Date: Mon, 1 Aug 2011 12:47:38 -0400
Subject: Re: çå: Q on Ver.-05 of draft-ietf-radext-ipv6-access after IETF81 radext session
From: wdec@cisco.com
To: leaf.y.yeh@huawei.com; roberta.maglione@telecomitalia.it; jacniq@gmail.com
CC: draft-ietf-radext-ipv6-access@tools.ietf.org; radiusext@ops.ietf.org; fine_sz@huawei.com; qiujin@huawei.com; wangshuxiang@huawei.com
Hi All,
Allow me to share some comments:
-
There is precedent of multiple âspecificâ named pools; Framed-Pool, Framed-IPv6-Pool, and the uncontested Delegated-IPv6-Prefix-Pool. There is also a special code in the Framed-IPX-Network
attribute that conveys it pool like characteristics.
-
There is little that disallows a vendor from implementing just one named pool for all protocols and all methods of assignment ( the Framed-Pool appears to have been envisaged for
that ) and then using some implementation specific logic (eg parsing for a name) to figure out/how itâs to be used.
-
The problem with relying on implementation specific features riding on standard Attributes, as opposed to say VSAs, is that nothing indicates to the server/client if the recipient
actually supports such special features and assures correct interpretation. Eg if we used the Framed-Pool as the ONE named pool attribute, with a carried string âIPv4â, âIPv6â or âDHCPv6-PDâ, etc, parsed/whatever to indicate the role, it would be all doable,
but a likely mess should anything go wrong (eg a device not supporting some mode), without clear indication of error.
Since the Radius specification is NOT about specifying implementation the only reliable/unambiguous manner in which different pools/methods can be utilized would appear to be using different attributes as proposed in the current draft. Time (precedent) also
appears to have proved this as a desirable protocol characteristic.
Are there any other options/solutions available that do not call on implicit features being there?
Regards,
Wojciech.
On 26/07/2011 22:51, "Leaf yeh" <leaf.y.yeh@huawei.com> wrote:
[RM] NAS can have many pools configured locally: how does the NAS know which pool is for SLAAC and which pool is for DHCPv6?
I supposed the local configuration on the NAS will answer this question.
Best Regards,
Leaf
åää: Maglione Roberta
[roberta.maglione@telecomitalia.it]
åéæé: 2011å7æ27æ
3:54
å: Leaf yeh; 'Jacni Qin'
Cc:
draft-ietf-radext-ipv6-access@tools.ietf.org;
radiusext@ops.ietf.org; fine_sz@huawei.com; Qiujin; Wangshuxiang
äé: RE: Q on Ver.-05 of draft-ietf-radext-ipv6-access
after IETF81 radext session
From: Leaf yeh [mailto:leaf.y.yeh@huawei.com]
Sent: martedà 26 luglio 2011 21.50
To: Maglione Roberta; 'Jacni Qin'
Cc:
draft-ietf-radext-ipv6-access@tools.ietf.org;
radiusext@ops.ietf.org; fine_sz@huawei.com; Qiujin; Wangshuxiang
Subject: çå: Q on Ver.-05 of draft-ietf-radext-ipv6-access after IETF81 radext session
[RM] All the configured pools are the same for the NAS, in this case an extra logic would be needed to instruct the NAS about which pool is for SLAAC and which one
is for DHCPv6
The pools configured on the NAS are not necessary to be the same. AAA server doesn't really need to instruct the NAS the specified type of pools, which is already
configured on the NAS. Right?
[RM] NAS can have many pools configured locally: how does the NAS know which pool is for SLAAC and which pool is for DHCPv6?
Roberta
Best Regards,
Leaf
åää:
Maglione Roberta [roberta.maglione@telecomitalia.it]
åéæé: 2011å7æ27æ
2:27
å: Leaf yeh; 'Jacni Qin'
Cc:
draft-ietf-radext-ipv6-access@tools.ietf.org;
radiusext@ops.ietf.org; fine_sz@huawei.com; Qiujin; Wangshuxiang
äé: RE: Q on Ver.-05 of draft-ietf-radext-ipv6-access
after IETF81 radext session
Please see inline.
Best regards,
Roberta
From: Leaf yeh [mailto:leaf.y.yeh@huawei.com]
Sent: martedà 26 luglio 2011 20.22
To: Maglione Roberta; 'Jacni Qin'
Cc:
draft-ietf-radext-ipv6-access@tools.ietf.org;
radiusext@ops.ietf.org; fine_sz@huawei.com; Qiujin; Wangshuxiang
Subject: çå: Q on Ver.-05 of draft-ietf-radext-ipv6-access after IETF81 radext session
Roberta - If you use the same attribute for both scenarios how does the NAS know if that pool is for SLAAC or for Stateful DHCPv6?
NAS already has those pool names in its configuration, right?
[RM] yes pools are already configured in the NAS
NAS does know which one is for SLAAC prefix pool, which one is for DHCPv6 address pool.
[RM] All the configured pools are the same for the NAS, in this case an extra logic would be needed to instruct the NAS about which pool is for SLAAC and which one
is for DHCPv6
Thatâs why in my opinion the Stateful-IPv6-Address-Pool is required.
Best Regards,
Leaf
åää:
Maglione Roberta [roberta.maglione@telecomitalia.it]
åéæé: 2011å7æ27æ
2:13
å: 'Jacni Qin'
Cc: Leaf yeh;
draft-ietf-radext-ipv6-access@tools.ietf.org;
radiusext@ops.ietf.org; fine_sz@huawei.com; Qiujin; Wangshuxiang
äé: RE: Q on Ver.-05 of draft-ietf-radext-ipv6-access
after IETF81 radext session
Hi Jacni,
If you use the same attribute for both scenarios how does the NAS know if that pool is for SLAAC or for Stateful DHCPv6?
Thanks,
Regards,
Roberta
________________________________________
From: Jacni Qin [mailto:jacniq@gmail.com]
Sent: martedà 26 luglio 2011 20.03
To: Maglione Roberta
Cc: Leaf yeh;
draft-ietf-radext-ipv6-access@tools.ietf.org;
radiusext@ops.ietf.org; fine_sz@huawei.com; Qiujin; Wangshuxiang
Subject: Re: Q on Ver.-05 of draft-ietf-radext-ipv6-access after IETF81 radext session
Hi Roberta,
I agree with you about the semantical logic, while "Stateful-IPv6-Address-Pool" is not necessary, IMHO.
Cheers,
Jacni
On Wed, Jul 27, 2011 at 1:55 AM, Maglione Roberta <roberta.maglione@telecomitalia.it> wrote:
Hello Leaf,
The different attributes proposed in this draft for the pools name have all the same format (a string), but semantically they are different, as they coved different scenarios.
As you also summarized in your email below,
Framed-Pool was designed for the IPv4 address pool;
Framed-IPv6-Pool was designed for the IPv6 SLAAC prefix pool;
Delegated-IPv6-Prefix-Pool is designed for DHCPv6-PD prefix pool;
Stateful-IPv6-Address-Pool is designed for DHCPv6 address pool;
So each attribute covers a different use-case/scenario and they can appear in the same RADIUS packet at the same time.
If you want to use a single pool name use to cover all the 4 use cases listed above, you would also need to define a standard format/syntax for the pool name that allows the NAS to be able to disambiguate among the different scenarios and in order to do that
the NAS would need to have an extra logic to infer the semantic of that specific attribute from the assigned name.
Instead if you have a specific attribute for each specific scenario, the semantic is mapped to the attribute name, thus the NAS does not need an extra logic to discovery the purpose of that pool and the pool name can be any string, no limitation or special
syntax is forced for the pool name.
Thanks,
Regards,
Roberta
________________________________________
From: owner-radiusext@ops.ietf.org [mailto:owner-radiusext@ops.ietf.org] On Behalf Of Leaf yeh
Sent: lunedà 25 luglio 2011 18.23
To:
draft-ietf-radext-ipv6-access@tools.ietf.org;
radiusext@ops.ietf.org
Cc: fine_sz@huawei.com; Qiujin; Wangshuxiang
Subject: Q on Ver.-05 of draft-ietf-radext-ipv6-access after IETF81 radext session
Question for clarification:
We already have the following Radius Attributes for the address/prefix pools:
Framed-Pool (88, section 5.18 of RFC2869),
Framed-IPv6-Pool (100, section 2.6 of RFC3162).
http://www.iana.org/assignments/radius-types/radius-types.xml
The foramt are the same as follows:
0 1 2
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | String...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
draft-ietf-radext-ipv6-access-05 is proposing 2 new attributes for address/prefix pools:
Delegated-IPv6-Prefix-Pool,
Stateful-IPv6-Address-Pool,
the fomat of these 2 attributes are the same as the above one.
Supposed the above attributes could be explained as follows:
Framed-Pool was designed for the IPv4 address pool;
Framed-IPv6-Pool was designed for the IPv6 SLAAC prefix pool;
Delegated-IPv6-Prefix-Pool is designed for DHCPv6-PD prefix pool;
Stateful-IPv6-Address-Pool is designed for DHCPv6 address pool;
All above attributes are only used to provide the name of the address/prefix pools in a 'string'. I doubt the necessity to make so many 'name' or 'string' attributes for the different address/prefix pools to prevent the ambiguity. I guess 1 attribute for the
name of the address/prefix pools might be enough. In fact, the NAS take the role to interpret the meaning of the pook name, right?
I think Framed-Pool can be re-used for the design purpose of Stateful-IPv6-Address-Pool. Do we have any limitation on the usage of Framed-Pool for IPv6?
I think Framed-IPv6-Pool can be re-used for the design purpose of Delegated-IPv6-Prefix-Pool to indicate a pool of IPv6 prefix pool. I could even think Framed-Pool can replace Framed-IPv6-Pool to indicate the name of a IPv6 prefix/address pool per the same
logic. Am I right?
Best Regards,
Leaf
Questo messaggio e i suoi allegati sono indirizzati esclusivamente alle persone indicate. La diffusione, copia o qualsiasi altra azione derivante dalla conoscenza di queste informazioni sono rigorosamente vietate. Qualora abbiate ricevuto questo documento per
errore siete cortesemente pregati di darne immediata comunicazione al mittente e di provvedere alla sua distruzione, Grazie.
This e-mail and any attachments is confidential and may contain privileged information intended for the addressee(s) only. Dissemination, copying, printing or use by anybody else is unauthorised. If you are not the intended recipient, please delete this message
and any attachments and advise the sender by return e-mail, Thanks.
Rispetta l'ambiente. Non stampare questa mail se non à necessario.
Questo messaggio e i suoi allegati sono indirizzati esclusivamente alle persone indicate. La diffusione, copia o qualsiasi altra azione derivante dalla conoscenza di queste informazioni sono rigorosamente vietate. Qualora abbiate ricevuto questo documento per
errore siete cortesemente pregati di darne immediata comunicazione al mittente e di provvedere alla sua distruzione, Grazie.
This e-mail and any attachments is confidential and may contain privileged information intended for the addressee(s) only. Dissemination, copying, printing or use by anybody else is unauthorised. If you are not the intended recipient, please delete this message
and any attachments and advise the sender by return e-mail, Thanks.
Questo messaggio e i suoi allegati sono indirizzati esclusivamente alle persone indicate. La diffusione, copia o qualsiasi altra azione derivante dalla conoscenza di queste
informazioni sono rigorosamente vietate. Qualora abbiate ricevuto questo documento per errore siete cortesemente pregati di darne immediata comunicazione al mittente e di provvedere alla sua distruzione, Grazie.
This e-mail and any attachments is confidential and may contain privileged information intended for the addressee(s) only. Dissemination, copying, printing or use by anybody else is unauthorised. If you are not the intended recipient, please delete this
message and any attachments and advise the sender by return e-mail, Thanks.
Rispetta l'ambiente. Non stampare questa mail se non à necessario.
Questo messaggio e i suoi allegati sono indirizzati esclusivamente alle persone indicate. La diffusione, copia o qualsiasi altra azione derivante dalla conoscenza di queste
informazioni sono rigorosamente vietate. Qualora abbiate ricevuto questo documento per errore siete cortesemente pregati di darne immediata comunicazione al mittente e di provvedere alla sua distruzione, Grazie.
This e-mail and any attachments is confidential and may contain privileged information intended for the addressee(s) only. Dissemination, copying, printing or use by anybody else is unauthorised. If you are not the intended recipient, please delete this
message and any attachments and advise the sender by return e-mail, Thanks.
Rispetta l'ambiente. Non stampare questa mail se non à necessario.