--- 1/draft-ietf-dime-rfc4005bis-00.txt 2010-10-15 11:15:38.000000000 +0200 +++ 2/draft-ietf-dime-rfc4005bis-01.txt 2010-10-15 11:15:38.000000000 +0200 @@ -1,20 +1,19 @@ -Network Working Group G. Zorn, Ed. +Network Working Group G. Zorn Internet-Draft Network Zen -Obsoletes: RFC4005 August 11, 2010 -(if approved) +Obsoletes: 4005 (if approved) October 15, 2010 Intended status: Standards Track -Expires: February 12, 2011 +Expires: April 18, 2011 Diameter Network Access Server Application - draft-ietf-dime-rfc4005bis-00 + draft-ietf-dime-rfc4005bis-01 Abstract This document describes the Diameter protocol application used for Authentication, Authorization, and Accounting (AAA) services in the Network Access Server (NAS) environment. When combined with the Diameter Base protocol, Transport Profile, and Extensible Authentication Protocol specifications, this application specification satisfies typical network access services requirements. @@ -26,21 +25,21 @@ Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on February 12, 2011. + This Internet-Draft will expire on April 18, 2011. Copyright Notice Copyright (c) 2010 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents @@ -73,21 +72,21 @@ 3.10. Accounting-Answer (ACA) Command . . . . . . . . . . . . . 21 4. Diameter NAS Application AVPs . . . . . . . . . . . . . . . . 22 4.1. Derived AVP Data Formats . . . . . . . . . . . . . . . . . 22 4.1.1. QoSFilterRule . . . . . . . . . . . . . . . . . . . . 22 4.2. NAS Session AVPs . . . . . . . . . . . . . . . . . . . . . 23 4.2.1. Call and Session Information . . . . . . . . . . . . . 24 4.2.2. NAS-Port AVP . . . . . . . . . . . . . . . . . . . . . 24 4.2.3. NAS-Port-Id AVP . . . . . . . . . . . . . . . . . . . 25 4.2.4. NAS-Port-Type AVP . . . . . . . . . . . . . . . . . . 25 4.2.5. Called-Station-Id AVP . . . . . . . . . . . . . . . . 25 - 4.2.6. Calling-Station-Id AVP . . . . . . . . . . . . . . . . 26 + 4.2.6. Calling-Station-Id AVP . . . . . . . . . . . . . . . . 25 4.2.7. Connect-Info AVP . . . . . . . . . . . . . . . . . . . 26 4.2.8. Originating-Line-Info AVP . . . . . . . . . . . . . . 26 4.2.9. Reply-Message AVP . . . . . . . . . . . . . . . . . . 27 4.3. NAS Authentication AVPs . . . . . . . . . . . . . . . . . 27 4.3.1. User-Password AVP . . . . . . . . . . . . . . . . . . 28 4.3.2. Password-Retry AVP . . . . . . . . . . . . . . . . . . 28 4.3.3. Prompt AVP . . . . . . . . . . . . . . . . . . . . . . 29 4.3.4. CHAP-Auth AVP . . . . . . . . . . . . . . . . . . . . 29 4.3.5. CHAP-Algorithm AVP . . . . . . . . . . . . . . . . . . 29 4.3.6. CHAP-Ident AVP . . . . . . . . . . . . . . . . . . . . 29 @@ -235,23 +234,23 @@ LAT (Local Area Transport A Digital Equipment Corp. LAN protocol for terminal services [LAT]. VPN (Virtual Private Network) In this document, this term is used to describe access services that use tunneling methods. 1.2. Requirements Language - In this document, the key words "MAY", "MUST", "MUST NOT", - "OPTIONAL", "RECOMMENDED", "SHOULD", and "SHOULD NOT" are to be - interpreted as described in [RFC2119], + The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", + "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this + document are to be interpreted as described in RFC 2119 [RFC2119]. 1.3. Advertising Application Support Diameter applications conforming to this specification MUST advertise support by including the value of one (1) in the Auth-Application-Id of the Capabilities-Exchange-Request (CER), AA-Request (AAR), and AA- Answer (AAA) messages. All other messages are defined by RFC 3588 and use the Base application id value. 2. NAS Calls, Ports, and Sessions @@ -923,21 +922,20 @@ [ NAS-IPv6-Address ] [ NAS-Port ] [ NAS-Port-Id ] [ NAS-Port-Type ] [ Service-Type ] [ Termination-Cause ] [ Accounting-Realtime-Required ] [ Acct-Interim-Interval ] * [ Class ] * [ Proxy-Info ] - * [ Route-Record ] * [ AVP ] 4. Diameter NAS Application AVPs The following sections define a new derived AVP data format, a set of application-specific AVPs and describe the use of AVPs defined in other documents by the Diameter NAS Application. 4.1. Derived AVP Data Formats @@ -1586,27 +1584,27 @@ the ASCII routing information to be configured for the user on the NAS. Zero or more of these AVPs MAY be present in an authorization response. The string MUST contain a destination prefix in dotted quad form optionally followed by a slash and a decimal length specifier stating how many high-order bits of the prefix should be used. This is followed by a space, a gateway address in dotted quad form, a space, and one or more metrics separated by spaces; for example, - "192.168.1.0/24 192.168.1.1 1" + "192.0.2.0/24 192.0.2.1 1" The length specifier may be omitted, in which case it should default to 8 bits for class A prefixes, to 16 bits for class B prefixes, and to 24 bits for class C prefixes; for example, - "192.168.1.0 192.168.1.1 1" + "192.0.2.0 192.0.2.1 1" Whenever the gateway address is specified as "0.0.0.0" the IP address of the user SHOULD be used as the gateway address. 4.4.10.5.4. Framed-Pool AVP The Framed-Pool AVP (AVP Code 88) is of type OctetString and contains the name of an assigned address pool that SHOULD be used to assign an address for the user. If a NAS does not support multiple address pools, the NAS SHOULD ignore this AVP. Address pools are usually @@ -2355,21 +2353,21 @@ implementation dependent. 4.6.11. Acct-Tunnel-Packets-Lost AVP The Acct-Tunnel-Packets-Lost AVP (AVP Code 86) is of type Unsigned32 and contains the number of packets lost on a given tunnel. 5. AVP Occurrence Tables The following tables present the AVPs used by NAS applications in NAS - messages and specify in which Diameter messages they MAY or MAY NOT + messages and specify in which Diameter messages they may or may not be present. Messages and AVPs defined in the base Diameter protocol [I-D.ietf-dime-rfc3588bis] are not described in this document. Note that AVPs that can only be present within a Grouped AVP are not represented in this table. The table uses the following symbols: 0 The AVP MUST NOT be present in the message. 0+ Zero or more instances of the AVP MAY be present in the message. @@ -2469,21 +2467,21 @@ Port-Limit | 0-1 | 0-1 | Prompt | 0 | 0-1 | Proxy-Info | 0+ | 0+ | QoS-Filter-Rule | 0 | 0+ | Re-Auth-Request-Type | 0 | 0-1 | Redirect-Host | 0 | 0+ | Redirect-Host-Usage | 0 | 0-1 | Redirect-Max-Cache-Time | 0 | 0-1 | Reply-Message | 0 | 0+ | Result-Code | 0 | 1 | - Route-Record | 0+ | 0+ | + Route-Record | 0+ | 0 | Service-Type | 0-1 | 0-1 | Session-Id | 1 | 1 | Session-Timeout | 0 | 0-1 | State | 0-1 | 0-1 | Tunneling | 0+ | 0+ | User-Name | 0-1 | 0-1 | User-Password | 0-1 | 0 | ------------------------------|-----+-----+ 5.2. Accounting AVP Tables @@ -2562,21 +2560,21 @@ NAS-Port | 0-1 | 0-1 | NAS-Port-Id | 0-1 | 0-1 | NAS-Port-Type | 0-1 | 0-1 | Origin-AAA-Protocol | 0-1 | 0-1 | Origin-Host | 1 | 1 | Origin-Realm | 1 | 1 | Origin-State-Id | 0-1 | 0-1 | Originating-Line-Info | 0-1 | 0 | Proxy-Info | 0+ | 0+ | QoS-Filter-Rule | 0+ | 0 | - Route-Record | 0+ | 0+ | + Route-Record | 0+ | 0 | Result-Code | 0 | 1 | Service-Type | 0-1 | 0-1 | Session-Id | 1 | 1 | Termination-Cause | 0-1 | 0-1 | Tunnel-Assignment-Id | 0-1 | 0 | Tunnel-Client-Endpoint | 0-1 | 0 | Tunnel-Medium-Type | 0-1 | 0 | Tunnel-Private-Group-Id | 0-1 | 0 | Tunnel-Server-Endpoint | 0-1 | 0 | Tunnel-Type | 0-1 | 0 | @@ -2642,21 +2640,21 @@ NAS-Port | 0-1 | 0-1 | NAS-Port-Id | 0-1 | 0-1 | NAS-Port-Type | 0-1 | 0-1 | Origin-AAA-Protocol | 0-1 | 0-1 | Origin-Host | 1 | 1 | Origin-Realm | 1 | 1 | Origin-State-Id | 0-1 | 0-1 | Originating-Line-Info | 0-1 | 0 | Proxy-Info | 0+ | 0+ | QoS-Filter-Rule | 0+ | 0 | - Route-Record | 0+ | 0+ | + Route-Record | 0+ | 0 | Result-Code | 0 | 1 | Session-Id | 1 | 1 | Service-Type | 0-1 | 0-1 | Termination-Cause | 0-1 | 0-1 | User-Name | 0-1 | 0-1 | Vendor-Specific-Application-Id | 0-1 | 0-1 | ---------------------------------------|-----+-----+ 6. IANA Considerations @@ -2738,22 +2736,22 @@ 8.1. Normative References [ANITypes] NANPA Number Resource Info, "ANI Assignments", . [I-D.ietf-dime-rfc3588bis] Fajardo, V., Arkko, J., Loughney, J., and G. Zorn, "Diameter Base Protocol", - draft-ietf-dime-rfc3588bis-23 (work in - progress), August 2010. + draft-ietf-dime-rfc3588bis-25 (work in + progress), September 2010. [RADIUSTypes] IANA, "RADIUS Types", . [RFC1994] Simpson, W., "PPP Challenge Handshake Authentication Protocol (CHAP)", RFC 1994, August 1996. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, @@ -2854,28 +2852,30 @@ [RFC2869] Rigney, C., Willats, W., and P. Calhoun, "RADIUS Extensions", RFC 2869, June 2000. [RFC2881] Mitton, D. and M. Beadles, "Network Access Server Requirements Next Generation (NASREQNG) NAS Model", RFC 2881, July 2000. [RFC2989] Aboba, B., Calhoun, P., Glass, S., - Hiller, T., McCann, P., Shiino, H., Zorn, - G., Dommety, G., C.Perkins, B.Patil, - D.Mitton, S.Manning, M.Beadles, P.Walsh, - X.Chen, S.Sivalingham, A.Hameed, - M.Munson, S.Jacobs, B.Lim, B.Hirschman, - R.Hsu, Y.Xu, E.Campell, S.Baba, and - E.Jaques, "Criteria for Evaluating AAA - Protocols for Network Access", RFC 2989, + Hiller, T., McCann, P., Shiino, H., + Walsh, P., Zorn, G., Dommety, G., + Perkins, C., Patil, B., Mitton, D., + Manning, S., Beadles, M., Chen, X., + Sivalingham, S., Hameed, A., Munson, M., + Jacobs, S., Lim, B., Hirschman, B., Hsu, + R., Koo, H., Lipford, M., Campbell, E., + Xu, Y., Baba, S., and E. Jaques, + "Criteria for Evaluating AAA Protocols + for Network Access", RFC 2989, November 2000. [RFC3169] Beadles, M. and D. Mitton, "Criteria for Evaluating Network Access Server Protocols", RFC 3169, September 2001. [RFC3246] Davie, B., Charny, A., Bennet, J., Benson, K., Le Boudec, J., Courtney, W., Davari, S., Firoiu, V., and D. Stiliadis, "An Expedited Forwarding PHB (Per-Hop @@ -2927,20 +2927,24 @@ the effort put into this document was done while he was in their employ. A.2. RFC 4005bis The vast majority of the text in this document was lifted directly fro RFC 4005; the editor owes a debt of gratitude to the authors thereof (especially Dave Mitton, who somehow managed to make nroff paginate the AVP Occurance Tables correctly!). + Thanks (in no particular order) to Jai-Jin Lim, Liu Hans, Sebastien + Decugis and Stefan Winter for their useful reviews and helpful + comments. + Author's Address - Glen Zorn (editor) + Glen Zorn Network Zen - 1463 East Republican Street - #358 - Seattle, Washington 98112 - USA + 227/358 Thanon Sanphawut + Bang Na, Bangkok 10260 + Thailand + Phone: +66 (0) 87-040-4617 EMail: gwz@net-zen.net