--- 1/draft-ietf-dime-rfc4005bis-05.txt 2012-01-03 10:13:59.974671005 +0100 +++ 2/draft-ietf-dime-rfc4005bis-06.txt 2012-01-03 10:14:00.094670698 +0100 @@ -1,70 +1,70 @@ Network Working Group G. Zorn Internet-Draft Network Zen -Obsoletes: 4005 (if approved) July 11, 2011 +Obsoletes: 4005 (if approved) January 3, 2012 Intended status: Standards Track -Expires: January 12, 2012 +Expires: July 6, 2012 Diameter Network Access Server Application - draft-ietf-dime-rfc4005bis-05 + draft-ietf-dime-rfc4005bis-06 Abstract This document describes the Diameter protocol application used for Authentication, Authorization, and Accounting (AAA) services in the - Network Access Server (NAS) environment. When combined with the - Diameter Base protocol, Transport Profile, and Extensible - Authentication Protocol specifications, this application + Network Access Server (NAS) environment; it obsoletes RFC 4005. When + combined with the Diameter Base protocol, Transport Profile, and + Extensible Authentication Protocol specifications, this application specification satisfies typical network access services requirements. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on January 12, 2012. + This Internet-Draft will expire on July 6, 2012. Copyright Notice - Copyright (c) 2011 IETF Trust and the persons identified as the + Copyright (c) 2012 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 5 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 5 1.2. Requirements Language . . . . . . . . . . . . . . . . . . 6 - 1.3. Advertising Application Support . . . . . . . . . . . . . 7 + 1.3. Advertising Application Support . . . . . . . . . . . . . 6 2. NAS Calls, Ports, and Sessions . . . . . . . . . . . . . . . . 7 2.1. Diameter Session Establishment . . . . . . . . . . . . . . 7 - 2.2. Diameter Session Reauthentication or Reauthorization . . . 8 + 2.2. Diameter Session Reauthentication or Reauthorization . . . 7 2.3. Diameter Session Termination . . . . . . . . . . . . . . . 8 3. Diameter NAS Application Messages . . . . . . . . . . . . . . 9 3.1. AA-Request (AAR) Command . . . . . . . . . . . . . . . . . 9 3.2. AA-Answer (AAA) Command . . . . . . . . . . . . . . . . . 11 3.3. Re-Auth-Request (RAR) Command . . . . . . . . . . . . . . 13 3.4. Re-Auth-Answer (RAA) Command . . . . . . . . . . . . . . . 14 3.5. Session-Termination-Request (STR) Command . . . . . . . . 15 3.6. Session-Termination-Answer (STA) Command . . . . . . . . . 16 3.7. Abort-Session-Request (ASR) Command . . . . . . . . . . . 17 3.8. Abort-Session-Answer (ASA) Command . . . . . . . . . . . . 18 @@ -79,111 +79,111 @@ 4.2.3. NAS-Port-Id AVP . . . . . . . . . . . . . . . . . . . 24 4.2.4. NAS-Port-Type AVP . . . . . . . . . . . . . . . . . . 25 4.2.5. Called-Station-Id AVP . . . . . . . . . . . . . . . . 25 4.2.6. Calling-Station-Id AVP . . . . . . . . . . . . . . . . 25 4.2.7. Connect-Info AVP . . . . . . . . . . . . . . . . . . . 26 4.2.8. Originating-Line-Info AVP . . . . . . . . . . . . . . 26 4.2.9. Reply-Message AVP . . . . . . . . . . . . . . . . . . 27 4.3. NAS Authentication AVPs . . . . . . . . . . . . . . . . . 27 4.3.1. User-Password AVP . . . . . . . . . . . . . . . . . . 28 4.3.2. Password-Retry AVP . . . . . . . . . . . . . . . . . . 28 - 4.3.3. Prompt AVP . . . . . . . . . . . . . . . . . . . . . . 29 - 4.3.4. CHAP-Auth AVP . . . . . . . . . . . . . . . . . . . . 29 + 4.3.3. Prompt AVP . . . . . . . . . . . . . . . . . . . . . . 28 + 4.3.4. CHAP-Auth AVP . . . . . . . . . . . . . . . . . . . . 28 4.3.5. CHAP-Algorithm AVP . . . . . . . . . . . . . . . . . . 29 4.3.6. CHAP-Ident AVP . . . . . . . . . . . . . . . . . . . . 29 4.3.7. CHAP-Response AVP . . . . . . . . . . . . . . . . . . 29 - 4.3.8. CHAP-Challenge AVP . . . . . . . . . . . . . . . . . . 30 - 4.3.9. ARAP-Password AVP . . . . . . . . . . . . . . . . . . 30 - 4.3.10. ARAP-Challenge-Response AVP . . . . . . . . . . . . . 30 + 4.3.8. CHAP-Challenge AVP . . . . . . . . . . . . . . . . . . 29 + 4.3.9. ARAP-Password AVP . . . . . . . . . . . . . . . . . . 29 + 4.3.10. ARAP-Challenge-Response AVP . . . . . . . . . . . . . 29 4.3.11. ARAP-Security AVP . . . . . . . . . . . . . . . . . . 30 4.3.12. ARAP-Security-Data AVP . . . . . . . . . . . . . . . . 30 - 4.4. NAS Authorization AVPs . . . . . . . . . . . . . . . . . . 31 - 4.4.1. Service-Type AVP . . . . . . . . . . . . . . . . . . . 33 - 4.4.2. Callback-Number AVP . . . . . . . . . . . . . . . . . 33 - 4.4.3. Callback-Id AVP . . . . . . . . . . . . . . . . . . . 34 - 4.4.4. Idle-Timeout AVP . . . . . . . . . . . . . . . . . . . 34 - 4.4.5. Port-Limit AVP . . . . . . . . . . . . . . . . . . . . 34 - 4.4.6. NAS-Filter-Rule AVP . . . . . . . . . . . . . . . . . 34 - 4.4.7. Filter-Id AVP . . . . . . . . . . . . . . . . . . . . 34 - 4.4.8. Configuration-Token AVP . . . . . . . . . . . . . . . 35 - 4.4.9. QoS-Filter-Rule AVP . . . . . . . . . . . . . . . . . 35 - 4.4.10. Framed Access Authorization AVPs . . . . . . . . . . . 36 - 4.4.10.1. Framed-Protocol AVP . . . . . . . . . . . . . . . 36 - 4.4.10.2. Framed-Routing AVP . . . . . . . . . . . . . . . 36 - 4.4.10.3. Framed-MTU AVP . . . . . . . . . . . . . . . . . 36 - 4.4.10.4. Framed-Compression AVP . . . . . . . . . . . . . 36 - 4.4.10.5. IP Access Authorization AVPs . . . . . . . . . . 36 - 4.4.10.5.1. Framed-IP-Address AVP . . . . . . . . . . . . 37 - 4.4.10.5.2. Framed-IP-Netmask AVP . . . . . . . . . . . . 37 - 4.4.10.5.3. Framed-Route AVP . . . . . . . . . . . . . . 37 - 4.4.10.5.4. Framed-Pool AVP . . . . . . . . . . . . . . . 38 - 4.4.10.5.5. Framed-Interface-Id AVP . . . . . . . . . . . 38 - 4.4.10.5.6. Framed-IPv6-Prefix AVP . . . . . . . . . . . 38 - 4.4.10.5.7. Framed-IPv6-Route AVP . . . . . . . . . . . . 38 - 4.4.10.5.8. Framed-IPv6-Pool AVP . . . . . . . . . . . . 39 - 4.4.10.6. IPX Access AVPs . . . . . . . . . . . . . . . . . 39 - 4.4.10.6.1. Framed-IPX-Network AVP . . . . . . . . . . . 39 - 4.4.10.7. AppleTalk Network Access AVPs . . . . . . . . . . 39 - 4.4.10.7.1. Framed-AppleTalk-Link AVP . . . . . . . . . . 39 - 4.4.10.7.2. Framed-AppleTalk-Network AVP . . . . . . . . 40 - 4.4.10.7.3. Framed-AppleTalk-Zone AVP . . . . . . . . . . 40 - 4.4.10.8. AppleTalk Remote Access AVPs . . . . . . . . . . 40 - 4.4.10.8.1. ARAP-Features AVP . . . . . . . . . . . . . . 40 - 4.4.10.8.2. ARAP-Zone-Access AVP . . . . . . . . . . . . 40 - 4.4.11. Non-Framed Access Authorization AVPs . . . . . . . . . 41 - 4.4.11.1. Login-IP-Host AVP . . . . . . . . . . . . . . . . 41 - 4.4.11.2. Login-IPv6-Host AVP . . . . . . . . . . . . . . . 41 - 4.4.11.3. Login-Service AVP . . . . . . . . . . . . . . . . 41 - 4.4.11.4. TCP Services . . . . . . . . . . . . . . . . . . 42 - 4.4.11.4.1. Login-TCP-Port AVP . . . . . . . . . . . . . 42 - 4.4.11.5. LAT Services . . . . . . . . . . . . . . . . . . 42 - 4.4.11.5.1. Login-LAT-Service AVP . . . . . . . . . . . . 42 - 4.4.11.5.2. Login-LAT-Node AVP . . . . . . . . . . . . . 43 - 4.4.11.5.3. Login-LAT-Group AVP . . . . . . . . . . . . . 43 - 4.4.11.5.4. Login-LAT-Port AVP . . . . . . . . . . . . . 43 - 4.5. NAS Tunneling AVPs . . . . . . . . . . . . . . . . . . . . 44 - 4.5.1. Tunneling AVP . . . . . . . . . . . . . . . . . . . . 44 - 4.5.2. Tunnel-Type AVP . . . . . . . . . . . . . . . . . . . 45 - 4.5.3. Tunnel-Medium-Type AVP . . . . . . . . . . . . . . . . 45 - 4.5.4. Tunnel-Client-Endpoint AVP . . . . . . . . . . . . . . 45 - 4.5.5. Tunnel-Server-Endpoint AVP . . . . . . . . . . . . . . 46 - 4.5.6. Tunnel-Password AVP . . . . . . . . . . . . . . . . . 47 - 4.5.7. Tunnel-Private-Group-Id AVP . . . . . . . . . . . . . 47 - 4.5.8. Tunnel-Assignment-Id AVP . . . . . . . . . . . . . . . 47 - 4.5.9. Tunnel-Preference AVP . . . . . . . . . . . . . . . . 49 - 4.5.10. Tunnel-Client-Auth-Id AVP . . . . . . . . . . . . . . 49 - 4.5.11. Tunnel-Server-Auth-Id AVP . . . . . . . . . . . . . . 49 - 4.6. NAS Accounting AVPs . . . . . . . . . . . . . . . . . . . 50 - 4.6.1. Accounting-Input-Octets AVP . . . . . . . . . . . . . 51 - 4.6.2. Accounting-Output-Octets AVP . . . . . . . . . . . . . 51 - 4.6.3. Accounting-Input-Packets AVP . . . . . . . . . . . . . 51 - 4.6.4. Accounting-Output-Packets AVP . . . . . . . . . . . . 51 - 4.6.5. Acct-Session-Time AVP . . . . . . . . . . . . . . . . 51 - 4.6.6. Acct-Authentic AVP . . . . . . . . . . . . . . . . . . 52 - 4.6.7. Accounting-Auth-Method AVP . . . . . . . . . . . . . . 52 - 4.6.8. Acct-Delay-Time AVP . . . . . . . . . . . . . . . . . 52 - 4.6.9. Acct-Link-Count AVP . . . . . . . . . . . . . . . . . 52 - 4.6.10. Acct-Tunnel-Connection AVP . . . . . . . . . . . . . . 53 - 4.6.11. Acct-Tunnel-Packets-Lost AVP . . . . . . . . . . . . . 53 - 5. AVP Occurrence Tables . . . . . . . . . . . . . . . . . . . . 53 - 5.1. AA-Request/Answer AVP Table . . . . . . . . . . . . . . . 54 - 5.2. Accounting AVP Tables . . . . . . . . . . . . . . . . . . 56 - 5.2.1. Framed Access Accounting AVP Table . . . . . . . . . . 57 - 5.2.2. Non-Framed Access Accounting AVP Table . . . . . . . . 59 - 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 60 - 7. Security Considerations . . . . . . . . . . . . . . . . . . . 60 - 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 61 - 8.1. Normative References . . . . . . . . . . . . . . . . . . . 61 - 8.2. Informative References . . . . . . . . . . . . . . . . . . 62 - Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 64 - A.1. RFC 4005 . . . . . . . . . . . . . . . . . . . . . . . . . 64 - A.2. RFC 4005bis . . . . . . . . . . . . . . . . . . . . . . . 65 + 4.4. NAS Authorization AVPs . . . . . . . . . . . . . . . . . . 30 + 4.4.1. Service-Type AVP . . . . . . . . . . . . . . . . . . . 32 + 4.4.2. Callback-Number AVP . . . . . . . . . . . . . . . . . 32 + 4.4.3. Callback-Id AVP . . . . . . . . . . . . . . . . . . . 33 + 4.4.4. Idle-Timeout AVP . . . . . . . . . . . . . . . . . . . 33 + 4.4.5. Port-Limit AVP . . . . . . . . . . . . . . . . . . . . 33 + 4.4.6. NAS-Filter-Rule AVP . . . . . . . . . . . . . . . . . 33 + 4.4.7. Filter-Id AVP . . . . . . . . . . . . . . . . . . . . 33 + 4.4.8. Configuration-Token AVP . . . . . . . . . . . . . . . 34 + 4.4.9. QoS-Filter-Rule AVP . . . . . . . . . . . . . . . . . 34 + 4.4.10. Framed Access Authorization AVPs . . . . . . . . . . . 35 + 4.4.10.1. Framed-Protocol AVP . . . . . . . . . . . . . . . 35 + 4.4.10.2. Framed-Routing AVP . . . . . . . . . . . . . . . 35 + 4.4.10.3. Framed-MTU AVP . . . . . . . . . . . . . . . . . 35 + 4.4.10.4. Framed-Compression AVP . . . . . . . . . . . . . 35 + 4.4.10.5. IP Access Authorization AVPs . . . . . . . . . . 35 + 4.4.10.5.1. Framed-IP-Address AVP . . . . . . . . . . . . 36 + 4.4.10.5.2. Framed-IP-Netmask AVP . . . . . . . . . . . . 36 + 4.4.10.5.3. Framed-Route AVP . . . . . . . . . . . . . . 36 + 4.4.10.5.4. Framed-Pool AVP . . . . . . . . . . . . . . . 37 + 4.4.10.5.5. Framed-Interface-Id AVP . . . . . . . . . . . 37 + 4.4.10.5.6. Framed-IPv6-Prefix AVP . . . . . . . . . . . 37 + 4.4.10.5.7. Framed-IPv6-Route AVP . . . . . . . . . . . . 37 + 4.4.10.5.8. Framed-IPv6-Pool AVP . . . . . . . . . . . . 38 + 4.4.10.6. IPX Access AVPs . . . . . . . . . . . . . . . . . 38 + 4.4.10.6.1. Framed-IPX-Network AVP . . . . . . . . . . . 38 + 4.4.10.7. AppleTalk Network Access AVPs . . . . . . . . . . 38 + 4.4.10.7.1. Framed-AppleTalk-Link AVP . . . . . . . . . . 38 + 4.4.10.7.2. Framed-AppleTalk-Network AVP . . . . . . . . 39 + 4.4.10.7.3. Framed-AppleTalk-Zone AVP . . . . . . . . . . 39 + 4.4.10.8. AppleTalk Remote Access AVPs . . . . . . . . . . 39 + 4.4.10.8.1. ARAP-Features AVP . . . . . . . . . . . . . . 39 + 4.4.10.8.2. ARAP-Zone-Access AVP . . . . . . . . . . . . 39 + 4.4.11. Non-Framed Access Authorization AVPs . . . . . . . . . 40 + 4.4.11.1. Login-IP-Host AVP . . . . . . . . . . . . . . . . 40 + 4.4.11.2. Login-IPv6-Host AVP . . . . . . . . . . . . . . . 40 + 4.4.11.3. Login-Service AVP . . . . . . . . . . . . . . . . 40 + 4.4.11.4. TCP Services . . . . . . . . . . . . . . . . . . 41 + 4.4.11.4.1. Login-TCP-Port AVP . . . . . . . . . . . . . 41 + 4.4.11.5. LAT Services . . . . . . . . . . . . . . . . . . 41 + 4.4.11.5.1. Login-LAT-Service AVP . . . . . . . . . . . . 41 + 4.4.11.5.2. Login-LAT-Node AVP . . . . . . . . . . . . . 42 + 4.4.11.5.3. Login-LAT-Group AVP . . . . . . . . . . . . . 42 + 4.4.11.5.4. Login-LAT-Port AVP . . . . . . . . . . . . . 42 + 4.5. NAS Tunneling AVPs . . . . . . . . . . . . . . . . . . . . 43 + 4.5.1. Tunneling AVP . . . . . . . . . . . . . . . . . . . . 43 + 4.5.2. Tunnel-Type AVP . . . . . . . . . . . . . . . . . . . 44 + 4.5.3. Tunnel-Medium-Type AVP . . . . . . . . . . . . . . . . 44 + 4.5.4. Tunnel-Client-Endpoint AVP . . . . . . . . . . . . . . 44 + 4.5.5. Tunnel-Server-Endpoint AVP . . . . . . . . . . . . . . 45 + 4.5.6. Tunnel-Password AVP . . . . . . . . . . . . . . . . . 46 + 4.5.7. Tunnel-Private-Group-Id AVP . . . . . . . . . . . . . 46 + 4.5.8. Tunnel-Assignment-Id AVP . . . . . . . . . . . . . . . 46 + 4.5.9. Tunnel-Preference AVP . . . . . . . . . . . . . . . . 48 + 4.5.10. Tunnel-Client-Auth-Id AVP . . . . . . . . . . . . . . 48 + 4.5.11. Tunnel-Server-Auth-Id AVP . . . . . . . . . . . . . . 48 + 4.6. NAS Accounting AVPs . . . . . . . . . . . . . . . . . . . 49 + 4.6.1. Accounting-Input-Octets AVP . . . . . . . . . . . . . 50 + 4.6.2. Accounting-Output-Octets AVP . . . . . . . . . . . . . 50 + 4.6.3. Accounting-Input-Packets AVP . . . . . . . . . . . . . 50 + 4.6.4. Accounting-Output-Packets AVP . . . . . . . . . . . . 50 + 4.6.5. Acct-Session-Time AVP . . . . . . . . . . . . . . . . 50 + 4.6.6. Acct-Authentic AVP . . . . . . . . . . . . . . . . . . 51 + 4.6.7. Accounting-Auth-Method AVP . . . . . . . . . . . . . . 51 + 4.6.8. Acct-Delay-Time AVP . . . . . . . . . . . . . . . . . 51 + 4.6.9. Acct-Link-Count AVP . . . . . . . . . . . . . . . . . 51 + 4.6.10. Acct-Tunnel-Connection AVP . . . . . . . . . . . . . . 52 + 4.6.11. Acct-Tunnel-Packets-Lost AVP . . . . . . . . . . . . . 52 + 5. AVP Occurrence Tables . . . . . . . . . . . . . . . . . . . . 52 + 5.1. AA-Request/Answer AVP Table . . . . . . . . . . . . . . . 53 + 5.2. Accounting AVP Tables . . . . . . . . . . . . . . . . . . 55 + 5.2.1. Framed Access Accounting AVP Table . . . . . . . . . . 56 + 5.2.2. Non-Framed Access Accounting AVP Table . . . . . . . . 58 + 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 59 + 7. Security Considerations . . . . . . . . . . . . . . . . . . . 59 + 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 60 + 8.1. Normative References . . . . . . . . . . . . . . . . . . . 60 + 8.2. Informative References . . . . . . . . . . . . . . . . . . 61 + Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 63 + A.1. RFC 4005 . . . . . . . . . . . . . . . . . . . . . . . . . 63 + A.2. RFC 4005bis . . . . . . . . . . . . . . . . . . . . . . . 64 1. Introduction This document describes the Diameter protocol application used for AAA in the Network Access Server (NAS) environment. When combined with the Diameter Base protocol [I-D.ietf-dime-rfc3588bis], Transport Profile [RFC3539], and EAP [RFC4072] specifications, this specification satisfies the NAS-related requirements defined in [RFC2989] and [RFC3169]. @@ -243,26 +243,20 @@ LCP (Link Control Protocol) One of the three major components of PPP [RFC1661]. LCP is used to automatically agree upon encapsulation format options, handle varying limits on sizes of packets, detect a looped-back link and other common misconfiguration errors, and terminate the link. Other optional facilities provided are authentication of the identity of its peer on the link, and determination when a link is functioning properly and when it is failing. - PAC (PPTP Access Concentrator) - - A device attached to one or more Public Switched Telephone Network - (PSTN) or Integrated Services Digtal Network (ISDN) lines capable - of PPP operation and of handling PPTP [RFC2637]. - PPTP (Point-to-Point Tunneling Protocol) A protocol which allows PPP to be tunneled through an IP network [RFC2637]. VPN (Virtual Private Network) In this document, this term is used to describe access services that use tunneling methods. 1.2. Requirements Language @@ -803,48 +796,44 @@ [ Redirected-Host-Usage ] [ Redirected-Max-Cache-Time ] * [ Proxy-Info ] * [ AVP ] 3.9. Accounting-Request (ACR) Command The ACR message [I-D.ietf-dime-rfc3588bis] is sent by the NAS to report its session information to a target server downstream. - Either the Acct-Application-Id AVP or the Vendor-Specific- - Application-Id AVP MUST be present. If the Vendor-Specific- - Application-Id grouped AVP is present, it must have an Acct- - Application-Id inside. + The Acct-Application-Id AVP MUST be present. The AVPs listed in the Base protocol specification [I-D.ietf-dime-rfc3588bis] MUST be assumed to be present, as appropriate. NAS service-specific accounting AVPs SHOULD be present as described in Section 4.6 and the rest of this specification. Message Format ::= < Diameter Header: 271, REQ, PXY > < Session-Id > { Origin-Host } { Origin-Realm } { Destination-Realm } { Accounting-Record-Type } { Accounting-Record-Number } - [ Acct-Application-Id ] - [ Vendor-Specific-Application-Id ] + { Acct-Application-Id } [ User-Name ] [ Accounting-Sub-Session-Id ] - [ Acct-Session-Id ] [ Acct-Multi-Session-Id ] [ Origin-AAA-Protocol ] [ Origin-State-Id ] + [ Destination-Host ] [ Event-Timestamp ] [ Acct-Delay-Time ] [ NAS-Identifier ] [ NAS-IP-Address ] [ NAS-IPv6-Address ] [ NAS-Port ] [ NAS-Port-Id ] [ NAS-Port-Type ] * [ Class ] @@ -909,39 +898,38 @@ The ACA message [I-D.ietf-dime-rfc3588bis] is used to acknowledge an Accounting-Request command. The Accounting-Answer command contains the same Session-Id as the Request. If the Accounting-Request was protected by end-to-end security, then the corresponding ACA message MUST be protected as well. Only the target Diameter Server or home Diameter Server SHOULD respond with the Accounting-Answer command. - Either the Acct-Application-Id AVP or the Vendor-Specific- - Application-Id AVP MUST be present, as it was in the request. + Either the Acct-Application-Id AVP MUST be present, as it was in the + request. The AVPs listed in the Base protocol specification [I-D.ietf-dime-rfc3588bis] MUST be assumed to be present, as appropriate. NAS service-specific accounting AVPs SHOULD be present as described in Section 4.6 and the rest of this specification. Message Format ::= < Diameter Header: 271, PXY > < Session-Id > { Result-Code } { Origin-Host } { Origin-Realm } { Accounting-Record-Type } { Accounting-Record-Number } - [ Acct-Application-Id ] - [ Vendor-Specific-Application-Id ] + { Acct-Application-Id } [ User-Name ] [ Accounting-Sub-Session-Id ] [ Acct-Session-Id ] [ Acct-Multi-Session-Id ] [ Event-Timestamp ] [ Error-Message ] [ Error-Reporting-Host ] * [ Failed-AVP ] [ Origin-AAA-Protocol ] [ Origin-State-Id ] @@ -1089,42 +1077,40 @@ 4.2.5. Called-Station-Id AVP The Called-Station-Id AVP (AVP Code 30) is of type UTF8String and allows the NAS to send the ASCII string describing the Layer 2 address the user contacted in the request. For dialup access, this can be a phone number obtained by using the Dialed Number Identification Service (DNIS) or a similar technology. Note that this may be different from the phone number the call comes in on. For use with IEEE 802 access, the Called-Station-Id MAY contain a MAC - address formatted as described in [RFC3580]. It SHOULD only be - present in authentication and/or authorization requests. + address formatted as described in [RFC3580]. If the Called-Station-Id AVP is present in an AAR message, Auth- Request-Type AVP is set to AUTHORIZE_ONLY and the User-Name AVP is absent, the Diameter Server MAY perform authorization based on this AVP. This can be used by a NAS to request whether a call should be answered based on the DNIS result. The codification of this field's allowed usage range is outside the scope of this specification. 4.2.6. Calling-Station-Id AVP The Calling-Station-Id AVP (AVP Code 31) is of type UTF8String and allows the NAS to send the ASCII string describing the Layer 2 address from which the user connected in the request. For dialup access, this is the phone number the call came from, using Automatic Number Identification (ANI) or a similar technology. For use with IEEE 802 access, the Calling-Station-Id AVP MAY contain a MAC - address, formated as described in [RFC3580]. It SHOULD only be - present in authentication and/or authorization requests. + address, formated as described in [RFC3580]. If the Calling-Station-Id AVP is present in an AAR message, the Auth- Request-Type AVP is set to AUTHORIZE_ONLY and the User-Name AVP is absent, the Diameter Server MAY perform authorization based on the value of this AVP. This can be used by a NAS to request whether a call should be answered based on the Layer 2 address (ANI, MAC Address, etc.) The codification of this field's allowed usage range is outside the scope of this specification. @@ -2092,21 +2078,21 @@ 4.5.8. Tunnel-Assignment-Id AVP The Tunnel-Assignment-Id AVP (AVP Code 82) is of type OctetString and is used to indicate to the tunnel initiator the particular tunnel to which a session is to be assigned. Some tunneling protocols, such as PPTP [RFC2637] and L2TP [RFC3931], allow for sessions between the same two tunnel endpoints to be multiplexed over the same tunnel and also for a given session to use its own dedicated tunnel. This attribute provides a mechanism for Diameter to inform the tunnel - initiator (e.g., PAC, LAC) whether to assign the session to a + initiator (for example, a LAC) whether to assign the session to a multiplexed tunnel or to a separate tunnel. Furthermore, it allows for sessions sharing multiplexed tunnels to be assigned to different multiplexed tunnels. A particular tunneling implementation may assign differing characteristics to particular tunnels. For example, different tunnels may be assigned different QoS parameters. Such tunnels may be used to carry either individual or multiple sessions. The Tunnel- Assignment-Id attribute thus allows the Diameter server to indicate that a particular session is to be assigned to a tunnel providing an @@ -2714,22 +2700,22 @@ 8.1. Normative References [ANITypes] NANPA Number Resource Info, "ANI Assignments", . [I-D.ietf-dime-rfc3588bis] Fajardo, V., Arkko, J., Loughney, J., and G. Zorn, "Diameter Base Protocol", - draft-ietf-dime-rfc3588bis-26 (work in - progress), January 2011. + draft-ietf-dime-rfc3588bis-29 (work in + progress), August 2011. [RADIUSTypes] IANA, "RADIUS Types", . [RFC1994] Simpson, W., "PPP Challenge Handshake Authentication Protocol (CHAP)", RFC 1994, August 1996. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, @@ -2911,11 +2897,11 @@ Author's Address Glen Zorn Network Zen 227/358 Thanon Sanphawut Bang Na, Bangkok 10260 Thailand Phone: +66 (0) 87-040-4617 - EMail: gwz@net-zen.net + EMail: glenzorn@gmail.com