Internet Engineering Task Force (IETF) D. Cheng
Request for Comments: 8045 Huawei
Category: Standards Track J. Korhonen
ISSN: 2070-1721 Broadcom Corporation
M. Boucadair
Orange
S. Sivakumar
Cisco Systems
January 2017
Internet Engineering Task Force (IETF) D. Cheng
Request for Comments: 8045 Huawei
Category: Standards Track J. Korhonen
ISSN: 2070-1721 Broadcom Corporation
M. Boucadair
Orange
S. Sivakumar
Cisco Systems
January 2017
RADIUS Extensions for IP Port Configuration and Reporting
用于IP端口配置和报告的RADIUS扩展
Abstract
摘要
This document defines three new RADIUS attributes. For devices that implement IP port ranges, these attributes are used to communicate with a RADIUS server in order to configure and report IP transport ports as well as mapping behavior for specific hosts. This mechanism can be used in various deployment scenarios such as Carrier-Grade NAT, IPv4/IPv6 translators, Provider WLAN gateway, etc. This document defines a mapping between some RADIUS attributes and IP Flow Information Export (IPFIX) Information Element identifiers.
本文档定义了三个新的半径属性。对于实现IP端口范围的设备,这些属性用于与RADIUS服务器通信,以便配置和报告IP传输端口以及特定主机的映射行为。此机制可用于各种部署场景,如运营商级NAT、IPv4/IPv6转换器、提供商WLAN网关等。本文档定义了一些RADIUS属性和IP流信息导出(IPFIX)信息元素标识符之间的映射。
Status of This Memo
关于下段备忘
This is an Internet Standards Track document.
这是一份互联网标准跟踪文件。
This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 7841.
本文件是互联网工程任务组(IETF)的产品。它代表了IETF社区的共识。它已经接受了公众审查,并已被互联网工程指导小组(IESG)批准出版。有关互联网标准的更多信息,请参见RFC 7841第2节。
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc8045.
有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问http://www.rfc-editor.org/info/rfc8045.
Copyright Notice
版权公告
Copyright (c) 2017 IETF Trust and the persons identified as the document authors. All rights reserved.
版权所有(c)2017 IETF信托基金和确定为文件作者的人员。版权所有。
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(http://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。从本文件中提取的代码组件必须包括信托法律条款第4.e节中所述的简化BSD许可证文本,并提供简化BSD许可证中所述的无担保。
Table of Contents
目录
1. Introduction ....................................................4
2. Terminology .....................................................5
2.1. Requirements Language ......................................6
3. Extensions of RADIUS Attributes and TLVs ........................7
3.1. Extended Attributes for IP Ports ...........................7
3.1.1. IP-Port-Limit-Info Attribute ........................7
3.1.2. IP-Port-Range Attribute .............................9
3.1.3. IP-Port-Forwarding-Map Attribute ...................12
3.2. RADIUS TLVs for IP Ports ..................................15
3.2.1. IP-Port-Type TLV ...................................16
3.2.2. IP-Port-Limit TLV ..................................17
3.2.3. IP-Port-Ext-IPv4-Addr TLV ..........................18
3.2.4. IP-Port-Int-IPv4-Addr TLV ..........................19
3.2.5. IP-Port-Int-IPv6-Addr TLV ..........................20
3.2.6. IP-Port-Int-Port TLV ...............................21
3.2.7. IP-Port-Ext-Port TLV ...............................22
3.2.8. IP-Port-Alloc TLV ..................................23
3.2.9. IP-Port-Range-Start TLV ............................24
3.2.10. IP-Port-Range-End TLV .............................25
3.2.11. IP-Port-Local-Id TLV ..............................25
4. Applications, Use Cases, and Examples ..........................27
4.1. Managing CGN Port Behavior Using RADIUS ...................27
4.1.1. Configure IP Port Limit for a User .................27
4.1.2. Report IP Port Allocation/Deallocation .............29
4.1.3. Configure Port Forwarding Mapping ..................31
4.1.4. An Example .........................................33
4.2. Report Assigned Port Set for a Visiting UE ................35
5. Table of Attributes ............................................36
6. Security Considerations ........................................36
7. IANA Considerations ............................................37
7.1. New IPFIX Information Elements ............................37
7.2. New RADIUS Attributes .....................................38
7.3. New RADIUS TLVs ...........................................38
8. References .....................................................39
8.1. Normative References ......................................39
8.2. Informative References ....................................40
Acknowledgments ...................................................43
Authors' Addresses ................................................43
1. Introduction ....................................................4
2. Terminology .....................................................5
2.1. Requirements Language ......................................6
3. Extensions of RADIUS Attributes and TLVs ........................7
3.1. Extended Attributes for IP Ports ...........................7
3.1.1. IP-Port-Limit-Info Attribute ........................7
3.1.2. IP-Port-Range Attribute .............................9
3.1.3. IP-Port-Forwarding-Map Attribute ...................12
3.2. RADIUS TLVs for IP Ports ..................................15
3.2.1. IP-Port-Type TLV ...................................16
3.2.2. IP-Port-Limit TLV ..................................17
3.2.3. IP-Port-Ext-IPv4-Addr TLV ..........................18
3.2.4. IP-Port-Int-IPv4-Addr TLV ..........................19
3.2.5. IP-Port-Int-IPv6-Addr TLV ..........................20
3.2.6. IP-Port-Int-Port TLV ...............................21
3.2.7. IP-Port-Ext-Port TLV ...............................22
3.2.8. IP-Port-Alloc TLV ..................................23
3.2.9. IP-Port-Range-Start TLV ............................24
3.2.10. IP-Port-Range-End TLV .............................25
3.2.11. IP-Port-Local-Id TLV ..............................25
4. Applications, Use Cases, and Examples ..........................27
4.1. Managing CGN Port Behavior Using RADIUS ...................27
4.1.1. Configure IP Port Limit for a User .................27
4.1.2. Report IP Port Allocation/Deallocation .............29
4.1.3. Configure Port Forwarding Mapping ..................31
4.1.4. An Example .........................................33
4.2. Report Assigned Port Set for a Visiting UE ................35
5. Table of Attributes ............................................36
6. Security Considerations ........................................36
7. IANA Considerations ............................................37
7.1. New IPFIX Information Elements ............................37
7.2. New RADIUS Attributes .....................................38
7.3. New RADIUS TLVs ...........................................38
8. References .....................................................39
8.1. Normative References ......................................39
8.2. Informative References ....................................40
Acknowledgments ...................................................43
Authors' Addresses ................................................43
In a broadband network, customer information is usually stored on a RADIUS server [RFC2865]. At the time when a user initiates an IP connection request, if this request is authorized, the RADIUS server will populate the user's configuration information to the Network Access Server (NAS), which is often referred to as a Broadband Network Gateway (BNG) in broadband access networks. The Carrier-Grade NAT (CGN) function may also be implemented on the BNG. Within this document, the CGN may perform Network Address Translation from IPv4 Clients to IPv4 Servers (NAT44) [RFC3022], NAT from IPv6 Clients to IPv4 Servers (NAT64) [RFC6146], or Dual-Stack Lite Address Family Transition Router (AFTR) [RFC6333] function. In such case, the CGN IP transport port (e.g., TCP/UDP port) mapping behaviors can be part of the configuration information sent from the RADIUS server to the NAS/BNG. As part of the accounting information sent from the NAS/BNG to a RADIUS server, the NAS/BNG may also report the IP port mapping behavior applied by the CGN to a user session.
在宽带网络中,客户信息通常存储在RADIUS服务器上[RFC2865]。当用户发起IP连接请求时,如果该请求得到授权,RADIUS服务器将向网络接入服务器(NAS)填充用户的配置信息,在宽带接入网络中,NAS通常被称为宽带网络网关(BNG)。载波级NAT(CGN)功能也可以在BNG上实现。在本文档中,CGN可执行从IPv4客户端到IPv4服务器(NAT44)[RFC3022]的网络地址转换,从IPv6客户端到IPv4服务器(NAT64)[RFC6146]的NAT,或双栈精简地址族转换路由器(AFTR)[RFC6333]功能。在这种情况下,CGN IP传输端口(例如TCP/UDP端口)映射行为可以是从RADIUS服务器发送到NAS/BNG的配置信息的一部分。作为从NAS/BNG发送到RADIUS服务器的记帐信息的一部分,NAS/BNG还可以报告CGN应用于用户会话的IP端口映射行为。
When IP packets traverse the CGN, it performs mapping on the IP transport (e.g., TCP/UDP) source port as required. An IP transport source port, along with a source IP address, destination IP address, destination port, and protocol identifier, if applicable, uniquely identify a mapping. Since the number space of IP transport ports in the CGN's external realm is shared among multiple users assigned with the same IPv4 address, the total number of a user's simultaneous IP mappings is likely to be subject to a port quota (see Section 5 of [RFC6269]).
当IP数据包穿过CGN时,它会根据需要在IP传输(例如TCP/UDP)源端口上执行映射。IP传输源端口以及源IP地址、目标IP地址、目标端口和协议标识符(如果适用)唯一标识映射。由于CGN外部域中IP传输端口的数量空间在分配有相同IPv4地址的多个用户之间共享,因此用户同时IP映射的总数可能受到端口配额的限制(请参见[RFC6269]第5节)。
The attributes defined in this document may also be used to report the assigned port range in some deployments, such as Provider WLAN [WIFI-SERVICES]. For example, a visiting host can be managed by Customer Premises Equipment (CPE), which will need to report the assigned port range to the service platform. This is required for identification purposes (see TR-146 [TR-146] for more details).
本文档中定义的属性也可用于报告某些部署中分配的端口范围,如提供商WLAN[WIFI-SERVICES]。例如,访问主机可以由客户场所设备(CPE)管理,CPE需要向服务平台报告分配的端口范围。这是出于识别目的而需要的(有关更多详细信息,请参阅TR-146[TR-146])。
This document proposes three new attributes as RADIUS protocol extensions; they are used for separate purposes, as follows:
本文提出了三个新属性作为RADIUS协议扩展;它们用于不同的目的,如下所示:
1. IP-Port-Limit-Info: This attribute may be carried in a RADIUS Access-Accept, Access-Request, Accounting-Request, or CoA-Request packet. The purpose of this attribute is to limit the total number of IP source transport ports allocated to a user and associated with one or more IPv4 or IPv6 addresses.
1. IP端口限制信息:此属性可能包含在RADIUS访问接受、访问请求、记帐请求或CoA请求数据包中。此属性的目的是限制分配给用户并与一个或多个IPv4或IPv6地址关联的IP源传输端口的总数。
2. IP-Port-Range: This attribute may be carried in a RADIUS Accounting-Request packet. The purpose of this attribute is for an address-sharing device (e.g., a CGN) to report to the RADIUS
2. IP端口范围:此属性可以在RADIUS记帐请求数据包中携带。该属性用于地址共享设备(例如CGN)向RADIUS报告
server the range of IP source transport ports that have been allocated or deallocated for a user. The port range is bound to an external IPv4 address.
服务器已为用户分配或解除分配的IP源传输端口范围。端口范围绑定到外部IPv4地址。
3. IP-Port-Forwarding-Map: This attribute may be carried in RADIUS Access-Accept, Access-Request, Accounting-Request, or CoA-Request packet. The purpose of this attribute is to specify how an IP internal source transport port, together with its internal IPv4 or IPv6 address, are mapped to an external source transport port along with the external IPv4 address.
3. IP端口转发映射:此属性可以在RADIUS访问接受、访问请求、记帐请求或CoA请求数据包中携带。此属性的目的是指定如何将IP内部源传输端口及其内部IPv4或IPv6地址与外部IPv4地址一起映射到外部源传输端口。
IPFIX Information Elements [RFC7012] can be used for IP flow identification and representation over RADIUS. This document provides a mapping between some RADIUS TLVs and IPFIX Information Element identifiers. A new IPFIX Information Element is defined by this document (see Section 3.2.2).
IPFIX信息元素[RFC7012]可用于半径范围内的IP流标识和表示。本文档提供了一些RADIUS TLV和IPFIX信息元素标识符之间的映射。本文件定义了一个新的IPFIX信息元素(见第3.2.2节)。
IP protocol numbers (refer to [ProtocolNumbers]) can be used for identification of IP transport protocols (e.g., TCP [RFC793], UDP [RFC768], Datagram Congestion Control Protocol (DCCP) [RFC4340], and Stream Control Transmission Protocol (SCTP) [RFC4960]) that are associated with some RADIUS attributes.
IP协议编号(参考[协议编号])可用于识别与某些RADIUS属性相关联的IP传输协议(例如TCP[RFC793]、UDP[RFC768]、数据报拥塞控制协议(DCCP)[RFC4340]和流控制传输协议(SCTP)[RFC4960])。
This document focuses on IPv4 address sharing. Mechanisms for IPv6 prefix sharing (e.g., IPv6-to-IPv6 Network Prefix Translation (NPTv6)) are out of scope.
本文档重点介绍IPv4地址共享。IPv6前缀共享机制(例如,IPv6到IPv6网络前缀转换(NPTv6))超出范围。
This document makes use of the following terms:
本文件使用了以下术语:
o IP Port: This refers to an IP transport port (e.g., a TCP port number or UDP port number).
o IP端口:指IP传输端口(例如TCP端口号或UDP端口号)。
o IP Port Type: This refers to the IP transport protocol as indicated by the IP transport protocol number. Refer to [ProtocolNumbers].
o IP端口类型:指IP传输协议编号指示的IP传输协议。请参阅[协议编号]。
o IP Port Limit: This denotes the maximum number of IP ports for a specific (or all) IP transport protocol(s) that a device supporting port ranges can use when performing port number mappings for a specific user/host. Note that this limit is usually associated with one or more IPv4/IPv6 addresses.
o IP端口限制:表示支持端口范围的设备在为特定用户/主机执行端口号映射时可以使用的特定(或全部)IP传输协议的最大IP端口数。请注意,此限制通常与一个或多个IPv4/IPv6地址关联。
o IP Port Range: This specifies a set of contiguous IP ports indicated by the lowest numerical number and the highest numerical number, inclusively.
o IP端口范围:这指定了一组由最低数字和最高数字表示的连续IP端口,包括。
o Internal IP Address: This refers to the IP address that is used by a host as a source IP address in an outbound IP packet sent towards a device supporting port ranges in the internal realm. The internal IP address may be IPv4 or IPv6.
o 内部IP地址:这是指主机在发送到内部域中支持端口范围的设备的出站IP数据包中用作源IP地址的IP地址。内部IP地址可以是IPv4或IPv6。
o External IP Address: This refers to the IP address that is used as a source IP address in an outbound IP packet after traversing a device supporting port ranges in the external realm. This document assumes that the external IP address is an IPv4 address.
o 外部IP地址:这是指在穿越外部领域中支持端口范围的设备后,在出站IP数据包中用作源IP地址的IP地址。本文档假定外部IP地址是IPv4地址。
o Internal Port: This is an IP transport port that is allocated by a host or application behind an address-sharing device for an outbound IP packet in the internal realm.
o 内部端口:这是一个IP传输端口,由地址共享设备后面的主机或应用程序为内部域中的出站IP数据包分配。
o External Port: This is an IP transport port that is allocated by an address-sharing device upon receiving an outbound IP packet in the internal realm and is used to replace the internal port that is allocated by a user or application.
o 外部端口:这是一个IP传输端口,由地址共享设备在内部域中接收出站IP数据包时分配,用于替换用户或应用程序分配的内部端口。
o External Realm: This refers to the networking segment where external IP addresses are used as source addresses of outbound packets forwarded by an address-sharing device.
o 外部域:这是指网络段,其中外部IP地址用作地址共享设备转发的出站数据包的源地址。
o Internal Realm: This refers to the networking segment that is behind an address-sharing device and where internal IP addresses are used.
o 内部域:指地址共享设备后面的网络段,使用内部IP地址。
o Mapping: This denotes a relationship between an internal IP address, internal port, and protocol, as well as an external IP address, external port, and protocol.
o 映射:这表示内部IP地址、内部端口和协议以及外部IP地址、外部端口和协议之间的关系。
o Address-Sharing Device: This is a device that is capable of sharing an IPv4 address among multiple users. A typical example of this device is a CGN, CPE, Provider WLAN gateway, etc.
o 地址共享设备:这是一种能够在多个用户之间共享IPv4地址的设备。该设备的典型示例是CGN、CPE、提供商WLAN网关等。
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119].
本文件中的关键词“必须”、“不得”、“要求”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照RFC 2119[RFC2119]中所述进行解释。
These three new attributes are defined in the following subsections:
以下小节定义了这三个新属性:
1. IP-Port-Limit-Info Attribute
1. IP端口限制信息属性
2. IP-Port-Range Attribute
2. IP端口范围属性
3. IP-Port-Forwarding-Map Attribute
3. IP端口转发映射属性
All these attributes are allocated from the RADIUS "Extended Type" code space per [RFC6929].
所有这些属性都是根据[RFC6929]从RADIUS“扩展类型”代码空间分配的。
These attributes and their embedded TLVs (refer to Section 3.2) are defined with globally unique names and follow the guidelines in Section 2.7.1 of [RFC6929].
这些属性及其嵌入的TLV(参考第3.2节)使用全局唯一名称定义,并遵循[RFC6929]第2.7.1节中的指南。
In all the figures describing the RADIUS attributes and TLV formats in the following subsections, the fields are transmitted from left to right.
在以下小节中描述半径属性和TLV格式的所有图中,字段从左向右传输。
This attribute is of type "tlv" as defined in the RADIUS Protocol Extensions [RFC6929]. It contains some sub-attributes, and the requirements are as follows:
此属性属于RADIUS协议扩展[RFC6929]中定义的“tlv”类型。它包含一些子属性,要求如下:
o The IP-Port-Limit-Info Attribute MAY contain the IP-Port-Type TLV (see Section 3.2.1).
o IP端口限制信息属性可能包含IP端口类型TLV(见第3.2.1节)。
o The IP-Port-Limit-Info Attribute MUST contain the IP-Port-Limit TLV (see Section 3.2.2).
o IP端口限制信息属性必须包含IP端口限制TLV(见第3.2.2节)。
o The IP-Port-Limit-Info Attribute MAY contain the IP-Port-Ext-IPv4-Addr TLV (see Section 3.2.3).
o IP端口限制信息属性可能包含IP-Port-Ext-IPv4-Addr TLV(请参阅第3.2.3节)。
The IP-Port-Limit-Info Attribute specifies the maximum number of IP ports, as indicated in IP-Port-Limit TLV, of a specific IP transport protocol, as indicated in IP-Port-Type TLV, and associated with a given IPv4 address, as indicated in IP-Port-Ext-IPv4-Addr TLV, for an end user.
IP Port Limit Info属性指定特定IP传输协议的最大IP端口数,如IP Port Limit TLV中所示,如IP Port Type TLV中所示,并与最终用户的给定IPv4地址关联,如IP-Port-Ext-IPv4-Addr TLV中所示。
Note that when IP-Port-Type TLV is not included as part of the IP-Port-Limit-Info Attribute, the port limit applies to all IP transport protocols.
请注意,当IP端口类型TLV未作为IP端口限制信息属性的一部分包含时,端口限制将应用于所有IP传输协议。
Note also that when IP-Port-Ext-IPv4-Addr TLV is not included as part of the IP-Port-Limit-Info Attribute, the port limit applies to all the IPv4 addresses managed by the address-sharing device, e.g., a CGN or NAT64 device.
还请注意,当IP-Port-Ext-IPv4-Addr TLV未作为IP端口限制信息属性的一部分包含时,端口限制将应用于由地址共享设备(例如CGN或NAT64设备)管理的所有IPv4地址。
The IP-Port-Limit-Info Attribute MAY appear in an Access-Accept packet. It MAY also appear in an Access-Request packet as a preferred maximum number of IP ports indicated by the device supporting port ranges co-located with the NAS, e.g., a CGN or NAT64.
IP端口限制信息属性可能出现在访问接受数据包中。它还可以在接入请求分组中作为由支持与NAS(例如CGN或NAT64)共存的端口范围的设备所指示的IP端口的优选最大数目出现。
The IP-Port-Limit-Info Attribute MAY appear in a CoA-Request packet.
IP端口限制信息属性可能出现在CoA请求数据包中。
The IP-Port-Limit-Info Attribute MAY appear in an Accounting-Request packet.
IP端口限制信息属性可能出现在记帐请求数据包中。
The IP-Port-Limit-Info Attribute MUST NOT appear in any other RADIUS packet.
IP端口限制信息属性不得出现在任何其他RADIUS数据包中。
The format of the IP-Port-Limit-Info Attribute is shown in Figure 1.
IP端口限制信息属性的格式如图1所示。
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Extended-Type | Value ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Extended-Type | Value ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 1
图1
Type
类型
241
241
Length
长
This field indicates the total length in octets of all fields of this attribute, including the Type, Length, Extended-Type, and the entire length of the embedded TLVs.
此字段表示此属性的所有字段的总长度(以八位字节为单位),包括类型、长度、扩展类型和嵌入TLV的整个长度。
Extended-Type
扩展型
5
5.
Value
价值
This field contains a set of TLVs as follows:
此字段包含一组TLV,如下所示:
IP-Port-Type TLV
IP端口类型TLV
This TLV contains a value that indicates the IP port type. Refer to Section 3.2.1.
此TLV包含一个指示IP端口类型的值。参考第3.2.1节。
IP-Port-Limit TLV
IP端口限制TLV
This TLV contains the maximum number of IP ports of a specific IP port type and associated with a given IPv4 address for an end user. This TLV MUST be included in the IP-Port-Limit-Info Attribute. Refer to Section 3.2.2. This limit applies to all mappings that can be instantiated by an underlying address-sharing device without soliciting any external entity. In particular, this limit does not include the ports that are instructed by an Authentication, Authorization, and Accounting (AAA) server.
此TLV包含特定IP端口类型的最大IP端口数,并与最终用户的给定IPv4地址关联。此TLV必须包含在IP端口限制信息属性中。参考第3.2.2节。此限制适用于可由底层地址共享设备实例化的所有映射,而无需请求任何外部实体。特别是,此限制不包括由身份验证、授权和记帐(AAA)服务器指示的端口。
IP-Port-Ext-IPv4-Addr TLV
IP-Port-Ext-IPv4-Addr TLV
This TLV contains the IPv4 address that is associated with the IP port limit contained in the IP-Port-Limit TLV. This TLV is optionally included as part of the IP-Port-Limit-Info Attribute. Refer to Section 3.2.3.
此TLV包含与IP端口限制TLV中包含的IP端口限制关联的IPv4地址。此TLV可选地作为IP端口限制信息属性的一部分包含。参考第3.2.3节。
IP-Port-Limit-Info Attribute is associated with the following identifier: 241.5.
IP端口限制信息属性与以下标识符关联:241.5。
This attribute is of type "tlv" as defined in the RADIUS Protocol Extensions [RFC6929]. It contains some sub-attributes and the requirement is as follows:
此属性属于RADIUS协议扩展[RFC6929]中定义的“tlv”类型。它包含一些子属性,要求如下:
o The IP-Port-Range Attribute MAY contain the IP-Port-Type TLV (see Section 3.2.1).
o IP端口范围属性可能包含IP端口类型TLV(见第3.2.1节)。
o The IP-Port-Range Attribute MUST contain the IP-Port-Alloc TLV (see Section 3.2.8).
o IP端口范围属性必须包含IP端口分配TLV(见第3.2.8节)。
o For port allocation, the IP-Port-Range Attribute MUST contain both the IP-Port-Range-Start TLV (see Section 3.2.9) and the IP-Port-Range-End TLV (see Section 3.2.10). For port deallocation, the IP-Port-Range Attribute MAY contain both of these two TLVs; if the two TLVs are not included, it implies that all ports that were previously allocated are now all deallocated.
o 对于端口分配,IP端口范围属性必须同时包含IP端口范围起始TLV(参见第3.2.9节)和IP端口范围结束TLV(参见第3.2.10节)。对于端口解除分配,IP端口范围属性可能包含这两个TLV;如果不包括这两个TLV,则意味着以前分配的所有端口现在都已解除分配。
o The IP-Port-Range Attribute MAY contain the IP-Port-Ext-IPv4-Addr TLV (see Section 3.2.3).
o IP端口范围属性可能包含IP-Port-Ext-IPv4-Addr TLV(请参阅第3.2.3节)。
o The IP-Port-Range Attribute MAY contain the IP-Port-Local-Id TLV (see Section 3.2.11).
o IP端口范围属性可能包含IP端口本地Id TLV(见第3.2.11节)。
The IP-Port-Range Attribute contains a range of contiguous IP ports. These ports are either to be allocated or deallocated depending on the Value carried by the IP-Port-Alloc TLV.
IP端口范围属性包含一系列连续的IP端口。根据IP端口Alloc TLV携带的值,可以分配或解除分配这些端口。
If the IP-Port-Type TLV is included as part of the IP-Port-Range Attribute, then the port range is associated with the specific IP transport protocol as specified in the IP-Port-Type TLV, but otherwise it is for all IP transport protocols.
如果IP端口类型TLV作为IP端口范围属性的一部分包含,则该端口范围与IP端口类型TLV中指定的特定IP传输协议相关联,否则它将用于所有IP传输协议。
If the IP-Port-Ext-IPv4-Addr TLV is included as part of the IP-Port-Range Attribute, then the port range as specified is associated with the IPv4 address as indicated, but otherwise it is for all IPv4 addresses by the address-sharing device (e.g., a CGN device) for the end user.
如果IP-Port-Ext-IPv4-Addr TLV作为IP端口范围属性的一部分包括在内,则指定的端口范围与所指示的IPv4地址相关联,但在其他情况下,它由最终用户的地址共享设备(例如CGN设备)用于所有IPv4地址。
This attribute can be used to convey a single IP transport port number: in such case, the Value of the IP-Port-Range-Start TLV and the IP-Port-Range-End TLV, respectively, contain the same port number.
此属性可用于传递单个IP传输端口号:在这种情况下,IP端口范围Start TLV和IP端口范围End TLV的值分别包含相同的端口号。
The information contained in the IP-Port-Range Attribute is sent to RADIUS server.
IP端口范围属性中包含的信息将发送到RADIUS服务器。
The IP-Port-Range Attribute MAY appear in an Accounting-Request packet.
IP端口范围属性可能出现在记帐请求数据包中。
The IP-Port-Range Attribute MUST NOT appear in any other RADIUS packet.
IP端口范围属性不得出现在任何其他RADIUS数据包中。
The format of the IP-Port-Range Attribute is shown in Figure 2.
IP端口范围属性的格式如图2所示。
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Extended-Type | Value ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Extended-Type | Value ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 2
图2
Type
类型
241
241
Length
长
This field indicates the total length in octets of all fields of this attribute, including the Type, Length, Extended-Type, and the entire length of the embedded TLVs.
此字段表示此属性的所有字段的总长度(以八位字节为单位),包括类型、长度、扩展类型和嵌入TLV的整个长度。
Extended-Type
扩展型
6
6.
Value
价值
This field contains a set of TLVs as follows:
此字段包含一组TLV,如下所示:
IP-Port-Type TLV
IP端口类型TLV
This TLV contains a value that indicates the IP port type. Refer to Section 3.2.1.
此TLV包含一个指示IP端口类型的值。参考第3.2.1节。
IP-Port-Alloc TLV
IP端口分配TLV
This TLV contains a flag to indicate the range of the specified IP ports for either allocation or deallocation. This TLV MUST be included as part of the IP-Port-Range Attribute. Refer to Section 3.2.8.
此TLV包含一个标志,用于指示分配或解除分配的指定IP端口的范围。此TLV必须作为IP端口范围属性的一部分包含。参考第3.2.8节。
IP-Port-Range-Start TLV
IP端口范围起始TLV
This TLV contains the smallest port number of a range of contiguous IP ports. To report the port allocation, this TLV MUST be included together with IP-Port-Range-End TLV as part of the IP-Port-Range Attribute. Refer to Section 3.2.9.
此TLV包含一系列连续IP端口中的最小端口号。要报告端口分配,此TLV必须与IP端口范围End TLV一起包含在IP端口范围属性中。参考第3.2.9节。
IP-Port-Range-End TLV
IP端口范围端TLV
This TLV contains the largest port number of a range of contiguous IP ports. To report the port allocation, this TLV MUST be included together with IP-Port-Range-Start TLV as part of the IP-Port-Range Attribute. Refer to Section 3.2.10.
此TLV包含一系列连续IP端口中最大的端口号。要报告端口分配,此TLV必须与IP端口范围开始TLV一起包含在IP端口范围属性中。参考第3.2.10节。
IP-Port-Ext-IPv4-Addr TLV
IP-Port-Ext-IPv4-Addr TLV
This TLV contains the IPv4 address that is associated with the IP port range, as is collectively indicated in the IP-Port-Range-Start TLV and the IP-Port-Range-End TLV. This TLV is optionally included as part of the IP-Port-Range Attribute. Refer to Section 3.2.3.
此TLV包含与IP端口范围关联的IPv4地址,如IP端口范围Start TLV和IP端口范围End TLV中的共同指示。此TLV可选地作为IP端口范围属性的一部分包含。参考第3.2.3节。
IP-Port-Local-Id TLV
IP端口本地Id TLV
This TLV contains a local significant identifier at the customer premise, such as the Media Access Control (MAC) address, interface ID, VLAN ID, PPP sessions ID, VPN Routing and Forwarding (VRF) ID, IP address/prefix, etc. This TLV is optionally included as part of the IP-Port-Range Attribute. Refer to Section 3.2.11.
此TLV包含客户场所的本地重要标识符,例如媒体访问控制(MAC)地址、接口ID、VLAN ID、PPP会话ID、VPN路由和转发(VRF)ID、IP地址/前缀等。此TLV可选地包含在IP端口范围属性中。参考第3.2.11节。
The IP-Port-Range Attribute is associated with the following identifier: 241.6.
IP端口范围属性与以下标识符关联:241.6。
This attribute is of type "tlv" as defined in the RADIUS Protocol Extensions [RFC6929]. It contains some sub-attributes and the requirement is as follows:
此属性属于RADIUS协议扩展[RFC6929]中定义的“tlv”类型。它包含一些子属性,要求如下:
o The IP-Port-Forwarding-Map Attribute MAY contain the IP-Port-Type TLV (see Section 3.2.1).
o IP端口转发映射属性可能包含IP端口类型TLV(参见第3.2.1节)。
o The IP-Port-Forwarding-Map Attribute MUST contain both IP-Port-Int-Port TLV (see Section 3.2.6) and the IP-Port-Ext-Port TLV (see Section 3.2.7).
o IP端口转发映射属性必须同时包含IP端口Int端口TLV(参见第3.2.6节)和IP端口Ext端口TLV(参见第3.2.7节)。
o If the internal realm is with an IPv4 address family, the IP-Port-Forwarding-Map Attribute MUST contain the IP-Port-Int-IPv4-Addr TLV (see Section 3.2.4); if the internal realm is with an IPv6 address family, the IP-Port-Forwarding-Map Attribute MUST contain the IP-Port-Int-IPv6-Addr TLV (see Section 3.2.5).
o 如果内部域具有IPv4地址系列,则IP端口转发映射属性必须包含IP-Port-Int-IPv4-Addr TLV(请参阅第3.2.4节);如果内部域具有IPv6地址系列,则IP端口转发映射属性必须包含IP-Port-Int-IPv6-Addr TLV(请参阅第3.2.5节)。
o The IP-Port-Forwarding-Map Attribute MAY contain the IP-Port-Ext-IPv4-Addr TLV (see Section 3.2.3).
o IP端口转发映射属性可能包含IP-Port-Ext-IPv4-Addr TLV(请参阅第3.2.3节)。
o The IP-Port-Forwarding-Map Attribute MAY contain the IP-Port-Local-Id TLV (see Section 3.2.11).
o IP端口转发映射属性可能包含IP端口本地Id TLV(见第3.2.11节)。
The attribute contains a two-octet IP internal port number and a two-octet IP external port number. The internal port number is associated with an internal IPv4 or IPv6 address that MUST always be included. The external port number is associated with a specific external IPv4 address if included, but otherwise it is associated with all external IPv4 addresses for the end user.
该属性包含两个八位字节的IP内部端口号和两个八位字节的IP外部端口号。内部端口号与必须始终包含的内部IPv4或IPv6地址相关联。外部端口号与特定的外部IPv4地址(如果包括)关联,但在其他情况下,它与最终用户的所有外部IPv4地址关联。
If the IP-Port-Type TLV is included as part of the IP-Port-Forwarding-Map Attribute, then the port mapping is associated with the specific IP transport protocol as specified in the IP-Port-Type TLV, but otherwise it is for all IP transport protocols.
如果IP端口类型TLV包含在IP端口转发映射属性中,则端口映射与IP端口类型TLV中指定的特定IP传输协议相关联,但在其他情况下,它适用于所有IP传输协议。
The IP-Port-Forwarding-Map Attribute MAY appear in an Access-Accept packet. It MAY also appear in an Access-Request packet to indicate a preferred port mapping by the device co-located with NAS. However, the server is not required to honor such a preference.
IP端口转发映射属性可能出现在访问接受数据包中。它还可能出现在访问请求分组中,以指示与NAS共存的设备的首选端口映射。但是,服务器不需要遵守这样的偏好。
The IP-Port-Forwarding-Map Attribute MAY appear in a CoA-Request packet.
IP端口转发映射属性可能出现在CoA请求数据包中。
The IP-Port-Forwarding-Map Attribute MAY also appear in an Accounting-Request packet.
IP端口转发映射属性也可能出现在记帐请求数据包中。
The IP-Port-Forwarding-Map Attribute MUST NOT appear in any other RADIUS packet.
IP端口转发映射属性不得出现在任何其他RADIUS数据包中。
The format of the IP-Port-Forwarding-Map Attribute is shown in Figure 3.
IP端口转发映射属性的格式如图3所示。
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Extended-Type | Value ....
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Extended-Type | Value ....
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 3
图3
Type
类型
241
241
Length
长
This field indicates the total length in octets of all fields of this attribute, including the Type, Length, Extended-Type, and the entire length of the embedded TLVs.
此字段表示此属性的所有字段的总长度(以八位字节为单位),包括类型、长度、扩展类型和嵌入TLV的整个长度。
Extended-Type
扩展型
7
7.
Value
价值
This field contains a set of TLVs as follows:
此字段包含一组TLV,如下所示:
IP-Port-Type TLV
IP端口类型TLV
This TLV contains a value that indicates the IP port type. Refer to Section 3.2.1.
此TLV包含一个指示IP端口类型的值。参考第3.2.1节。
IP-Port-Int-Port TLV
IP端口Int端口TLV
This TLV contains an internal IP port number associated with an internal IPv4 or IPv6 address. This TLV MUST be included together with IP-Port-Ext-Port TLV as part of the IP-Port-Forwarding-Map Attribute. Refer to Section 3.2.6.
此TLV包含与内部IPv4或IPv6地址关联的内部IP端口号。此TLV必须与IP Port Ext Port TLV一起包含在IP Port Forwarding Map属性中。参考第3.2.6节。
IP-Port-Ext-Port TLV
IP端口外部端口TLV
This TLV contains an external IP port number associated with an external IPv4 address. This TLV MUST be included together with IP-Port-Int-Port TLV as part of the IP-Port-Forwarding-Map Attribute. Refer to Section 3.2.7.
此TLV包含与外部IPv4地址关联的外部IP端口号。此TLV必须与IP Port Int Port TLV一起包含在IP Port Forwarding Map属性中。参考第3.2.7节。
IP-Port-Int-IPv4-Addr TLV
IP-Port-Int-IPv4-Addr TLV
This TLV contains an IPv4 address that is associated with the internal IP port number contained in the IP-Port-Int-Port TLV. For the internal realm with an IPv4 address family, this TLV MUST be included as part of the IP-Port-Forwarding-Map Attribute. Refer to Section 3.2.4.
此TLV包含一个IPv4地址,该地址与IP端口Int port TLV中包含的内部IP端口号关联。对于具有IPv4地址系列的内部域,此TLV必须作为IP端口转发映射属性的一部分包含。参考第3.2.4节。
IP-Port-Int-IPv6-Addr TLV
IP-Port-Int-IPv6-Addr TLV
This TLV contains an IPv6 address that is associated with the internal IP port number contained in the IP-Port-Int-Port TLV. For the internal realm with an IPv6 address family, this TLV MUST be included as part of the IP-Port-Forwarding-Map Attribute. Refer to Section 3.2.5.
此TLV包含一个IPv6地址,该地址与IP端口Int port TLV中包含的内部IP端口号关联。对于具有IPv6地址系列的内部域,此TLV必须作为IP端口转发映射属性的一部分包含。参考第3.2.5节。
IP-Port-Ext-IPv4-Addr TLV
IP-Port-Ext-IPv4-Addr TLV
This TLV contains an IPv4 address that is associated with the external IP port number contained in the IP-Port-Ext-Port TLV. This TLV MAY be included as part of the IP-Port-Forwarding-Map Attribute. Refer to Section 3.2.3.
此TLV包含与IP端口Ext port TLV中包含的外部IP端口号关联的IPv4地址。此TLV可以作为IP端口转发映射属性的一部分包含。参考第3.2.3节。
IP-Port-Local-Id TLV
IP端口本地Id TLV
This TLV contains a local significant identifier at the customer premise, such as MAC address, interface ID, VLAN ID, PPP sessions ID, VRF ID, IP address/prefix, etc. This TLV is optionally included as part of the IP-Port-Forwarding-Map Attribute. Refer to Section 3.2.11.
此TLV包含客户场所的本地重要标识符,如MAC地址、接口ID、VLAN ID、PPP会话ID、VRF ID、IP地址/前缀等。此TLV可选地作为IP端口转发映射属性的一部分包含。参考第3.2.11节。
The IP-Port-Forwarding-Map Attribute is associated with the following identifier: 241.7.
IP端口转发映射属性与以下标识符关联:241.7。
The TLVs that are included in the three attributes (see Section 3.1) are defined in the following subsections. These TLVs use the format defined in [RFC6929]. As the three attributes carry similar data, we have defined a common set of TLVs that are used for all three attributes. That is, the TLVs have the same name and number when encapsulated in any one of the three parent attributes. See Sections 3.1.1, 3.1.2, and 3.1.3 for a list of which TLV is permitted within which parent attribute.
三个属性(见第3.1节)中包含的TLV在以下小节中定义。这些TLV使用[RFC6929]中定义的格式。由于这三个属性携带相似的数据,我们定义了一组用于所有三个属性的通用TLV。也就是说,当封装在三个父属性中的任何一个中时,TLV具有相同的名称和编号。请参见第3.1.1节、第3.1.2节和第3.1.3节,了解在哪个父属性内允许TLV的列表。
The encoding of the Value field of these TLVs follows the recommendation of [RFC6158]. In particular, IP-Port-Type, IP-Port-Limit, IP-Port-Int-Port, IP-Port-Ext-Port, IP-Port-Alloc, IP-Port-Range-Start, and IP-Port-Range-End TLVs are encoded in 32 bits as per the recommendation in Appendix A.2.1 of [RFC6158].
这些TLV值字段的编码遵循[RFC6158]的建议。特别是,IP端口类型、IP端口限制、IP端口Int端口、IP端口Ext端口、IP端口Alloc、IP端口范围开始和IP端口范围结束TLV按照[RFC6158]附录A.2.1中的建议以32位编码。
The format of IP-Port-Type TLV is shown in Figure 4. This attribute carries the IP transport protocol number defined by IANA (refer to [ProtocolNumbers]).
IP端口类型TLV的格式如图4所示。此属性携带IANA定义的IP传输协议编号(请参阅[协议编号])。
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| TLV-Type | Length | Protocol-Number
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Protocol-Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| TLV-Type | Length | Protocol-Number
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Protocol-Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 4
图4
TLV-Type
TLV型
1
1.
Length
长
Six octets
六个八位组
Protocol-Number
协议号
Integer. This field contains the data (unsigned8) of the protocol number defined in [ProtocolNumbers], right justified, and the unused bits in this field MUST be set to zero. Protocols that do not use a port number (e.g., the Resource Reservation Protocol (RSVP) or IP Encapsulating Security Payload (ESP)) MUST NOT be included in the IP-Port-Type TLV.
整数此字段包含[ProtocolNumbers]中定义的协议编号的数据(无符号8),右对齐,此字段中未使用的位必须设置为零。不使用端口号的协议(例如,资源保留协议(RSVP)或IP封装安全有效负载(ESP))不得包含在IP端口类型TLV中。
IP-Port-Type TLV MAY be included in the following attributes:
IP端口类型TLV可能包含在以下属性中:
o IP-Port-Limit-Info Attribute, identified as 241.5.1 (see Section 3.1.1)
o IP端口限制信息属性,标识为241.5.1(见第3.1.1节)
o IP-Port-Range Attribute, identified as 241.6.1 (see Section 3.1.2)
o IP端口范围属性,标识为241.6.1(见第3.1.2节)
o IP-Port-Forwarding-Map Attribute, identified as 241.7.1 (see Section 3.1.3)
o IP端口转发映射属性,标识为241.7.1(见第3.1.3节)
When the IP-Port-Type TLV is included within a RADIUS attribute, the associated attribute is applied to the IP transport protocol as indicated by the Protocol-Number only, such as TCP, UDP, SCTP, DCCP, etc.
当IP端口类型TLV包含在RADIUS属性中时,关联的属性仅应用于协议编号指示的IP传输协议,如TCP、UDP、SCTP、DCCP等。
The format of IP-Port-Limit TLV is shown in Figure 5. This attribute carries IPFIX Information Element 458, "sourceTransportPortsLimit", which indicates the maximum number of IP transport ports as a limit for an end user to use that is associated with one or more IPv4 or IPv6 addresses.
IP端口限制TLV的格式如图5所示。此属性包含IPFIX信息元素458,“sourceTransportPortsLimit”,该元素指示最终用户使用的与一个或多个IPv4或IPv6地址关联的IP传输端口的最大数量作为限制。
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| TLV-Type | Length | sourceTransportPortsLimit
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
sourceTransportPortsLimit |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| TLV-Type | Length | sourceTransportPortsLimit
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
sourceTransportPortsLimit |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 5
图5
TLV-Type
TLV型
2
2.
Length
长
Six octets
六个八位组
sourceTransportPortsLimit
SourceTransportSlimit
Integer. This field contains the data (unsigned16) of sourceTransportPortsLimit (458) defined in IPFIX, right justified, and the unused bits in this field MUST be set to zero.
整数此字段包含IPFIX中定义的SourceTransportSlimit(458)的数据(unsigned16),右对齐,此字段中未使用的位必须设置为零。
IP-Port-Limit TLV MUST be included as part of the IP-Port-Limit-Info Attribute (refer to Section 3.1.1), identified as 241.5.2.
IP端口限制TLV必须作为IP端口限制信息属性的一部分包含(参考第3.1.1节),标识为241.5.2。
The format of IP-Port-Ext-IPv4-Addr TLV is shown in Figure 6. This attribute carries IPFIX Information Element 225, "postNATSourceIPv4Address", which is the IPv4 source address after NAT operation (refer to [IPFIX]).
IP-Port-Ext-IPv4-Addr TLV的格式如图6所示。此属性携带IPFIX信息元素225,“postNATSourceIPv4Address”,它是NAT操作后的IPv4源地址(请参阅[IPFIX])。
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| TLV-Type | Length | postNATSourceIPv4Address
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
postNATSourceIPv4Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| TLV-Type | Length | postNATSourceIPv4Address
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
postNATSourceIPv4Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 6
图6
TLV-Type
TLV型
3
3.
Length
长
Six octets
六个八位组
postNATSourceIPv4Address
PostNatSourceIPv4地址
Integer. This field contains the data (ipv4Address) of postNATSourceIPv4Address (225) defined in IPFIX.
整数此字段包含IPFIX中定义的postNATSourceIPv4Address(225)的数据(ipv4Address)。
IP-Port-Ext-IPv4-Addr TLV MAY be included in the following attributes:
IP-Port-Ext-IPv4-Addr TLV可能包含在以下属性中:
o IP-Port-Limit-Info Attribute, identified as 241.5.3 (see Section 3.1.1)
o IP端口限制信息属性,标识为241.5.3(见第3.1.1节)
o IP-Port-Range Attribute, identified as 241.6.3 (see Section 3.1.2)
o IP端口范围属性,标识为241.6.3(见第3.1.2节)
o IP-Port-Forwarding-Mapping Attribute, identified as 241.7.3 (see Section 3.1.3)
o IP端口转发映射属性,标识为241.7.3(见第3.1.3节)
The format of IP-Port-Int-IPv4 TLV is shown in Figure 7. This attribute carries IPFIX Information Element 8, "sourceIPv4Address", which is the IPv4 source address before NAT operation (refer to [IPFIX]).
IP-Port-Int-IPv4 TLV的格式如图7所示。此属性携带IPFIX信息元素8“sourceIPv4Address”,它是NAT操作之前的IPv4源地址(请参阅[IPFIX])。
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| TLV-Type | Length | sourceIPv4Address
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
sourceIPv4Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| TLV-Type | Length | sourceIPv4Address
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
sourceIPv4Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 7
图7
TLV-Type
TLV型
4
4.
Length
长
Six octets
六个八位组
sourceIPv4Address
源IP地址
Integer. This field contains the data (ipv4Address) of sourceIPv4Address (8) defined in IPFIX.
整数此字段包含IPFIX中定义的源ipv4Address(8)的数据(ipv4Address)。
If the internal realm is with an IPv4 address family, the IP-Port-Int-IPv4-Addr TLV MUST be included as part of the IP-Port-Forwarding-Map Attribute (refer to Section 3.1.3), identified as 241.7.4.
如果内部域具有IPv4地址系列,则IP-Port-Int-IPv4-Addr TLV必须作为IP端口转发映射属性的一部分包含(请参阅第3.1.3节),标识为241.7.4。
The format of IP-Port-Int-IPv6-Addr TLV is shown in Figure 8. This attribute carries IPFIX Information Element 27, "sourceIPv6Address", which is the IPv6 source address before NAT operation (refer to [IPFIX]).
IP-Port-Int-IPv6-Addr TLV的格式如图8所示。此属性携带IPFIX信息元素27“sourceIPv6Address”,这是NAT操作之前的IPv6源地址(请参阅[IPFIX])。
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| TLV-Type | Length | sourceIPv6Address
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
sourceIPv6Address
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
sourceIPv6Address
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
sourceIPv6Address
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
sourceIPv6Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| TLV-Type | Length | sourceIPv6Address
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
sourceIPv6Address
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
sourceIPv6Address
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
sourceIPv6Address
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
sourceIPv6Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 8
图8
TLV-Type
TLV型
5
5.
Length
长
Eighteen octets
十八个八位组
sourceIPv6Address
SourceIPv6地址
IPv6 address (128 bits). This field contains the data (ipv6Address) of sourceIPv6Address (27) defined in IPFIX.
IPv6地址(128位)。此字段包含IPFIX中定义的源ipv6Address(27)的数据(ipv6Address)。
If the internal realm is with an IPv6 address family, the IP-Port-Int-IPv6-Addr TLV MUST be included as part of the IP-Port-Forwarding-Map Attribute (refer to Section 3.1.3), identified as 241.7.5.
如果内部域具有IPv6地址系列,则IP-Port-Int-IPv6-Addr TLV必须作为IP端口转发映射属性的一部分包含(请参阅第3.1.3节),标识为241.7.5。
The format of IP-Port-Int-Port TLV is shown in Figure 9. This attribute carries IPFIX Information Element 7, "sourceTransportPort", which is the source transport number associated with an internal IPv4 or IPv6 address (refer to [IPFIX]).
IP Port Int Port TLV的格式如图9所示。此属性包含IPFIX信息元素7“sourceTransportPort”,它是与内部IPv4或IPv6地址关联的源传输号(请参阅[IPFIX])。
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| TLV-Type | Length | sourceTransportPort
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
sourceTransportPort |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| TLV-Type | Length | sourceTransportPort
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
sourceTransportPort |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 9
图9
TLV-Type
TLV型
6
6.
Length
长
Six octets
六个八位组
sourceTransportPort
源传输端口
Integer. This field contains the data (unsigned16) of sourceTransportPort (7) defined in IPFIX, right justified, and unused bits MUST be set to zero.
整数此字段包含IPFIX中定义的sourceTransportPort(7)的数据(unsigned16),右对齐,未使用的位必须设置为零。
IP-Port-Int-Port TLV MUST be included as part of the IP-Port-Forwarding-Map Attribute (refer to Section 3.1.3), identified as 241.7.6.
IP Port Int Port TLV必须作为IP Port Forwarding Map属性(参考第3.1.3节)的一部分包括在内,标识为241.7.6。
The format of IP-Port-Ext-Port TLV is shown in Figure 10. This attribute carries IPFIX Information Element 227, "postNAPTSourceTransportPort", which is the transport number associated with an external IPv4 address (refer to [IPFIX]).
IP端口Ext Port TLV的格式如图10所示。此属性携带IPFIX信息元素227,“postNAPTSourceTransportPort”,它是与外部IPv4地址关联的传输号(请参阅[IPFIX])。
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| TLV-Type | Length | postNAPTSourceTransportPort
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
postNAPTSourceTransportPort |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| TLV-Type | Length | postNAPTSourceTransportPort
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
postNAPTSourceTransportPort |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 10
图10
TLV-Type
TLV型
7
7.
Length
长
Six octets
六个八位组
postNAPTSourceTransportPort
postNAPTSourceTransportPort
Integer. This field contains the data (unsigned16) of postNAPTSourceTransportPort (227) defined in IPFIX, right justified, and unused bits MUST be set to zero.
整数此字段包含IPFIX中定义的postNAPTSourceTransportPort(227)的数据(unsigned16),右对齐,未使用的位必须设置为零。
IP-Port-Ext-Port TLV MUST be included as part of the IP-Port-Forwarding-Map Attribute (refer to Section 3.1.3), identified as 241.7.7.
IP端口Ext Port TLV必须作为IP端口转发映射属性的一部分包含(参考第3.1.3节),标识为241.7.7。
The format of IP-Port-Alloc TLV is shown in Figure 11. This attribute carries IPFIX Information Element 230, "natEvent", which is a flag to indicate an action of NAT operation (refer to [IPFIX]).
IP端口Alloc TLV的格式如图11所示。该属性携带IPFIX信息元素230,“natEvent”,这是一个标志,用于指示NAT操作的操作(请参阅[IPFIX])。
When the value of natEvent is "1" (Create event), it means to allocate a range of transport ports; when the value is "2", it means to deallocate a range of transports ports. For the purpose of this TLV, no other value is used.
当natEvent的值为“1”(创建事件)时,表示分配一系列传输端口;当值为“2”时,表示取消分配一系列传输端口。就本TLV而言,不使用其他值。
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| TLV-Type | Length | natEvent
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
natEvent |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| TLV-Type | Length | natEvent
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
natEvent |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 11
图11
TLV-Type
TLV型
8
8.
Length
长
Six octets
六个八位组
natEvent
纳特韦恩
Integer. This field contains the data (unsigned8) of natEvent (230) defined in IPFIX, right justified, and unused bits MUST be set to zero. It indicates the allocation or deallocation of a range of IP ports as follows:
整数此字段包含IPFIX中定义的natEvent(230)的数据(unsigned8),右对齐,未使用的位必须设置为零。它表示一系列IP端口的分配或解除分配,如下所示:
0: Reserved 1: Allocation 2: Deallocation
0:保留1:分配2:解除分配
IP-Port-Alloc TLV MUST be included as part of the IP-Port-Range Attribute (refer to Section 3.1.2), identified as 241.6.8.
IP端口Alloc TLV必须作为IP端口范围属性(参考第3.1.2节)的一部分包括在内,标识为241.6.8。
The format of IP-Port-Range-Start TLV is shown in Figure 12. This attribute carries IPFIX Information Element 361, "portRangeStart", which is the smallest port number of a range of contiguous transport ports (refer to [IPFIX]).
IP端口范围起始TLV的格式如图12所示。此属性携带IPFIX信息元素361“portRangeStart”,它是一系列连续传输端口中的最小端口号(请参阅[IPFIX])。
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| TLV-Type | Length | portRangeStart
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
portRangeStart |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| TLV-Type | Length | portRangeStart
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
portRangeStart |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 12
图12
TLV-Type
TLV型
9
9
Length
长
Six octets
六个八位组
portRangeStart
portRangeStart
Integer. This field contains the data (unsigned16) of portRangeStart (361) defined in IPFIX, right justified, and unused bits MUST be set to zero.
整数此字段包含IPFIX中定义的portRangeStart(361)的数据(unsigned16),右对齐,未使用的位必须设置为零。
IP-Port-Range-Start TLV is included as part of the IP-Port-Range Attribute (refer to Section 3.1.2), identified as 241.6.9.
IP端口范围起始TLV包括在IP端口范围属性中(参考第3.1.2节),标识为241.6.9。
The format of IP-Port-Range-End TLV is shown in Figure 13. This attribute carries IPFIX Information Element 362, "portRangeEnd", which is the largest port number of a range of contiguous transport ports (refer to [IPFIX]).
IP端口范围End TLV的格式如图13所示。此属性携带IPFIX信息元素362“portRangeEnd”,它是一系列连续传输端口中的最大端口号(请参阅[IPFIX])。
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| TLV-Type | Length | portRangeEnd
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
portRangeEnd |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| TLV-Type | Length | portRangeEnd
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
portRangeEnd |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 13
图13
TLV-Type
TLV型
10
10
Length
长
Six octets
六个八位组
portRangeEnd
波特兰根德
Integer. This field contains the data (unsigned16) of portRangeEnd (362) defined in IPFIX, right justified, and unused bits MUST be set to zero.
整数此字段包含IPFIX中定义的portRangeEnd(362)的数据(unsigned16),右对齐,未使用的位必须设置为零。
IP-Port-Range-End TLV is included as part of the IP-Port-Range Attribute (refer to Section 3.1.2), identified as 241.6.10.
IP端口范围末端TLV作为IP端口范围属性的一部分包含(参考第3.1.2节),标识为241.6.10。
The format of IP-Port-Local-Id TLV is shown in Figure 14. This attribute carries a string called "localID", which is a local significant identifier as explained below.
IP端口本地Id TLV的格式如图14所示。该属性携带一个名为“localID”的字符串,该字符串是一个本地有效标识符,如下所述。
The primary issue addressed by this TLV is that there are CGN deployments that do not distinguish internal hosts by their internal IP address alone but use further identifiers for unique subscriber identification. For example, this is the case if a CGN supports overlapping private or shared IP address spaces (as described in [RFC1918] and [RFC6598]) for internal hosts of different subscribers. In such cases, different internal hosts are identified and mapped at the CGN by their IP address and/or another identifier, for example,
此TLV解决的主要问题是,存在一些CGN部署,这些部署不单独通过内部IP地址区分内部主机,而是使用其他标识符进行唯一订户标识。例如,如果CGN支持不同订阅者的内部主机的重叠私有或共享IP地址空间(如[RFC1918]和[RFC6598]中所述),则会出现这种情况。在这种情况下,不同的内部主机通过其IP地址和/或另一标识符在CGN上标识和映射,例如,
the identifier of a tunnel between the CGN and the subscriber. In these scenarios (and similar ones), the internal IP address is not sufficient to demultiplex connections from internal hosts. An additional identifier needs to be present in the IP-Port-Range Attribute and IP-Port-Forwarding-Mapping Attribute in order to uniquely identify an internal host. The IP-Port-Local-Id TLV is used to carry this identifier.
CGN和订阅者之间隧道的标识符。在这些场景(以及类似场景)中,内部IP地址不足以从内部主机解复用连接。IP端口范围属性和IP端口转发映射属性中需要存在其他标识符,以便唯一标识内部主机。IP端口本地Id TLV用于携带此标识符。
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| TLV-Type | Length | localID ....
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| TLV-Type | Length | localID ....
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 14
图14
TLV-Type
TLV型
11
11
Length
长
Variable number of octets
可变八位组数
localID
局部的
String. The data type of this field is string (refer to [RFC8044]). This field contains the data that is a local significant identifier at the customer premise, such as MAC address, interface ID, VLAN ID, PPP sessions ID, VRF ID, IP address/prefix, or another local significant identifier.
一串此字段的数据类型为字符串(请参阅[RFC8044])。此字段包含作为客户场所本地重要标识符的数据,例如MAC地址、接口ID、VLAN ID、PPP会话ID、VRF ID、IP地址/前缀或其他本地重要标识符。
IP-Port-Local-Id TLV MAY be included in the following Attributes if it is necessary to identify the subscriber:
如果需要识别订户,则IP端口本地Id TLV可以包含在以下属性中:
o IP-Port-Range Attribute, identified as 241.6.11 (see Section 3.1.2)
o IP端口范围属性,标识为241.6.11(见第3.1.2节)
o IP-Port-Forwarding-Mapping Attribute, identified as 241.7.11 (see Section 3.1.3)
o IP端口转发映射属性,标识为241.7.11(见第3.1.3节)
This section describes some applications and use cases to illustrate the use of the attributes proposed in this document.
本节介绍一些应用程序和用例,以说明本文档中建议的属性的使用。
In a broadband network, customer information is usually stored on a RADIUS server, and the BNG acts as a NAS. The communication between the NAS and the RADIUS server is triggered by a user when it signs in to the Internet service where either PPP or DHCP/DHCPv6 is used. When a user signs in, the NAS sends a RADIUS Access-Request message to the RADIUS server. The RADIUS server validates the request, and if the validation succeeds, it in turn sends back a RADIUS Access-Accept message. The Access-Accept message carries configuration information specific to that user back to the NAS, where some of the information would be passed on to the requesting user via PPP or DHCP/DHCPv6.
在宽带网络中,客户信息通常存储在RADIUS服务器上,BNG充当NAS。NAS和RADIUS服务器之间的通信由用户在登录到使用PPP或DHCP/DHCPv6的Internet服务时触发。当用户登录时,NAS将向RADIUS服务器发送RADIUS访问请求消息。RADIUS服务器将验证请求,如果验证成功,它将反过来发送回RADIUS访问接受消息。Access Accept消息将特定于该用户的配置信息带回NAS,其中一些信息将通过PPP或DHCP/DHCPv6传递给请求用户。
A CGN function in a broadband network is most likely to be co-located on a BNG. In that case, parameters for CGN port mapping behavior for users can be configured on the RADIUS server. When a user signs in to the Internet service, the associated parameters can be conveyed to the NAS, and proper configuration is accomplished on the CGN device for that user.
宽带网络中的CGN功能最有可能位于BNG上。在这种情况下,可以在RADIUS服务器上配置用户CGN端口映射行为的参数。当用户登录到Internet服务时,可以将相关参数传送到NAS,并在该用户的CGN设备上完成正确的配置。
Also, a CGN operation status such as CGN port allocation and deallocation for a specific user on the BNG can also be transmitted back to the RADIUS server for accounting purposes using the RADIUS protocol.
此外,还可以使用RADIUS协议将特定用户在BNG上的CGN操作状态(例如CGN端口分配和解除分配)传输回RADIUS服务器,以进行计费。
The RADIUS protocol has already been widely deployed in broadband networks to manage BNG, thus the functionality described in this specification introduces little overhead to the existing network operation.
RADIUS协议已经广泛部署在宽带网络中,用于管理BNG,因此本规范中描述的功能对现有网络操作的开销很小。
In the following subsections, we describe how to manage CGN behavior using the RADIUS protocol, with required RADIUS extensions proposed in Section 3.
在以下小节中,我们将介绍如何使用RADIUS协议管理CGN行为,并在第3节中提出所需的RADIUS扩展。
In the face of an IPv4 address shortage, there are currently proposals to multiplex multiple users' connections over a number of shared IPv4 addresses, such as Carrier Grade NAT [RFC6888], Dual-Stack Lite [RFC6333], NAT64 [RFC6146], etc. As a result, a single IPv4 public address may be shared by hundreds or even thousands of users. As indicated in [RFC6269], it is therefore
面对IPv4地址短缺,目前有人提议通过多个共享IPv4地址多路复用多个用户的连接,如运营商级NAT[RFC6888]、双栈Lite[RFC6333]、NAT64[RFC6146]等。因此,单个IPv4公共地址可能由数百甚至数千个用户共享。如[RFC6269]所示,因此
necessary to impose limits on the total number of ports available to an individual user to ensure that the shared resource, i.e., the IPv4 address, remains available in some capacity to all the users using it. The support of an IP port limit is also documented in [RFC6888] as a requirement for CGN.
必须对单个用户可用的端口总数施加限制,以确保共享资源(即IPv4地址)在某些容量下对使用它的所有用户保持可用。作为CGN的一项要求,[RFC6888]中还记录了对IP端口限制的支持。
The IP port limit imposed on an end user may be on the total number of IP source transport ports or a specific IP transport protocol as defined in Section 3.1.1.
对终端用户施加的IP端口限制可以是IP源传输端口总数或第3.1.1节中定义的特定IP传输协议。
The per-user IP port limit is configured on a RADIUS server, along with other user information such as credentials.
在RADIUS服务器上配置了每用户IP端口限制以及其他用户信息,如凭据。
When a user signs in to the Internet service successfully, the IP port limit for the subscriber is passed by the RADIUS server to the BNG, which is acting as a NAS and is co-located with the CGN using the IP-Port-Limit-Info RADIUS attribute (defined in Section 3.1.1) along with other configuration parameters. While some parameters are passed to the user, the IP port limit is recorded on the CGN device for imposing the usage of IP transport ports for that user.
当用户成功登录到Internet服务时,RADIUS服务器会将订户的IP端口限制传递给BNG,BNG充当NAS,并使用IP端口限制信息RADIUS属性(在第3.1.1节中定义)以及其他配置参数与CGN位于同一位置。当一些参数被传递给用户时,IP端口限制被记录在CGN设备上,用于强制该用户使用IP传输端口。
Figure 15 illustrates how the RADIUS protocol is used to configure the maximum number of TCP/UDP ports for a given user on a CGN device.
图15说明了如何使用RADIUS协议为CGN设备上的给定用户配置最大数量的TCP/UDP端口。
User CGN/NAS AAA
| BNG Server
| | |
| | |
|----Service Request------>| |
| | |
| |-----Access-Request -------->|
| | |
| |<----Access-Accept-----------|
| | (IP-Port-Limit-Info) |
| | (for TCP/UDP ports) |
|<---Service Granted ------| |
| (other parameters) | |
| | |
| (CGN external port |
| allocation and |
| IPv4 address assignment) |
| | |
User CGN/NAS AAA
| BNG Server
| | |
| | |
|----Service Request------>| |
| | |
| |-----Access-Request -------->|
| | |
| |<----Access-Accept-----------|
| | (IP-Port-Limit-Info) |
| | (for TCP/UDP ports) |
|<---Service Granted ------| |
| (other parameters) | |
| | |
| (CGN external port |
| allocation and |
| IPv4 address assignment) |
| | |
Figure 15: RADIUS Message Flow for Configuring CGN Port Limit
图15:配置CGN端口限制的RADIUS消息流
The IP port limit created on a CGN device for a specific user using a RADIUS extension may be changed using a RADIUS CoA message [RFC5176] that carries the same RADIUS attribute. The CoA message may be sent from the RADIUS server directly to the NAS, and once a RADIUS CoA ACK message is accepted and sent back, the new IP port limit replaces the previous one.
可以使用带有相同RADIUS属性的RADIUS CoA消息[RFC5176]更改使用RADIUS扩展在CGN设备上为特定用户创建的IP端口限制。CoA消息可以从RADIUS服务器直接发送到NAS,一旦RADIUS CoA ACK消息被接受并发送回,新的IP端口限制将取代以前的限制。
Figure 16 illustrates how the RADIUS protocol is used to increase the TCP/UDP port limit from 1024 to 2048 on a CGN device for a specific user.
图16说明了如何使用RADIUS协议将特定用户的CGN设备上的TCP/UDP端口限制从1024增加到2048。
User CGN/NAS AAA
| BNG Server
| | |
| TCP/UDP Port Limit (1024) |
| | |
| |<---------CoA Request----------|
| | (IP-Port-Limit-Info) |
| | (for TCP/UDP ports) |
| | |
| TCP/UDP Port Limit (2048) |
| | |
| |---------CoA Response--------->|
| | |
User CGN/NAS AAA
| BNG Server
| | |
| TCP/UDP Port Limit (1024) |
| | |
| |<---------CoA Request----------|
| | (IP-Port-Limit-Info) |
| | (for TCP/UDP ports) |
| | |
| TCP/UDP Port Limit (2048) |
| | |
| |---------CoA Response--------->|
| | |
Figure 16: RADIUS Message Flow for Changing a User's CGN Port Limit
图16:更改用户CGN端口限制的RADIUS消息流
Upon obtaining the IP port limit for a user, the CGN device needs to allocate an IP transport port for the user when receiving a new IP flow sent from that user.
在获得用户的IP端口限制后,CGN设备需要在接收到该用户发送的新IP流时为该用户分配IP传输端口。
As one practice, a CGN may allocate a block of IP ports for a specific user, instead of one port at a time, and within each port block the ports may be randomly distributed or in consecutive fashion. When a CGN device allocates a block of transport ports, the information can be easily conveyed to the RADIUS server by a new RADIUS attribute called the IP-Port-Range (defined in Section 3.1.2). The CGN device may allocate one or more IP port ranges, where each range contains a set of numbers representing IP transport ports and the total number of ports MUST be less or equal to the associated IP port limit imposed for that user. A CGN device may choose to allocate a small port range and allocate more at a later time as needed; such practice is good because of its randomization in nature.
作为一种实践,CGN可以为特定用户分配IP端口块,而不是一次分配一个端口,并且在每个端口块内,端口可以随机分布或连续分布。当CGN设备分配传输端口块时,信息可以通过称为IP端口范围(定义见第3.1.2节)的新RADIUS属性轻松传送到RADIUS服务器。CGN设备可以分配一个或多个IP端口范围,其中每个范围包含表示IP传输端口的一组数字,并且端口总数必须小于或等于为该用户施加的相关IP端口限制。CGN设备可选择分配小端口范围,并在稍后根据需要分配更多端口范围;这种做法是好的,因为它具有随机性。
At the same time, the CGN device also needs to decide on the shared IPv4 address for that user. The shared IPv4 address and the pre-allocated IP port range are both passed to the RADIUS server.
同时,CGN设备还需要决定该用户的共享IPv4地址。共享IPv4地址和预分配的IP端口范围都传递给RADIUS服务器。
When a user initiates an IP flow, the CGN device randomly selects a transport port number from the associated and pre-allocated IP port range for that user to replace the original source port number along with the replacement of the source IP address by the shared IPv4 address.
当用户启动IP流时,CGN设备从关联和预分配的IP端口范围中随机选择传输端口号,以供该用户替换原始源端口号,同时用共享IPv4地址替换源IP地址。
A CGN device may decide to "free" a previously assigned set of IP ports that have been allocated for a specific user but are not currently in use, and with that, the CGN device must send the information of the deallocated IP port range along with the shared IPv4 address to the RADIUS server.
CGN设备可能决定“释放”先前分配的一组IP端口,这些端口已分配给特定用户,但当前未被使用,因此,CGN设备必须将解除分配的IP端口范围的信息以及共享IPv4地址发送到RADIUS服务器。
Figure 17 illustrates how the RADIUS protocol is used to report a set of ports allocated and deallocated, respectively, by a NAT64 device for a specific user to the RADIUS server. 2001:db8:100:200::/56 is the IPv6 prefix allocated to this user. In order to limit the usage of the NAT64 resources on a per-user basis for fairness of resource usage (see REQ-4 of [RFC6888]), port range allocations are bound to the /56 prefix, not to the source IPv6 address of the request. The NAT64 device is configured with the per-user port limit policy by some means (e.g., subscriber-mask [RFC7785]).
图17说明了如何使用RADIUS协议将NAT64设备分别为特定用户分配和解除分配的一组端口报告给RADIUS服务器。2001:db8:100:200::/56是分配给此用户的IPv6前缀。为了在每个用户的基础上限制NAT64资源的使用,以确保资源使用的公平性(请参见[RFC6888]中的REQ-4),端口范围分配绑定到/56前缀,而不是请求的源IPv6地址。NAT64设备通过某种方式(例如,订户掩码[RFC7785])配置了每用户端口限制策略。
Host NAT64/NAS AAA
| BNG Server
| | |
| | |
|----Service Request------>| |
| | |
| |-----Access-Request -------->|
| | |
| |<----Access-Accept-----------|
|<---Service Granted ------| |
| (other parameters) | |
... ... ...
| | |
| | |
| (NAT64 decides to allocate |
| a TCP/UDP port range for the user) |
| | |
| |-----Accounting-Request----->|
| | (IP-Port-Range |
| | for allocation) |
... ... ...
| | |
| (NAT64 decides to deallocate |
| a TCP/UDP port range for the user) |
| | |
| |-----Accounting-Request----->|
| | (IP-Port-Range |
| | for deallocation) |
| | |
Host NAT64/NAS AAA
| BNG Server
| | |
| | |
|----Service Request------>| |
| | |
| |-----Access-Request -------->|
| | |
| |<----Access-Accept-----------|
|<---Service Granted ------| |
| (other parameters) | |
... ... ...
| | |
| | |
| (NAT64 decides to allocate |
| a TCP/UDP port range for the user) |
| | |
| |-----Accounting-Request----->|
| | (IP-Port-Range |
| | for allocation) |
... ... ...
| | |
| (NAT64 decides to deallocate |
| a TCP/UDP port range for the user) |
| | |
| |-----Accounting-Request----->|
| | (IP-Port-Range |
| | for deallocation) |
| | |
Figure 17: RADIUS Message Flow for Reporting NAT64 Allocation/Deallocation of a Port Set
图17:用于报告端口集NAT64分配/解除分配的RADIUS消息流
In most scenarios, the port mapping on a NAT device is dynamically created when the IP packets of an IP connection initiated by a user arrives. For some applications, the port mapping needs to be pre-defined and allow IP packets of applications from outside a CGN device to pass through and be "port forwarded" to the correct user located behind the CGN device.
在大多数情况下,NAT设备上的端口映射是在用户发起的IP连接的IP数据包到达时动态创建的。对于某些应用程序,端口映射需要预定义,并允许来自CGN设备外部的应用程序的IP数据包通过并“端口转发”到位于CGN设备后面的正确用户。
The Port Control Protocol (PCP) [RFC6887], provides a mechanism to create a mapping from an external IP address and port to an internal IP address and port on a CGN device just to achieve the "port forwarding" purpose. PCP is a server-client protocol capable of creating or deleting a mapping along with a rich set of features on a CGN device in dynamic fashion. In some deployments, all users need
端口控制协议(PCP)[RFC6887]提供了一种机制,用于创建从外部IP地址和端口到CGN设备上的内部IP地址和端口的映射,以实现“端口转发”目的。PCP是一种服务器-客户端协议,能够在CGN设备上以动态方式创建或删除映射以及丰富的功能集。在某些部署中,所有用户都需要
is a few (typically just one) pre-configured port mappings for applications at home, such as a web cam; the lifetime of such a port mapping remains valid throughout the duration of the customer's Internet service connection time. In such an environment, it is possible to statically configure a port mapping on the RADIUS server for a user and let the RADIUS protocol propagate the information to the associated CGN device.
是一些(通常只有一个)预配置的端口映射,用于家庭应用程序,如网络摄像头;这种端口映射的生存期在客户的Internet服务连接时间内保持有效。在这种环境中,可以在RADIUS服务器上为用户静态配置端口映射,并让RADIUS协议将信息传播到相关的CGN设备。
Note that this document targets deployments where a AAA server is responsible for instructing NAT mappings for a given subscriber and does not make any assumption about the host's capabilities with regards to port forwarding control. This deployment is complementary to PCP given that PCP targets a different deployment model where an application (on the host) controls its mappings in an upstream CPE, CGN, firewall, etc.
请注意,本文档针对AAA服务器负责指示给定订阅者的NAT映射的部署,而不假设主机在端口转发控制方面的能力。此部署是对PCP的补充,因为PCP针对不同的部署模型,其中应用程序(在主机上)控制其在上游CPE、CGN、防火墙等中的映射。
Figure 18 illustrates how the RADIUS protocol is used to configure a port forwarding mapping on a NAT44 device.
图18说明了如何使用RADIUS协议在NAT44设备上配置端口转发映射。
Host CGN/NAS AAA
| BNG Server
| | |
|----Service Request------>| |
| | |
| |---------Access-Request------->|
| | |
| |<--------Access-Accept---------|
| | (IP-Port-Forwarding-Map) |
|<---Service Granted ------| |
| (other parameters) | |
| | |
| (Create a port mapping |
| for the user, and |
| associate it with the |
| internal IP address |
| and external IP address) |
| | |
| | |
| |------Accounting-Request------>|
| | (IP-Port-Forwarding-Map) |
Host CGN/NAS AAA
| BNG Server
| | |
|----Service Request------>| |
| | |
| |---------Access-Request------->|
| | |
| |<--------Access-Accept---------|
| | (IP-Port-Forwarding-Map) |
|<---Service Granted ------| |
| (other parameters) | |
| | |
| (Create a port mapping |
| for the user, and |
| associate it with the |
| internal IP address |
| and external IP address) |
| | |
| | |
| |------Accounting-Request------>|
| | (IP-Port-Forwarding-Map) |
Figure 18: RADIUS Message Flow for Configuring a Port Forwarding Mapping
图18:配置端口转发映射的RADIUS消息流
A port forwarding mapping that is created on a CGN device using the RADIUS extension as described above may also be changed using a RADIUS CoA message [RFC5176] that carries the same RADIUS association. The CoA message may be sent from the RADIUS server directly to the NAS, and once the RADIUS CoA ACK message is accepted and sent back, the new port forwarding mapping then replaces the previous one.
使用如上所述的RADIUS扩展在CGN设备上创建的端口转发映射也可以使用携带相同RADIUS关联的RADIUS CoA消息[RFC5176]进行更改。CoA消息可以从RADIUS服务器直接发送到NAS,一旦RADIUS CoA ACK消息被接受并发送回,新的端口转发映射就会替换以前的端口转发映射。
Figure 19 illustrates how the RADIUS protocol is used to change an existing port mapping from (a:X) to (a:Y), where "a" is an internal port, and "X" and "Y" are external ports, respectively, for a specific user with a specific IP address
图19说明了如何使用RADIUS协议将具有特定IP地址的特定用户的现有端口映射从(a:X)更改为(a:Y),其中“a”是内部端口,“X”和“Y”分别是外部端口
Host CGN/NAS AAA
| BNG Server
| | |
| Internal IP Address |
| Port Map (a:X) |
| | |
| |<---------CoA Request----------|
| | (IP-Port-Forwarding-Map) |
| | |
| Internal IP Address |
| Port Map (a:Y) |
| | |
| |---------CoA Response--------->|
| | (IP-Port-Forwarding-Map) |
Host CGN/NAS AAA
| BNG Server
| | |
| Internal IP Address |
| Port Map (a:X) |
| | |
| |<---------CoA Request----------|
| | (IP-Port-Forwarding-Map) |
| | |
| Internal IP Address |
| Port Map (a:Y) |
| | |
| |---------CoA Response--------->|
| | (IP-Port-Forwarding-Map) |
Figure 19: RADIUS Message Flow for Changing a User's Port Forwarding Mapping
图19:用于更改用户端口转发映射的RADIUS消息流
An Internet Service Provider (ISP) assigns TCP/UDP 500 ports for the user Joe. This number is the limit that can be used for TCP/UDP ports on a CGN device for Joe and it is configured on a RADIUS server. Also, Joe asks for a pre-defined port forwarding mapping on the CGN device for his web cam applications (external port 5000 maps to internal port 1234).
Internet服务提供商(ISP)为用户分配TCP/UDP 500端口。此数字是可用于Joe CGN设备上TCP/UDP端口的限制,并在RADIUS服务器上配置。此外,Joe要求在CGN设备上为其web cam应用程序提供预定义的端口转发映射(外部端口5000映射到内部端口1234)。
When Joe successfully connects to the Internet service, the RADIUS server conveys the TCP/UDP port limit (500) and the port forwarding mapping (external port 5000 to internal port 1234) to the CGN device using the IP-Port-Limit-Info Attribute and IP-Port-Forwarding-Map Attribute, respectively, carried by an Access-Accept message to the BNG where NAS and CGN are co-located.
当Joe成功连接到Internet服务时,RADIUS服务器分别使用IP端口限制信息属性和IP端口转发映射属性将TCP/UDP端口限制(500)和端口转发映射(外部端口5000到内部端口1234)传送到CGN设备,由访问接受消息传送到NAS和CGN位于同一位置的BNG。
Upon receiving the first outbound IP packet sent from Joe's laptop, the CGN device decides to allocate a small port pool that contains 40 consecutive ports, from 3500 to 3540, inclusively, and also assigns a shared IPv4 address 192.0.2.15 for Joe. The CGN device also randomly selects one port from the allocated range (say, 3519) and uses that port to replace the original source port in outbound IP packets.
在接收到从Joe的笔记本电脑发送的第一个出站IP数据包后,CGN设备决定分配一个包含40个连续端口(包括3500到3540)的小端口池,并为Joe分配一个共享IPv4地址192.0.2.15。CGN设备还从分配的范围(例如3519)中随机选择一个端口,并使用该端口替换出站IP分组中的原始源端口。
For accounting purposes, the CGN device passes this port range (3500-3540) and the shared IPv4 address 192.0.2.15 together to the RADIUS server using IP-Port-Range Attribute carried by an Accounting-Request message.
出于记帐目的,CGN设备使用记帐请求消息携带的IP端口范围属性将此端口范围(3500-3540)和共享IPv4地址192.0.2.15一起传递给RADIUS服务器。
When Joe works on more applications with more outbound IP mappings and the port pool (3500-3540) is close to exhaust, the CGN device allocates a second port pool (8500-8800) in a similar fashion and also passes the new port range (8500-8800) and IPv4 address 192.0.2.15 together to the RADIUS server using IP-Port-Range Attribute carried by an Accounting-Request message. Note when the CGN allocates more ports, it needs to assure that the total number of ports allocated for Joe is within the limit.
当Joe在更多具有更多出站IP映射的应用程序上工作,并且端口池(3500-3540)接近耗尽时,CGN设备以类似的方式分配第二个端口池(8500-8800),并通过新的端口范围(8500-8800)和IPv4地址192.0.2.15一起使用记帐请求消息携带的IP端口范围属性发送到RADIUS服务器。注意:当CGN分配更多端口时,它需要确保分配给Joe的端口总数在限制范围内。
Joe decides to upgrade his service agreement with more TCP/UDP ports allowed (up to 1000 ports). The ISP updates the information in Joe's profile on the RADIUS server, which then sends a CoA-Request message that carries the IP-Port-Limit-Info Attribute with 1000 ports to the CGN device; the CGN device in turn sends back a CoA-ACK message. With that, Joe enjoys more available TCP/UDP ports for his applications.
Joe决定升级其服务协议,允许使用更多TCP/UDP端口(最多1000个端口)。ISP在RADIUS服务器上更新Joe配置文件中的信息,然后向CGN设备发送带有1000个端口的IP端口限制信息属性的CoA请求消息;CGN设备依次发回CoA ACK消息。这样,Joe就可以为他的应用程序提供更多可用的TCP/UDP端口。
When Joe is not using his service, most of the IP mappings are closed with their associated TCP/UDP ports released on the CGN device, which then sends the relevant information back to the RADIUS server using the IP-Port-Range Attribute carried by the Accounting-Request message.
当Joe不使用其服务时,大多数IP映射都会关闭,并在CGN设备上释放其关联的TCP/UDP端口,然后CGN设备会使用记帐请求消息携带的IP端口范围属性将相关信息发送回RADIUS服务器。
Throughout Joe's connection with his ISP, applications can communicate with his web cam at home from the external realm, thus directly traversing the pre-configured mapping on the CGN device.
在Joe与ISP的整个连接过程中,应用程序可以从外部领域与家中的网络摄像头进行通信,从而直接遍历CGN设备上的预配置映射。
When Joe disconnects from his Internet service, the CGN device will deallocate all TCP/UDP ports as well as the port forwarding mapping and send the relevant information to the RADIUS server.
当Joe断开与Internet服务的连接时,CGN设备将取消分配所有TCP/UDP端口以及端口转发映射,并将相关信息发送到RADIUS服务器。
Figure 20 illustrates an example of the flow exchange that occurs when the visiting User Equipment (UE) connects to a CPE offering WLAN service.
图20示出了当访问用户设备(UE)连接到提供WLAN服务的CPE时发生的流交换的示例。
For identification purposes (see [RFC6967]), once the CPE assigns a port set, it issues a RADIUS message to report the assigned port set.
为了便于识别(请参见[RFC6967]),一旦CPE分配了一个端口集,它就会发出RADIUS消息来报告分配的端口集。
UE CPE CGN AAA
| BNG Server
| | |
| | |
|----Service Request------>| |
| | |
| |-----Access-Request -------->|
| | |
| |<----Access-Accept-----------|
|<---Service Granted ------| |
| (other parameters) | |
... | ... ...
|<---IP@----| | |
| | | |
| (CPE assigns a TCP/UDP port |
| range for this visiting UE) |
| | |
| |--Accounting-Request-...------------------->|
| | (IP-Port-Range |
| | for allocation) |
... | ... ...
| | | |
| | | |
| (CPE withdraws a TCP/UDP port |
| range for a visiting UE) |
| | |
| |--Accounting-Request-...------------------->|
| | (IP-Port-Range |
| | for deallocation) |
| | |
UE CPE CGN AAA
| BNG Server
| | |
| | |
|----Service Request------>| |
| | |
| |-----Access-Request -------->|
| | |
| |<----Access-Accept-----------|
|<---Service Granted ------| |
| (other parameters) | |
... | ... ...
|<---IP@----| | |
| | | |
| (CPE assigns a TCP/UDP port |
| range for this visiting UE) |
| | |
| |--Accounting-Request-...------------------->|
| | (IP-Port-Range |
| | for allocation) |
... | ... ...
| | | |
| | | |
| (CPE withdraws a TCP/UDP port |
| range for a visiting UE) |
| | |
| |--Accounting-Request-...------------------->|
| | (IP-Port-Range |
| | for deallocation) |
| | |
Figure 20: RADIUS Message Flow for Reporting CPE Allocation/Deallocation of a Port Set to a Visiting UE
图20:用于向访问的UE报告端口集的CPE分配/解除分配的RADIUS消息流
This document proposes three new RADIUS attributes, and their formats are as follows:
本文档提出了三种新的半径属性,其格式如下:
o IP-Port-Limit-Info: 241.5
o IP端口限制信息:241.5
o IP-Port-Range: 241.6
o IP端口范围:241.6
o IP-Port-Forwarding-Map: 241.7
o IP端口转发映射:241.7
The following table provides a guide as to what type of RADIUS packets may contain these attributes and in what quantity.
下表提供了关于哪些类型的RADIUS数据包可能包含这些属性以及数量的指南。
Request Accept Reject Challenge Acct. # Attribute
Request
0+ 0+ 0 0 0+ 241.5 IP-Port-Limit-Info
0 0 0 0 0+ 241.6 IP-Port-Range
0+ 0+ 0 0 0+ 241.7 IP-Port-Forwarding-Map
Request Accept Reject Challenge Acct. # Attribute
Request
0+ 0+ 0 0 0+ 241.5 IP-Port-Limit-Info
0 0 0 0 0+ 241.6 IP-Port-Range
0+ 0+ 0 0 0+ 241.7 IP-Port-Forwarding-Map
The following table defines the meaning of the above table entries.
下表定义了上述表格条目的含义。
0 This attribute MUST NOT be present in packet. 0+ Zero or more instances of this attribute MAY be present in packet.
0此属性不能出现在数据包中。数据包中可能存在0+零个或多个此属性的实例。
This document does not introduce any security issue other than the ones already identified in RADIUS documents [RFC2865] and [RFC5176] for CoA messages. Known RADIUS vulnerabilities apply to this specification. For example, if RADIUS packets are sent in the clear, an attacker in the communication path between the RADIUS client and server may glean information that it will use to prevent a legitimate user from accessing the service by appropriately setting the maximum number of IP ports conveyed in an IP-Port-Limit-Info Attribute; exhaust the port quota of a user by installing many mapping entries (IP-Port-Forwarding-Map Attribute); prevent incoming traffic from being delivered to its legitimate destination by manipulating the mapping entries installed by means of an IP-Port-Forwarding-Map Attribute; discover the IP address and port range that are assigned to a given user and reported in an IP-Port-Range Attribute; and so on. The root cause of these attack vectors is the communication between the RADIUS client and server.
除RADIUS文件[RFC2865]和[RFC5176]中已针对CoA消息确定的安全问题外,本文件未引入任何其他安全问题。已知的RADIUS漏洞适用于本规范。例如,如果以明文形式发送RADIUS数据包,RADIUS客户端和服务器之间的通信路径中的攻击者可通过适当设置IP端口限制信息属性中传输的最大IP端口数,收集其将用于阻止合法用户访问服务的信息;通过安装多个映射条目(IP端口转发映射属性),耗尽用户的端口配额;通过操纵通过IP端口转发映射属性安装的映射条目,防止传入流量传递到其合法目的地;发现分配给给定用户并在IP端口范围属性中报告的IP地址和端口范围;等等这些攻击向量的根本原因是RADIUS客户端和服务器之间的通信。
The IP-Port-Local-Id TLV includes an identifier of which the type and length is deployment and implementation dependent. This identifier might carry privacy-sensitive information. It is therefore RECOMMENDED to utilize identifiers that do not have such privacy concerns.
IP端口本地Id TLV包括一个标识符,其类型和长度取决于部署和实现。此标识符可能包含隐私敏感信息。因此,建议使用不存在此类隐私问题的标识符。
If there is any error in a RADIUS Accounting-Request packet sent from a RADIUS client to the server, the RADIUS server MUST NOT send a response to the client (refer to [RFC2866]). Examples of the errors include the erroneous port range in the IP-Port-Range Attribute, inconsistent port mapping in the IP-Port-Forwarding-Map Attribute, etc.
如果从RADIUS客户端发送到服务器的RADIUS记帐请求数据包中存在任何错误,RADIUS服务器不得向客户端发送响应(请参阅[RFC2866])。错误的示例包括IP端口范围属性中的错误端口范围、IP端口转发映射属性中的不一致端口映射等。
This document targets deployments where a trusted relationship is in place between the RADIUS client and server with communication optionally secured by IPsec or Transport Layer Security (TLS) [RFC6614].
本文档针对RADIUS客户端和服务器之间存在受信任关系的部署,通信可选地由IPsec或传输层安全性(TLS)保护[RFC6614]。
Per this document, IANA has made new code point assignments for both IPFIX Information Elements and RADIUS attributes as explained in the following subsections.
根据本文档,IANA为IPFIX信息元素和RADIUS属性指定了新的代码点,如下小节所述。
The following IPFIX Information Element has been registered (refer to Section 3.2.2):
已注册以下IPFIX信息元素(参考第3.2.2节):
o sourceTransportPortsLimit:
o sourceTransportPortsLimit:
* Name: sourceTransportPortsLimit
* 名称:sourceTransportPortsLimit
* Element ID: 458
* 元素ID:458
* Description: This Information Element contains the maximum number of IP source transport ports that can be used by an end user when sending IP packets; each user is associated with one or more (source) IPv4 or IPv6 addresses. This Information Element is particularly useful in address-sharing deployments that adhere to REQ-4 of [RFC6888]. Limiting the number of ports assigned to each user ensures fairness among users and mitigates the denial-of-service attack that a user could launch against other users through the address-sharing device in order to grab more ports.
* 描述:此信息元素包含终端用户在发送IP数据包时可以使用的最大IP源传输端口数;每个用户都与一个或多个(源)IPv4或IPv6地址关联。此信息元素在遵循[RFC6888]的REQ-4的地址共享部署中特别有用。限制分配给每个用户的端口数可确保用户之间的公平性,并减轻用户可能通过地址共享设备对其他用户发起的拒绝服务攻击,以获取更多端口。
* Data type: unsigned16
* 数据类型:unsigned16
* Data type semantics: totalCounter
* 数据类型语义:totalCounter
* Data type unit: ports
* 数据类型单位:端口
* Data value range: from 1 to 65535
* 数据值范围:从1到65535
The Attribute Types defined in this document have been registered by IANA from the RADIUS namespace as described in the "IANA Considerations" section of [RFC3575], in accordance with BCP 26 [RFC5226]. For RADIUS packets, attributes, and registries created by this document, IANA has placed them at <http://www.iana.org/assignments/radius-types>.
本文件中定义的属性类型已由IANA根据BCP 26[RFC5226]从[RFC3575]的“IANA注意事项”部分所述的RADIUS命名空间中注册。对于本文档创建的RADIUS数据包、属性和注册表,IANA已将它们放置在<http://www.iana.org/assignments/radius-types>.
In particular, this document defines three new RADIUS attributes, as follows, from the Short Extended Space of [RFC6929]:
特别是,本文档从[RFC6929]的短扩展空间定义了三个新的RADIUS属性,如下所示:
Type Description Data Type Reference
---- ----------- --------- ---------
241.5 IP-Port-Limit-Info tlv Section 3.1.1
241.6 IP-Port-Range tlv Section 3.1.2
241.7 IP-Port-Forwarding-Map tlv Section 3.1.3
Type Description Data Type Reference
---- ----------- --------- ---------
241.5 IP-Port-Limit-Info tlv Section 3.1.1
241.6 IP-Port-Range tlv Section 3.1.2
241.7 IP-Port-Forwarding-Map tlv Section 3.1.3
IANA has created a new registry called "RADIUS IP Port Configuration and Reporting TLVs". All TLVs in this registry have one or more parent RADIUS attributes in nesting (refer to [RFC6929]). This registry contains the following TLVs:
IANA创建了一个名为“RADIUS IP端口配置和报告TLV”的新注册表。此注册表中的所有TLV在嵌套中都有一个或多个父半径属性(请参阅[RFC6929])。此注册表包含以下TLV:
Value Description Data Type Reference
----- ----------- --------- ---------
0 Reserved
1 IP-Port-Type integer Section 3.2.1
2 IP-Port-Limit integer Section 3.2.2
3 IP-Port-Ext-IPv4-Addr ipv4addr Section 3.2.3
4 IP-Port-Int-IPv4-Addr ipv4addr Section 3.2.4
5 IP-Port-Int-IPv6-Addr ipv4addr Section 3.2.5
6 IP-Port-Int-Port integer Section 3.2.6
7 IP-Port-Ext-Port integer Section 3.2.7
8 IP-Port-Alloc integer Section 3.2.8
9 IP-Port-Range-Start integer Section 3.2.9
10 IP-Port-Range-End integer Section 3.2.10
11 IP-Port-Local-Id string Section 3.2.11
12-255 Unassigned
Value Description Data Type Reference
----- ----------- --------- ---------
0 Reserved
1 IP-Port-Type integer Section 3.2.1
2 IP-Port-Limit integer Section 3.2.2
3 IP-Port-Ext-IPv4-Addr ipv4addr Section 3.2.3
4 IP-Port-Int-IPv4-Addr ipv4addr Section 3.2.4
5 IP-Port-Int-IPv6-Addr ipv4addr Section 3.2.5
6 IP-Port-Int-Port integer Section 3.2.6
7 IP-Port-Ext-Port integer Section 3.2.7
8 IP-Port-Alloc integer Section 3.2.8
9 IP-Port-Range-Start integer Section 3.2.9
10 IP-Port-Range-End integer Section 3.2.10
11 IP-Port-Local-Id string Section 3.2.11
12-255 Unassigned
The registration procedure for this registry is Standards Action as defined in [RFC5226].
此注册表的注册程序是[RFC5226]中定义的标准行动。
[IPFIX] IANA, "IP Flow Information Export (IPFIX) Entities", <http://www.iana.org/assignments/ipfix/>.
[IPFIX]IANA,“IP流信息导出(IPFIX)实体”<http://www.iana.org/assignments/ipfix/>.
[ProtocolNumbers] IANA, "Protocol Numbers", <http://www.iana.org/assignments/protocol-numbers/>.
[协议编号]IANA,“协议编号”<http://www.iana.org/assignments/protocol-numbers/>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, <http://www.rfc-editor.org/info/rfc2119>.
[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,DOI 10.17487/RFC2119,1997年3月<http://www.rfc-editor.org/info/rfc2119>.
[RFC2865] Rigney, C., Willens, S., Rubens, A., and W. Simpson, "Remote Authentication Dial In User Service (RADIUS)", RFC 2865, DOI 10.17487/RFC2865, June 2000, <http://www.rfc-editor.org/info/rfc2865>.
[RFC2865]Rigney,C.,Willens,S.,Rubens,A.,和W.Simpson,“远程认证拨入用户服务(RADIUS)”,RFC 2865,DOI 10.17487/RFC2865,2000年6月<http://www.rfc-editor.org/info/rfc2865>.
[RFC3575] Aboba, B., "IANA Considerations for RADIUS (Remote Authentication Dial In User Service)", RFC 3575, DOI 10.17487/RFC3575, July 2003, <http://www.rfc-editor.org/info/rfc3575>.
[RFC3575]Aboba,B.“RADIUS(远程认证拨入用户服务)的IANA注意事项”,RFC 3575,DOI 10.17487/RFC3575,2003年7月<http://www.rfc-editor.org/info/rfc3575>.
[RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 5226, DOI 10.17487/RFC5226, May 2008, <http://www.rfc-editor.org/info/rfc5226>.
[RFC5226]Narten,T.和H.Alvestrand,“在RFCs中编写IANA注意事项部分的指南”,BCP 26,RFC 5226,DOI 10.17487/RFC5226,2008年5月<http://www.rfc-editor.org/info/rfc5226>.
[RFC6929] DeKok, A. and A. Lior, "Remote Authentication Dial In User Service (RADIUS) Protocol Extensions", RFC 6929, DOI 10.17487/RFC6929, April 2013, <http://www.rfc-editor.org/info/rfc6929>.
[RFC6929]DeKok,A.和A.Lior,“远程身份验证拨入用户服务(RADIUS)协议扩展”,RFC 6929,DOI 10.17487/RFC6929,2013年4月<http://www.rfc-editor.org/info/rfc6929>.
[RFC7012] Claise, B., Ed., and B. Trammell, Ed., "Information Model for IP Flow Information Export (IPFIX)", RFC 7012, DOI 10.17487/RFC7012, September 2013, <http://www.rfc-editor.org/info/rfc7012>.
[RFC7012]Claise,B.,Ed.,和B.Trammell,Ed.,“IP流信息导出(IPFIX)的信息模型”,RFC 7012,DOI 10.17487/RFC7012,2013年9月<http://www.rfc-editor.org/info/rfc7012>.
[RFC8044] DeKok, A., "Data Types in RADIUS", RFC 8044, DOI 10.17487/RFC8044, January 2017, <http://www.rfc-editor.org/info/rfc8044>.
[RFC8044]DeKok,A.,“半径中的数据类型”,RFC 8044,DOI 10.17487/RFC8044,2017年1月<http://www.rfc-editor.org/info/rfc8044>.
[RFC768] Postel, J., "User Datagram Protocol", STD 6, RFC 768, DOI 10.17487/RFC0768, August 1980, <http://www.rfc-editor.org/info/rfc768>.
[RFC768]Postel,J.,“用户数据报协议”,STD 6,RFC 768,DOI 10.17487/RFC0768,1980年8月<http://www.rfc-editor.org/info/rfc768>.
[RFC793] Postel, J., "Transmission Control Protocol", STD 7, RFC 793, DOI 10.17487/RFC0793, September 1981, <http://www.rfc-editor.org/info/rfc793>.
[RFC793]Postel,J.,“传输控制协议”,标准7,RFC 793,DOI 10.17487/RFC0793,1981年9月<http://www.rfc-editor.org/info/rfc793>.
[RFC1918] Rekhter, Y., Moskowitz, B., Karrenberg, D., de Groot, G., and E. Lear, "Address Allocation for Private Internets", BCP 5, RFC 1918, DOI 10.17487/RFC1918, February 1996, <http://www.rfc-editor.org/info/rfc1918>.
[RFC1918]Rekhter,Y.,Moskowitz,B.,Karrenberg,D.,de Groot,G.,和E.Lear,“私人互联网地址分配”,BCP 5,RFC 1918,DOI 10.17487/RFC1918,1996年2月<http://www.rfc-editor.org/info/rfc1918>.
[RFC2866] Rigney, C., "RADIUS Accounting", RFC 2866, DOI 10.17487/RFC2866, June 2000, <http://www.rfc-editor.org/info/rfc2866>.
[RFC2866]Rigney,C.,“半径会计”,RFC 2866,DOI 10.17487/RFC2866,2000年6月<http://www.rfc-editor.org/info/rfc2866>.
[RFC3022] Srisuresh, P. and K. Egevang, "Traditional IP Network Address Translator (Traditional NAT)", RFC 3022, DOI 10.17487/RFC3022, January 2001, <http://www.rfc-editor.org/info/rfc3022>.
[RFC3022]Srisuresh,P.和K.Egevang,“传统IP网络地址转换器(传统NAT)”,RFC 3022,DOI 10.17487/RFC3022,2001年1月<http://www.rfc-editor.org/info/rfc3022>.
[RFC4340] Kohler, E., Handley, M., and S. Floyd, "Datagram Congestion Control Protocol (DCCP)", RFC 4340, DOI 10.17487/RFC4340, March 2006, <http://www.rfc-editor.org/info/rfc4340>.
[RFC4340]Kohler,E.,Handley,M.和S.Floyd,“数据报拥塞控制协议(DCCP)”,RFC 4340,DOI 10.17487/RFC4340,2006年3月<http://www.rfc-editor.org/info/rfc4340>.
[RFC4960] Stewart, R., Ed., "Stream Control Transmission Protocol", RFC 4960, DOI 10.17487/RFC4960, September 2007, <http://www.rfc-editor.org/info/rfc4960>.
[RFC4960]Stewart,R.,Ed.“流控制传输协议”,RFC 4960,DOI 10.17487/RFC4960,2007年9月<http://www.rfc-editor.org/info/rfc4960>.
[RFC5176] Chiba, M., Dommety, G., Eklund, M., Mitton, D., and B. Aboba, "Dynamic Authorization Extensions to Remote Authentication Dial In User Service (RADIUS)", RFC 5176, DOI 10.17487/RFC5176, January 2008, <http://www.rfc-editor.org/info/rfc5176>.
[RFC5176]Chiba,M.,Dommety,G.,Eklund,M.,Mitton,D.,和B.Aboba,“远程认证拨号用户服务(RADIUS)的动态授权扩展”,RFC 5176,DOI 10.17487/RFC5176,2008年1月<http://www.rfc-editor.org/info/rfc5176>.
[RFC6146] Bagnulo, M., Matthews, P., and I. van Beijnum, "Stateful NAT64: Network Address and Protocol Translation from IPv6 Clients to IPv4 Servers", RFC 6146, DOI 10.17487/RFC6146, April 2011, <http://www.rfc-editor.org/info/rfc6146>.
[RFC6146]Bagnulo,M.,Matthews,P.,和I.van Beijnum,“有状态NAT64:从IPv6客户端到IPv4服务器的网络地址和协议转换”,RFC 6146,DOI 10.17487/RFC6146,2011年4月<http://www.rfc-editor.org/info/rfc6146>.
[RFC6158] DeKok, A., Ed., and G. Weber, "RADIUS Design Guidelines", BCP 158, RFC 6158, DOI 10.17487/RFC6158, March 2011, <http://www.rfc-editor.org/info/rfc6158>.
[RFC6158]DeKok,A.,Ed.,和G.Weber,“半径设计指南”,BCP 158,RFC 6158,DOI 10.17487/RFC6158,2011年3月<http://www.rfc-editor.org/info/rfc6158>.
[RFC6269] Ford, M., Ed., Boucadair, M., Durand, A., Levis, P., and P. Roberts, "Issues with IP Address Sharing", RFC 6269, DOI 10.17487/RFC6269, June 2011, <http://www.rfc-editor.org/info/rfc6269>.
[RFC6269]福特,M.,Ed.,Boucadair,M.,Durand,A.,Levis,P.,和P.Roberts,“IP地址共享问题”,RFC 6269,DOI 10.17487/RFC62692011年6月<http://www.rfc-editor.org/info/rfc6269>.
[RFC6333] Durand, A., Droms, R., Woodyatt, J., and Y. Lee, "Dual-Stack Lite Broadband Deployments Following IPv4 Exhaustion", RFC 6333, DOI 10.17487/RFC6333, August 2011, <http://www.rfc-editor.org/info/rfc6333>.
[RFC6333]Durand,A.,Droms,R.,Woodyatt,J.,和Y.Lee,“IPv4耗尽后的双栈Lite宽带部署”,RFC 6333,DOI 10.17487/RFC6333,2011年8月<http://www.rfc-editor.org/info/rfc6333>.
[RFC6598] Weil, J., Kuarsingh, V., Donley, C., Liljenstolpe, C., and M. Azinger, "IANA-Reserved IPv4 Prefix for Shared Address Space", BCP 153, RFC 6598, DOI 10.17487/RFC6598, April 2012, <http://www.rfc-editor.org/info/rfc6598>.
[RFC6598]Weil,J.,Kuarsingh,V.,Donley,C.,Liljenstolpe,C.,和M.Azinger,“IANA为共享地址空间保留IPv4前缀”,BCP 153,RFC 6598,DOI 10.17487/RFC6598,2012年4月<http://www.rfc-editor.org/info/rfc6598>.
[RFC6614] Winter, S., McCauley, M., Venaas, S., and K. Wierenga, "Transport Layer Security (TLS) Encryption for RADIUS", RFC 6614, DOI 10.17487/RFC6614, May 2012, <http://www.rfc-editor.org/info/rfc6614>.
[RFC6614]Winter,S.,McCauley,M.,Venaas,S.,和K.Wierenga,“RADIUS的传输层安全(TLS)加密”,RFC 6614,DOI 10.17487/RFC66142012年5月<http://www.rfc-editor.org/info/rfc6614>.
[RFC6887] Wing, D., Ed., Cheshire, S., Boucadair, M., Penno, R., and P. Selkirk, "Port Control Protocol (PCP)", RFC 6887, DOI 10.17487/RFC6887, April 2013, <http://www.rfc-editor.org/info/rfc6887>.
[RFC6887]Wing,D.,Ed.,Cheshire,S.,Boucadair,M.,Penno,R.,和P.Selkirk,“港口控制协议(PCP)”,RFC 6887,DOI 10.17487/RFC6887,2013年4月<http://www.rfc-editor.org/info/rfc6887>.
[RFC6888] Perreault, S., Ed., Yamagata, I., Miyakawa, S., Nakagawa, A., and H. Ashida, "Common Requirements for Carrier-Grade NATs (CGNs)", BCP 127, RFC 6888, DOI 10.17487/RFC6888, April 2013, <http://www.rfc-editor.org/info/rfc6888>.
[RFC6888]Perreault,S.,Ed.,Yamagata,I.,Miyakawa,S.,Nakagawa,A.,和H.Ashida,“载体级NAT(CGN)的通用要求”,BCP 127,RFC 6888,DOI 10.17487/RFC6888,2013年4月<http://www.rfc-editor.org/info/rfc6888>.
[RFC6967] Boucadair, M., Touch, J., Levis, P., and R. Penno, "Analysis of Potential Solutions for Revealing a Host Identifier (HOST_ID) in Shared Address Deployments", RFC 6967, DOI 10.17487/RFC6967, June 2013, <http://www.rfc-editor.org/info/rfc6967>.
[RFC6967]Boucadair,M.,Touch,J.,Levis,P.,和R.Penno,“在共享地址部署中显示主机标识符(主机ID)的潜在解决方案分析”,RFC 6967,DOI 10.17487/RFC6967,2013年6月<http://www.rfc-editor.org/info/rfc6967>.
[RFC7785] Vinapamula, S. and M. Boucadair, "Recommendations for Prefix Binding in the Context of Softwire Dual-Stack Lite", RFC 7785, DOI 10.17487/RFC7785, February 2016, <http://www.rfc-editor.org/info/rfc7785>.
[RFC7785]Vinapamula,S.和M.Boucadair,“软线双栈Lite环境下前缀绑定的建议”,RFC 7785,DOI 10.17487/RFC7785,2016年2月<http://www.rfc-editor.org/info/rfc7785>.
[TR-146] Broadband Forum, "TR-146: Subscriber Sessions", Broadband Forum Technical Report 146, Issue 1, May 2013, <http://www.broadband-forum.org/technical/ download/TR-146.pdf>.
[TR-146]宽带论坛,“TR-146:用户会议”,宽带论坛技术报告146,第1期,2013年5月<http://www.broadband-forum.org/technical/ 下载/TR-146.pdf>。
[WIFI-SERVICES] Gundavelli, S., Grayson, M., Seite, P., and Y. Lee, "Service Provider Wi-Fi Services Over Residential Architectures", Work in Progress, draft-gundavelli-v6ops-community-wifi-svcs-06, April 2013.
[WIFI-SERVICES]Gundavelli,S.,Grayson,M.,Seite,P.,和Y.Lee,“住宅建筑上的服务提供商Wi-Fi服务”,正在进行的工作,草稿-Gundavelli-v6ops-community-WIFI-svcs-062013年4月。
Acknowledgments
致谢
Many thanks to Dan Wing, Roberta Maglione, Daniel Derksen, David Thaler, Alan DeKok, Lionel Morand, and Peter Deacon for their useful comments and suggestions.
非常感谢Dan Wing、Roberta Maglione、Daniel Derksen、David Thaler、Alan DeKok、Lionel Morand和Peter执事提出的有用意见和建议。
Special thanks to Lionel Morand for the Shepherd review and to Kathleen Moriarty for the AD review.
特别感谢莱昂内尔·莫兰德的《牧羊人评论》和凯瑟琳·莫里亚蒂的《广告评论》。
Thanks to Carl Wallace, Tim Chown, and Ben Campbell for the detailed review.
感谢Carl Wallace、Tim Chown和Ben Campbell的详细评论。
Authors' Addresses
作者地址
Dean Cheng Huawei 2330 Central Expressway Santa Clara, California 95050 United States of America
Dean Cheng Huawei 2330美国加利福尼亚州圣克拉拉中央高速公路95050
Email: dean.cheng@huawei.com
Email: dean.cheng@huawei.com
Jouni Korhonen Broadcom Corporation 3151 Zanker Road San Jose, California 95134 United States of America
美国加利福尼亚州圣何塞市赞克路3151号Jouni Korhonen Broadcom Corporation 95134
Email: jouni.nospam@gmail.com
Email: jouni.nospam@gmail.com
Mohamed Boucadair Orange Rennes France
穆罕默德·布卡代尔·奥兰治·雷恩法国
Email: mohamed.boucadair@orange.com
Email: mohamed.boucadair@orange.com
Senthil Sivakumar Cisco Systems 7100-8 Kit Creek Road Research Triangle Park, North Carolina United States of America
Senthil Sivakumar Cisco Systems 7100-8 Kit Creek Road Research Triangle Park,美国北卡罗来纳州
Email: ssenthil@cisco.com
Email: ssenthil@cisco.com