--- 1/draft-ietf-dime-qos-attributes-00.txt 2007-07-11 22:12:09.000000000 +0200 +++ 2/draft-ietf-dime-qos-attributes-01.txt 2007-07-11 22:12:09.000000000 +0200 @@ -1,21 +1,21 @@ Diameter Maintenance and J. Korhonen, Ed. Extensions (DIME) TeliaSonera Internet-Draft H. Tschofenig Intended status: Standards Track Nokia Siemens Networks -Expires: January 3, 2008 M. Arumaithurai +Expires: January 10, 2008 M. Arumaithurai University of Goettingen - July 2, 2007 + July 9, 2007 Quality of Service Attributes for Diameter and RADIUS - draft-ietf-dime-qos-attributes-00.txt + draft-ietf-dime-qos-attributes-01.txt Status of this Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that @@ -26,21 +26,21 @@ and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. - This Internet-Draft will expire on January 3, 2008. + This Internet-Draft will expire on January 10, 2008. Copyright Notice Copyright (C) The IETF Trust (2007). Abstract This document extends the functionality of the Diameter Base protocol and other Diameter applications with respect to their ability to convey Quality of Service information. The AVPs defined in this @@ -61,34 +61,42 @@ 3.7. AA-Answer (AAA) . . . . . . . . . . . . . . . . . . . . . 8 4. Diameter QoS Defined AVPs . . . . . . . . . . . . . . . . . . 9 4.1. QoS-ID AVP . . . . . . . . . . . . . . . . . . . . . . . . 9 4.2. QoS-Flow-State AVP . . . . . . . . . . . . . . . . . . . . 9 4.3. QSPEC AVP . . . . . . . . . . . . . . . . . . . . . . . . 9 4.4. QoS-Resources AVP . . . . . . . . . . . . . . . . . . . . 10 4.5. QoS-Parameter AVP . . . . . . . . . . . . . . . . . . . . 10 4.6. Extended-QoS-Filter-Rule AVP . . . . . . . . . . . . . . . 10 4.7. QoS-Capability AVP . . . . . . . . . . . . . . . . . . . . 10 4.8. QSPEC-Type AVP . . . . . . . . . . . . . . . . . . . . . . 11 - 5. Example . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 - 6. AVP Occurrence Tables . . . . . . . . . . . . . . . . . . . . 12 - 6.1. DER and DEA Commands AVP Table . . . . . . . . . . . . . . 12 - 6.2. CCR and CCA Commands AVP Table . . . . . . . . . . . . . . 13 - 6.3. AAR and AAA Commands AVP Table . . . . . . . . . . . . . . 13 - 7. Diameter RADIUS Interoperability . . . . . . . . . . . . . . . 14 - 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 14 - 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 14 - 10. Security Considerations . . . . . . . . . . . . . . . . . . . 14 - 11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 14 - 11.1. Normative References . . . . . . . . . . . . . . . . . . . 14 - 11.2. Informative References . . . . . . . . . . . . . . . . . . 15 - Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 15 - Intellectual Property and Copyright Statements . . . . . . . . . . 17 + 5. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 + 5.1. Diameter EAP with QoS Information . . . . . . . . . . . . 11 + 5.2. QoS Authorization . . . . . . . . . . . . . . . . . . . . 12 + 5.3. Diameter NASREQ with QoS Information . . . . . . . . . . . 13 + 5.4. Diameter Server Initiated Re-authorization of QoS . . . . 14 + 5.5. Diameter Credit-Control with QoS Information . . . . . . . 15 + 5.6. Diameter Server Initiated Credit Re-authorization . . . . 16 + 5.7. QoS and Credit-Control as Part of Authentication and + Authorization . . . . . . . . . . . . . . . . . . . . . . 17 + 6. AVP Occurrence Tables . . . . . . . . . . . . . . . . . . . . 19 + 6.1. DER and DEA Commands AVP Table . . . . . . . . . . . . . . 19 + 6.2. CCR and CCA Commands AVP Table . . . . . . . . . . . . . . 19 + 6.3. AAR and AAA Commands AVP Table . . . . . . . . . . . . . . 19 + 7. Diameter RADIUS Interoperability . . . . . . . . . . . . . . . 20 + 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 20 + 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 20 + 10. Security Considerations . . . . . . . . . . . . . . . . . . . 20 + 11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 21 + 11.1. Normative References . . . . . . . . . . . . . . . . . . . 21 + 11.2. Informative References . . . . . . . . . . . . . . . . . . 21 + Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 22 + Intellectual Property and Copyright Statements . . . . . . . . . . 23 1. Introduction This document defines a number of Diameter Quality of Service (QoS) related AVPs that can be used with the Diameter Base protocol, and Diameter Credit Control, Diameter EAP and Diameter NASREQ applications to convey Quality of Service information. The Extended- QoS-Filter-Rule AVP thereby replaces the QoSFilterRule, defined in RFC 3588 [RFC3588], and the QoS-Filter-Rule, defined in RFC 4005 [RFC4005]. @@ -420,111 +428,394 @@ 1* { QSPEC-Type } * [ AVP ] 4.8. QSPEC-Type AVP The QSPEC-Type AVP (AVP Code TBD) is of type Unsigned32 and contains the supported QoS model or QoS profile. The value of 0 refers to the QoS parameters described in [I-D.ietf-dime-qos-parameters]. The values are taken from the registry defined in [I-D.ietf-nsis-qspec]. -5. Example +5. Examples -User AAA Client AAA server + This section shows a number of signaling flows where QoS negotiation + and authorization is part of the conventional NASREQ, EAP or Credit- + Control applications message exchanges. These signaling flows are + meant to be examples only. + +5.1. Diameter EAP with QoS Information + + Figure 8 shows a simple signaling flow where a NAS (Diameter Client) + announces its QoS awareness and capabilities included into the DER + message and as part of the access authentication procedure. Upon + completion of the EAP negotiation, the Diameter Server provides a + pre-provisioned QoS profile to the NAS in the final DEA message. + + End Diameter Diameter + Host Client server | | | | (initiate EAP) | | |<------------------------------>| | | | Diameter-EAP-Request | | | EAP-Payload(EAP Start) | | | QoS-Capability | | |------------------------------->| | | | | | Diameter-EAP-Answer | | Result-Code=DIAMETER_MULTI_ROUND_AUTH | | | EAP-Payload(EAP Request #1) | | |<-------------------------------| | EAP Request(Identity) | | |<-------------------------------| | + : : : + : <<>> : + : : : | | | | EAP Response #N | | |------------------------------->| | | | Diameter-EAP-Request | | | EAP-Payload(EAP Response #N) | | |------------------------------->| | | | | | Diameter-EAP-Answer | | | Result-Code=DIAMETER_SUCCESS | | | EAP-Payload(EAP Success) | | | [EAP-Master-Session-Key] | | | (authorization AVPs) | | | QoS-Resources | | |<-------------------------------| | | | | EAP Success | | |<-------------------------------| | | | | - Figure 8: Example of AAA Server providing QoS Information to AAA - Client + Figure 8: Example of a Diameter EAP enhanced with QoS Information + +5.2. QoS Authorization + + Figure 9 shows an example of authorization only QoS signaling as part + of the NASREQ message exchange. The NAS provides the Diameter Server + with the QoS profile it wishes to use in the AAR message. The + Diameter Server then either authorizes the proposed QoS profile or + reject the authorization, and then informs the NAS about the + authorization result in the AAA message. In this scenario the NAS + does not need to include the QoS-Capability AVP in the AAR message as + the QoS-Resources AVP implicitly does the same and also the NAS is + authorizing a specific QoS profile, not a pre-provisioned one. + + End Diameter + Host NAS Server + | | | + | | | + | QoS Request | | + +----------------->| | + | | | + | |AA-Request | + | |Auth-Request-Type=AUTHORIZE_ONLY + | |NASREQ-Payload | + | |QoS-Resources | + | +----------------------------->| + | | | + | | AA-Answer| + | | NASREQ-Payload(Success)| + | | QoS-Resources| + | |<-----------------------------+ + | Accept | | + |<-----------------+ | + | | | + | | | + | | | + + Figure 9: Example of an Authorization-Only Message Flow + +5.3. Diameter NASREQ with QoS Information + + Figure 10 shows a similar pre-provisioned QoS signaling as in + Figure 8 but using the NASREQ application instead of EAP application. + + End Diameter + Host NAS Server + | | | + | Start Network | | + | Attachment | | + |<---------------->| | + | | | + | |AA-Request | + | |NASREQ-Payload | + | |QoS-Capability | + | +----------------------------->| + | | | + | | AA-Answer| + | Result-Code=DIAMETER_MULTI_ROUND_AUTH| + | NASREQ-Payload(NASREQ Request #1)| + | |<-----------------------------+ + | | | + | Request | | + |<-----------------+ | + | | | + : : : + : <<>> : + : : : + | Response #N | | + +----------------->| | + | | | + | |AA-Request | + | |NASREQ-Payload ( Response #N )| + | +----------------------------->| + | | | + | | AA-Answer| + | | Result-Code=DIAMETER_SUCCESS| + | | (authorization AVPs)| + | | QoS-Resources | + | |<-----------------------------+ + | | | + | Success | | + |<-----------------+ | + | | | + + Figure 10: Example of a Diameter NASREQ enhanced with QoS Information + +5.4. Diameter Server Initiated Re-authorization of QoS + + Figure 11 shows a message exchange for a Diameter Server initiated + QoS profile re-authorization procedure. The Diameter Server sends + the NAS a RAR message requesting re-authorization for an existing + session and the NAS acknowledges it with a RAA message. The NAS that + is aware of its existing QoS profile and information for the ongoing + session that the Diameter Server requested for re-authorization. + Thus the NAS must initiate re-authorization of the existing QoS + profile. The re-authorization procedure is the same as in Figure 9. + + End Diameter + Host NAS Server + | | | + | | | + : : : + : <<>> : + : : : + | | | + | | RA-Request | + | |<-----------------------------+ + | | | + | |RA-Answer | + | |Result-Code=DIAMETER_SUCCESS | + | +----------------------------->| + | | | + | | | + | |AA-Request | + | |NASREQ-Payload | + | |Auth-Request-Type=AUTHORIZE_ONLY + | |QoS-Capability | + | +----------------------------->| + | | | + | | AA-Answer| + | | Result-Code=DIAMETER_SUCCESS| + | | (authorization AVPs)| + | | QoS-Resources | + | |<-----------------------------+ + | | | + + Figure 11: Example of a Server-initiated Re-Authorization Procedure + +5.5. Diameter Credit-Control with QoS Information + + In this case the authorization and authentication take place at the + beginning and then when a new service request comes in the accounting + is done as per the required QoS. It's a 3GPP scenario. + + Diameter + End User Service Element Server CC Server + (CC Client) + | Registration | AA request/answer(accounting,cc or both)| + |<----------------->|<------------------>| | + | : | | | + | : | | | + | Service Request | | | + |------------------>| | | + | | CCR(Initial,Credit-Control AVPs, | + | | QoS-capability) | + | +|---------------------------------------->| + | CC stream|| | CCA(Granted-Units)| + | || | QoS-Resources | + | +|<----------------------------------------| + | Service Delivery | | | + |<----------------->| ACR(start,Accounting AVPs) | + | : |------------------->|+ | + | : | ACA || Accounting stream | + | |<-------------------|+ | + | : | | | + | : | | | + | | CCR(Update,Used-Units) | + | |---------------------------------------->| + | | | CCA(Granted-Units)| + | | | QoS-Resources | + | |<----------------------------------------| + | : | | | + | : | | | + | End of Service | | | + |------------------>| CCR(Termination, Used-Units) | + | |---------------------------------------->| + | | | CCA | + | |<----------------------------------------| + | | ACR(stop) | | + | |------------------->| | + | | ACA | | + | |<-------------------| | + + Figure 12: Example with first interrogation after user's + authorization/authentication + +5.6. Diameter Server Initiated Credit Re-authorization + + This example shows a Diameter Credit Control interaction whereby the + server initiates a re-authorization exchange. + + Service Element Diameter + End User (CC Client) Server CC Server + | | | | + | | | | + : : : : + : <<<<<< Initial Message Exchanges >>>>>> : + : : : : + | | | | + | | Re-Auth-Request| + | | Auth-Application-ID = CREDIT_CONTROL| + | |Re-Auth-Request-Type = AUTHORIZE_ONLY| + | | Session-ID| + | |<------------------------------------+ + | | | | + | | Re-Auth-Answer | | + | | Session-ID | | + | | Result-Code = DIAMETER_LIMITED_SUCCESS + | +------------------------------------>| + | | | | + | | CCR | + | | CC-Request-Type = UPDATE_REQUEST | + | | Used-Units | | + | |-------------------+---------------->| + | | CCA(Granted-Units)| + | | Result-Code = DIAMETER_SUCCESS| + | | QoS-Resources| + | |<------------------+-----------------| + | | | | + + Figure 13: Server-Initiated Credit Re-Authorization + +5.7. QoS and Credit-Control as Part of Authentication and Authorization + + In this example, the Credit control is performed along with the + Authentication/Authorization message. This is usually the case in + NAS scenario. + + Service Element Diameter + End User (CC Client) server CC Server + | (e.g. NAS) | | + | | | | + | Service Request | AA Request (CC AVPs) | + | | Credit-Control=CREDIT_AUTHORIZATION | + | | QoS-Resources | | + |------------------>|------------------->| | + | | | CCR(Initial, CC AVPs) + | | | QoS-Resources | + | | |------------------->| + | | | CCA(Granted-Units) | + | | | QoS-Resources | + | | |<-------------------| + | | AA Answer(Granted-Units) | + | | QoS-Resources | | + | Service Delivery |<-------------------| | + |<----------------->| | | + | | ACR(start,Accounting AVPs) | + | |------------------->|+ | + | | ACA || Accounting stream | + | |<-------------------|+ | + | | | | + | | | | + | | | | + | | | | + | | CCR(Update,Used-Units) | + | | QoS-Resources | CCR(Update,Used-Units) + | |------------------->| QoS-Resources | + | | |------------------->| + | | | CCA(Granted-Units) | + | | | QoS-Resources | + | | CCA(Granted-Units) |<-------------------| + | | QoS-Resources | | + | |<-------------------| | + | | | | + | | | | + | End of Service | | | + |------------------>| CCR(Termination,Used-Units) | + | |------------------->| CCR(Term.,Used-Units) + | | |------------------->| + | | | CCA | + | | CCA |<-------------------| + | |<-------------------| | + | | ACR(stop) | | + | |------------------->| | + | | ACA | | + | |<-------------------| | + Figure 14: Example with use of the authorization messages for the + first Diameter Credit Control interrogation 6. AVP Occurrence Tables 6.1. DER and DEA Commands AVP Table The following table lists the Quality of Service specific AVPs defined in this document that may be present in the DER and DEA Commands, as defined in this document and in [RFC4072]. +---------------+ | Command-Code | |-------+-------+ Attribute Name | DER | DEA | -------------------------------+-------+-------+ QoS-Capability | 0-1 | 0 | QoS-Resources | 0+ | 0+ | +-------+-------+ - Figure 9: DER and DEA Commands AVP table + Figure 15: DER and DEA Commands AVP table 6.2. CCR and CCA Commands AVP Table The following table lists the Quality of Service specific AVPs defined in this document that may be present in the CCR and CCA Commands, as defined in this document and in [RFC4006]. +---------------+ | Command-Code | |-------+-------+ Attribute Name | CCR | CCA | -------------------------------+-------+-------+ QoS-Capability | 0-1 | 0 | QoS-Resources | 0+ | 0+ | +-------+-------+ - Figure 10: CCR and CCA Commands AVP table + Figure 16: CCR and CCA Commands AVP table 6.3. AAR and AAA Commands AVP Table The following table lists the Quality of Service specific AVPs defined in this document that may be present in the AAR and AAA Commands, as defined in this document and in [RFC4005]. +---------------+ | Command-Code | |-------+-------+ Attribute Name | AAR | AAA | -------------------------------+-------+-------+ QoS-Capability | 0-1 | 0 | QoS-Resources | 0+ | 0+ | +-------+-------+ - Figure 11: AAR and AAA Commands AVP table + Figure 17: AAR and AAA Commands AVP table 7. Diameter RADIUS Interoperability [Editor's Note: Text will be provided in a future version of this document.] 8. Acknowledgments We would like to thank Victor Fajardo for his comments. @@ -557,22 +848,22 @@ 11.1. Normative References [I-D.ietf-dime-qos-parameters] Korhonen, J. and H. Tschofenig, "Quality of Service Parameters for Usage with the AAA Framework", draft-ietf-dime-qos-parameters-00 (work in progress), June 2007. [I-D.ietf-radext-filter-rules] Congdon, P., "RADIUS Attributes for Filtering and - Redirection", draft-ietf-radext-filter-rules-02 (work in - progress), March 2007. + Redirection", draft-ietf-radext-filter-rules-03 (work in + progress), July 2007. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC3575] Aboba, B., "IANA Considerations for RADIUS (Remote Authentication Dial In User Service)", RFC 3575, July 2003. [RFC3588] Calhoun, P., Loughney, J., Guttman, E., Zorn, G., and J. Arkko, "Diameter Base Protocol", RFC 3588, September 2003. @@ -582,21 +873,21 @@ August 2005. [RFC4006] Hakala, H., Mattila, L., Koskinen, J-P., Stura, M., and J. Loughney, "Diameter Credit-Control Application", RFC 4006, August 2005. 11.2. Informative References [I-D.ietf-nsis-qspec] Ash, J., "QoS NSLP QSPEC Template", - draft-ietf-nsis-qspec-16 (work in progress), March 2007. + draft-ietf-nsis-qspec-17 (work in progress), July 2007. [RFC2865] Rigney, C., Willens, S., Rubens, A., and W. Simpson, "Remote Authentication Dial In User Service (RADIUS)", RFC 2865, June 2000. [RFC4072] Eronen, P., Hiller, T., and G. Zorn, "Diameter Extensible Authentication Protocol (EAP) Application", RFC 4072, August 2005. Authors' Addresses