 2013</span>
Request Accept Reject Challenge Accounting # Attribute
Request
0+ 0+ 0 0 0+ 168 Framed-IPv6-Address
0+ 0+ 0 0 0+ 169 DNS-Server-IPv6-Address
0+ 0+ 0 0 0+ 170 Route-IPv6-Information
0+ 0+ 0 0 0+ 171 Delegated-IPv6-Prefix-Pool
0+ 0+ 0 0 0+ 172 Stateful-IPv6-Address-Pool
<span class="h2"><a class="selflink" id="section-4" href="#section-4">4</a>. Diameter Considerations</span>
Given that the Attributes defined in this document are allocated from
the standard RADIUS type space (see <a href="#section-6">Section 6</a>), no special handling
is required by Diameter entities.
<span class="h2"><a class="selflink" id="section-5" href="#section-5">5</a>. Security Considerations</span>
This document specifies additional IPv6 RADIUS Attributes useful in
residential broadband network deployments. In such networks, the
RADIUS protocol may run either over IPv4 or over IPv6, and known
security vulnerabilities of the RADIUS protocol, e.g., [<a href="#ref-SECI" title=""An Analysis of the RADIUS Authentication Protocol"">SECI</a>], apply
to the Attributes defined in this document. A trust relationship
between a NAS and RADIUS server is expected to be in place, with
communication optionally secured by IPsec or Transport Layer Security
(TLS) [<a href="./rfc6614" title=""Transport Layer Security (TLS) Encryption for RADIUS"">RFC6614</a>].
<span class="h2"><a class="selflink" id="section-6" href="#section-6">6</a>. IANA Considerations</span>
IANA has assigned five new RADIUS Attribute types in the "Radius
Attribute Types" registry (currently located at
<a href="http://www.iana.org/assignments/radius-types">http://www.iana.org/assignments/radius-types</a>) for the following
Attributes:
o Framed-IPv6-Address
o DNS-Server-IPv6-Address
o Route-IPv6-Information
o Delegated-IPv6-Prefix-Pool
o Stateful-IPv6-Address-Pool
<span class="grey">Dec, et al. Standards Track [Page 12]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-13" ></span>
<span class="grey"><a href="./rfc6911">RFC 6911</a> RADIUS IPv6 Access April 2013</span>
<span class="h2"><a class="selflink" id="section-7" href="#section-7">7</a>. Acknowledgments</span>
The authors would like to thank Bernard Aboba, Benoit Claise, Peter
Deacon, Alan DeKok, Ralph Droms, Brian Haberman, Alfred Hines,
Stephen Farrell, Jouni Korhonen, Roberta Maglione, Pete Resnick, Mark
Smith, and Leaf Yeh for their help and comments in reviewing this
document.
<span class="h2"><a class="selflink" id="section-8" href="#section-8">8</a>. References</span>
<span class="h3"><a class="selflink" id="section-8.1" href="#section-8.1">8.1</a>. Normative References</span>
[<a id="ref-RFC2119">RFC2119</a>] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", <a href="https://www.rfc-editor.org/bcp/bcp14">BCP 14</a>, <a href="./rfc2119">RFC 2119</a>, March 1997.
[<a id="ref-RFC4862">RFC4862</a>] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless
Address Autoconfiguration", <a href="./rfc4862">RFC 4862</a>, September 2007.
<span class="h3"><a class="selflink" id="section-8.2" href="#section-8.2">8.2</a>. Informative References</span>
[<a id="ref-RFC3162">RFC3162</a>] Aboba, B., Zorn, G., and D. Mitton, "RADIUS and IPv6", <a href="./rfc3162">RFC</a>
<a href="./rfc3162">3162</a>, August 2001.
[<a id="ref-RFC3315">RFC3315</a>] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C.,
and M. Carney, "Dynamic Host Configuration Protocol for
IPv6 (DHCPv6)", <a href="./rfc3315">RFC 3315</a>, July 2003.
[<a id="ref-RFC3633">RFC3633</a>] Troan, O. and R. Droms, "IPv6 Prefix Options for Dynamic
Host Configuration Protocol (DHCP) version 6", <a href="./rfc3633">RFC 3633</a>,
December 2003.
[<a id="ref-RFC3646">RFC3646</a>] Droms, R., "DNS Configuration options for Dynamic Host
Configuration Protocol for IPv6 (DHCPv6)", <a href="./rfc3646">RFC 3646</a>,
December 2003.
[<a id="ref-RFC4191">RFC4191</a>] Draves, R. and D. Thaler, "Default Router Preferences and
More-Specific Routes", <a href="./rfc4191">RFC 4191</a>, November 2005.
[<a id="ref-RFC4818">RFC4818</a>] Salowey, J. and R. Droms, "RADIUS Delegated-IPv6-Prefix
Attribute", <a href="./rfc4818">RFC 4818</a>, April 2007.
[<a id="ref-RFC6106">RFC6106</a>] Jeong, J., Park, S., Beloeil, L., and S. Madanapalli,
"IPv6 Router Advertisement Options for DNS Configuration",
<a href="./rfc6106">RFC 6106</a>, November 2010.
[<a id="ref-RFC6158">RFC6158</a>] DeKok, A. and G. Weber, "RADIUS Design Guidelines", <a href="https://www.rfc-editor.org/bcp/bcp158">BCP</a>
<a href="https://www.rfc-editor.org/bcp/bcp158">158</a>, <a href="./rfc6158">RFC 6158</a>, March 2011.
<span class="grey">Dec, et al. Standards Track [Page 13]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-14" ></span>
<span class="grey"><a href="./rfc6911">RFC 6911</a> RADIUS IPv6 Access April 2013</span>
[<a id="ref-RFC6614">RFC6614</a>] Winter, S., McCauley, M., Venaas, S., and K. Wierenga,
"Transport Layer Security (TLS) Encryption for RADIUS",
<a href="./rfc6614">RFC 6614</a>, May 2012.
[<a id="ref-SECI">SECI</a>] Hill, J., "An Analysis of the RADIUS Authentication
Protocol", November 2001, <<a href="http://regul.uni-mb.si/~meolic/ptk-seminarske/radius.pdf">http://regul.uni-mb.si/~meolic/</a>
<a href="http://regul.uni-mb.si/~meolic/ptk-seminarske/radius.pdf">ptk-seminarske/radius.pdf</a>>.
<span class="grey">Dec, et al. Standards Track [Page 14]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-15" ></span>
<span class="grey"><a href="./rfc6911">RFC 6911</a> RADIUS IPv6 Access April 2013</span>
Authors' Addresses
Wojciech Dec (editor)
Cisco Systems, Inc.
Haarlerbergweg 13-19
Amsterdam, Noord-Holland 1101 CH
Netherlands
EMail: wdec@cisco.com
Behcet Sarikaya
Huawei USA
1700 Alma Drive, Suite 500
Plano, TX
US
Phone: +1 972-509-5599
EMail: sarikaya@ieee.org
Glen Zorn (editor)
Network Zen
227/358 Thanon Sanphawut
Bang Na, Bangkok 10260
Thailand
Phone: +66 (0) 8-1000-4155
EMail: glenzorn@gmail.com
David Miles
Google
EMail: davidmiles@google.com
Benoit Lourdelet
Juniper Networks
France
EMail: blourdel@juniper.net
Dec, et al. Standards Track [Page 15]
</pre>
|
