diff options
Diffstat (limited to 'doc/rfc/rfc8658.txt')
| -rw-r--r-- | doc/rfc/rfc8658.txt | 1824 |
1 files changed, 1824 insertions, 0 deletions
diff --git a/doc/rfc/rfc8658.txt b/doc/rfc/rfc8658.txt new file mode 100644 index 0000000..41152bf --- /dev/null +++ b/doc/rfc/rfc8658.txt @@ -0,0 +1,1824 @@ + + + + +Internet Engineering Task Force (IETF) S. Jiang, Ed. +Request for Comments: 8658 Huawei +Category: Standards Track Y. Fu, Ed. +ISSN: 2070-1721 CNNIC + C. Xie + China Telecom + T. Li + Tsinghua University + M. Boucadair, Ed. + Orange + November 2019 + + + RADIUS Attributes for Softwire Mechanisms Based on + Address plus Port (A+P) + +Abstract + + IPv4-over-IPv6 transition mechanisms provide IPv4 connectivity + services over IPv6 native networks during the IPv4/IPv6 coexistence + period. DHCPv6 options have been defined to configure clients for + Lightweight 4over6, Mapping of Address and Port with Encapsulation + (MAP-E), Mapping of Address and Port using Translation (MAP-T) + unicast softwire mechanisms, and multicast softwires. However, in + many networks, configuration information is stored in an + Authentication, Authorization, and Accounting (AAA) server, which + utilizes the Remote Authentication Dial In User Service (RADIUS) + protocol to provide centralized management for users. When a new + transition mechanism is developed, new RADIUS attributes need to be + defined correspondingly. + + This document defines new RADIUS attributes to carry softwire + configuration parameters based on Address plus Port from a AAA server + to a Broadband Network Gateway. Both unicast and multicast + attributes are covered. + +Status of This Memo + + This is an Internet Standards Track document. + + This document is a product of the Internet Engineering Task Force + (IETF). It represents the consensus of the IETF community. It has + received public review and has been approved for publication by the + Internet Engineering Steering Group (IESG). Further information on + Internet Standards is available in Section 2 of RFC 7841. + + Information about the current status of this document, any errata, + and how to provide feedback on it may be obtained at + https://www.rfc-editor.org/info/rfc8658. + +Copyright Notice + + Copyright (c) 2019 IETF Trust and the persons identified as the + document authors. All rights reserved. + + This document is subject to BCP 78 and the IETF Trust's Legal + Provisions Relating to IETF Documents + (https://trustee.ietf.org/license-info) in effect on the date of + publication of this document. Please review these documents + carefully, as they describe your rights and restrictions with respect + to this document. Code Components extracted from this document must + include Simplified BSD License text as described in Section 4.e of + the Trust Legal Provisions and are provided without warranty as + described in the Simplified BSD License. + +Table of Contents + + 1. Introduction + 2. Terminology + 3. New RADIUS Attributes + 3.1. Softwire46-Configuration Attribute + 3.1.1. Softwire46 Attributes + 3.1.1.1. Softwire46-MAP-E Attribute + 3.1.1.2. Softwire46-MAP-T Attribute + 3.1.1.3. Softwire46-Lightweight-4over6 Attribute + 3.1.2. Softwire46 Sub-attributes + 3.1.3. Specification of the Softwire46 Sub-attributes + 3.1.3.1. Softwire46-Rule Attribute + 3.1.3.2. Softwire46-BR Attribute + 3.1.3.3. Softwire46-DMR Attribute + 3.1.3.4. Softwire46-V4V6Bind Attribute + 3.1.3.5. Softwire46-PORTPARAMS Attribute + 3.1.4. Sub-attributes for Softwire46-Rule + 3.1.4.1. Rule-IPv6-Prefix Attribute + 3.1.4.2. Rule-IPv4-Prefix Attribute + 3.1.4.3. EA-Length Attribute + 3.1.5. Attributes for Softwire46-v4v6Bind + 3.1.5.1. IPv4-Address Attribute + 3.1.5.2. Bind-IPv6-Prefix Attribute + 3.1.6. Attributes for Softwire46-PORTPARAMS + 3.1.6.1. PSID-Offset Attribute + 3.1.6.2. PSID-Len Attribute + 3.1.6.3. PSID Attribute + 3.2. Softwire46-Priority Attribute + 3.2.1. Softwire46-Option-Code + 3.3. Softwire46-Multicast Attribute + 3.3.1. ASM-Prefix64 Attribute + 3.3.2. SSM-Prefix64 Attribute + 3.3.3. U-Prefix64 Attribute + 4. A Sample Configuration Process with RADIUS + 5. Table of Attributes + 6. Security Considerations + 7. IANA Considerations + 7.1. New RADIUS Attributes + 7.2. RADIUS Softwire46 Configuration and Multicast + Attributes + 7.3. Softwire46 Mechanisms and Their Identifying Option + Codes + 8. References + 8.1. Normative References + 8.2. Informative References + Appendix A. DHCPv6 to RADIUS Field Mappings + A.1. OPTION_S46_RULE (89) to Softwire46-Rule Sub-TLV Field + Mappings + A.2. OPTION_S46_BR (90) to Softwire46-BR Field Mappings + A.3. OPTION_S46_DMR (91) to Softwire46-DMR + A.4. OPTION_S46_V4V6BIND (92) to Softwire46-V4V6Bind + A.5. OPTION_S46_PORTPARAMS (93) to Softwire46-PORTPARAMS + Field Mappings + A.6. OPTION_S46_PRIORITY (111) to Softwire46-PORTPARAMS + Field Mappings + A.7. OPTION_V6_PREFIX64 (113) to Softwire46-Multicast + Attribute Field Mappings + Acknowledgements + Contributors + Authors' Addresses + +1. Introduction + + Providers have started deploying and transitioning to IPv6. Several + IPv4 service continuity mechanisms based on Address plus Port (A+P) + [RFC6346] have been proposed for providing unicast IPv4-over- + IPv6-only infrastructure, such as Mapping of Address and Port with + Encapsulation (MAP-E) [RFC7597], Mapping of Address and Port using + Translation (MAP-T) [RFC7599], and Lightweight 4over6 [RFC7596]. + Also, [RFC8114] specifies a generic solution for the delivery of IPv4 + multicast services to IPv4 clients over an IPv6 multicast network. + For each of these mechanisms, DHCPv6 options have been specified for + client configuration. + + In many networks, user configuration information is stored in an + Authentication, Authorization, and Accounting (AAA) server. AAA + servers generally communicate using the Remote Authentication Dial In + User Service (RADIUS) [RFC2865] protocol. In a fixed broadband + network, a Broadband Network Gateway (BNG) acts as the access gateway + for users. That is, the BNG acts as both a AAA client to the AAA + server and a DHCPv6 server for DHCPv6 messages sent by clients. + Throughout this document, the term "BNG" describes a device + implementing both the AAA client and DHCPv6 server functions. + + Since IPv4-in-IPv6 softwire configuration information is stored in a + AAA server and user configuration information is mainly transmitted + through DHCPv6 between the BNGs and Customer Premises Equipment (CEs, + a.k.a., CPE), new RADIUS attributes are needed to propagate the + information from the AAA servers to BNGs so that they can be provided + to CEs using the existing DHCPv6 options. + + The RADIUS attributes defined in this document provide the + configuration to populate the corresponding DHCPv6 options for + unicast and multicast softwire configurations, specifically: + + * "Mapping of Address and Port with Encapsulation (MAP-E)" [RFC7597] + (DHCPv6 options defined in [RFC7598]). + + * "Mapping of Address and Port using Translation (MAP-T)" [RFC7599] + (DHCPv6 options defined in [RFC7598]). + + * "Lightweight 4over6: An Extension to the Dual-Stack Lite + Architecture" [RFC7596] (DHCPv6 options defined in [RFC7598]). + + * "Unified IPv4-in-IPv6 Softwire Customer Premises Equipment (CPE): + A DHCPv6-Based Prioritization Mechanism" [RFC8026]. + + * "Delivery of IPv4 Multicast Services to IPv4 Clients over an IPv6 + Multicast Network" [RFC8114] (DHCPv6 options defined in + [RFC8115]). + + The contents of the attributes defined in this document have a 1:1 + mapping into the fields of the various DHCPv6 options in [RFC7598], + [RFC8026], and [RFC8115]. Table 1 shows how the DHCPv6 options map + to the corresponding RADIUS attribute. For detailed mappings between + each DHCPv6 option field and the corresponding RADIUS attribute or + field, see Appendix A. + + +----------------------------+-----------------------+ + | DHCPv6 Option | RADIUS Attribute | + +============================+=======================+ + | OPTION_S46_RULE (89) | Softwire46-Rule | + +----------------------------+-----------------------+ + | OPTION_S46_BR (90) | Softwire46-BR | + +----------------------------+-----------------------+ + | OPTION_S46_DMR (91) | Softwire46-DMR | + +----------------------------+-----------------------+ + | OPTION_S46_V4V6BIND (92) | Softwire46-V4V6Bind | + +----------------------------+-----------------------+ + | OPTION_S46_PORTPARAMS (93) | Softwire46-PORTPARAMS | + +----------------------------+-----------------------+ + | OPTION_S46_PRIORITY (111) | Softwire46-Priority | + +----------------------------+-----------------------+ + | OPTION_V6_PREFIX64 (113) | Softwire46-Multicast | + +----------------------------+-----------------------+ + + Table 1: Mapping between DHCPv6 Options and + RADIUS Attributes + + A RADIUS attribute for Dual-Stack Lite [RFC6333] is defined in + [RFC6519]. + + This document targets deployments where a trusted relationship is in + place between the RADIUS client and server. + +2. Terminology + + The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", + "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and + "OPTIONAL" in this document are to be interpreted as described in + BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all + capitals, as shown here. + + The reader should be familiar with the concepts and terms defined in + [RFC7596], [RFC7597], [RFC7599], and [RFC8026]. + + The terms "multicast Basic Bridging BroadBand" element (mB4) and + "multicast Address Family Transition Router" element (mAFTR) are + defined in [RFC8114]. + + Softwire46 (S46) is used throughout to denote any of the IPv4-in-IPv6 + softwire mechanisms listed above. Additionally, the following + abbreviations are used within the document: + + BNG: Broadband Network Gateway + + BR: Border Relay + + CE: Customer Edge + + CoA: Change-of-Authorization + + DMR: Default Mapping Rule + + EA: Embedded Address + + lwAFTR: Lightweight Address Family Transition Router + + MAP-E: Mapping of Address and Port with Encapsulation + + MAP-T: Mapping of Address and Port using Translation + + PSID: Port Set Identifier + + TLV: Type, Length, Value + +3. New RADIUS Attributes + + This section defines the following attributes: + + 1. Softwire46-Configuration Attribute (Section 3.1): + + This attribute carries the configuration information for MAP-E, + MAP-T, and Lightweight 4over6. The configuration information for + each Softwire46 mechanism is carried in the corresponding + Softwire46 attributes. Different attributes are required for + each Softwire46 mechanism. + + 2. Softwire46-Priority Attribute (Section 3.2): + + Depending on the deployment scenario, a client may support + several different Softwire46 mechanisms. Therefore, a client may + request configuration for more than one Softwire46 mechanism at a + time. The Softwire46-Priority Attribute contains information + allowing the client to prioritize which mechanism to use, + corresponding to OPTION_S46_PRIORITY defined in [RFC8026]. + + 3. Softwire46-Multicast Attribute (Section 3.3): + + This attribute conveys the IPv6 prefixes to be used in [RFC8114] + to synthesize IPv4-embedded IPv6 addresses. The BNG uses the + IPv6 prefixes returned in the RADIUS Softwire46-Multicast + Attribute to populate the DHCPv6 PREFIX64 Option [RFC8115]. + + All of these attributes are allocated from the RADIUS "Extended Type" + code space per [RFC6929]. + + All of these attribute designs follow [RFC6158] and [RFC6929]. + + This document adheres to the guidance in [RFC8044] for defining new + RADIUS attributes. + +3.1. Softwire46-Configuration Attribute + + This attribute is of type "tlv", as defined in "Remote Authentication + Dial-In User Service (RADIUS) Protocol Extensions" [RFC6929]. It + contains some sub-attributes, with the following requirements: + + * The Softwire46-Configuration Attribute MUST contain one or more of + the following attributes: Softwire46-MAP-E, Softwire46-MAP-T, and/ + or Softwire46-Lightweight-4over6. + + * The Softwire46-Configuration Attribute conveys the configuration + information for MAP-E, MAP-T, or Lightweight 4over6. The BNG + SHALL use the configuration information returned in the RADIUS + attribute to populate the DHCPv6 Softwire46 container option(s) + defined in Section 5 of [RFC7598]. + + * The Softwire46-Configuration Attribute MAY appear in an Access- + Accept packet. It MAY also appear in an Access-Request packet to + indicate a preferred Softwire46 configuration. However, the + server is not required to honor such a preference. + + * The Softwire46-Configuration Attribute MAY appear in a CoA-Request + packet. + + * The Softwire46-Configuration Attribute MAY appear in an + Accounting-Request packet. + + * The Softwire46-Configuration Attribute MUST NOT appear in any + other RADIUS packet. + + The Softwire46-Configuration Attribute is structured as follows: + + Type + 241 + + Length + Indicates the total length, in bytes, of all fields of this + attribute, including the Type, Length, Extended-Type, and the + entire length of the embedded attributes. + + Extended-Type + 9 + + Value + Contains one or more of the following attributes. Each attribute + type may appear once at most: + + Softwire46-MAP-E + For configuring MAP-E clients. For the construction of this + attribute, refer to Section 3.1.1.1. + + Softwire46-MAP-T + For configuring MAP-T clients. For the construction of this + attribute, refer to Section 3.1.1.2. + + Softwire46-Lightweight-4over6 + For configuring Lightweight 4over6 clients. For the + construction of this attribute, refer to Section 3.1.1.3. + + The Softwire46-Configuration Attribute is associated with the + following identifier: 241.9. + +3.1.1. Softwire46 Attributes + + The Softwire46 attributes can only be encapsulated in the + Softwire46-Configuration Attribute. Depending on the deployment + scenario, a client might request more than one transition mechanism + at a time. There MUST be at least one Softwire46 attribute + encapsulated in one Softwire46-Configuration Attribute. There MUST + be at most one instance of each type of Softwire46 attribute + encapsulated in one Softwire46-Configuration Attribute. + + There are three types of Softwire46 attributes, namely: + + 1. Softwire46-MAP-E (Section 3.1.1.1) + + 2. Softwire46-MAP-T (Section 3.1.1.2) + + 3. Softwire46-Lightweight 4over6 (Section 3.1.1.3) + + Each type of Softwire46 attribute contains a number of sub- + attributes, defined in Section 3.1.3. The hierarchy of the + Softwire46 attributes is shown in Figure 1. Section 3.1.2 describes + which sub-attributes are mandatory, optional, or not permitted for + each defined Softwire46 attribute. + + /1.Rule-IPv6-Prefix + S / | + o / | 1.Softwire46-Rule --+ 2.Rule-IPv4-Prefix + f | Softwire46-MAP-E--+ | + t | | 2.Softwire46-BR | 3.EA-Length + w | | \ + i | | /1.PSID-Offset + r | | | + e | | 3.Softwire46-PORTPARAMS -----+ 2.PSID-Len + 4 | \ | + 6 | | 3.PSID + - | \ + C | + o | /1.Rule-IPv6-Prefix + n | / | + f | | 1.Softwire46-Rule---+ 2.Rule-IPv4-Prefix + i | Softwire46-MAP-T--+ | + g | | 2.Softwire46-DMR | 3.EA-Length + u | | \ + r | | /1.PSID-Offset + a | | | + t | | 3.Softwire46-PORTPARAMS------+ 2.PSID-Len + i | \ | + o | | 3.PSID + n | \ + | + A | /1.IPv4-Address + t | / | + t | | 1.Softwire46-V4V6Bind --+ 2.Bind-IPv6-Prefix + r | Softwire46- | \ + i | Lightweight-4over6+ 2.Softwire46-BR /1.PSID-Offset + b \ | | + u | 3.Softwire46-PORTPARAMS ----+ 2.PSID-Len + t \ | + e | 3.PSID + \ + + Figure 1: Softwire46 Attribute Hierarchy + +3.1.1.1. Softwire46-MAP-E Attribute + + The Softwire46-MAP-E attribute is designed to carry the configuration + information for MAP-E. The structure of Softwire46-MAP-E is shown + below: + + TLV-Type + 1 + + TLV-Length + Indicates the length of this attribute, including the TLV-Type, + TLV-Length, and TLV-Value fields. + + TLV-Value + Contains a set of sub-attributes, with the following requirements: + + It MUST contain Softwire46-Rule, defined in Section 3.1.3.1. + + It MUST contain Softwire46-BR, defined in Section 3.1.3.2. + + It MAY contain Softwire46-PORTPARAMS, defined in Section 3.1.3.5. + +3.1.1.2. Softwire46-MAP-T Attribute + + The Softwire46-MAP-T attribute is designed to carry the configuration + information for MAP-T. The structure of Softwire46-MAP-T is shown + below: + + TLV-Type + 2 + + TLV-Length + Indicates the length of this attribute, including the TLV-Type, + TLV-Length, and TLV-Value fields. + + TLV-Value + Contains a set of sub-attributes, with the following requirements: + + It MUST contain Softwire46-Rule, defined in Section 3.1.3.1. + + It MUST contain Softwire46-DMR, defined in Section 3.1.3.3. + + It MAY contain Softwire46-PORTPARAMS, defined in Section 3.1.3.5. + +3.1.1.3. Softwire46-Lightweight-4over6 Attribute + + The Softwire46-Lightweight-4over6 attribute is designed to carry the + configuration information for Lightweight 4over6. The structure of + Softwire46-Lightweight-4over6 is shown below: + + TLV-Type + 3 + + TLV-Length + Indicates the length of this attribute, including the TLV-Type, + TLV-Length, and TLV-Value fields. + + TLV-Value + Contains a set of sub-attributes as follows: + + It MUST contain Softwire46-BR, defined in Section 3.1.3.2. + + It MUST contain Softwire46-V4V6Bind, defined in Section 3.1.3.4. + + It MAY contain Softwire46-PORTPARAMS, defined in Section 3.1.3.5. + +3.1.2. Softwire46 Sub-attributes + + Table 2 shows which encapsulated sub-attributes are mandatory, + optional, or not permitted for each defined Softwire46 attribute. + + +-----------------------+-------+-------+--------------------+ + | Sub-attributes | MAP-E | MAP-T | Lightweight 4over6 | + +=======================+=======+=======+====================+ + | Softwire46-BR | 1+ | 0 | 1+ | + +-----------------------+-------+-------+--------------------+ + | Softwire46-Rule | 1 | 1 | 0 | + +-----------------------+-------+-------+--------------------+ + | Softwire46-DMR | 0 | 1 | 0 | + +-----------------------+-------+-------+--------------------+ + | Softwire46-V4V6Bind | 0 | 0 | 1 | + +-----------------------+-------+-------+--------------------+ + | Softwire46-PORTPARAMS | 0-1 | 0-1 | 0-1 | + +-----------------------+-------+-------+--------------------+ + + Table 2: Softwire46 Sub-attributes + + The following list defines the meaning of the Table 2 entries. + + 0 Not permitted + 0-1 Optional; zero or one instance of the attribute may be present. + 1 Mandatory; only one instance of the attribute must be present. + 1+ Mandatory; one or more instances of the attribute may be + present. + +3.1.3. Specification of the Softwire46 Sub-attributes + +3.1.3.1. Softwire46-Rule Attribute + + Softwire46-Rule can only be encapsulated in Softwire46-MAP-E + (Section 3.1.1.1) or Softwire46-MAP-T (Section 3.1.1.2). Depending + on the deployment scenario, one Basic Mapping Rule (BMR) and zero or + more Forwarding Mapping Rules (FMRs) MUST be included in + Softwire46-MAP-E and Softwire46-MAP-T. + + Each type of Softwire46-Rule also contains a number of sub- + attributes, including Rule-IPv6-Prefix, Rule-IPv4-Prefix, and EA- + Length. The structure of the sub-attributes for Softwire46-Rule is + defined in Section 3.1.4. + + Defining multiple TLV types achieves the same design goals as the + "Softwire46 Rule Flags" defined in Section 4.1 of [RFC7598]. Using a + TLV type set to 5 is equivalent to setting the F flag in the + OPTION_S46_RULE S46 Rule Flags field. + + TLV-Type + 4 Basic Mapping Rule only (not to be used for forwarding) + + 5 Forwarding Permitted Mapping Rule + + TLV-Length + Indicates the length of this attribute, including the TLV-Type, + TLV-Length, and TLV-Value fields. + + Data Type + The attribute Softwire46-Rule is of type "tlv" (Section 3.13 of + [RFC8044]). + + TLV-Value + This field contains a set of attributes as follows: + + Rule-IPv6-Prefix + This attribute contains the IPv6 prefix for use in the MAP + rule. Refer to Section 3.1.4.1. + + Rule-IPv4-Prefix + This attribute contains the IPv4 prefix for use in the MAP + rule. Refer to Section 3.1.4.2. + + EA-Length + This attribute contains the Embedded Address (EA) bit length. + Refer to Section 3.1.4.3. + +3.1.3.2. Softwire46-BR Attribute + + Softwire46-BR can only be encapsulated in Softwire46-MAP-E + (Section 3.1.1.1) or Softwire46-Lightweight-4over6 (Section 3.1.1.3). + + There MUST be at least one Softwire46-BR included in each + Softwire46-MAP-E or Softwire46-Lightweight-4over6. + + The structure of Softwire46-BR is shown below: + + TLV-Type + 6 + + TLV-Length + 18 octets + + Data Type + The attribute Softwire46-BR is of type "ipv6addr" (Section 3.9 of + [RFC8044]). + + TLV-Value + br-ipv6-address. A fixed-length field of 16 octets that specifies + the IPv6 address for the Softwire46 Border Relay (BR). + +3.1.3.3. Softwire46-DMR Attribute + + Softwire46-DMR may only appear in Softwire46-MAP-T (Section 3.1.1.2). + There MUST be exactly one Softwire46-DMR included in one Softwire46- + MAP-T. + + The structure of Softwire46-DMR is shown below: + + TLV-Type + 7 + + TLV-Length + 4 + length of dmr-ipv6-prefix specified in octets. + + Data Type + The attribute Softwire46-DMR is of type "ipv6prefix" (Section 3.10 + of [RFC8044]). + + TLV-Value + A variable-length (dmr-prefix6-len) field specifying the IPv6 + prefix (dmr-ipv6-prefix) for the BR. This field is right-padded + with zeros to the nearest octet boundary when dmr-prefix6-len is + not divisible by 8. Prefixes with lengths from 0 to 96 are + allowed. + +3.1.3.4. Softwire46-V4V6Bind Attribute + + Softwire46-V4V6Bind may only be encapsulated in Softwire46- + Lightweight-4over6 (Section 3.1.1.3). There MUST be exactly one + Softwire46-V4V6Bind included in each Softwire46-Lightweight-4over6. + + The structure of Softwire46-V4V6Bind is shown below: + + TLV-Type + 8 + + TLV-Length + Indicates the length of this attribute, including the TLV-Type, + TLV-Length, and TLV-Value fields. + + Data Type + The attribute Softwire46-V4V6Bind is of type "tlv" (Section 3.13 + of [RFC8044]). + + TLV-Value + This field contains a set of attributes as follows: + + IPv4-Address + This attribute contains an IPv4 address, used to specify the + full or shared IPv4 address of the CE. Refer to + Section 3.1.5.1. + + Bind-IPv6-Prefix + This attribute contains an IPv6 prefix used to indicate which + configured prefix the Softwire46 CE should use for constructing + the softwire. Refer to Section 3.1.5.2. + +3.1.3.5. Softwire46-PORTPARAMS Attribute + + Softwire46-PORTPARAMS is optional. It is used to specify port set + information for IPv4 address sharing between clients. + Softwire46-PORTPARAMS MAY be included in any of the Softwire46 + attributes. + + The structure of Softwire46-PORTPARAMS is shown below: + + TLV-Type + 9 + + TLV-Length + Indicates the length of this attribute, including the TLV-Type, + TLV-Length, and TLV-Value fields. + + Data Type + The attribute Softwire46-PORTPARAMS is of type "tlv" (Section 3.13 + of [RFC8044]). + + TLV-Value + This field contains a set of attributes as follows: + + PSID-Offset + This attribute specifies the numeric value for the Softwire46 + algorithm's excluded port range/offset bits (a bits). Refer to + Section 3.1.6.1. + + PSID-Len + This attribute specifies the number of significant bits in the + PSID field (also known as 'k'). Refer to Section 3.1.6.2. + + PSID + This attribute specifies the PSID value. Refer to + Section 3.1.6.3. + +3.1.4. Sub-attributes for Softwire46-Rule + + There are two types of Softwire46-Rule: the Basic Mapping Rule and + the Forwarding Mapping Rule, indicated by the value in the TLV-Type + field of Softwire46-Rule (Section 3.1.3.1). + + Each type of Softwire46-Rule also contains a number of sub-attributes + as detailed in the following subsections. + +3.1.4.1. Rule-IPv6-Prefix Attribute + + Rule-IPv6-Prefix is REQUIRED for every Softwire46-Rule. There MUST + be exactly one Rule-IPv6-Prefix encapsulated in each type of + Softwire46-Rule. + + Rule-IPv6-Prefix follows the framed IPv6 prefix designed in [RFC3162] + and [RFC8044]. + + The structure of Rule-IPv6-Prefix is shown below: + + TLV-Type + 10 + + TLV-Length + 4 + length of rule-ipv6-prefix specified in octets. + + Data Type + The attribute Rule-IPv6-Prefix is of type "ipv6prefix" + (Section 3.10 of [RFC8044]). + + TLV-Value + A variable-length field that specifies an IPv6 prefix (rule- + ipv6-prefix) appearing in the MAP rule. + +3.1.4.2. Rule-IPv4-Prefix Attribute + + This attribute is used to convey the MAP Rule IPv4 prefix. The + structure of Rule-IPv4-Prefix is shown below: + + TLV-Type + 11 + + TLV-Length + 4 + length of rule-ipv4-prefix specified in octets. + + Data Type + The attribute Rule-IPv4-Prefix is of type "ipv4prefix" + (Section 3.11 of [RFC8044]). + + TLV-Value + A variable-length field that specifies an IPv4 prefix (rule- + ipv4-prefix) appearing in the MAP rule. + +3.1.4.3. EA-Length Attribute + + This attribute is used to convey the Embedded Address (EA) bit + length. The structure of EA-Length is shown below: + + TLV-Type + 12 + + TLV-Length + 6 octets + + Data Type + The attribute EA-Length is of type "integer" (Section 3.1 of + [RFC8044]). + + TLV-Value + EA-len; 32 bits long. Specifies the Embedded Address (EA) bit + length. Allowed values range from 0 to 48. + +3.1.5. Attributes for Softwire46-v4v6Bind + +3.1.5.1. IPv4-Address Attribute + + The IPv4-Address MAY be used to specify the full or shared IPv4 + address of the CE. + + The structure of IPv4-Address is shown below: + + TLV-Type + 13 + + TLV-Length + 6 octets + + Data Type + The attribute IPv4-Address is of type "ipv4addr" (Section 3.8 of + [RFC8044]). + + TLV-Value + 32 bits long. Specifies the IPv4 address (ipv4-address) to appear + in Softwire46-V4V6Bind (Section 3.1.3.4). + +3.1.5.2. Bind-IPv6-Prefix Attribute + + The Bind-IPv6-Prefix is used by the CE to identify the correct IPv6 + prefix to be used as the tunnel source. + + The structure of Bind-IPv6-Prefix is shown below: + + TLV-Type + 14 + + TLV-Length + 4 + length of bind-ipv6-prefix specified in octets. + + Data Type + The attribute Bind-IPv6-Prefix is of type "ipv6prefix" + (Section 3.10 of [RFC8044]). + + TLV-Value + A variable-length field specifying the IPv6 prefix or address for + the Softwire46 CE (bind-ipv6-prefix). This field is right-padded + with zeros to the nearest octet boundary when the prefix length is + not divisible by 8. + +3.1.6. Attributes for Softwire46-PORTPARAMS + +3.1.6.1. PSID-Offset Attribute + + This attribute is used to convey the Port Set Identifier offset as + defined in [RFC7597]. This attribute is encoded in 32 bits as per + the recommendation in Appendix A.2.1 of [RFC6158]. + + The structure of PSID-Offset is shown below: + + TLV-Type + 15 + + TLV-Length + 6 octets + + Data Type + The attribute PSID-Offset is of type "integer" (Section 3.1 of + [RFC8044]). + + TLV-Value + Contains the PSID-Offset (8 bits) right justified, and the unused + bits in this field MUST be set to zero. This field specifies the + numeric value for the Softwire46 algorithm's excluded port range/ + offset bits (a bits), as per Section 5.1 of [RFC7597]. + + Default values for this field are specific to the softwire + mechanism being implemented and are defined in the relevant + specification document. + +3.1.6.2. PSID-Len Attribute + + This attribute is used to convey the PSID length as defined in + [RFC7597]. This attribute is encoded in 32 bits as per the + recommendation in Appendix A.2.1 of [RFC6158]. + + The structure of PSID-Len is shown below: + + TLV-Type + 16 + + TLV-Length + 6 octets + + Data Type + The attribute PSID-Len is of type "integer" (Section 3.1 of + [RFC8044]). + + TLV-Value + Contains the PSID-len (8 bits) right justified, and the unused + bits in this field MUST be set to zero. This field specifies the + number of significant bits in the PSID field (also known as 'k'). + When set to 0, the PSID field is to be ignored. After the first a + bits, there are k bits in the port number representing the value + of the PSID. Subsequently, the address-sharing ratio would be + 2^k. + +3.1.6.3. PSID Attribute + + This attribute is used to convey the PSID as defined in [RFC7597]. + This attribute is encoded in 32 bits as per the recommendation in + Appendix A.2.1 of [RFC6158]. + + The structure of PSID is shown below: + + TLV-Type + 17 + + TLV-Length + 6 octets + + Data Type + The attribute PSID is of type "integer" (Section 3.1 of + [RFC8044]). + + TLV-Value + Contains the PSID (16 bits) right justified, and the unused bits + in this field MUST be set to zero. + + The PSID value algorithmically identifies a set of ports assigned + to a CE. The first k bits on the left of this 2-octet field are + the PSID value. The remaining (16-k) bits on the right are + padding zeros. + +3.2. Softwire46-Priority Attribute + + The Softwire46-Priority Attribute includes an ordered list of + Softwire46 mechanisms allowing the client to prioritize which + mechanism to use, corresponding to OPTION_S46_PRIORITY defined in + [RFC8026]. The following requirements apply: + + The Softwire46-Priority Attribute MAY appear in an Access-Accept + packet. It MAY also appear in an Access-Request packet. + + The Softwire46-Priority Attribute MAY appear in a CoA-Request + packet. + + The Softwire46-Priority Attribute MAY appear in an Accounting- + Request packet. + + The Softwire46-Priority Attribute MUST NOT appear in any other + RADIUS packet. + + The Softwire46-Priority Attribute is structured as follows: + + Type + 241 + + Length + Indicates the length of this attribute, including the Type, + Length, Extended-Type and Value fields. + + Extended-Type + 10 + + TLV-Value + The attribute includes one or more Softwire46-Option-Code TLVs: A + Softwire46-Priority Attribute MUST contain at least one + Softwire46-Option-Code TLV (Section 3.2.1). + + Softwire46 mechanisms are prioritized in the appearance order in + the Softwire46-Priority Attribute. That is, the first-appearing + mechanism is most preferred. + + The Softwire46-Priority Attribute is associated with the following + identifier: 241.10. + +3.2.1. Softwire46-Option-Code + + This attribute is used to convey an option code assigned to a + Softwire46 mechanism [RFC8026]. This attribute is encoded in 32 bits + as per the recommendation in Appendix A.2.1 of [RFC6158]. + + The structure of Softwire46-Option-Code is shown below: + + TLV-Type + 18 + + TLV-Length + 6 octets + + Data Type + The attribute Softwire46-Option-Code is of type "integer" + (Section 3.1 of [RFC8044]). + + TLV-Value + A 32-bit IANA-registered option code representing a Softwire46 + mechanism (Softwire46-option-code). The codes and their + corresponding Softwire46 mechanisms are listed in Section 7.3. + +3.3. Softwire46-Multicast Attribute + + The Softwire46-Multicast Attribute conveys the IPv6 prefixes to be + used to synthesize multicast and unicast IPv4-embedded IPv6 addresses + as per [RFC8114]. This attribute is of type "tlv" and contains + additional TLVs. The following requirements apply: + + * The BNG SHALL use the IPv6 prefixes returned in the RADIUS + Softwire46-Multicast Attribute to populate the DHCPv6 PREFIX64 + Option [RFC8115]. + + * This attribute MAY be used in Access-Request packets as a hint to + the RADIUS server. For example, if the BNG is preconfigured for + Softwire46-Multicast, these prefixes may be inserted in the + attribute. The RADIUS server MAY ignore the hint sent by the BNG, + and it MAY assign a different Softwire46-Multicast Attribute. + + * The Softwire46-Multicast Attribute MAY appear in an Access- + Request, Access-Accept, CoA-Request, and Accounting-Request + packet. + + * The Softwire46-Multicast Attribute MUST NOT appear in any other + RADIUS packet. + + * The Softwire46-Multicast Attribute MAY contain ASM-Prefix64 + (Section 3.3.1), SSM-Prefix64 (Section 3.3.2), and U-Prefix64 + (Section 3.3.3). + + * The Softwire46-Multicast Attribute MUST include ASM-Prefix64 or + SSM-Prefix64, and it MAY include both. + + * The U-Prefix64 MUST be present when SSM-Prefix64 is present. + U-Prefix64 MAY be present when ASM-Prefix64 is present. + + The Softwire46-Multicast Attribute is structured as follows: + + Type + 241 + + Length + This field indicates the total length in bytes of all fields of + this attribute, including the Type, Length, Extended-Type, and the + entire length of the embedded attributes. + + Extended-Type + 11 + + Value + This field contains a set of attributes as follows: + + ASM-Prefix64 + This attribute contains the Any-Source Multicast (ASM) IPv6 + prefix. Refer to Section 3.3.1. + + SSM-Prefix64 + This attribute contains the Source-Source Multicast (SSM) IPv6 + prefix. Refer to Section 3.3.2. + + U-Prefix64 + This attribute contains the IPv4 prefix used for address + translation. Refer to Section 3.3.3. + + The Softwire46-Multicast Attribute is associated with the following + identifier: 241.11. + +3.3.1. ASM-Prefix64 Attribute + + The ASM-Prefix64 attribute is structured as follows: + + TLV-Type + 19 + + TLV-Length + 16 octets. The length of asm-prefix64 must be /96 [RFC8115]. + + Data Type + The attribute ASM-Prefix64 is of type "ipv6prefix" (Section 3.10 + of [RFC8044]). + + TLV-Value + This field specifies the IPv6 multicast prefix (asm-prefix64) to + be used to synthesize the IPv4-embedded IPv6 addresses of the + multicast groups in the ASM mode. The conveyed multicast IPv6 + prefix MUST belong to the ASM range. + +3.3.2. SSM-Prefix64 Attribute + + The SSM-Prefix64 attribute is structured as follows: + + Type + 20 + + TLV-Length + 16 octets. The length of ssm-prefix64 must be /96 [RFC8115]. + + Data Type + The attribute SSM-Prefix64 is of type "ipv6prefix" (Section 3.10 + of [RFC8044]). + + TLV-Type + This field specifies the IPv6 multicast prefix (ssm-prefix64) to + be used to synthesize the IPv4-embedded IPv6 addresses of the + multicast groups in the SSM mode. The conveyed multicast IPv6 + prefix MUST belong to the SSM range. + +3.3.3. U-Prefix64 Attribute + + The structure of U-Prefix64 is shown below: + + TLV-Type + 21 + + TLV-Length + 4 + length of unicast-prefix. As specified in [RFC6052], the + unicast-prefix prefix length MUST be set to 32, 40, 48, 56, 64, or + 96. + + Data Type + The attribute U-Prefix64 is of type "ipv6prefix" (Section 3.10 of + [RFC8044]). + + TLV-Value + This field identifies the IPv6 unicast prefix (u-prefix64) to be + used in the SSM mode for constructing the IPv4-embedded IPv6 + addresses representing the IPv4 multicast sources in the IPv6 + domain. It may also be used to extract the IPv4 address from the + received multicast data flows. + +4. A Sample Configuration Process with RADIUS + + Figure 2 illustrates how the RADIUS and DHCPv6 protocols interwork to + provide CE with softwire configuration information. + + + CE BNG AAA Server + | | | + |-------1.DHCPv6 Solicit------->| | + |(ORO with unicast and/or | | + | multicast container option | | + | codes(s)) | | + | |-------2.Access-Request------->| + | | (Softwire46-Configuration | + | | Attribute and/or | + | |Softwire46-Multicast Attribute)| + | | | + | |<------3.Access-Accept---------| + | | (Softwire46-Configuration | + | | Attribute and/or | + | |Softwire46-Multicast Attribute)| + | | | + |<----4.DHCPv6 Advertisement----| | + | (container option(s)) | | + | | | + |-------5.DHCPv6 Request------>| | + | (container option(s)) | | + | | | + |<--------6.DHCPv6 Reply--------| | + | (container option(s)) | | + | | | + DHCPv6 RADIUS + + Figure 2: Interaction between DHCPv6 and AAA Server with + RADIUS Authentication + + 1. The CE creates a DHCPv6 Solicit message. For unicast softwire + configuration, the message includes an OPTION_REQUEST_OPTION (6) + with the Softwire46 Container option code(s) as defined in + [RFC7598]. OPTION_S46_CONT_MAPE (94) should be included for MAP- + E, OPTION_S46_CONT_MAPT (95) for MAP-T, and OPTION_S46_CONT_LW + (96) for Lightweight 4over6. For multicast configuration, the + option number for OPTION_V6_PREFIX64 (113) is included in the + client's Option Request Option (ORO). The message is sent to the + BNG. + + 2. On receipt of the DHCPv6 Solicit message, the BNG constructs a + RADIUS Access-Request message containing a User-Name Attribute + (1) (containing either a CE Media Access Control (MAC) address, + interface-id, or both) and a User-Password Attribute (2) (with a + preconfigured shared password between the CE and AAA server as + defined in [RFC2865]). The Softwire46-Configuration Attribute + and/or Softwire46-Multicast Attribute are also included (as + requested by the client). The resulting message is sent to the + AAA server. + + 3. The AAA server authenticates the request. If this is successful, + and a suitable configuration is available, an Access-Accept + message is sent to the BNG containing the requested + Softwire46-Configuration Attribute or Softwire46-Multicast + Attribute. It is the responsibility of the AAA server to ensure + the consistency of the provided configuration. + + 4. The BNG maps the received softwire configuration into the + corresponding fields in the DHCPv6 softwire configuration + option(s). These are included in the DHCPv6 Advertise message, + which is sent to the CE. + + 5. The CE sends a DHCPv6 Request message. In the ORO, the option + codes of any of the required softwire options that were received + in the DHCPv6 Advertise message are included. + + 6. The BNG sends a DHCPv6 Reply message to the client containing the + softwire container option(s) enumerated in the ORO. + + The authorization operation could be done independently after the + authentication process. In this case, steps 1-5 are completed as + above, then the following steps are performed: + + 6a. When the BNG receives the DHCPv6 Request, it constructs a RADIUS + Access-Request message, which contains a Service-Type Attribute + (6) with the value "Authorize Only" (17), the corresponding + Softwire46-Configuration Attribute, and a State Attribute + obtained from the previous authentication process according to + [RFC5080]. The resulting message is sent to the AAA server. + + 7a. The AAA server checks the authorization request. If it is + approved, an Access-Accept message is returned to the BNG with + the corresponding Softwire46-Configuration Attribute. + + 8a. The BNG sends a Reply message to the client containing the + softwire container options enumerated in the ORO. + + In addition to the above, the following points need to be considered: + + * In the configuration message flows described above, the Message- + Authenticator (type 80) [RFC2869] should be used to protect both + Access-Request and Access-Accept messages. + + * If the BNG does not receive the corresponding + Softwire46-Configuration Attribute in the Access-Accept message, + it may fall back to creating the DHCPv6 softwire configuration + options using the preconfigured Softwire46 configuration if this + is present. + + * If the BNG receives an Access-Reject from the AAA server, then the + Softwire46 configuration must not be supplied to the client. + + * As specified in Section 18.2.5 of [RFC8415] ("Creation and + Transmission of Rebind Messages") if the DHCPv6 server to which + the DHCPv6 Renew message was sent at time T1 has not responded by + time T2, the CE (DHCPv6 client) should enter the Rebind state and + attempt to contact any available server. In this situation, a + secondary BNG receiving the DHCPv6 message must initiate a new + Access-Request message towards the AAA server. The secondary BNG + includes the Softwire46-Configuration Attribute in this Access- + Request message. + + * For Lightweight 4over6, the CE's binding state needs to be + synchronized between the clients and the Lightweight AFTR + (lwAFTR)/BR. This can be achieved in two ways: static + preconfiguration of the bindings on both the AAA server and lwAFTR + or on demand, whereby the AAA server updates the lwAFTR with the + CE's binding state as it is created or deleted. + + In some deployments, the DHCP server may use the Accounting-Request + to report the softwire configuration returned to a requesting host to + a AAA server. It is the responsibility of the DHCP server to ensure + the consistency of the configuration provided to the requesting + hosts. Reported data to a AAA server may be required for various + operational purposes (e.g., regulatory). + + A configuration change (e.g., BR address) may result in an exchange + of CoA-Requests between the BNG and the AAA server, as shown in + Figure 3. Concretely, when the BNG receives a CoA-Request message + containing Softwire46 attributes, it sends a DHCPv6 Reconfigure + message to the appropriate CE to inform that CE that an updated + configuration is available. Upon receipt of such a message, the CE + sends a DHCPv6 Renew or Information-Request in order to receive the + updated Softwire46 configuration. In deployments where the BNG + embeds a DHCPv6 relay, CoA-Requests can be used following the + procedure specified in [RFC6977]. + + CE BNG AAA Server + | | | + |---DHCPv6 Solicit--------->| | + | |---Access-Request---------->| + | |<--Access-Accept------------| + | |(Softwire46-Configuration | + | | Attribute ...) | + .... + | | | + | |<-----CoA-Request-----------| + | |(Softwire46-Configuration | + | | Attribute ...) | + | |------CoA-Response--------->| + |<--DHCPv6 Reconfigure------| | + | | | + .... + + Figure 3: Change of Configuration Example + +5. Table of Attributes + + This document specifies three new RADIUS attributes, and their + formats are as follows: + + * Softwire46-Configuration Attribute: 241.9 + + * Softwire46-Priority Attribute: 241.10 + + * Softwire46-Multicast Attribute: 241.11 + + Table 3 describes which attributes may be found in which kinds of + packets and in what quantity. + + +-------+------+------+---------+----+-------+------+---------------+ + |Request|Accept|Reject|Challenge|Acct|CoA-Req| # | Attribute | + | | | | |Req | | | | + +=======+======+======+=========+====+=======+======+===============+ + | 0-1 | 0-1 | 0 | 0 |0-1 | 0-1 |241.9 | Softwire46- | + | | | | | | | | Configuration | + +-------+------+------+---------+----+-------+------+---------------+ + | 0-1 | 0-1 | 0 | 0 |0-1 | 0-1 |241.10| Softwire46- | + | | | | | | | | Priority | + +-------+------+------+---------+----+-------+------+---------------+ + | 0-1 | 0-1 | 0 | 0 |0-1 | 0-1 |241.11| Softwire46- | + | | | | | | | | Multicast | + +-------+------+------+---------+----+-------+------+---------------+ + + Table 3: Table of Attributes + +6. Security Considerations + + Section 9 of [RFC7596] discusses security issues related to + Lightweight 4over6; Section 10 of [RFC7597] discusses security issues + related to MAP-E; Section 13 of [RFC7599] discusses security issues + related to MAP-T; and Section 9 of [RFC8114] discusses security + issues related to the delivery of IPv4 multicast services to IPv4 + clients over an IPv6 multicast network. + + This document does not introduce any security issues inherently + different from those already identified in Section 8 of [RFC2865] and + Section 6 of [RFC5176] for CoA messages. Known security + vulnerabilities of the RADIUS protocol discussed in Section 7 of + [RFC2607] and Section 7 of [RFC2869] apply to this specification. + These well-established properties of the RADIUS protocol place some + limitations on how it can safely be used, since there is some + inherent requirement to trust the counterparty to not misbehave. + + Accordingly, this document targets deployments where a trusted + relationship is in place between the RADIUS client and server, with + communication optionally secured by IPsec or Transport Layer Security + (TLS) [RFC6614]. The use of IPsec [RFC4301] for providing security + when RADIUS is carried in IPv6 is discussed in [RFC3162]. + + Security considerations for interactions between a Softwire46 CE and + the BNG are discussed in Section 9 of [RFC7598] (DHCPv6 options for + the configuration of Softwire46 address and port-mapped clients), + Section 3 of [RFC8026] (a DHCPv6-based Softwire46 prioritization + mechanism), and Section 5 of [RFC8115] (DHCPv6 options for + configuration of IPv4-embedded IPv6 prefixes). + +7. IANA Considerations + + IANA has made new code point assignments for RADIUS attributes as + described in the following subsections. The assignments should use + the RADIUS registry available at <https://www.iana.org/assignments/ + radius-types/>. + +7.1. New RADIUS Attributes + + IANA has assigned the attribute types defined in this document from + the RADIUS namespace as described in Section 2 (IANA Considerations) + of [RFC3575], in accordance with BCP 26 [RFC8126]. + + IANA has registered three new RADIUS attributes from the "Short + Extended Space" section of [RFC6929]. The attributes are the + Softwire46-Configuration Attribute, Softwire46-Priority Attribute, + and Softwire46-Multicast Attribute: + + +--------+--------------------------+-----------+-------------+ + | Type | Description | Data Type | Reference | + +========+==========================+===========+=============+ + | 241.9 | Softwire46-Configuration | tlv | Section 3.1 | + +--------+--------------------------+-----------+-------------+ + | 241.10 | Softwire46-Priority | tlv | Section 3.2 | + +--------+--------------------------+-----------+-------------+ + | 241.11 | Softwire46-Multicast | tlv | Section 3.3 | + +--------+--------------------------+-----------+-------------+ + + Table 4: New RADIUS Attributes + +7.2. RADIUS Softwire46 Configuration and Multicast Attributes + + IANA has created a new registry called "RADIUS Softwire46 + Configuration and Multicast Attributes". + + All attributes in this registry have one or more parent RADIUS + attributes in nesting (refer to [RFC6929]). + + This registry has been initially populated with the following values: + + +--------+-------------------------------+------------+-----------+ + | Value | Description | Data Type | Reference | + +========+===============================+============+===========+ + | 0 | Reserved | | | + +--------+-------------------------------+------------+-----------+ + | 1 | Softwire46-MAP-E | tlv | Section | + | | | | 3.1.1.1 | + +--------+-------------------------------+------------+-----------+ + | 2 | Softwire46-MAP-T | tlv | Section | + | | | | 3.1.1.2 | + +--------+-------------------------------+------------+-----------+ + | 3 | Softwire46-Lightweight-4over6 | tlv | Section | + | | | | 3.1.1.3 | + +--------+-------------------------------+------------+-----------+ + | 4 | Softwire46-Rule (BMR) | tlv | Section | + | | | | 3.1.3.1 | + +--------+-------------------------------+------------+-----------+ + | 5 | Softwire46-Rule (FMR) | tlv | Section | + | | | | 3.1.3.1 | + +--------+-------------------------------+------------+-----------+ + | 6 | Softwire46-BR | ipv6addr | Section | + | | | | 3.1.3.2 | + +--------+-------------------------------+------------+-----------+ + | 7 | Softwire46-DMR | ipv6prefix | Section | + | | | | 3.1.3.3 | + +--------+-------------------------------+------------+-----------+ + | 8 | Softwire46-V4V6Bind | tlv | Section | + | | | | 3.1.3.4 | + +--------+-------------------------------+------------+-----------+ + | 9 | Softwire46-PORTPARAMS | tlv | Section | + | | | | 3.1.3.5 | + +--------+-------------------------------+------------+-----------+ + | 10 | Rule-IPv6-Prefix | ipv6prefix | Section | + | | | | 3.1.4.1 | + +--------+-------------------------------+------------+-----------+ + | 11 | Rule-IPv4-Prefix | ipv4prefix | Section | + | | | | 3.1.4.2 | + +--------+-------------------------------+------------+-----------+ + | 12 | EA-Length | integer | Section | + | | | | 3.1.4.3 | + +--------+-------------------------------+------------+-----------+ + | 13 | IPv4-Address | ipv4addr | Section | + | | | | 3.1.5.1 | + +--------+-------------------------------+------------+-----------+ + | 14 | Bind-IPv6-Prefix | ipv6prefix | Section | + | | | | 3.1.5.2 | + +--------+-------------------------------+------------+-----------+ + | 15 | PSID-Offset | integer | Section | + | | | | 3.1.6.1 | + +--------+-------------------------------+------------+-----------+ + | 16 | PSID-Len | integer | Section | + | | | | 3.1.6.2 | + +--------+-------------------------------+------------+-----------+ + | 17 | PSID | integer | Section | + | | | | 3.1.6.3 | + +--------+-------------------------------+------------+-----------+ + | 18 | Softwire46-Option-Code | integer | Section | + | | | | 3.2.1 | + +--------+-------------------------------+------------+-----------+ + | 19 | ASM-Prefix64 | ipv6prefix | Section | + | | | | 3.3.1 | + +--------+-------------------------------+------------+-----------+ + | 20 | SSM-Prefix64 | ipv6prefix | Section | + | | | | 3.3.2 | + +--------+-------------------------------+------------+-----------+ + | 21 | U-Prefix64 | ipv6prefix | Section | + | | | | 3.3.3 | + +--------+-------------------------------+------------+-----------+ + | 22-255 | Unassigned | | | + +--------+-------------------------------+------------+-----------+ + + Table 5: RADIUS Softwire46 Configuration and Multicast Attributes + + The registration procedure for this registry is Standards Action as + defined in [RFC8126]. + +7.3. Softwire46 Mechanisms and Their Identifying Option Codes + + The Softwire46-Priority Attribute conveys an ordered list of option + codes assigned to Softwire46 mechanisms, for which IANA has created + and will maintain a new registry titled "Option Codes Permitted in + the Softwire46-Priority Attribute". + + Table 6 shows the initial version of allowed option codes and the + Softwire46 mechanisms that they represent. The option code for DS- + Lite is derived from the IANA-allocated RADIUS Attribute Type value + for DS-Lite [RFC6519]. The option codes for MAP-E, MAP-T, and + Lightweight 4over6 are the TLV-Type values for the MAP-E, MAP-T, and + Lightweight 4over6 attributes defined in Section 3.1.1. + + +-------------+----------------------+-----------+ + | Option Code | Softwire46 Mechanism | Reference | + +=============+======================+===========+ + | 1 | MAP-E | [RFC7597] | + +-------------+----------------------+-----------+ + | 2 | MAP-T | [RFC7599] | + +-------------+----------------------+-----------+ + | 3 | Lightweight 4over6 | [RFC7596] | + +-------------+----------------------+-----------+ + | 144 | DS-Lite | [RFC6519] | + +-------------+----------------------+-----------+ + + Table 6: Option Codes to S46 Mechanisms + + Additional option codes may be added to this list in the future using + the IETF Review process described in Section 4.8 of [RFC8126]. + +8. References + +8.1. Normative References + + [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate + Requirement Levels", BCP 14, RFC 2119, + DOI 10.17487/RFC2119, March 1997, + <https://www.rfc-editor.org/info/rfc2119>. + + [RFC2865] Rigney, C., Willens, S., Rubens, A., and W. Simpson, + "Remote Authentication Dial In User Service (RADIUS)", + RFC 2865, DOI 10.17487/RFC2865, June 2000, + <https://www.rfc-editor.org/info/rfc2865>. + + [RFC3162] Aboba, B., Zorn, G., and D. Mitton, "RADIUS and IPv6", + RFC 3162, DOI 10.17487/RFC3162, August 2001, + <https://www.rfc-editor.org/info/rfc3162>. + + [RFC3575] Aboba, B., "IANA Considerations for RADIUS (Remote + Authentication Dial In User Service)", RFC 3575, + DOI 10.17487/RFC3575, July 2003, + <https://www.rfc-editor.org/info/rfc3575>. + + [RFC5080] Nelson, D. and A. DeKok, "Common Remote Authentication + Dial In User Service (RADIUS) Implementation Issues and + Suggested Fixes", RFC 5080, DOI 10.17487/RFC5080, December + 2007, <https://www.rfc-editor.org/info/rfc5080>. + + [RFC5176] Chiba, M., Dommety, G., Eklund, M., Mitton, D., and B. + Aboba, "Dynamic Authorization Extensions to Remote + Authentication Dial In User Service (RADIUS)", RFC 5176, + DOI 10.17487/RFC5176, January 2008, + <https://www.rfc-editor.org/info/rfc5176>. + + [RFC6052] Bao, C., Huitema, C., Bagnulo, M., Boucadair, M., and X. + Li, "IPv6 Addressing of IPv4/IPv6 Translators", RFC 6052, + DOI 10.17487/RFC6052, October 2010, + <https://www.rfc-editor.org/info/rfc6052>. + + [RFC6158] DeKok, A., Ed. and G. Weber, "RADIUS Design Guidelines", + BCP 158, RFC 6158, DOI 10.17487/RFC6158, March 2011, + <https://www.rfc-editor.org/info/rfc6158>. + + [RFC6929] DeKok, A. and A. Lior, "Remote Authentication Dial In User + Service (RADIUS) Protocol Extensions", RFC 6929, + DOI 10.17487/RFC6929, April 2013, + <https://www.rfc-editor.org/info/rfc6929>. + + [RFC8026] Boucadair, M. and I. Farrer, "Unified IPv4-in-IPv6 + Softwire Customer Premises Equipment (CPE): A DHCPv6-Based + Prioritization Mechanism", RFC 8026, DOI 10.17487/RFC8026, + November 2016, <https://www.rfc-editor.org/info/rfc8026>. + + [RFC8044] DeKok, A., "Data Types in RADIUS", RFC 8044, + DOI 10.17487/RFC8044, January 2017, + <https://www.rfc-editor.org/info/rfc8044>. + + [RFC8115] Boucadair, M., Qin, J., Tsou, T., and X. Deng, "DHCPv6 + Option for IPv4-Embedded Multicast and Unicast IPv6 + Prefixes", RFC 8115, DOI 10.17487/RFC8115, March 2017, + <https://www.rfc-editor.org/info/rfc8115>. + + [RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for + Writing an IANA Considerations Section in RFCs", BCP 26, + RFC 8126, DOI 10.17487/RFC8126, June 2017, + <https://www.rfc-editor.org/info/rfc8126>. + + [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC + 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, + May 2017, <https://www.rfc-editor.org/info/rfc8174>. + + [RFC8415] Mrugalski, T., Siodelski, M., Volz, B., Yourtchenko, A., + Richardson, M., Jiang, S., Lemon, T., and T. Winters, + "Dynamic Host Configuration Protocol for IPv6 (DHCPv6)", + RFC 8415, DOI 10.17487/RFC8415, November 2018, + <https://www.rfc-editor.org/info/rfc8415>. + +8.2. Informative References + + [LIGHTWEIGHT-4OVER6] + Xie, C., Sun, Q., Qiong, Q., Zhou, C., Tsou, T., and Z. + Liu, "Radius Extension for Lightweight 4over6", Work in + Progress, Internet-Draft, draft-sun-softwire-lw4over6- + radext-01, 6 March 2014, <https://tools.ietf.org/html/ + draft-sun-softwire-lw4over6-radext-01>. + + [RADIUS-EXT] + Wang, Q., Meng, W., Wang, C., and M. Boucadair, "RADIUS + Extensions for IPv4-Embedded Multicast and Unicast IPv6 + Prefixes", Work in Progress, Internet-Draft, draft-wang- + radext-multicast-radius-ext-00, 2 December 2015, + <https://tools.ietf.org/html/draft-wang-radext-multicast- + radius-ext-00>. + + [RFC2607] Aboba, B. and J. Vollbrecht, "Proxy Chaining and Policy + Implementation in Roaming", RFC 2607, + DOI 10.17487/RFC2607, June 1999, + <https://www.rfc-editor.org/info/rfc2607>. + + [RFC2869] Rigney, C., Willats, W., and P. Calhoun, "RADIUS + Extensions", RFC 2869, DOI 10.17487/RFC2869, June 2000, + <https://www.rfc-editor.org/info/rfc2869>. + + [RFC4301] Kent, S. and K. Seo, "Security Architecture for the + Internet Protocol", RFC 4301, DOI 10.17487/RFC4301, + December 2005, <https://www.rfc-editor.org/info/rfc4301>. + + [RFC6333] Durand, A., Droms, R., Woodyatt, J., and Y. Lee, "Dual- + Stack Lite Broadband Deployments Following IPv4 + Exhaustion", RFC 6333, DOI 10.17487/RFC6333, August 2011, + <https://www.rfc-editor.org/info/rfc6333>. + + [RFC6346] Bush, R., Ed., "The Address plus Port (A+P) Approach to + the IPv4 Address Shortage", RFC 6346, + DOI 10.17487/RFC6346, August 2011, + <https://www.rfc-editor.org/info/rfc6346>. + + [RFC6519] Maglione, R. and A. Durand, "RADIUS Extensions for Dual- + Stack Lite", RFC 6519, DOI 10.17487/RFC6519, February + 2012, <https://www.rfc-editor.org/info/rfc6519>. + + [RFC6614] Winter, S., McCauley, M., Venaas, S., and K. Wierenga, + "Transport Layer Security (TLS) Encryption for RADIUS", + RFC 6614, DOI 10.17487/RFC6614, May 2012, + <https://www.rfc-editor.org/info/rfc6614>. + + [RFC6977] Boucadair, M. and X. Pougnard, "Triggering DHCPv6 + Reconfiguration from Relay Agents", RFC 6977, + DOI 10.17487/RFC6977, July 2013, + <https://www.rfc-editor.org/info/rfc6977>. + + [RFC7596] Cui, Y., Sun, Q., Boucadair, M., Tsou, T., Lee, Y., and I. + Farrer, "Lightweight 4over6: An Extension to the Dual- + Stack Lite Architecture", RFC 7596, DOI 10.17487/RFC7596, + July 2015, <https://www.rfc-editor.org/info/rfc7596>. + + [RFC7597] Troan, O., Ed., Dec, W., Li, X., Bao, C., Matsushima, S., + Murakami, T., and T. Taylor, Ed., "Mapping of Address and + Port with Encapsulation (MAP-E)", RFC 7597, + DOI 10.17487/RFC7597, July 2015, + <https://www.rfc-editor.org/info/rfc7597>. + + [RFC7598] Mrugalski, T., Troan, O., Farrer, I., Perreault, S., Dec, + W., Bao, C., Yeh, L., and X. Deng, "DHCPv6 Options for + Configuration of Softwire Address and Port-Mapped + Clients", RFC 7598, DOI 10.17487/RFC7598, July 2015, + <https://www.rfc-editor.org/info/rfc7598>. + + [RFC7599] Li, X., Bao, C., Dec, W., Ed., Troan, O., Matsushima, S., + and T. Murakami, "Mapping of Address and Port using + Translation (MAP-T)", RFC 7599, DOI 10.17487/RFC7599, July + 2015, <https://www.rfc-editor.org/info/rfc7599>. + + [RFC8114] Boucadair, M., Qin, C., Jacquenet, C., Lee, Y., and Q. + Wang, "Delivery of IPv4 Multicast Services to IPv4 Clients + over an IPv6 Multicast Network", RFC 8114, + DOI 10.17487/RFC8114, March 2017, + <https://www.rfc-editor.org/info/rfc8114>. + +Appendix A. DHCPv6 to RADIUS Field Mappings + + The following sections detail the mappings between the softwire + DHCPv6 option fields and the relevant RADIUS attributes as defined in + this document. + +A.1. OPTION_S46_RULE (89) to Softwire46-Rule Sub-TLV Field Mappings + + +-----------------------+----------------------+------------------+ + | OPTION_S46_RULE Field | Softwire46-Rule Name | TLV Subfield | + +=======================+======================+==================+ + | flags | N/A | TLV-type (4, 5) | + +-----------------------+----------------------+------------------+ + | ea-len | EA-Length | EA-len | + +-----------------------+----------------------+------------------+ + | prefix4-len | Rule-IPv4-Prefix | Prefix-Length | + +-----------------------+----------------------+------------------+ + | ipv4-prefix | Rule-IPv4-Prefix | rule-ipv4-prefix | + +-----------------------+----------------------+------------------+ + | prefix6-len | Rule-IPv6-Prefix | Prefix-Length | + +-----------------------+----------------------+------------------+ + | ipv6-prefix | Rule-IPv6-Prefix | rule-ipv6-prefix | + +-----------------------+----------------------+------------------+ + + Table 7: OPTION_S46_RULE to Softwire46-Rule Sub-TLV Field Mappings + +A.2. OPTION_S46_BR (90) to Softwire46-BR Field Mappings + + +---------------------+------------------------+ + | OPTION_S46_BR Field | Softwire46-BR Subfield | + +=====================+========================+ + | br-ipv6-address | br-ipv6-address | + +---------------------+------------------------+ + + Table 8: OPTION_S46_BR to Softwire46-BR + Field Mappings + +A.3. OPTION_S46_DMR (91) to Softwire46-DMR + + +----------------------+-------------------------+ + | OPTION_S46_DMR Field | Softwire46-DMR Subfield | + +======================+=========================+ + | dmr-prefix6-len | dmr-prefix6-len | + +----------------------+-------------------------+ + | dmr-ipv6-prefix | dmr-ipv6-prefix | + +----------------------+-------------------------+ + + Table 9: OPTION_S46_DMR to Softwire46-DMR + Field Mappings + +A.4. OPTION_S46_V4V6BIND (92) to Softwire46-V4V6Bind + + +---------------------+---------------------+------------------+ + | OPTION_S46_V4V6BIND | Softwire46-V4V6Bind | TLV Subfield | + | Field | Name | | + +=====================+=====================+==================+ + | ipv4-address | IPv4-Address | ipv4-address | + +---------------------+---------------------+------------------+ + | bindprefix6-len | Bind-IPv6-Prefix | Prefix-Length | + +---------------------+---------------------+------------------+ + | bind-ipv6-prefix | Bind-IPv6-Prefix | bind-ipv6-prefix | + +---------------------+---------------------+------------------+ + + Table 10: OPTION_S46_V4V6BIND to Softwire46-V4V6Bind + Field Mappings + +A.5. OPTION_S46_PORTPARAMS (93) to Softwire46-PORTPARAMS Field Mappings + + +-----------------------------+-----------------------+-------------+ + | OPTION_S46_PORTPARAMS | Softwire46-PORTPARAMS | TLV | + | Field | Name | Subfield | + +=============================+=======================+=============+ + | offset | PSID-Offset | PSID-Offset | + +-----------------------------+-----------------------+-------------+ + | PSID-len | PSID-Len | PSID-len | + +-----------------------------+-----------------------+-------------+ + | PSID | PSID | PSID | + +-----------------------------+-----------------------+-------------+ + + Table 11: OPTION_S46_PORTPARAMS to Softwire46-PORTPARAMS + Field Mappings + +A.6. OPTION_S46_PRIORITY (111) to Softwire46-PORTPARAMS Field Mappings + + +---------------------------+------------------------+ + | OPTION_S46_PRIORITY Field | Softwire46-Priority | + | | Attribute Subfield | + +===========================+========================+ + | s46-option-code | Softwire46-option-code | + +---------------------------+------------------------+ + + Table 12: OPTION_S46_PRIORITY to + Softwire46-PORTPARAMS Field Mappings + +A.7. OPTION_V6_PREFIX64 (113) to Softwire46-Multicast Attribute Field + Mappings + + +--------------------------+----------------------+---------------+ + | OPTION_V6_PREFIX64 Field | Softwire46-Multicast | TLV Subfield | + | | Attribute TLV Name | | + +==========================+======================+===============+ + | asm-length | ASM-Prefix64 | Prefix-Length | + +--------------------------+----------------------+---------------+ + | ASM_mPrefix64 | ASM-Prefix64 | asm-prefix64 | + +--------------------------+----------------------+---------------+ + | ssm-length | SSM-Prefix64 | Prefix-Length | + +--------------------------+----------------------+---------------+ + | SSM_mPrefix64 | SSM-Prefix64 | ssm-prefix64 | + +--------------------------+----------------------+---------------+ + | unicast-length | U-Prefix64 | Prefix-Length | + +--------------------------+----------------------+---------------+ + | uPrefix64 | U-Prefix64 | u-prefix64 | + +--------------------------+----------------------+---------------+ + + Table 13: OPTION_V6_PREFIX64 to Softwire46-Multicast Field Mappings + +Acknowledgements + + The authors would like to thank Peter Lothberg, Wojciech Dec, Ian + Farrer, Suresh Krishnan, Qian Wang, Wei Meng, Cui Wang, Alan Dekok, + Stefan Winter, and Yu Tianpeng for their valuable comments regarding + this document. + + This document was merged with [LIGHTWEIGHT-4OVER6] and [RADIUS-EXT]. + Thanks to everyone who contributed to this document. + + Many thanks to Al Morton, Bernie Volz, Joel Halpern, and Donald + Eastlake for the review. + +Contributors + + Bing Liu + Huawei Technologies Co., Ltd. + China + + Email: leo.liubing@huawei.com + + Peter Deacon + IEA Software, Inc. + United States of America + + Email: peterd@iea-software.com + + Qiong Sun + China Telecom + China + + Email: sunqiong@ctbri.com.cn + + Qi Sun + Tsinghua University + China + + Email: sunqibupt@gmail.com + + Cathy Zhou + Huawei Technologies + China + + Email: cathy.zhou@huawei.com + + Tina Tsou + Huawei Technologies (USA) + United States of America + + Email: Tina.Tsou.Zouting@huawei.com + + ZiLong Liu + Tsinghua University + China + + Email: liuzilong8266@126.com + + Yong Cui + Tsinghua University + China + + Email: yong@csnet1.cs.tsinghua.edu.cn + +Authors' Addresses + + Sheng Jiang (editor) + China + Hai-Dian District, Beijing, 100095 + Q14, Huawei Campus, No.156 Beiqing Road + Huawei Technologies Co., Ltd. + + Email: jiangsheng@huawei.com + + + Yu Fu (editor) + China + Hai-Dian District, Beijing, 100190 + No.4 South 4th Street, Zhongguancun + CNNIC + + Email: eleven711711@foxmail.com + + + Chongfeng Xie + China + Beijing + China Telecom + + Email: xiechf.bri@chinatelecom.cn + + + Tianxiang Li + China + 100084 + Beijing + Tsinghua University + + Email: peter416733@gmail.com + + + Mohamed Boucadair (editor) + Orange + 35000 Rennes + France + + Email: mohamed.boucadair@orange.com |