[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Issue 224: RFC 3576bis and Renumbering



Issue 224: RFC 3576bis and Renumbering
Submitter name: Bernard Aboba
Submitter email address: aboba@internaut.com
Date first submitted: March 19, 2007
Reference:
Document: RFC 3576bis-00
Comment type: T
Priority: S
Section: Various
Rationale/Explanation of issue:

During the 16ng meeting, the need for renumbering support in 3576bis was discussed. This would involve changing the Framed-IPv6-Prefix and Delegated-IPv6-Prefix attributes in a CoA-Request, so that the new prefixes could be advertised. In reviewing RFC 3576, it appears that Framed-IPv6-Prefix is used as an identifying attribute and therefore it cannot be changed in a CoA-Request (although it would be possible to use Service-Type="Authorize Only" to change it). The same thing is true of Framed-IP-Address and Framed-Interface-Id, although these attributes are typically used with PPP, so they would only be effective if the user was able to renegotiate NCP in mid-session, which most implementations don't support.

In rereading RFC 3576, it also seems to imply that only the attributes listed in the table can be included in a CoA-Request, which would limit the ability to include a Delegated-IPv6-Prefix attribute. However, the point is really that a NAS might not support an attribute that is being changed (new or old), so that the text should make that point instead.

Assuming that existing implementations aren't using the Framed-IP-Address, Framed-IPv6-Prefix and Framed-Interface-Id attributes for session identification, my recommendation is that we consider removing them from the list of session identification attributes. Attributes such as Acct-Session-Id, User-Name, NAS-Port, etc. remain and should be adequate for session identification.

We also should add the VLAN attributes defined in RFC 4675 to the list of attributes.

The required changes are as follows:

Change:

"This is true even for attributes
specified within [RFC2865], [RFC2868], [RFC2869],
[RFC3162] or [RFC3579] as allowable within Access-Accept packets.
As a result, if attributes beyond those specified in Section 3.5

To:

"This is true even for attributes specified as allowable within
Access-Accept packets (such as within
[RFC2865],[RFC2868],[RFC2869],[RFC3162],[RFC3579],[RFC4675],
[RFCFilter][RFCDelegated]).  As a result, if unsupported attributes"

Remove Framed-IP-Address, Framed-Interface-Id and Framed-IPv6-Prefix from the list of session identification attributes.

In the Attribute Table, change Framed-IP-Address, Framed-Interface-Id and Framed-IPv6-Prefix from [Note 1] (Session Identification Attributes) to [Note 3] authorization attributes changeable in a CoA-Request. Remove them from the attributes includable in a Disconnect-Request. Add Delegated-IPv6-Prefix as changeable in a CoA-Request (0+) [Note 3]. Add Egress-VLANID, Ingress-Filters, Egress-VLAN-Name, User-Priority-Table Attributes as changeable in the CoA-Request.

Add references to RFC 4675 and the Delegated-IPv6-Prefix documents.

Add the following statements to Appendix A:

Updated CoA-Request Attribute Table to include Filter-Rule, Delegated-IPv6-Prefix, Egress-VLANID, Ingress-Filters, Egress-VLAN-Name, User-Priority-Table Attributes.

Clarified use of Framed-IPv6-Prefix, Framed-IP-Address, Delegated-IPv6-Prefix in renumbering.



--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>