[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Review of draft-ietf-radext-fixes-00.txt



Review of draft-ietf-radext-fixes-00.txt

Overall, this document looks good.  Some comments:

Section 2.6

  For example, a NAS may offer multi-link services, where a user may
  have multiple simultaneous network connections. In that case, an
  Access-Reject for a later multi-link connection request does not
  necessarily mean that earlier multi-link connections are torn down.
  Similarly, if a NAS offers both dialup and VOIP services, the
  rejection of a VOIP attempt does not mean that the dialup session is
  torn down.

Please spell out VOIP on first usage.

Section 2.7.1

  Since Link-Local addresses are unique only on the local link, if the
  NAS and RADIUS server are not on the same link, then an IPv6 Link-
  Local address [RFC2462] or an IPv4 Link-Local Address [RFC3927]
  cannot be used to uniquely identify the NAS.  A RADIUS server
  receiving a NAS-IPv6-Address or NAS-IP-Address attribute containing a
  Link-Local address SHOULD NOT count such an attribute toward
  satisfying the requirements of [RFC3162] Section 2.1:

I think we also need advice for the RADIUS client.  For example:
"A NAS SHOULD NOT utilize a link-scope address within a NAS-IPv6-Address
or NAS-IP-Address attributes."

2.10.  Responses after retransmissions.

Remove the "." in the section heading.

2.11

  If an ISP desires to support Prefix Delegation at the same time that
  it would like to assign a prefix for the link between the NAS and
  customer premises equipment (CPE). In this situation, the sematics of
  Framed-IPv6-Prefix may be unclear, in that it is difficult to know
  which prefixes are to be used for delegation, and which one is to be
  used for the link.  The intent of the paragraph was to enable the NAS
  to advertise the prefix (such as via a Router Advertisement). If the
  Framed-Routing attribute is used, it is also possible that the prefix
  would be advertised in a routing protocol such as RIPNG.

The first sentence is not complete.  Also, the Delegated-IPv6-Prefix
document now states that Framed-IPv6-Prefix is not used for the purposes
of delegation.  Suggest the following rewording:

  An ISP may desire to support Prefix Delegation at the same time that
  it would like to assign a prefix for the link between the NAS and
  the user.  The intent of the paragraph was to enable the NAS
  to advertise the prefix (such as via a Router Advertisement). If the
  Framed-Routing attribute is used, it is also possible that the prefix
  would be advertised in a routing protocol such as RIPNG.

Also in Section 2.11:

  It appears that the Framed-IPv6-Prefix is used for the link between
  the NAS and CPE only if a /64 prefix is assigned.  When a larger
  prefix is sent, the intent is to provide the entire prefix to the
  CPE, enabling the CPE to assign sub-prefixes if it wishes to do so.

This would seem to conflict with the Delegated-IPv6-Prefix attribute.
Rather, I think that the result is probably for the NAS to send an
RA containing whatever is placed in the Framed-IPv6-Prefix attribute.

Issues still not addressed
----------------------------------

This draft does not address Issues 107 and 146 on the RADEXT Issues list:
http://www.drizzle.com/~aboba/RADEXT/

Is there an implicit recommendation that these issues be rejected?

IDNITs

I ran IDNITs on the document, and it found some issues:

idnits 1.123

tmp/draft-ietf-radext-fixes-00.txt:


 Checking nits according to http://www.ietf.org/ID-Checklist.html:

   Checking conformance with RFC 3978/3979 boilerplate...

 - In addition to a regular copyright notice, the document also has a
   copyright notice embedded in the text.

 Checking nits according to http://www.ietf.org/ietf/1id-guidelines.txt:
 - The page length should not exceed 58 lines per page, but there was 19
   longer pages, the longest (page 2) being 60 lines
 - It seems as if not all pages are separated by form feeds - found 0 form
   feeds but 20 pages

 Miscellaneous warnings:
 - The copyright year in the IETF Trust Copyright Line does not match the
   current year

 Experimental warnings:
 - Looks like a reference, but probably isn't: '1' on line 465 (?)
'[1] New RADIUS specifications and implementations MUST NOT use Access...'

 - Looks like a reference, but probably isn't: '2' on line 468 (?)
'[2] Access-Reject MUST mean denial of access to the requested service...'

 - Looks like a reference, but probably isn't: '3' on line 472 (?)
   '[3]  New deployments of ARAP [RFC2869] SHOULD use Access-Challenge...'

 - Missing Reference: 'Note 2' is mentioned on line 489, but not defined
   '[Note 2] As per RFC 3579, the use of the Password-Retry in EAP...'

 - Unused Reference: 'RFC2867' is defined on line 759, but not referenced
'[RFC2867] Zorn, G., Aboba, B. and D. Mitton, "RADIUS Accounting Modifi...'

 - Unused Reference: 'RFC2868' is defined on line 763, but not referenced
'[RFC2868] Zorn, G., Leifer, D., Rubens, A., Shriver, J., Holdrege, M....'

 - Unused Reference: 'RFC2882' is defined on line 770, but not referenced
'[RFC2882] Mitton, D., "Network Access Servers Requirements: Extended R...'

 - Unused Reference: 'RFC3575' is defined on line 776, but not referenced
'[RFC3575] Aboba, B., "IANA Considerations for RADIUS", RFC 3575, July...'


   No nits found.



--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>