Issue 224: RFC 3576bis and Renumbering

["Bernard Aboba" <bernard_aboba@hotmail.com>]

Issue 224: RFC 3576bis and Renumbering
Submitter name: Bernard Aboba
Submitter email address: aboba@internaut.com
Date first submitted: March 19, 2007
Reference:
Document: RFC 3576bis-00
Comment type: T
Priority: S
Section: Various
Rationale/Explanation of issue:

During the 16ng meeting, the need for renumbering support in 3576bis was 
discussed.  This would involve changing the Framed-IPv6-Prefix and 
Delegated-IPv6-Prefix attributes in a CoA-Request, so that the new prefixes 
could be advertised.   In reviewing RFC 3576, it appears that 
Framed-IPv6-Prefix is used as an identifying attribute and therefore it 
cannot be changed in a CoA-Request (although it would be possible to use 
Service-Type="Authorize Only" to change it).   The same thing is true of 
Framed-IP-Address and Framed-Interface-Id, although these attributes are 
typically used with PPP, so they would only be effective if the user was 
able to renegotiate NCP in mid-session, which most implementations don't 
support.

In rereading RFC 3576, it also seems to imply that only the attributes 
listed in the table can be included in a CoA-Request, which would limit the 
ability to include a Delegated-IPv6-Prefix attribute.  However, the point is 
really that a NAS might not support an attribute that is being changed (new 
or old), so that the text should make that point instead.

Assuming that existing implementations aren't using the Framed-IP-Address, 
Framed-IPv6-Prefix and Framed-Interface-Id attributes for session 
identification, my recommendation is that we consider removing them from the 
list of session identification attributes.  Attributes such as 
Acct-Session-Id, User-Name, NAS-Port, etc. remain and should be adequate for 
session identification.

We also should add the VLAN attributes defined in RFC 4675 to the list of 
attributes.

The required changes are as follows:

Change:

"This is true even for attributes
specified within [RFC2865], [RFC2868], [RFC2869],
[RFC3162] or [RFC3579] as allowable within Access-Accept packets.
As a result, if attributes beyond those specified in Section 3.5

To:

"This is true even for attributes specified as allowable within
Access-Accept packets (such as within
[RFC2865],[RFC2868],[RFC2869],[RFC3162],[RFC3579],[RFC4675],
[RFCFilter][RFCDelegated]).  As a result, if unsupported attributes"

Remove Framed-IP-Address, Framed-Interface-Id and Framed-IPv6-Prefix from 
the list of session identification attributes.

In the Attribute Table, change Framed-IP-Address, Framed-Interface-Id and 
Framed-IPv6-Prefix from [Note 1] (Session Identification Attributes) to 
[Note 3] authorization attributes changeable in a CoA-Request.  Remove them 
from the attributes includable in a Disconnect-Request.  Add 
Delegated-IPv6-Prefix as changeable in a CoA-Request (0+) [Note 3].  Add 
Egress-VLANID, Ingress-Filters, Egress-VLAN-Name, User-Priority-Table 
Attributes as changeable in the CoA-Request.

Add references to RFC 4675 and the Delegated-IPv6-Prefix documents.

Add the following statements to Appendix A:

Updated CoA-Request Attribute Table to include Filter-Rule, 
Delegated-IPv6-Prefix, Egress-VLANID, Ingress-Filters, Egress-VLAN-Name, 
User-Priority-Table Attributes.

Clarified use of Framed-IPv6-Prefix, Framed-IP-Address, 
Delegated-IPv6-Prefix in renumbering.



--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>