[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: RADEXT WG last call on RADIUS attributes for IPv6 Access Networks

 

> -----Original Message-----
> From: owner-radiusext@ops.ietf.org 
> [mailto:owner-radiusext@ops.ietf.org] On Behalf Of Peter Deacon
> Sent: 02 March 2010 00:15
> To: Bernard Aboba
> Cc: radiusext@ops.ietf.org
> Subject: RE: RADEXT WG last call on RADIUS attributes for 
> IPv6 Access Networks
> 
> On Mon, 1 Mar 2010, Bernard Aboba wrote:
> 
> > Yes, there is a difference.  Framed-IPv6-Prefix is specifically for 
> > use within a Router Advertisement. So if the RADIUS server were to 
> > send a Framed-IPv6-Prefix of /128 to the NAS, this would be 
> inserted 
> > in the RA by the NAS (which is probably not what you want).
> 
> RFC3162 does not mention which underlying technology is used 
> for assignment.
> 
> > An IPv6-Framed-Address on the other hand, is for use within 
> the NAS's 
> > embedded DHCPv6 server.
> 
> DHCPv6 is capable of assignment of both single addresses and prefixes.
> 
> > Note that it is possible for a NAS to support *both* stateless 
> > autoconfig and DHCPv6, so that both attributes could be 
> present in the 
> > same Access-Accept.  This is yet another reason why distinct 
> > attributes are required -- how else could the NAS figure out which 
> > attribute is to be used for what purpose?
> 
> The way I see consistancy is leaving "how" up to the NAS and 
> authorization attributes "what" (Prefixes, Ipv6 or both) up 
> to the draft.
> 
> A more to the point and salient question - what is the 
> expected difference in behavior for an access server should 
> Framed-IPv6-Prefix /128 be used in lieu of IPv6-Framed-Address?
> 
> If the /128 prefix approach is used should I expect that an 
> IP would be assigned to the end user?
> 
> Just don't want existing stuff to become broken :(

Precisely that's the reason for having the new attribute as opposed to
overloading the previous one for the case when the full /128 is to be
passed down instead of a /64 (or less) for use in SLAAC. Having the two
separated ensures that existing stuff doesn't get broken.

Regards,
Woj.

> 
> regards,
> Peter
> 
> > -----Original Message-----
> > From: owner-radiusext@ops.ietf.org 
> > [mailto:owner-radiusext@ops.ietf.org] On Behalf Of Peter Deacon
> > Sent: Monday, March 01, 2010 12:12 PM
> > To: radiusext@ops.ietf.org
> > Subject: Re: RADEXT WG last call on RADIUS attributes for 
> IPv6 Access 
> > Networks
> >
> > On Mon, 1 Mar 2010, Bernard Aboba wrote:
> >
> >> This is an announcement of RADEXT WG last call on "RADIUS 
> attributes 
> >> for IPv6 Access Networks" before sending the document off 
> to the IESG 
> >> for consideration as a Proposed Standard.  A copy of the 
> document is 
> >> available for inspection here:
> >
> >> http://tools.ietf.org/html/draft-ietf-radext-ipv6-access
> >
> > 3.1.
> >
> > I'm confused on IPv6-Framed-Address and Framed-IPv6-Prefix 
> from RFC 3162.
> > It looks as if both attributes accomplish the same goal.  
> Is there a 
> > difference between IPv6-Framed-Address and 
> Framed-IPv6-Prefix of /128?
> >
> > regards,
> > Peter
> >
> >
> 

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>