[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Review of draft-ietf-radext-fixes-01.txt

To: radiusext@ops.ietf.org
Subject: Review of draft-ietf-radext-fixes-01.txt
From: "Bernard Aboba" <bernard_aboba@hotmail.com>
Date: Thu, 22 Feb 2007 13:44:31 -0800
Bcc:

Aside from the comments included below, this document looks good.

Section 2.6

  Where a NAS offers multiple services, confusion may result with
  respect to interpretation of a Disconnect-Request [RFC3576].  In
  order to prevent confusion a RADIUS Server SHOULD identify the
  session that it desires to terminate as specifically as possible.
  For example, an Acct-Session-Id attribute SHOULD be included in
  Disconnect-Request and CoA-Request packets, rather than just the
  User-Name attribute.

I think this material might better belong in RFC 3576bis.

Section 2.11

  An ISP may desire to support Prefix Delegation at the same time that
  it would like to assign a prefix for the link between the NAS and the
  user.  The intent of the paragraph was to enable the NAS to advertise
  the prefix (such as via a Router Advertisement). If the Framed-
  Routing attribute is used, it is also possible that the prefix would
  be advertised in a routing protocol such as RIPNG.

You might include a reference to the RADIUS Prefix Delegation document
(now in the RFC Editor Queue).

  It appears that the Framed-IPv6-Prefix is used for the link between
  the NAS and CPE only if a /64 prefix is assigned.  When a larger
  prefix is sent, the intent is for the NAS to send a routing
  advertisement containing the information present in the Framed-
  IPv6-Prefix attribute.

Even if a /64 prefix is assigned, I think that the NAS is expected
to send an RA to the CPE, no?  Otherwise I'm not sure how the CPE
could learn the prefix.

The other issue is how the CPE obtains a prefix to use for its own
network, in the case that the CPE is decrementing TTL.  Prefix
Delegation is the mechanism created for that purpose.  If the CPE
is acting as a Bridge or ND-Proxy, then it does not need to request
that a prefix be delegated.  It might make sense to say a few words
about this.



--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Follow-Ups:
- Re: Review of draft-ietf-radext-fixes-01.txt
  - From: Alan DeKok <aland@nitros9.org>

Prev by Date: Thoughts on RADIUS Crypto-agility
Next by Date: REMINDER: RADEXT WG last call on RFC 4590bis
Previous by thread: Thoughts on RADIUS Crypto-agility
Next by thread: Re: Review of draft-ietf-radext-fixes-01.txt
Index(es):
- Date
- Thread