draft-ietf-dime-4over6-provisioning-02.txt   draft-ietf-dime-4over6-provisioning-03.txt 
Internet Engineering Task Force C. Zhou Internet Engineering Task Force C. Zhou
Internet-Draft Huawei Technologies Internet-Draft Huawei Technologies
Intended status: Standards Track T. Taylor Intended status: Standards Track T. Taylor
Expires: December 4, 2015 PT Taylor Consulting Expires: December 25, 2015 PT Taylor Consulting
Q. Sun Q. Sun
China Telecom China Telecom
M. Boucadair M. Boucadair
France Telecom France Telecom
June 2, 2015 June 23, 2015
Attribute-Value Pairs For Provisioning Customer Equipment Supporting Attribute-Value Pairs For Provisioning Customer Equipment Supporting
IPv4-Over-IPv6 Transitional Solutions IPv4-Over-IPv6 Transitional Solutions
draft-ietf-dime-4over6-provisioning-02 draft-ietf-dime-4over6-provisioning-03
Abstract Abstract
During the transition from IPv4 to IPv6, customer equipment may have During the transition from IPv4 to IPv6, customer equipment may have
to support one of the various transition methods that have been to support one of the various transition methods that have been
defined for carrying IPv4 packets over IPv6. This document defined for carrying IPv4 packets over IPv6. This document
enumerates the information that needs to be provisioned on a customer enumerates the information that needs to be provisioned on a customer
edge router to support a list of transition techniques based on edge router to support a list of transition techniques based on
tunneling IPv4 in IPv6, with a view to defining reusable components tunneling IPv4 in IPv6, with a view to defining reusable components
for a reasonable transition path between these techniques. To the for a reasonable transition path between these techniques. To the
skipping to change at page 1, line 47 skipping to change at page 1, line 47
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on December 4, 2015. This Internet-Draft will expire on December 25, 2015.
Copyright Notice Copyright Notice
Copyright (c) 2015 IETF Trust and the persons identified as the Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 28 skipping to change at page 2, line 28
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Requirements Language . . . . . . . . . . . . . . . . . . 4 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 4
2. Description of the Parameters Required By Each Transition 2. Description of the Parameters Required By Each Transition
Method . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Method . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
2.1. Parameters For Dual-Stack Lite (DS-Lite) . . . . . . . . 5 2.1. Parameters For Dual-Stack Lite (DS-Lite) . . . . . . . . 5
2.2. Lightweight IPv4 Over IPv6 (LW4over6) . . . . . . . . . . 5 2.2. Lightweight IPv4 Over IPv6 (LW4over6) . . . . . . . . . . 5
2.3. Port Set Specification . . . . . . . . . . . . . . . . . 5 2.3. Port Set Specification . . . . . . . . . . . . . . . . . 6
2.4. Mapping of Address and Port with Encapsulation (MAP-E) . 6 2.4. Mapping of Address and Port with Encapsulation (MAP-E) . 6
2.5. Parameters For Multicast . . . . . . . . . . . . . . . . 7 2.5. Parameters For Multicast . . . . . . . . . . . . . . . . 7
2.6. Summary and Discussion . . . . . . . . . . . . . . . . . 8 2.6. Summary and Discussion . . . . . . . . . . . . . . . . . 8
3. Attribute-Value Pair Definitions . . . . . . . . . . . . . . 8 3. Attribute-Value Pair Definitions . . . . . . . . . . . . . . 8
3.1. IP-Prefix-Length AVP . . . . . . . . . . . . . . . . . . 8 3.1. IP-Prefix-Length AVP . . . . . . . . . . . . . . . . . . 9
3.2. Border-Router-Name AVP . . . . . . . . . . . . . . . . . 9 3.2. Border-Router-Name AVP . . . . . . . . . . . . . . . . . 9
3.3. 64-Multicast-Attributes AVP . . . . . . . . . . . . . . . 9 3.3. 64-Multicast-Attributes AVP . . . . . . . . . . . . . . . 9
3.3.1. ASM-Prefix64 AVP . . . . . . . . . . . . . . . . . . 9 3.3.1. ASM-mPrefix64 AVP . . . . . . . . . . . . . . . . . . 10
3.3.2. SSM-Prefix64 AVP . . . . . . . . . . . . . . . . . . 10 3.3.2. SSM-mPrefix64 AVP . . . . . . . . . . . . . . . . . . 10
3.3.3. Delegated-IPv6-Prefix AVP As uPrefix64 . . . . . . . 10 3.3.3. Delegated-IPv6-Prefix AVP As uPrefix64 . . . . . . . 11
3.4. Tunnel-Source-Pref-Or-Addr AVP . . . . . . . . . . . . . 10 3.4. Tunnel-Source-Pref-Or-Addr AVP . . . . . . . . . . . . . 11
3.4.1. Delegated-IPv6-Prefix As the IPv6 Binding Prefix . . 11 3.4.1. Delegated-IPv6-Prefix As the IPv6 Binding Prefix . . 11
3.4.2. Tunnel-Source-IPv6-Address AVP . . . . . . . . . . . 11 3.4.2. Tunnel-Source-IPv6-Address AVP . . . . . . . . . . . 12
3.5. Port-Set-Identifier . . . . . . . . . . . . . . . . . . . 11 3.5. Port-Set-Identifier . . . . . . . . . . . . . . . . . . . 12
3.6. LW4over6-Binding . . . . . . . . . . . . . . . . . . . . 12 3.6. LW4over6-Binding AVP . . . . . . . . . . . . . . . . . . 12
3.7. MAP-E-Attributes . . . . . . . . . . . . . . . . . . . . 12 3.6.1. LW4over6-External-IPv4-Addr AVP . . . . . . . . . . . 13
3.8. MAP-Mapping-Rule . . . . . . . . . . . . . . . . . . . . 13 3.7. MAP-E-Attributes . . . . . . . . . . . . . . . . . . . . 13
3.8.1. Rule-IPv4-Addr-Or-Prefix AVP . . . . . . . . . . . . 14 3.8. MAP-Mesh-Mode . . . . . . . . . . . . . . . . . . . . . . 14
3.8.2. Rule-IPv6-Prefix AVP . . . . . . . . . . . . . . . . 14 3.9. MAP-Mapping-Rule . . . . . . . . . . . . . . . . . . . . 14
3.8.3. EA-Field-Length AVP . . . . . . . . . . . . . . . . . 15 3.9.1. Rule-IPv4-Addr-Or-Prefix AVP . . . . . . . . . . . . 15
3.8.4. Port-Set-Identifier AVP . . . . . . . . . . . . . . . 15 3.9.2. Rule-IPv6-Prefix AVP . . . . . . . . . . . . . . . . 15
4. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 15 3.9.3. EA-Field-Length AVP . . . . . . . . . . . . . . . . . 16
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 15 4. Attribute Value Pair flag rules . . . . . . . . . . . . . . . 16
6. Security Considerations . . . . . . . . . . . . . . . . . . . 16 5. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 18
7. References . . . . . . . . . . . . . . . . . . . . . . . . . 16 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 18
7.1. Normative References . . . . . . . . . . . . . . . . . . 16 7. Security Considerations . . . . . . . . . . . . . . . . . . . 18
7.2. Informative References . . . . . . . . . . . . . . . . . 17 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 19
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 18 8.1. Normative References . . . . . . . . . . . . . . . . . . 19
8.2. Informative References . . . . . . . . . . . . . . . . . 20
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 20
1. Introduction 1. Introduction
A number of transition technologies have been defined to allow IPv4 A number of transition techniques have been defined to allow IPv4
packets to pass between hosts and IPv4 networks over an intervening packets to pass between hosts and IPv4 networks over an intervening
IPv6 network while minimizing the number of public IPv4 addresses IPv6 network while minimizing the number of public IPv4 addresses
that need to be consumed by the hosts. Different operators will that need to be consumed by the hosts. Different operators will
deploy different technologies, and sometimes one operator will use deploy different technologies, and sometimes one operator will use
more than one technology, depending on what is supported by the more than one technology, depending on what is supported by the
available equipment and upon other factors both technical and available equipment and upon other factors both technical and
economic. economic.
Each technique requires the provisioning of some subscriber-specific Each technique requires the provisioning of some subscriber-specific
information on the customer edge device. The provisioning may be by information on the customer edge device. The provisioning may be by
skipping to change at page 4, line 38 skipping to change at page 4, line 40
an LW4over6 transitional tunnel to the border router. an LW4over6 transitional tunnel to the border router.
2. Description of the Parameters Required By Each Transition Method 2. Description of the Parameters Required By Each Transition Method
This section reviews the parameters that need to be provisioned for This section reviews the parameters that need to be provisioned for
each of the transition methods listed above. This enumeration each of the transition methods listed above. This enumeration
provides the justification for the AVPs defined in the next section. provides the justification for the AVPs defined in the next section.
A means is required to indicate which transition method(s) a given A means is required to indicate which transition method(s) a given
subscriber is allowed to use. The approach taken in this document is subscriber is allowed to use. The approach taken in this document is
to specify grouped AVPs specific to LW4over6 and MAP-E. The operator to specify Grouped AVPs specific to LW4over6 and MAP-E. The operator
can control which of these two transition methods a given subscriber can control which of these two transition methods a given subscriber
uses by ensuring that AAA passes only the grouped AVP relevant to uses by ensuring that AAA passes only the Grouped AVP relevant to
that method. A grouped AVP is unnecessary for Dual-Stack Lite, since that method. A Grouped AVP is unnecessary for Dual-Stack Lite, since
(as the next section indicates) AAA has to provide only one AAA has only to provide the Fully Qualified Domain Name (FQDN) of the
parameter. Hence the absence of either of the grouped AVPs indicates DS-Lite Address Family Transition Router (AFTR) (see Section 2.1).
that the subscriber equipment will use Dual-Stack Lite. Provisioning Hence when no Grouped AVP is provided either for LW4over6 or MAP-E
of multicast is an orthogonal activity, since it is independent of and only the AFTR's FQDN is present, this indicates that the
the transition method. subscriber equipment will use the Dual-Stack Lite transition method.
Provisioning of multicast is an orthogonal activity, since it is
independent of the transition method.
2.1. Parameters For Dual-Stack Lite (DS-Lite) 2.1. Parameters For Dual-Stack Lite (DS-Lite)
DS-Lite is documented in [RFC6333]. The Basic Bridging BroadBand DS-Lite is documented in [RFC6333]. The Basic Bridging BroadBand
(B4) element at the customer premises needs to be provisioned with (B4) element at the customer premises needs to discover the IPv6
the IPv6 address of the AFTR (border router). Optionally, it could address of the AFTR (border router). For the reasons discussed in
also be configured with the IPv4 address of the B4 interface facing Section 3.2, the AAA server provision the B4 element with the AFTR's
the tunnel, where the default value in the absence of provisioning is Fully Qualified Domain Name (FQDN) that is passed to a B4's IP
192.0.0.2 and valid values are 192.0.0.2 through 192.0.0.7. resolution library. The AFTR's FQDN is contained in the Border-
Provisioning this information through AAA is problematic because it Router-Name AVP (see Section 3.2).
is most likely used in a case where multiple B4 instances occupy the
same device. This document therefore assumes that the B4 interface The B4 element could also be configured with the IPv4 address of the
address is determined by other means (implementation-dependent or B4 interface facing the tunnel, with valid values from 192.0.0.2 to
static assignment). 192.0.0.7 and the default value of 192.0.0.2 in the absence of
provisioning. Provisioning such information through AAA is
problematic because it is most likely used in a case where multiple
B4 instances occupy the same device. This document therefore assumes
that the B4 interface address is determined by other means than AAA
(implementation-dependent or static assignment).
2.2. Lightweight IPv4 Over IPv6 (LW4over6) 2.2. Lightweight IPv4 Over IPv6 (LW4over6)
Light Weight IPv4 Over IPv6 (LW4over6) is documented in Light Weight IPv4 Over IPv6 (LW4over6) is documented in
[I-D.ietf-softwire-lw4over6]. LW4over6 requires four items to be [I-D.ietf-softwire-lw4over6]. LW4over6 requires four items to be
provisioned to the customer equipment: provisioned to the customer equipment:
o IPv6 address of the border router. o IPv6 address of the border router.
o IPv6 prefix used by the CE to construct the tunnel source address. o IPv6 prefix used by the CE to construct the tunnel source address.
skipping to change at page 7, line 32 skipping to change at page 7, line 39
[I-D.ietf-softwire-dslite-multicast] specifies a generic solution for [I-D.ietf-softwire-dslite-multicast] specifies a generic solution for
delivery of IPv4 multicast services to IPv4 clients over an IPv6 delivery of IPv4 multicast services to IPv4 clients over an IPv6
multicast network. The solution can be in particular deployed in a multicast network. The solution can be in particular deployed in a
DS-Lite context, but is also adaptable to LW4over6 and MAP-E. For DS-Lite context, but is also adaptable to LW4over6 and MAP-E. For
example, [I-D.ietf-softwire-multicast-prefix-option] specifies how example, [I-D.ietf-softwire-multicast-prefix-option] specifies how
DHCPv6 [RFC3315] can be used to provision multicast-related DHCPv6 [RFC3315] can be used to provision multicast-related
information. The following lists the multicast-related information information. The following lists the multicast-related information
that needs to be provisioned: that needs to be provisioned:
o ASM_mPrefix64: the IPv6 multicast prefix to be used to synthesize o ASM-mPrefix64: the IPv6 multicast prefix to be used to synthesize
the IPv4-embedded IPv6 addresses of the multicast groups in the the IPv4-embedded IPv6 addresses of the multicast groups in the
Any-Source Multicast (ASM) mode. This is achieved by Any-Source Multicast (ASM) mode. This is achieved by
concatenating the ASM_mPrefix64 and a IPv4 multicast address; the concatenating the ASM-mPrefix64 and a IPv4 multicast address; the
Pv4 multicast address is inserted in the last 32 bits of the Pv4 multicast address is inserted in the last 32 bits of the
IPv4-embedded IPv6 multicast address. IPv4-embedded IPv6 multicast address.
o SSM_mPrefix64: the IPv6 multicast prefix to be used to synthesize o SSM-mPrefix64: the IPv6 multicast prefix to be used to synthesize
the IPv4-embedded IPv6 addresses of the multicast groups in the the IPv4-embedded IPv6 addresses of the multicast groups in the
Source-Specific Multicast (SSM, [RFC4607]) mode. This is achieved Source-Specific Multicast (SSM, [RFC4607]) mode. This is achieved
by concatenating the SSM_mPrefix64 and a IPv4 multicast address; by concatenating the SSM-mPrefix64 and a IPv4 multicast address;
the Pv4 multicast address is inserted in the last 32 bits of the the Pv4 multicast address is inserted in the last 32 bits of the
IPv4-embedded IPv6 multicast address. IPv4-embedded IPv6 multicast address.
o uPrefix64: the IPv6 unicast prefix to be used in SSM mode for o uPrefix64: the IPv6 unicast prefix to be used in SSM mode for
constructing the IPv4-embedded IPv6 addresses representing the constructing the IPv4-embedded IPv6 addresses representing the
IPv4 multicast sources in the IPv6 domain. uPrefix64 may also be IPv4 multicast sources in the IPv6 domain. uPrefix64 may also be
used to extract the IPv4 address from the received multicast data used to extract the IPv4 address from the received multicast data
flows. The address mapping follows the guidelines documented in flows. The address mapping follows the guidelines documented in
[RFC6052]. [RFC6052].
skipping to change at page 8, line 44 skipping to change at page 9, line 7
3. Attribute-Value Pair Definitions 3. Attribute-Value Pair Definitions
This section provides the specifications for the AVPs needed to meet This section provides the specifications for the AVPs needed to meet
the requirements summarized in Section 2.6. Within the context of the requirements summarized in Section 2.6. Within the context of
their usage, all of these AVPs MUST have the M bit set and the V bit their usage, all of these AVPs MUST have the M bit set and the V bit
cleared. cleared.
3.1. IP-Prefix-Length AVP 3.1. IP-Prefix-Length AVP
The IP-Prefix-Length AVP (AVP code TBD00) is of type Unsignedint. It The IP-Prefix-Length AVP (AVP code TBD00) is of type Unsigned32. It
provides the length of an IPv4 or IPv6 prefix. Valid values are from provides the length of an IPv4 or IPv6 prefix. Valid values are from
0 to 32 for IPv4, and from 0 to 128 for IPv6. Tighter limits are 0 to 32 for IPv4, and from 0 to 128 for IPv6. Tighter limits are
given below for particular contexts of use of this AVP. given below for particular contexts of use of this AVP.
NOTE: The IP-Prefix-Length AVP is only relevant when associated
with an IP-Address AVP in a Grouped AVP.
3.2. Border-Router-Name AVP 3.2. Border-Router-Name AVP
Following on the precedent set by [RFC6334] and [RFC6519], this Following on the precedent set by [RFC6334] and [RFC6519], this
document identifies a border router using an FQDN rather than an document identifies a border router using an FQDN rather than an
address. The Border-Router-Name AVP (AVP Code TBD01) is of type address. The Border-Router-Name AVP (AVP Code TBD01) is of type
OctetString. The rules for encoding the FQDN are the same as those OctetString. The FQDN encoding MUST follow the Name Syntax defined
for the FQDN variant of the derived type DiameterIdentity in [RFC1035][RFC1123][RFC2181] and are represented in ASCII form.
(Section 4.3.1 of [RFC6733]).
3.3. 64-Multicast-Attributes AVP 3.3. 64-Multicast-Attributes AVP
The 64-Multicast-Attributes AVP (AVP Code TBD02) is of type Grouped. The 64-Multicast-Attributes AVP (AVP Code TBD02) is of type Grouped.
It contains the multicast-related prefixes needed for providing IPv4 It contains the multicast-related IPv6 prefixes needed for providing
multicast over IPv6 using DS-Lite, MAP-E, or LW4over6, as mentioned IPv4 multicast over IPv6 using DS-Lite, MAP-E, or LW4over6, as
in Section 2.5. mentioned in Section 2.5.
The syntax is shown in Figure 1. The syntax is shown in Figure 1.
64-Multicast-Attributes ::= < AVP Header: TBD02 > 64-Multicast-Attributes ::= < AVP Header: TBD02 >
[ ASM-Prefix64 ] [ ASM-mPrefix64 ]
[ SSM-Prefix64 ] [ SSM-mPrefix64 ]
[ Delegated-IPv6-Prefix ] [ Delegated-IPv6-Prefix ]
*[ AVP ] *[ AVP ]
Figure 1: 64-Multicast-Attributes AVP Figure 1: 64-Multicast-Attributes AVP
If either ASM-Prefix64 or SSM-Prefix64 or both are present, 64-Multicast-Attributes AVP MUST include at least the ASM-mPrefix64
Delegated-IPv6-Prefix MUST also be present. AVP or the SSM-mPrefix64 AVP.
3.3.1. ASM-Prefix64 AVP Both the ASM-mPrefix64 AVP and the SSM-mPrefix64 AVP MAY be present.
The ASM-Prefix64 AVP (AVP Code TBD03) conveys the value of The Delegated-IPv6-Prefix AVP MUST be present when the SSM-mPrefix64
ASM_mPrefix64 as mentioned in Section 2.5. The ASM-Prefix64 AVP is AVP is present. The Delegated-IPv6-Prefix AVP MAY be present when
the ASM-mPrefix64 AVP is present.
3.3.1. ASM-mPrefix64 AVP
The ASM-mPrefix64 AVP (AVP Code TBD03) conveys the value of
ASM_mPrefix64 as mentioned in Section 2.5. The ASM-mPrefix64 AVP is
of type Grouped, as shown in Figure 2. of type Grouped, as shown in Figure 2.
ASM-Prefix64 ::= < AVP Header: TBD03 > ASM-mPrefix64 ::= < AVP Header: TBD03 >
{ IP-Address } { IP-Address }
{ IP-Prefix-Length } { IP-Prefix-Length }
*[ AVP ] *[ AVP ]
Figure 2: ASM-Prefix64 AVP Figure 2: ASM-mPrefix64 AVP
IP-Address (AVP code 518) is defined in [RFC5777] and is of type IP-Address (AVP code 518) is defined in [RFC5777] and is of type
Address. Within the ASM-Prefix64 AVP, it provides the value of an Address. Within the ASM-mPrefix64 AVP, it provides the value of an
IPv6 prefix. The AddressType field in IP-Address MUST have value 2 IPv6 prefix. The AddressType field in IP-Address MUST have value 2
(IPv6). The conveyed multicast IPv6 prefix MUST belong to the ASM (IPv6). The conveyed multicast IPv6 prefix MUST belong to the ASM
range. Unused bits in IP-Address beyond the actual prefix MUST be range. Unused bits in IP-Address beyond the actual prefix MUST be
set to zeroes by the sender and ignored by the receiver. set to zeroes by the sender and ignored by the receiver.
The IP-Prefix-Length AVP provides the actual length of the prefix The IP-Prefix-Length AVP (AVP code TBD00) provides the actual length
contained in the IP-Address AVP. Within the ASM-Prefix64 AVP, valid of the prefix contained in the IP-Address AVP. Within the ASM-
values of the IP-Prefix-Length AVP are from 24 to 96. mPrefix64 AVP, valid values of the IP-Prefix-Length AVP are from 24
to 96.
3.3.2. SSM-Prefix64 AVP 3.3.2. SSM-mPrefix64 AVP
The SSM-Prefix64 AVP (AVP Code TBD04) conveys the value of The SSM-mPrefix64 AVP (AVP Code TBD04) conveys the value of
SSM_mPrefix64 as mentioned in Section 2.5. The SSM-Prefix64 AVP is SSM_mPrefix64 as mentioned in Section 2.5. The SSM-mPrefix64 AVP is
of type Grouped, as shown in Figure 3. of type Grouped, as shown in Figure 3.
SSM-Prefix64 ::= < AVP Header: TBD04 > SSM-mPrefix64 ::= < AVP Header: TBD04 >
{ IP-Address } { IP-Address }
{ IP-Prefix-Length } { IP-Prefix-Length }
*[ AVP ] *[ AVP ]
Figure 3: SSM-Prefix64 AVP Figure 3: SSM-mPrefix64 AVP
IP-Address (AVP code 518) provides the value of an IPv6 prefix. The IP-Address (AVP code 518) provides the value of an IPv6 prefix. The
AddressType field in IP-Address MUST have value 2 (IPv6). The AddressType field in IP-Address MUST have value 2 (IPv6). The
conveyed multicast IPv6 prefix MUST belong to the SSM range. Unused conveyed multicast IPv6 prefix MUST belong to the SSM range. Unused
bits in IP-Address beyond the actual prefix MUST be set to zeroes by bits in IP-Address beyond the actual prefix MUST be set to zeroes by
the sender and ignored by the receiver. the sender and ignored by the receiver.
The IP-Prefix-Length AVP provides the actual length of the prefix The IP-Prefix-Length AVP (AVP code TBD00) provides the actual length
contained in the IP-Address AVP. With regard to prefix length, note of the prefix contained in the IP-Address AVP. With regard to prefix
that Section 6 of [RFC3306] requires that bits 33-95 of an SSM length, note that Section 6 of [RFC3306] requires that bits 33-95 of
address in the FF3x range be set to zero, meaning that the prefix an SSM address in the FF3x range be set to zero, meaning that the
length for an SSM prefix is effectively 96. However, Section 1 of prefix length for an SSM prefix is effectively 96. However,
[RFC4607] suggests that the lower limit of 32 bits be preserved to Section 1 of [RFC4607] suggests that the lower limit of 32 bits be
allow potential future use of bits 33-95. Hence applications SHOULD preserved to allow potential future use of bits 33-95. Hence
accept prefix lengths between 32 and 96 inclusive. applications SHOULD accept prefix lengths between 32 and 96
inclusive.
3.3.3. Delegated-IPv6-Prefix AVP As uPrefix64 3.3.3. Delegated-IPv6-Prefix AVP As uPrefix64
Within the 64-Multicast-Attributes AVP, the Delegated-IPv6-Prefix AVP Within the 64-Multicast-Attributes AVP, the Delegated-IPv6-Prefix AVP
(AVP Code 123) conveys the value of uPrefix64, a unicast IPv6 prefix, (AVP Code 123) conveys the value of uPrefix64, a unicast IPv6 prefix,
as mentioned in Section 2.5. The Delegated-IPv6-Prefix AVP is as mentioned in Section 2.5. The Delegated-IPv6-Prefix AVP is
defined in [RFC4818]. As specified by [RFC6052], the value in the defined in [RFC4818]. As specified by [RFC6052], the value in the
Prefix-Length field MUST be one of 32, 48, 56, 64 or 96. Prefix-Length field MUST be one of 32, 48, 56, 64 or 96.
3.4. Tunnel-Source-Pref-Or-Addr AVP 3.4. Tunnel-Source-Pref-Or-Addr AVP
The Tunnel-Source-Pref-Or-Addr AVP (AVP Code TBD05) conveys either The Tunnel-Source-Pref-Or-Addr AVP (AVP Code TBD05) conveys either
the IPv6 Binding Prefix or the tunnel source address on the CE, as the IPv6 Binding Prefix or the tunnel source address on the CE, as
described in Section 2.2. The Tunnel-Source-Pref-Or-Addr AVP is of described in Section 2.2. The Tunnel-Source-Pref-Or-Addr AVP is of
type Grouped, with syntax as shown in Figure 4. One of the type Grouped, with syntax as shown in Figure 4. The Tunnel-Source-
Delegated-IPv6-Prefix AVP or the Tunnel-Source-IPv6-Address AVP MUST Pref-Or-Addr AVP MUST contain either the Delegated-IPv6-Prefix AVP or
be present. the Tunnel-Source-IPv6-Address AVP, not both.
Tunnel-Source-Pref-Or-Addr ::= < AVP Header: TBD05 > Tunnel-Source-Pref-Or-Addr ::= < AVP Header: TBD05 >
[ Delegated-IPv6-Prefix ] [ Delegated-IPv6-Prefix ]
[ Tunnel-Source-IPv6-Address ] [ Tunnel-Source-IPv6-Address ]
*[ AVP ] *[ AVP ]
Figure 4: Tunnel-Source-Pref-Or-Addr AVP Figure 4: Tunnel-Source-Pref-Or-Addr AVP
This AVP is defined separately from the LW4over6-Binding AVP (which This AVP is defined separately from the LW4over6-Binding AVP (which
includes it) to provide flexibility in the transport of the tunnel includes it) to provide flexibility in the transport of the tunnel
skipping to change at page 12, line 10 skipping to change at page 12, line 36
unsigned integer and gives the length 'k' in bits of the port set unsigned integer and gives the length 'k' in bits of the port set
identifier (PSID). Valid values are from 0 to (16 - a). A value identifier (PSID). Valid values are from 0 to (16 - a). A value
of 0 indicates that the PSID is not present (probable case for of 0 indicates that the PSID is not present (probable case for
MAP-E, see Section 2.4), and the PSIDValue field MUST be ignored. MAP-E, see Section 2.4), and the PSIDValue field MUST be ignored.
o The final two octets contain the PSIDValue field. They give the o The final two octets contain the PSIDValue field. They give the
value of the PSID itself, right-justified within the field. That value of the PSID itself, right-justified within the field. That
is, the value of the PSID occupies the 'k' lowest-order bits of is, the value of the PSID occupies the 'k' lowest-order bits of
the PSIDValue field. the PSIDValue field.
3.6. LW4over6-Binding 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Offset | Length | PSID Value |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
3.6. LW4over6-Binding AVP
The LW4over6-Binding AVP (AVP Code TBD08) is of type Grouped. It The LW4over6-Binding AVP (AVP Code TBD08) is of type Grouped. It
contains the elements of configuration that constitute the binding contains the elements of configuration that constitute the binding
between an LW4over6 tunnel and IPv4 packets sent through that tunnel, between an LW4over6 tunnel and IPv4 packets sent through that tunnel,
as described in Section 2.2. as described in Section 2.2.
LW4over6-Binding ::= < AVP Header: TBD08 > LW4over6-Binding ::= < AVP Header: TBD08 >
{ Tunnel-Source-Pref-Or-Addr } { Tunnel-Source-Pref-Or-Addr }
{ LW4over6-External-IPv4-Addr } { LW4over6-External-IPv4-Addr }
[ Port-Set-Identifier ] [ Port-Set-Identifier ]
*[ AVP ] *[ AVP ]
Figure 5 Figure 5
The Tunnel-Source-Pref-Or-Addr AVP is defined in Section 3.4 and The Tunnel-Source-Pref-Or-Addr AVP is defined in Section 3.4 and
provides either the Binding Prefix or the full IPv6 tunnel source provides either the Binding Prefix or the full IPv6 tunnel source
address. This AVP MUST be present. address.
The LW4over6-External-IPv4-Addr AVP (AVP Code TBD09) uses the Address The LW4over6-External-IPv4-Addr AVP is defined in Section 3.6.1.
derived data format defined in Section 4.3.1 of [RFC6733]. It
provides the CE's external IPv4 address within the LW4over6 tunnel
associated with the given binding. The AddressType field MUST be set
to 1 (IPv4), and the total length of the AVP MUST be 14 octets. This
AVP MUST be present.
The Port-Set-Identifier AVP is defined in Section 3.5. It identifies The Port-Set-Identifier AVP is defined in Section 3.5. It identifies
the specific set of ports assigned to the LW4over6 tunnel, when the the specific set of ports assigned to the LW4over6 tunnel, when the
IPv4 address is being shared. IPv4 address is being shared.
3.6.1. LW4over6-External-IPv4-Addr AVP
The LW4over6-External-IPv4-Addr AVP (AVP Code TBD09) uses the Address
derived data format defined in Section 4.3.1 of [RFC6733]. It
provides the CE's external IPv4 address within the LW4over6 tunnel
associated with the given binding. The AddressType field MUST be set
to 1 (IPv4), and the total length of the AVP MUST be 14 octets.
3.7. MAP-E-Attributes 3.7. MAP-E-Attributes
The MAP-E-Attributes AVP (AVP Code TBD10) is of type Grouped. It The MAP-E-Attributes AVP (AVP Code TBD10) is of type Grouped. It
contains the configuration data identified in Section 2.4 for all of contains the configuration data identified in Section 2.4 for all of
the mapping rules (Basic and Forwarding) in a single MAP domain. the mapping rules (Basic and Forwarding) in a single MAP domain.
Multiple instances of this AVP will be present if the CE belongs to Multiple instances of this AVP will be present if the CE belongs to
multiple MAP domains. multiple MAP domains.
MAP-E-Attributes ::= < AVP Header: TBD06 > MAP-E-Attributes ::= < AVP Header: TBD06 >
1*{ Border-Router-Name } 1*{ Border-Router-Name }
skipping to change at page 13, line 19 skipping to change at page 14, line 5
[ Delegated-IPv6-Prefix ] [ Delegated-IPv6-Prefix ]
*[ AVP ] *[ AVP ]
Figure 6 Figure 6
The Border-Router-Name AVP is defined in Section 3.2. It provides The Border-Router-Name AVP is defined in Section 3.2. It provides
the FQDN of a MAP border relay at the edge of the MAP domain to which the FQDN of a MAP border relay at the edge of the MAP domain to which
the containing MAP-E-Attributes AVP relates. At least one instance the containing MAP-E-Attributes AVP relates. At least one instance
of this AVP MUST be present. of this AVP MUST be present.
The MAP-Mapping-Rule AVP is defined in Section 3.8. At least one The MAP-Mapping-Rule AVP is defined in Section 3.9. At least one
instance of this AVP MUST be present. If the MAP-E domain supports instance of this AVP MUST be present. If the MAP-E domain supports
mesh mode (indicated by the presence of the MAP-Mesh-Mode AVP), mesh mode (indicated by the presence of the MAP-Mesh-Mode AVP),
additional MAP-Mapping-Rule instances MAY be present. If the MAP-E additional MAP-Mapping-Rule instances MAY be present. If the MAP-E
domain is operating in hub-and-spoke mode, additional MAP-Mapping- domain is operating in hub-and-spoke mode, additional MAP-Mapping-
Rule instances MUST NOT be present. Rule instances MUST NOT be present.
The MAP-Mesh-Mode AVP (AVP Code TBD11) uses the OctetString data The MAP-Mesh-Mode AVP is defined in Section 3.8. The absence of the
format but has no data. Hence the AVP length is always 8. The mesh mode indicator attribute indicates that the CE is required to
absence of the mesh mode indicator attribute indicates that the CE is operate in hub-and-spoke mode.
required to operate in hub-and-spoke mode.
The Delegated-IPv6-Prefix AVP (AVP Code 123) provides the End-user The Delegated-IPv6-Prefix AVP (AVP Code 123) provides the End-user
IPv6 prefix assigned to the CE for the MAP domain to which the IPv6 prefix assigned to the CE for the MAP domain to which the
containing MAP-E-Attributes AVP relates. The AVP is defined in containing MAP-E-Attributes AVP relates. The AVP is defined in
[RFC4818]. Valid values of the Prefix-Length field range from 0 to [RFC4818]. Valid values of the Prefix-Length field range from 0 to
128. 128.
The Delegated-IPv6-Prefix AVP is optional because, depending on The Delegated-IPv6-Prefix AVP is optional because, depending on
deployment, the End-user IPv6 prefix may be provided by AAA or by deployment, the End-user IPv6 prefix may be provided by AAA or by
other means. If multiple instances of the MAP-E-Attributes AVP other means. If multiple instances of the MAP-E-Attributes AVP
containing the Delegated-IPv6-Prefix AVP are present, each instance containing the Delegated-IPv6-Prefix AVP are present, each instance
of the latter MUST have a different value. of the latter MUST have a different value.
3.8. MAP-Mapping-Rule 3.8. MAP-Mesh-Mode
The MAP-Mesh-Mode AVP (AVP Code TBD11) is of type Enumerated and
indicates whether the CE has to operate in mesh mode or hub-and-spoke
when using MAP-E. The following values are supported:
0 MESH
1 HUB_AND_SPOKE
The absence of the mesh mode indicator attribute indicates that the
CE is required to operate in hub-and-spoke mode.
3.9. MAP-Mapping-Rule
The MAP-Mapping-Rule AVP (AVP Code TBD12) is of type Grouped, and is The MAP-Mapping-Rule AVP (AVP Code TBD12) is of type Grouped, and is
used only in conjunction with MAP-based transition methods. Mapping used only in conjunction with MAP-based transition methods. Mapping
rules are required both by the MAP border relay and by the CE. The rules are required both by the MAP border relay and by the CE. The
components of the MAP-Mapping-Rule AVP provide the contents of a components of the MAP-Mapping-Rule AVP provide the contents of a
mapping rule as described in Section 2.4. mapping rule as described in Section 2.4.
The syntax of the MAP-Mapping-Rule AVP is as follows: The syntax of the MAP-Mapping-Rule AVP is as follows:
MAP-Mapping-Rule ::= < AVP Header: TBD12 > MAP-Mapping-Rule ::= < AVP Header: TBD12 >
skipping to change at page 14, line 17 skipping to change at page 15, line 17
{ Rule-IPv6-Prefix } { Rule-IPv6-Prefix }
{ EA-Field-Length } { EA-Field-Length }
{ Port-Set-Identifier } { Port-Set-Identifier }
*[ AVP ] *[ AVP ]
Figure 7 Figure 7
The Rule-IPv4-Addr-Or-Prefix, Rule-IPv6-Prefix, EA-Field-Length, and The Rule-IPv4-Addr-Or-Prefix, Rule-IPv6-Prefix, EA-Field-Length, and
Port-Set-Identifier AVPs MUST all be present. Port-Set-Identifier AVPs MUST all be present.
3.8.1. Rule-IPv4-Addr-Or-Prefix AVP The Port-Set-Identifier AVP provides information to identify the
specific set of ports assigned to the CE. For more information see
Section 2.4 and Section 2.3. The Port-Set-Identifier AVP is defined
in Section 3.5.
3.9.1. Rule-IPv4-Addr-Or-Prefix AVP
The Rule-IPv4-Addr-Or-Prefix AVP (AVP Code TBD13) conveys the rule The Rule-IPv4-Addr-Or-Prefix AVP (AVP Code TBD13) conveys the rule
IPv4 prefix and length as described in Section 2.4. The Rule-IPv4- IPv4 prefix and length as described in Section 2.4. The Rule-IPv4-
Addr-Or-Prefix AVP is of type Grouped, as shown in Figure 8. Addr-Or-Prefix AVP is of type Grouped, as shown in Figure 8.
Rule-IPv4-Addr-Or-Prefix ::= < AVP Header: TBD13 > Rule-IPv4-Addr-Or-Prefix ::= < AVP Header: TBD13 >
{ IP-Address } { IP-Address }
{ IP-Prefix-Length } { IP-Prefix-Length }
*[ AVP ] *[ AVP ]
Figure 8: Rule-IPv4-Addr-Or-Prefix AVP Figure 8: Rule-IPv4-Addr-Or-Prefix AVP
IP-Address (AVP code 518) is defined in [RFC5777] and is of type IP-Address (AVP code 518) is defined in [RFC5777] and is of type
Address. Within the Rule-IPv4-Addr-Or-Prefix AVP, it provides the Address. Within the Rule-IPv4-Addr-Or-Prefix AVP, it provides the
value of a unicast IPv4 address or prefix. The AddressType field in value of a unicast IPv4 address or prefix. The AddressType field in
IP-Address MUST have value 1 (IPv4). Unused bits in IP-Address IP-Address MUST have value 1 (IPv4). Unused bits in IP-Address
beyond the actual prefix MUST be set to zeroes by the sender and beyond the actual prefix MUST be set to zeroes by the sender and
ignored by the receiver. ignored by the receiver.
The IP-Prefix-Length AVP provides the actual length of the prefix The IP-Prefix-Length AVP (AVP code TBD00) provides the actual length
contained in the IP-Address AVP. Within the Rule-IPv4-Addr-Or-Prefix of the prefix contained in the IP-Address AVP. Within the Rule-IPv4-
AVP, valid values of the IP-Prefix-Length AVP are from 0 to 32 (full Addr-Or-Prefix AVP, valid values of the IP-Prefix-Length AVP are from
address), based on the different cases identified in Section 5.2 of 0 to 32 (full address), based on the different cases identified in
[I-D.ietf-softwire-map]. Section 5.2 of [I-D.ietf-softwire-map].
3.8.2. Rule-IPv6-Prefix AVP 3.9.2. Rule-IPv6-Prefix AVP
The Rule-IPv6-Prefix AVP (AVP Code TBD14) conveys the rule IPv6 The Rule-IPv6-Prefix AVP (AVP Code TBD14) conveys the rule IPv6
prefix and length as described in Section 2.4. The Rule-IPv6-Prefix prefix and length as described in Section 2.4. The Rule-IPv6-Prefix
AVP is of type Grouped, as shown in Figure 9. AVP is of type Grouped, as shown in Figure 9.
Rule-IPv6-Prefix ::= < AVP Header: TBD14 > Rule-IPv6-Prefix ::= < AVP Header: TBD14 >
{ IP-Address } { IP-Address }
{ IP-Prefix-Length } { IP-Prefix-Length }
*[ AVP ] *[ AVP ]
Figure 9: Rule-IPv6-Prefix AVP Figure 9: Rule-IPv6-Prefix AVP
IP-Address (AVP code 518) is defined in [RFC5777] and is of type IP-Address (AVP code 518) is defined in [RFC5777] and is of type
Address. Within the Rule-IPv6-Prefix AVP, it provides the value of a Address. Within the Rule-IPv6-Prefix AVP, it provides the value of a
unicast IPv6 prefix. The AddressType field in IP- Address MUST have unicast IPv6 prefix. The AddressType field in IP- Address MUST have
value 2 (IPv6). Unused bits in IP-Address beyond the actual prefix value 2 (IPv6). Unused bits in IP-Address beyond the actual prefix
MUST be set to zeroes by the sender and ignored by the receiver. MUST be set to zeroes by the sender and ignored by the receiver.
This AVP MUST be present.
The IP-Prefix-Length AVP provides the actual length of the prefix The IP-Prefix-Length AVP (AVP code TBD00) provides the actual length
contained in the IP-Address AVP. Within the Rule-IPv6-Prefix AVP, of the prefix contained in the IP-Address AVP. Within the Rule-
the minimum valid prefix length is 0. The maximum value is bounded IPv6-Prefix AVP, the minimum valid prefix length is 0. The maximum
by the length of the End-user IPv6 prefix associated with the mapping value is bounded by the length of the End-user IPv6 prefix associated
rule, if present in the form of the Delegated-IPv6-Prefix AVP in the with the mapping rule, if present in the form of the Delegated-
enclosing MAP-E-Attributes AVP. Otherwise the maximum value is 128. IPv6-Prefix AVP in the enclosing MAP-E-Attributes AVP. Otherwise the
This AVP MUST be present. maximum value is 128.
3.8.3. EA-Field-Length AVP 3.9.3. EA-Field-Length AVP
The EA-Field-Length AVP (AVP Code TBD15) is of type Unsigned32. The EA-Field-Length AVP (AVP Code TBD15) is of type Unsigned32.
Valid values range from 0 to 48. See Section 5.2 of Valid values range from 0 to 48. See Section 5.2 of
[I-D.ietf-softwire-map] for a description of the use of this [I-D.ietf-softwire-map] for a description of the use of this
parameter in deriving IPv4 address and port number configuration. parameter in deriving IPv4 address and port number configuration.
This AVP MUST be present.
3.8.4. Port-Set-Identifier AVP 4. Attribute Value Pair flag rules
+---------+
|AVP flag |
|rules |
+----+----+
AVP Section | |MUST|
Attribute Name Code Defined Value Type |MUST| NOT|
+-------------------------------------------------------+----+----+
|IP-Prefix-Length TBD00 3.1 Unsigned32 | | V |
+-------------------------------------------------------+----+----+
|Border-Router-Name TBD01 3.2 OctetString | | V |
+-------------------------------------------------------+----+----+
|64-Multicast-Attributes TBD02 3.3 Grouped | | V |
+-------------------------------------------------------+----+----+
|ASM-mPrefix64 TBD03 3.3.1 Grouped | | V |
+-------------------------------------------------------+----+----+
|SSM-mPrefix64 TBD04 3.3.2 Grouped | | V |
+-------------------------------------------------------+----+----+
|Tunnel-Source-Pref-Or-Addr TBD05 3.4 Grouped | | V |
+-------------------------------------------------------+----+----+
|Tunnel-Source-IPv6-Address TBD06 3.4.2 Address | | V |
+-------------------------------------------------------+----+----+
|Port-Set-Identifier TBD07 3.5 OctetString | | V |
+-------------------------------------------------------+----+----+
|LW4over6-Binding TBD08 3.6 Grouped | | V |
+-------------------------------------------------------+----+----+
|LW4over6-External-IPv4-Addr TBD09 3.6.1 Address | | V |
+-------------------------------------------------------+----+----+
|MAP-E-Attributes TBD10 3.7 Grouped | | V |
+-------------------------------------------------------+----+----+
|MAP-Mesh-Mode TBD11 3.8 Enumerated | | V |
+-------------------------------------------------------+----+----+
|MAP-Mapping-Rule TBD12 3.9 Grouped | | V |
+-------------------------------------------------------+----+----+
|Rule-IPv4-Addr-Or-Prefix TBD13 3.9.1 Grouped | | V |
+-------------------------------------------------------+----+----+
|Rule-IPv6-Prefix TBD14 3.9.2 Grouped | | V |
+-------------------------------------------------------+----+----+
|EA-Field-Length TBD15 3.9.3 Unsigned32 | | V |
+-------------------------------------------------------+----+----+
The Port-Set-Identifier AVP provides information to identify the As described in the Diameter base protocol [RFC6733], the M-bit usage
specific set of ports assigned to the CE. For more information see for a given AVP in a given command may be defined by the application.
Section 2.4 and Section 2.3. The Port-Set-Identifier AVP is defined
in Section 3.5. It MUST be present.
4. Acknowledgements 5. Acknowledgements
Huawei Technologies funded Tom Taylor's work on earlier versions of Huawei Technologies funded Tom Taylor's work on earlier versions of
this document. this document.
5. IANA Considerations Special thanks to Lionel Morand for the detailed review.
6. IANA Considerations
This memo requests to IANA to register the following Diameter AVP This memo requests to IANA to register the following Diameter AVP
codes: codes:
+-------+-----------------------------+---------------+ +-------+-----------------------------+---------------+
| Code | Attribute Name | Reference | | Code | Attribute Name | Reference |
+-------+-----------------------------+---------------+ +-------+-----------------------------+---------------+
| TBD00 | IP-Prefix-Length | This document | | TBD00 | IP-Prefix-Length | This document |
| TBD01 | Border-Router-Name | This document | | TBD01 | Border-Router-Name | This document |
| TBD02 | 64-Multicast-Attributes | This document | | TBD02 | 64-Multicast-Attributes | This document |
| TBD03 | ASM-Prefix64 | This document | | TBD03 | ASM-mPrefix64 | This document |
| TBD04 | SSM-Prefix64 | This document | | TBD04 | SSM-mPrefix64 | This document |
| TBD05 | Tunnel-Source-Pref-Or-Addr | This document | | TBD05 | Tunnel-Source-Pref-Or-Addr | This document |
| TBD06 | Tunnel-Source-IPv6-Address | This document | | TBD06 | Tunnel-Source-IPv6-Address | This document |
| TBD07 | Port-Set-Identifier | This document | | TBD07 | Port-Set-Identifier | This document |
| TBD08 | LW4over6-Binding | This document | | TBD08 | LW4over6-Binding | This document |
| TBD09 | LW4over6-External-IPv4-Addr | This document | | TBD09 | LW4over6-External-IPv4-Addr | This document |
| TBD10 | MAP-E-Attributes | This document | | TBD10 | MAP-E-Attributes | This document |
| TBD11 | MAP-Mesh-Mode | This document | | TBD11 | MAP-Mesh-Mode | This document |
| TBD12 | MAP-Mapping-Rule | This document | | TBD12 | MAP-Mapping-Rule | This document |
| TBD13 | Rule-IPv4-Addr-Or-Prefix | This document | | TBD13 | Rule-IPv4-Addr-Or-Prefix | This document |
| TBD14 | Rule-IPv6-Prefix | This document | | TBD14 | Rule-IPv6-Prefix | This document |
| TBD15 | EA-Field-Length | This document | | TBD15 | EA-Field-Length | This document |
+-------+-----------------------------+---------------+ +-------+-----------------------------+---------------+
Table 1 Table 1
6. Security Considerations 7. Security Considerations
The AVPs defined in this document face two threats, both dependent on The AVPs defined in this document face two threats, both dependent on
man-in-the-middle attacks on the Diameter delivery path. The more man-in-the-middle attacks on the Diameter delivery path. The more
serious threat is denial of service through modification of the AVP serious threat is denial of service through modification of the AVP
contents leading to misconfiguration. The lesser threat is contents leading to misconfiguration. The lesser threat is
disclosure of subscriber addresses allowing the attacker to track disclosure of subscriber addresses allowing the attacker to track
subscriber activity. subscriber activity.
Diameter security is currently provided on a hop-by-hop basis (see Diameter security is currently provided on a hop-by-hop basis (see
Section 2.2 of [RFC6733]). The Diameter end-to-end security problem Section 2.2 of [RFC6733]). The Diameter end-to-end security problem
has not been solved, so man-in-the-middle attacks on Diameter peers has not been solved, so man-in-the-middle attacks on Diameter peers
along the path are possible. The present document does not propose along the path are possible. The present document does not propose
to solve that general problem, but simply warn that it exists. to solve that general problem, but simply warn that it exists.
7. References 8. References
7.1. Normative References 8.1. Normative References
[I-D.ietf-softwire-lw4over6] [I-D.ietf-softwire-lw4over6]
Cui, Y., Sun, Q., Boucadair, M., Tsou, T., Lee, Y., and I. Cui, Y., Sun, Q., Boucadair, M., Tsou, T., Lee, Y., and I.
Farrer, "Lightweight 4over6: An Extension to the DS-Lite Farrer, "Lightweight 4over6: An Extension to the DS-Lite
Architecture (work in progress)", March 2014. Architecture (work in progress)", March 2014.
[I-D.ietf-softwire-map] [I-D.ietf-softwire-map]
Troan, O., Dec, W., Li, X., Bao, C., Matsushima, S., Troan, O., Dec, W., Li, X., Bao, C., Matsushima, S.,
Murakami, T., and T. Taylor, "Mapping of Address and Port Murakami, T., and T. Taylor, "Mapping of Address and Port
with Encapsulation (MAP) (work in progress)", January with Encapsulation (MAP) (work in progress)", January
2014. 2014.
[RFC1035] Mockapetris, P., "Domain names - implementation and
specification", STD 13, RFC 1035, November 1987.
[RFC1123] Braden, R., "Requirements for Internet Hosts - Application
and Support", STD 3, RFC 1123, October 1989.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2181] Elz, R. and R. Bush, "Clarifications to the DNS
Specification", RFC 2181, July 1997.
[RFC3306] Haberman, B. and D. Thaler, "Unicast-Prefix-based IPv6 [RFC3306] Haberman, B. and D. Thaler, "Unicast-Prefix-based IPv6
Multicast Addresses", RFC 3306, August 2002. Multicast Addresses", RFC 3306, August 2002.
[RFC4818] Salowey, J. and R. Droms, "RADIUS Delegated-IPv6-Prefix [RFC4818] Salowey, J. and R. Droms, "RADIUS Delegated-IPv6-Prefix
Attribute", RFC 4818, April 2007. Attribute", RFC 4818, April 2007.
[RFC5777] Korhonen, J., Tschofenig, H., Arumaithurai, M., Jones, M., [RFC5777] Korhonen, J., Tschofenig, H., Arumaithurai, M., Jones, M.,
and A. Lior, "Traffic Classification and Quality of and A. Lior, "Traffic Classification and Quality of
Service (QoS) Attributes for Diameter", RFC 5777, February Service (QoS) Attributes for Diameter", RFC 5777, February
2010. 2010.
[RFC6333] Durand, A., Droms, R., Woodyatt, J., and Y. Lee, "Dual- [RFC6333] Durand, A., Droms, R., Woodyatt, J., and Y. Lee, "Dual-
Stack Lite Broadband Deployments Following IPv4 Stack Lite Broadband Deployments Following IPv4
Exhaustion", RFC 6333, August 2011. Exhaustion", RFC 6333, August 2011.
[RFC6733] Fajardo, V., Arkko, J., Loughney, J., and G. Zorn, [RFC6733] Fajardo, V., Arkko, J., Loughney, J., and G. Zorn,
"Diameter Base Protocol", RFC 6733, October 2012. "Diameter Base Protocol", RFC 6733, October 2012.
7.2. Informative References 8.2. Informative References
[I-D.ietf-softwire-dslite-multicast] [I-D.ietf-softwire-dslite-multicast]
Qin, J., Boucadair, M., Jacquenet, C., Lee, Y., and Q. Qin, J., Boucadair, M., Jacquenet, C., Lee, Y., and Q.
Wang, "Delivery of IPv4 Multicast Services to IPv4 Clients Wang, "Delivery of IPv4 Multicast Services to IPv4 Clients
over an IPv6 Multicast Network", draft-ietf-softwire- over an IPv6 Multicast Network", draft-ietf-softwire-
dslite-multicast-09 (work in progress), March 2015. dslite-multicast-09 (work in progress), March 2015.
[I-D.ietf-softwire-map-dhcp] [I-D.ietf-softwire-map-dhcp]
Mrugalski, T., Troan, O., Farrer, I., Perrault, S., Dec, Mrugalski, T., Troan, O., Farrer, I., Perrault, S., Dec,
W., Bao, C., Yeh, L., and X. Deng, "DHCPv6 Options for W., Bao, C., Yeh, L., and X. Deng, "DHCPv6 Options for
skipping to change at page 18, line 32 skipping to change at page 21, line 4
Authors' Addresses Authors' Addresses
Cathy Zhou Cathy Zhou
Huawei Technologies Huawei Technologies
Bantian, Longgang District Bantian, Longgang District
Shenzhen 518129 Shenzhen 518129
P.R. China P.R. China
Email: cathy.zhou@huawei.com Email: cathy.zhou@huawei.com
Tom Taylor
T. Taylor
PT Taylor Consulting PT Taylor Consulting
Ottawa Ottawa
Canada Canada
Email: tom.taylor.stds@gmail.com Email: tom.taylor.stds@gmail.com
Qiong Sun Qiong Sun
China Telecom China Telecom
P.R.China P.R.China
Phone: 86 10 58552936 Phone: 86 10 58552936
Email: sunqiong@ctbri.com.cn Email: sunqiong@ctbri.com.cn
M. Boucadair
Mohamed Boucadair
France Telecom France Telecom
Rennes 35000 Rennes 35000
France France
Email: mohamed.boucadair@orange.com Email: mohamed.boucadair@orange.com
 End of changes. 61 change blocks. 
132 lines changed or deleted 223 lines changed or added

This html diff was produced by rfcdiff 1.42. The latest version is available from http://tools.ietf.org/tools/rfcdiff/