Network Working Group J. Salowey Request for Comments: 4818 R. Droms Category: Standards Track Cisco Systems, Inc. April 2007
Network Working Group J. Salowey Request for Comments: 4818 R. Droms Category: Standards Track Cisco Systems, Inc. April 2007
RADIUS Delegated-IPv6-Prefix Attribute
RADIUS-IPv6-Prefix属性
Status of This Memo
关于下段备忘
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.
本文件规定了互联网社区的互联网标准跟踪协议,并要求进行讨论和提出改进建议。有关本协议的标准化状态和状态,请参考当前版本的“互联网官方协议标准”(STD 1)。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The IETF Trust (2007).
版权所有(C)IETF信托基金(2007年)。
Abstract
摘要
This document defines a RADIUS (Remote Authentication Dial In User Service) attribute that carries an IPv6 prefix that is to be delegated to the user. This attribute is usable within either RADIUS or Diameter.
本文档定义了RADIUS(远程身份验证拨入用户服务)属性,该属性带有要委派给用户的IPv6前缀。此属性在半径或直径范围内可用。
This document defines the Delegated-IPv6-Prefix attribute as a RADIUS [1] attribute that carries an IPv6 prefix to be delegated to the user, for use in the user's network. For example, the prefix in a Delegated-IPv6-Prefix attribute can be delegated to another node through DHCP Prefix Delegation [2].
本文档将delegate-IPv6-Prefix属性定义为RADIUS[1]属性,该属性携带要委托给用户的IPv6前缀,以便在用户网络中使用。例如,Delegated-IPv6-prefix属性中的前缀可以通过DHCP前缀委派[2]委派给另一个节点。
The Delegated-IPv6-Prefix attribute can be used in DHCP Prefix Delegation between the delegating router and a RADIUS server, as illustrated in the following message sequence.
Delegated-IPv6-Prefix属性可用于委派路由器和RADIUS服务器之间的DHCP前缀委派,如以下消息序列所示。
Requesting Router Delegating Router RADIUS Server | | | |-Solicit------------>| | | |-Request------------------------>| | |<--Accept(Delegated-IPv6-Prefix)-| |<--Advertise(Prefix)-| | |-Request(Prefix)---->| | |<--Reply(Prefix)-----| | | | | DHCP PD RADIUS
Requesting Router Delegating Router RADIUS Server | | | |-Solicit------------>| | | |-Request------------------------>| | |<--Accept(Delegated-IPv6-Prefix)-| |<--Advertise(Prefix)-| | |-Request(Prefix)---->| | |<--Reply(Prefix)-----| | | | | DHCP PD RADIUS
The Framed-IPv6-Prefix attribute [4] is not designed to support delegation of IPv6 prefixes to be used in the user's network, and therefore Framed-IPv6-Prefix and Delegated-IPv6-Prefix attributes may be included in the same RADIUS packet.
Framed-IPv6-Prefix属性[4]的设计不支持在用户网络中使用IPv6前缀的委派,因此Framed-IPv6-Prefix和Delegated-IPv6-Prefix属性可能包含在同一RADIUS数据包中。
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [3].
本文件中的关键词“必须”、“不得”、“要求”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照RFC 2119[3]中所述进行解释。
The format of the Delegated-IPv6-Prefix is:
委派-IPv6-前缀的格式为:
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Reserved | Prefix-Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Prefix +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Prefix +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Prefix +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Prefix | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Reserved | Prefix-Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Prefix +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Prefix +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Prefix +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Prefix | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
类型
123 for Delegated-IPv6-Prefix
123表示委派的IPv6前缀
Length
长
The length of the entire attribute, in bytes. At least 4 (to hold Type/Length/Reserved/Prefix-Length for a 0-bit prefix), and no larger than 20 (to hold Type/Length/ Reserved/Prefix- Length for a 128-bit prefix)
The length of the entire attribute, in bytes. At least 4 (to hold Type/Length/Reserved/Prefix-Length for a 0-bit prefix), and no larger than 20 (to hold Type/Length/ Reserved/Prefix- Length for a 128-bit prefix)
Reserved
含蓄的
Always set to zero by sender; ignored by receiver
发送方始终将其设置为零;被接收者忽略
Prefix-Length
前缀长度
The length of the prefix being delegated, in bits. At least 0 and no larger than 128 bits (identifying a single IPv6 address)
正在委派的前缀的长度,以位为单位。至少0位且不大于128位(标识单个IPv6地址)
Note that the prefix field is only required to be long enough to hold the prefix bits and can be shorter than 16 bytes. Any bits in the prefix field that are not part of the prefix MUST be zero.
请注意,前缀字段只需要足够长以容纳前缀位,并且可以短于16字节。前缀字段中不属于前缀的任何位都必须为零。
The Delegated-IPv6-Prefix MAY appear in an Access-Accept packet, and can appear multiple times. It MAY appear in an Access-Request packet as a hint by the NAS to the server that it would prefer these prefix(es), but the server is not required to honor the hint.
Delegated-IPv6-Prefix可能出现在访问接受数据包中,并且可能出现多次。它可能出现在访问请求数据包中,作为NAS向服务器发出的提示,表示它希望使用这些前缀,但服务器不需要遵守该提示。
The Delegated-IPv6-Prefix attribute MAY appear in an Accounting-Request packet.
Delegated-IPv6-Prefix属性可能出现在记帐请求数据包中。
The Delegated-IPv6-Prefix MUST NOT appear in any other RADIUS packets.
委派的-IPv6-前缀不得出现在任何其他RADIUS数据包中。
The following table provides a guide to which attributes may be found in which kinds of packets, and in what quantity.
下表提供了在哪些类型的数据包中可以找到哪些属性以及数量的指南。
+-------------------------------------------------------------------+ | Request Accept Reject Challenge Accounting # Attribute | | Request | | 0+ 0+ 0 0 0+ 123 Delegated-IPv6- | | Prefix | +-------------------------------------------------------------------+
+-------------------------------------------------------------------+ | Request Accept Reject Challenge Accounting # Attribute | | Request | | 0+ 0+ 0 0 0+ 123 Delegated-IPv6- | | Prefix | +-------------------------------------------------------------------+
The meaning of the above table entries is as follows: 0 This attribute MUST NOT be present. 0+ Zero or more instances of this attribute MAY be present. 0-1 Zero or one instance of this attribute MAY be present. 1 Exactly one instance of this attribute MUST be present. 1+ One or more of these attributes MUST be present.
上表条目的含义如下:0此属性不得存在。此属性可能存在0+零个或多个实例。0-1此属性可能存在零个或一个实例。1此属性必须仅存在一个实例。1+必须存在这些属性中的一个或多个。
When used in Diameter, the attribute defined in this specification can be used as a Diameter AVP from the Code space 1-255, i.e., RADIUS attribute compatibility space. No additional Diameter Code values are therefore allocated. The data types of the attributes are as follows:
在Diameter中使用时,本规范中定义的属性可以用作代码空间1-255中的Diameter AVP,即RADIUS属性兼容空间。因此,不分配其他直径代码值。属性的数据类型如下所示:
Delegated-IPv6-Prefix OctetString
委派-IPv6-前缀八位字符串
The attribute in this specification has no special translation requirements for Diameter to RADIUS or RADIUS to Diameter gateways, i.e., the attribute is copied as is, except for changes relating to headers, alignment, and padding. See also RFC 3588 [5], Section 4.1, and RFC 4005 [6], Section 9.
本规范中的属性对于直径到半径或半径到直径网关没有特殊的转换要求,即,该属性按原样复制,但与标题、对齐和填充相关的更改除外。另见RFC 3588[5]第4.1节和RFC 4005[6]第9节。
The text in this specification describing the applicability of the Delegated-IPv6-Prefix attribute for RADIUS Access-Request applies in Diameter to AA-Request [6] or Diameter-EAP-Request [7].
本规范中描述RADIUS访问请求的Delegated-IPv6-Prefix属性适用性的文本在Diameter中适用于AA请求[6]或Diameter EAP请求[7]。
The text in this specification describing the applicability of the Delegated-IPv6-Prefix attribute for RADIUS Access-Accept applies in Diameter to AA-Answer or Diameter-EAP-Answer that indicates success.
本规范中描述RADIUS Access Accept的Delegated-IPv6-Prefix属性适用性的文本在Diameter中适用于表示成功的AA应答或Diameter EAP应答。
The text in this specification describing the applicability of the Delegated-IPv6-Prefix attribute for RADIUS Accounting-Request applies to Diameter Accounting-Request [6] as well.
本规范中描述RADIUS记帐请求的Delegate-IPv6-Prefix属性适用性的文本也适用于Diameter记帐请求[6]。
The AVP flag rules [5] for the Delegated-IPv6-Prefix attribute are:
Delegated-IPv6-Prefix属性的AVP标志规则[5]为:
+---------------------+ | AVP Flag rules | |----+-----+----+-----|----+ AVP | | |SHLD| MUST| | Attribute Name Code Value Type |MUST| MAY | NOT| NOT|Encr| ---------------------------------|----+-----+----+-----|----| Delegated-IPv6- 123 OctetString| M | P | | V | Y | Prefix | | | | | | ---------------------------------|----+-----+----+-----|----|
+---------------------+ | AVP Flag rules | |----+-----+----+-----|----+ AVP | | |SHLD| MUST| | Attribute Name Code Value Type |MUST| MAY | NOT| NOT|Encr| ---------------------------------|----+-----+----+-----|----| Delegated-IPv6- 123 OctetString| M | P | | V | Y | Prefix | | | | | | ---------------------------------|----+-----+----+-----|----|
IANA assigned a Type value, 123, for this attribute from the RADIUS Attribute Types registry.
IANA从RADIUS属性类型注册表为此属性分配了类型值123。
Known security vulnerabilities of the RADIUS protocol are discussed in RFC 2607 [8], RFC 2865 [1], and RFC 2869 [9]. Use of IPsec [10] for providing security when RADIUS is carried in IPv6 is discussed in RFC 3162.
RFC 2607[8]、RFC 2865[1]和RFC 2869[9]中讨论了RADIUS协议的已知安全漏洞。RFC 3162讨论了在IPv6中承载RADIUS时使用IPsec[10]提供安全性。
Security considerations for the Diameter protocol are discussed in RFC 3588 [5].
RFC 3588[5]中讨论了Diameter协议的安全注意事项。
[1] Rigney, C., Willens, S., Rubens, A., and W. Simpson, "Remote Authentication Dial In User Service (RADIUS)", RFC 2865, June 2000.
[1] Rigney,C.,Willens,S.,Rubens,A.,和W.Simpson,“远程认证拨入用户服务(RADIUS)”,RFC 28652000年6月。
[2] Troan, O. and R. Droms, "IPv6 Prefix Options for Dynamic Host Configuration Protocol (DHCP) version 6", RFC 3633, December 2003.
[2] Troan,O.和R.Droms,“动态主机配置协议(DHCP)版本6的IPv6前缀选项”,RFC 3633,2003年12月。
[3] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[3] Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。
[4] Aboba, B., Zorn, G., and D. Mitton, "RADIUS and IPv6", RFC 3162, August 2001.
[4] Aboba,B.,Zorn,G.和D.Mitton,“RADIUS和IPv6”,RFC3162001年8月。
[5] Calhoun, P., Loughney, J., Guttman, E., Zorn, G., and J. Arkko, "Diameter Base Protocol", RFC 3588, September 2003.
[5] Calhoun,P.,Loughney,J.,Guttman,E.,Zorn,G.,和J.Arkko,“直径基础协议”,RFC 3588,2003年9月。
[6] Calhoun, P., Zorn, G., Spence, D., and D. Mitton, "Diameter Network Access Server Application", RFC 4005, August 2005.
[6] Calhoun,P.,Zorn,G.,Spence,D.,和D.Mitton,“Diameter网络访问服务器应用”,RFC 4005,2005年8月。
[7] Eronen, P., Hiller, T., and G. Zorn, "Diameter Extensible Authentication Protocol (EAP) Application", RFC 4072, August 2005.
[7] Eronen,P.,Hiller,T.,和G.Zorn,“直径可扩展认证协议(EAP)应用”,RFC 4072,2005年8月。
[8] Aboba, B. and J. Vollbrecht, "Proxy Chaining and Policy Implementation in Roaming", RFC 2607, June 1999.
[8] Aboba,B.和J.Vollbrecht,“漫游中的代理链接和策略实施”,RFC 2607,1999年6月。
[9] Rigney, C., Willats, W., and P. Calhoun, "RADIUS Extensions", RFC 2869, June 2000.
[9] 里格尼,C.,威拉斯,W.和P.卡尔霍恩,“半径延伸”,RFC 28692000年6月。
[10] Kent, S. and K. Seo, "Security Architecture for the Internet Protocol", RFC 4301, December 2005.
[10] Kent,S.和K.Seo,“互联网协议的安全架构”,RFC 43012005年12月。
Authors' Addresses
作者地址
Joe Salowey Cisco Systems, Inc. 2901 Third Avenue Seattle, WA 98121 USA
Joe Salowey Cisco Systems,Inc.美国华盛顿州西雅图第三大道2901号,邮编:98121
Phone: +1 206.310.0596 EMail: jsalowey@cisco.com
Phone: +1 206.310.0596 EMail: jsalowey@cisco.com
Ralph Droms Cisco Systems, Inc. 1414 Massachusetts Avenue Boxborough, MA 01719 USA
Ralph Droms Cisco Systems,Inc.美国马萨诸塞州博克斯堡马萨诸塞大道1414号,邮编01719
Phone: +1 978.936.1674 EMail: rdroms@cisco.com
Phone: +1 978.936.1674 EMail: rdroms@cisco.com
Full Copyright Statement
完整版权声明
Copyright (C) The IETF Trust (2007).
版权所有(C)IETF信托基金(2007年)。
This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights.
本文件受BCP 78中包含的权利、许可和限制的约束,除其中规定外,作者保留其所有权利。
This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件及其包含的信息以“原样”为基础提供,贡献者、他/她所代表或赞助的组织(如有)、互联网协会、IETF信托基金和互联网工程任务组不承担任何明示或暗示的担保,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。
Intellectual Property
知识产权
The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79.
IETF对可能声称与本文件所述技术的实施或使用有关的任何知识产权或其他权利的有效性或范围,或此类权利下的任何许可可能或可能不可用的程度,不采取任何立场;它也不表示它已作出任何独立努力来确定任何此类权利。有关RFC文件中权利的程序信息,请参见BCP 78和BCP 79。
Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr.
向IETF秘书处披露的知识产权副本和任何许可证保证,或本规范实施者或用户试图获得使用此类专有权利的一般许可证或许可的结果,可从IETF在线知识产权存储库获取,网址为http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org.
IETF邀请任何相关方提请其注意任何版权、专利或专利申请,或其他可能涵盖实施本标准所需技术的专有权利。请将信息发送至IETF的IETF-ipr@ietf.org.
Acknowledgement
确认
Funding for the RFC Editor function is currently provided by the Internet Society.
RFC编辑功能的资金目前由互联网协会提供。