Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dean Cheng Jouni Korhonen Mehamed Boucadair

Published byCameron Clarke Modified over 8 years ago

Similar presentations

Presentation on theme: "Dean Cheng Jouni Korhonen Mehamed Boucadair"— Presentation transcript:

1 Dean Cheng (dean.cheng@huawei.com)dean.cheng@huawei.com Jouni Korhonen (jouni.nospam@gmail.com)jouni.nospam@gmail.com Mehamed Boucadair (mohamed.boucadair@oragne.com)mohamed.boucadair@oragne.com Senthil Sivakumar (ssenthil@cisco.com)ssenthil@cisco.com IETF London March, 2014 RADIUS Extensions for Port Set Configuration and Reporting draft-cheng-behave-cgn-cfg-radius-ext-07 1 1

2 History 00 text - merged from two earlier drafts per suggestions  draft-cheng-behave-nat44-pre-allocated-ports-02  draft-cheng-behave-nat-fwd-port-radius-ext-00 00 text presented at RADEXT WG at Quebec meeting 00 text was listed as one “potential work” on BEHAVE WG Chairs’ slide at Quebec meeting Jouni Korhonen joined the work with much help 01 text posted in October 2011 01 text presented at BEHAVE WG at Taipei meeting 02 text posted in January 2012 (minor editorial changes) 03 text posted in April 2012  Med Boucadair joined as a co-author with contributing text  Focus on RADIUS extensions that can be used for any port-based devices  Changed the title of the document (CGN ->port-based device) Was – “Radius Extensions for CGN Configurations” Now – “RADIUS Extensions for Port Set Configuration and Reporting”  Added Section 4.2 for WiFi application using the proposed RADIUS extensions 04 text posted in October 2012 Senthil Sivakumar joined the work & helped the edits (05 text) in May 2013 06/07 text - Minor updates in December 2013 2

3 Motivation Scenario (in a broadband network, WiFi network, etc.)  A port-set device, capable of performing mapping on IP address and port need to communicate with a RADIUS server.  Examples:  A CGN acquires TCP/UDP port limit for a given user from the RADIUS server  A CGN reports a range of TCP/UDP ports allocated/de-allocated for a given user to the RADIUS server  A CGN acquires a forwarding port for a given user from the RADIUS server  A WiFi server (CPE) reports a range of TCP/UDP ports allocated/de-allocated for a visiting UE to the RADIUS server Proposed solutions  Use RADIUS protocol for communication between a RADIUS server and a port-set device where NAS resides  Proposing three new RADIUS attributes  Limit for an end user on TCP/UDP ports (or ICMP identifiers) usage  The range of TCP/UDP ports (or ICMP identifiers) allocated or de-allocated for an end user  The forwarding port mapping definition for an end user 3

4 Configure NAT44 TCP/UDP Session Limit via RADIUS AAA Server Access Request Service Request NAT44/NAS BNG User profile: Username pwd, IPv4 address, CGN TCP/UDP, Session Limit Access-Accept Port-Session-Limit (TCP/UDP ports) Service Granted (other parameters) User RADIUSPPPoE/DHCP 4 Account Request Port-Session-Limit (TCP/UDP ports) (NAT44 external port allocation and IPv4 address assignment)

5 Change NAT44 TCP/UDP Session Limit via RADIUS AAA Server NAT44/NAS BNG User profile: Username pwd, IPv4 address, CGN TCP/UDP, Session Limit User 5 TCP/UDP Port Limit (1024) CoA Request Port-Session-Limit (TCP/UDP ports) TCP/UDP Port Limit (2048) CoA Response Port-Session-Limit (TCP/UDP ports)

6 Port-Session-Limit Attribute Type – TBA1 for Port-Session-Limit Length – 5 octets, total length of this attributes including Type and Length ST – Session Type(8 bit) contains an enumerated value that indicates the applicability of the Session Limit as follows: 0: The limit as specified is applied to the sum of TCP ports, UDP ports and ICMP identifiers. 1: The limit as specified is applied to the sum of TCP ports and UDP ports. 2: The limit as specified is applied to TCP ports. 3: The limit as specified is applied to UDP ports. 4: The limit as specified is applied to ICMP identifiers. 5-255: These values are undefined. Session Limit - This field contains the maximum number that is imposed to the total number of TCP ports, or UDP ports, or the sum of the two, or ICMP Identifiers, or the sum of the three, depending on the value in the Session Type field, that the specific user can use during CGN operation. 6

7 Report NAT44 TCP/UDP Port Allocation Range via RADIUS AAA Server Access Request Service Request NAT44/NAS BNG User profile: Username pwd, IPv4 address, CGN TCP/UDP, Session Limit Access-Accept Service Granted User RADIUSPPPoE/DHCP 7 Account Request Port-Session-Range for de-allocation CGN allocates a TCP/UDP port range for the user Account Request Port-Session-Range for allocation CGN de-allocates a TCP/UDP port range for the user

8 Report Port Allocation/De-allocation for a UE AAA Server Access Request Service Request BNG/NAS Access-Accept Service Granted (parameters) UE 8 Account Request Port-Session-Range for de-allocation CPE withdraws a TCP/UDP port range for the UE Account Request Port-Session-Range for allocation CPE CPE assigns IP address and a TCP/UDP port range to the UE

9 Port-Session-Range Attribute Type – TBA2 for Port-Session-Range Length – (12 plus the length of Local Session ID) octets ST (Session Type)- 8 bits, This field contains an enumerated value (refer to Section 3.1) that indicates the semantics of the Session Range. A-bit Flag – 0: The specified range is for allocation. 1: The specified range is for de-allocation. 9

10 CGN-Session-Range Attribute (Cont.) Reserved – set to zero by sender and ignored by receiver. Port Range Mask: The Port Range Mask (PRM) indicates the position of the bits that are used to build the Port Range Value. By default, no PRM value is assigned. The 1 values in the Port Range Mask indicate by their position the significant bits of the Port Range Value. Refer to [RFC6431] for more details. Port Range Value: The Port Range Value (PRV) indicates the value of the significant bits of the Port Range Mask. By default, no PRV is assigned. Refer to [RFC6431] for more details. External IPv4 Address: This field contains the IPv4 address assigned to the associated subscriber to be used in the external realm. Local Session ID: This is an optional field and if presents, it contains a local session identifier at the customer premise, such as MAC address, interface ID, VLAN ID, PPP sessions ID, VRF ID, etc. The length of this field equals to the total attribute length minus 12 octets. 10

11 NAT44 Port Forwarding Configuration via RADIUS AAA Server Access Request Service Request NAT44/NAS BNG User profile: Username pwd IPv4 address Internal port External port Access-Accept Port-Forwarding-Map Service Granted (other parameters) Account Request Port-Forwarding-Map User (Create a port mapping for the user, and associate it with the internal and external IP address) RADIUSPPPoE/DHCP 11

12 Change NAT44 TCP/UDP Port Mapping via RADIUS AAA Server NAT44/NAS BNG User 12 Internal IP Address Port Map (a:X) CoA Request Port-Forwarding-Map) Internal IP Address Port Map (a:Y)) CoA Response Port-Forwarding-Map) User profile: Username pwd IPv4 address Internal port External port RADIUSPPPoE/DHCP

13 Port-Forwarding-Map Attribute Type – TBA3 for Port-Forwarding-Map Length – Depending on the value of the AF field, the length could be 8, 12 or 24 octets. AF (Address Family)- 8 bits. This field contains an enumerated value that indicates the address family of the internal IP address for the mapping as follows: 0: no internal IP address 1: The internal address is an IPv4 address. 2: The internal address is an IPv6 address. 3-255: Values not defined. Internal Port – The internal port for the CGN mapping. External Port – The external port for the CGN mapping. Internal IP address – if exists, contains the internal IPv4 or IPv6 address for the CGN mapping. 13

14 IANA Considerations (code point request) New RADIUS attributes:  Port-Session-Limit (Section 3.1)  Port-Session-Range (Section 3.2)  Port-Forwarding-Map (Section 3.3) Session type (Section 3.1)  0: Applicable to TCP/UDP port number and ICMP identifier  1: Applicable to TCP/UDP port number only  2: Applicable to TCP port number only  3: Applicable to UDP port number only  4: Applicable to ICMP identifier only  5-255: Undefined 14

15 Next step … Requesting to be adopted as a RADEXT WG document… Update the draft with clarification that the new RADIUS attribute types as requested are in the extended type code space per RFC6929. 15

Download ppt "Dean Cheng Jouni Korhonen Mehamed Boucadair"

Similar presentations

Dynamic Allocation of Shared IPv4 Addresses draft-csf-dhc-dynamic-shared-v4allocation-00 Q. Sun, Y. Cui, I. Farrer, Y. Lee, Q. Sun, M. Boucadair IETF 89,

Dynamic Allocation of Shared IPv4 Addresses draft-csf-dhc-dynamic-shared-v4allocation-00 Q. Sun, Y. Cui, I. Farrer, Y. Lee, Q. Sun, M. Boucadair IETF 89,
EAP Channel Bindings Charles Clancy Katrin Hoeper IETF 76 Hiroshima, Japan November 08-13, 2009.

EAP Channel Bindings Charles Clancy Katrin Hoeper IETF 76 Hiroshima, Japan November 08-13, 2009.
CST 415 - Computer Networks NAT CST 415 4/10/2017 CST 415 - Computer Networks.

CST Computer Networks NAT CST 415 4/10/2017 CST Computer Networks.
CPSC 441 - Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-

CPSC Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-
Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made.

Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made.
NAT64 Operational Experiences draft-chen-v6ops-nat64-experience-03 IETF 84- Vancouver, Aug 2012 Gang Chen China Mobile Zhen Cao China Mobile Cameron Byrne.

NAT64 Operational Experiences draft-chen-v6ops-nat64-experience-03 IETF 84- Vancouver, Aug 2012 Gang Chen China Mobile Zhen Cao China Mobile Cameron Byrne.
1 Improved DNS Server Selection for Multi-Homed Nodes draft-savolainen-mif-dns-server-selection-04 Teemu Savolainen (Nokia) Jun-ya Kato (NTT) MIF WG meeting.

1 Improved DNS Server Selection for Multi-Homed Nodes draft-savolainen-mif-dns-server-selection-04 Teemu Savolainen (Nokia) Jun-ya Kato (NTT) MIF WG meeting.
Subnetting.

Subnetting.
Chapter 18 RADIUS. RADIUS  Remote Authentication Dial-In User Service  Protocol used for communication between NAS and AAA server  Supports authentication,

Chapter 18 RADIUS. RADIUS  Remote Authentication Dial-In User Service  Protocol used for communication between NAS and AAA server  Supports authentication,
Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 20 RADIUS and Internet Authentication Service.

Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 20 RADIUS and Internet Authentication Service.
IPv4-Embedded IPv6 Multicast Address draft-ietf-mboned-64-multicast-address-format IETF 84 Vancouver 1.

IPv4-Embedded IPv6 Multicast Address draft-ietf-mboned-64-multicast-address-format IETF 84 Vancouver 1.
Framework & Requirements for an Access Node Control Mechanism in Broadband Multi-Service Networks ANCP WG IETF 70 – Vancouver draft-ietf-ancp-framework-04.txt.

Framework & Requirements for an Access Node Control Mechanism in Broadband Multi-Service Networks ANCP WG IETF 70 – Vancouver draft-ietf-ancp-framework-04.txt.
Transport Layer 3-1 Chapter 4 Network Layer Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012  CPSC.

Transport Layer 3-1 Chapter 4 Network Layer Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012  CPSC.
The Saigon CTT Semester 1 CHAPTER 10 Le Chi Trung.

The Saigon CTT Semester 1 CHAPTER 10 Le Chi Trung.
SYSTEM ADMINISTRATION Chapter 8 Internet Protocol (IP) Addressing.

SYSTEM ADMINISTRATION Chapter 8 Internet Protocol (IP) Addressing.
DIME WG IETF 82 Dime WG Agenda & Status THURSDAY, November 17, 2011 Jouni Korhonen & Lionel Morand.

DIME WG IETF 82 Dime WG Agenda & Status THURSDAY, November 17, 2011 Jouni Korhonen & Lionel Morand.
Jun Li DHCP Option for Access Network Information draft-lijun-dhc-clf-nass-option-01.

Jun Li DHCP Option for Access Network Information draft-lijun-dhc-clf-nass-option-01.
QUALCOMM Incorporated 1 Protocol Options for BSN- BSMCS Controller Interface Jun Wang, Kirti Gupta 05/16/2005 Notice: Contributors grant a free, irrevocable.

QUALCOMM Incorporated 1 Protocol Options for BSN- BSMCS Controller Interface Jun Wang, Kirti Gupta 05/16/2005 Notice: Contributors grant a free, irrevocable.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Planning the Addressing Structure Working at a Small-to-Medium Business.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Planning the Addressing Structure Working at a Small-to-Medium Business.
Dean Cheng Jouni Korhonen Mehamed Boucadair

Dean Cheng Jouni Korhonen Mehamed Boucadair

Similar presentations

Ads by Google