[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Some suggestions for/comments on draft-ietf-radext-ipv6-access-01

To: <radiusext@ops.ietf.org>
Subject: Some suggestions for/comments on draft-ietf-radext-ipv6-access-01
From: Mark Smith <msmith@internode.com.au>
Date: Tue, 4 May 2010 10:58:01 +0930
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.9) Gecko/20100317 Lightning/1.0b1 Thunderbird/3.0.4

Hi,

I've just come across this draft today, and have somesuggestions/comments, based on the work we're doing for our IPv6production ADSL deployment.



---
2.  Deployment Scenarios

If found this section a bit confusing, particularly "RG host", as it hasseemed to me that the more common deployment model, in particular whenusing PPPoE, would be that the 'RG' would most commonly be an IPv6router, not a host. It also seems to be a bit too specific to DSLdeployments, using Broadband Forum terminology.

Perhaps the more generic "IPv6 End-user Network Architecture" diagramand terminology in the IPv6 Customer Edge Router draft might be a bitless confusing and less specific to Broadband Forum terminology.


---
2.1. IPv6 Address Assignment / 3.1. Framed-IPv6-Address

"While SLAAC provides a host with a /64 IPv6 prefix from which toconstruct its address, the host is free to construct a 64-bit InterfaceID that when concatenated with the /64 prefix provides a unique address.By providing a host only a /64 network operators are unaware of theexact IP addresses in use by a device."

In the implementation we've been working with, by quite a well knownvendor, we haven't had these sorts of issues. When we have the PPP/PPPoEPE router choose the /64s to assign to the PPP/PPPoE customer session,via a router local prefix pool, we have that assigned prefix reported inthe RADIUS Accounting packets via the Framed-IPv6-Prefix attribute, andreceive the IID, chosen by the CE device, reported via theFramed-Interface-Id attribute. We've also been able to specify the IIDthat the CE device should use, using Framed-Interface-Id in RADIUSAccess-Accepts and provided to the CE via IPv6CP, in combination with aFramed-IPv6-Prefix, provided by RAs.

Based on that quite successful experience, I'm not sure I can see astrong need for a RADIUS attribute that explicitly combines both theprefix and IID information, either during RADIUS based authenticationand accounting.


---
2.2 Recursive DNS Servers / 3.2. DNS-Server-IPv6-Address

Generally OK with this.

I was going to suggest another RADIUS attribute to supply the domainname to router, in the context of the PE router operating as DHCPv6server. However, that starts to suggest that RADIUS attributes should becreated for all possible DHCPv6 options that the PE located DHCPv6server could supply to the downstream device, as there may be caseswhere different authenticated CE receive different sets of DHCPv6supplied options, with RADIUS Access-Accept being used to supply them tothe PE router.

It seems a bit redundant to replicate DHCPv6 Options as RADIUS optionsand it also seems that people have thought of this sort of problembefore - RFC4580, "Dynamic Host Configuration Protocol for IPv6 (DHCPv6)Relay Agent Subscriber-ID Option", describes an DHCPv6 option that canbe used to supply subscriber-ID information for DHCPv6 response optionselection.

Maybe a more general solution, rather than IPv6 DNS specific RADIUSattribute, would be to have a RADIUS Access-Accept attribute thatindicates to the PE router that, for the authenticated CE, it shouldquery the specified DHCPv6 server, supplying the Subscriber-ID, forDHCPv6 options to provide to then supply to the CE via DHCPv6 or, in thecase of IPv6 DNS, RDNSS options.


---
2.3. IPv6 Route Information / 3.3. Route-IPv6-Information

Fine with this.

I'm a bit curious if any thought was put into creating a RADIUSattribute to express router preference?



---
Delegated Prefix IPv6 Pool Attribute

We'd find it really useful to have an IETF RADIUS attribute that allowsus to specify the local IPv6 prefix pool that the PE router DHCPv6server uses to choose prefixes it delegates via DHCPv6-PD. Currentlywe're using a vendor specific attribute.

This would be a Delegated Prefix oriented version of the existingFramed-IPv6-Pool attribute.



HTH,
Mark.
















--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Prev by Date: I-D Action:draft-ietf-radext-ipv6-access-01.txt
Next by Date: I-D Action:draft-ietf-radext-status-server-08.txt
Previous by thread: I-D Action:draft-ietf-radext-ipv6-access-01.txt
Next by thread: I-D Action:draft-ietf-radext-status-server-08.txt
Index(es):
- Date
- Thread