Softwire S. Jiang, Ed.
Internet-Draft Huawei Technologies Co., Ltd
Intended status: Standards Track Y. Fu, Ed.
Expires: October 7, 2019 CNNIC
B. Liu
Huawei Technologies Co., Ltd
P. Deacon
IEA Software, Inc.
C. Xie
China Telecom
T. Li
Tsinghua University
M. Boucadair, Ed.
Orange
April 5, 2019

RADIUS Attributes for Address plus Port (A+P) based Softwire Mechanisms
draft-ietf-softwire-map-radius-22

Abstract

IPv4-over-IPv6 transition mechanisms provide IPv4 connectivity services over IPv6 native networks during the IPv4/IPv6 co-existence period. DHCPv6 options have been defined for configuring clients for Lightweight 4over6, Mapping of Address and Port with Encapsulation, and Mapping of Address and Port using Translation unicast softwire mechanisms, and also multicast softwires. However, in many networks, configuration information is stored in an Authentication, Authorization, and Accounting server which utilizes the RADIUS protocol to provide centralized management for users. When a new transition mechanism is developed, new RADIUS attributes need to be defined correspondingly.

This document defines new RADIUS attributes to carry Address plus Port based softwire configuration parameters from an Authentication, Authorization, and Accounting server to a Broadband Network Gateway. Both unicast and multicast attributes are covered.

Status of This Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

This Internet-Draft will expire on October 7, 2019.

Copyright Notice

Copyright (c) 2019 IETF Trust and the persons identified as the document authors. All rights reserved.

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.


Table of Contents

1. Introduction

Providers have started deploying and transitioning to IPv6. Several IPv4 service continuity mechanisms based on the Address plus Port (A+P) [RFC6346] have been proposed for providing unicast IPv4 over IPv6-only infrastructure, such as Mapping of Address and Port with Encapsulation (MAP-E) [RFC7597], Mapping of Address and Port using Translation (MAP-T) [RFC7599], and Lightweight 4over6 [RFC7596]. Also, [RFC8114] specifies a generic solution for the delivery of IPv4 multicast services to IPv4 clients over an IPv6 multicast network. For each of these mechanisms, DHCPv6 options have been specified for client configuration.

In many networks, user configuration information is stored in an Authentication, Authorization, and Accounting (AAA) server. AAA servers generally communicate using the Remote Authentication Dial In User Service (RADIUS) [RFC2865] protocol. In a fixed broadband network, a Broadband Network Gateway (BNG) acts as the access gateway for users. That is, the BNG acts as both an AAA client to the AAA server, and a DHCPv6 server for DHCPv6 messages sent by clients. Throughout this document, the term BNG describes a device implementing both the AAA client and DHCPv6 server functions.

Since IPv4-in-IPv6 softwire configuration information is stored in an AAA server, and user configuration information is mainly transmitted through DHCPv6 protocol between the BNGs and Customer Premises Equipment (CEs, a.k.a., CPE), new RADIUS attributes are needed to propagate the information from the AAA servers to BNGs.

The RADIUS attributes defined in this document provide configuration to populate the corresponding DHCPv6 options for unicast and multicast softwire configuration, specifically:

The contents of the attributes defined in this document have a 1:1 mapping into the fields of the various DHCPv6 options in [RFC7598], [RFC8026], and [RFC8115]. Table 1 shows how the DHCPv6 options map to the corresponding RADIUS attribute. For detailed mappings between each DHCPv6 option field and the corresponding RADIUS Attribute or field, see Appendix A.

+----------------------------+--------------------------------+
|        DHCPv6 Option       |        RADIUS Attribute        |
+----------------------------+--------------------------------+
|     OPTION_S46_RULE (89)   |        Softwire46-Rule         |
|     OPTION_S46_BR (90)     |         Softwire46-BR          |
|     OPTION_S46_DMR (91)    |        Softwire46-DMR          |
|   OPTION_S46_V4V6BIND (92) |      Softwire46-v4v6Bind       |
| OPTION_S46_PORTPARAMS (93) |     Softwire46-PORTPARAMS      |
|  OPTION_S46_PRIORITY (111) |  Softwire46-Priority Attribute |
|  OPTION_V6_PREFIX64 (113)  | Softwire46-Multicast Attribute |
+----------------------------+--------------------------------+

Table 1: Mapping between DHCPv6 Options and RADIUS Attributes

A RADIUS attribute for Dual-Stack Lite [RFC6333] is defined in [RFC6519].

2. Terminology

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.

The reader should be familiar with the concepts and terms defined in [RFC7596], [RFC7597], [RFC7599], and [RFC8026].

The terms "multicast Basic Bridging BroadBand" element (mB4) and "multicast Address Family Transition Router" element (mAFTR) are defined in [RFC8114].

Softwire46 (S46) is used throughout to denote any of the IPv4-in-IPv6 softwire mechanisms listed above. Additionally, the following abbreviations are used within the document:

3. New RADIUS Attributes

This section defines the following attributes:

  1. Softwire46-Configuration Attribute (Section 3.1):

    This attribute carries the configuration information for MAP-E, MAP-T, and Lightweight 4over6. The configuration information for each Softwire46 mechanism is carried in the corresponding Softwire46 attributes. Different attributes are required for each Softwire46 mechanism.
  2. Softwire46-Priority Attribute (Section 3.2):

    Depending on the deployment scenario, a client may support several different Softwire46 mechanisms and so request configuration for more than one Softwire46 mechanism at a time. The Softwire46-Priority Attribute contains information allowing the client to prioritize which mechanism to use, corresponding to OPTION_S46_PRIORITY defined in [RFC8026].
  3. Softwire46-Multicast Attribute (Section 3.3):

    This attribute conveys the IPv6 prefixes to be used in [RFC8114] to synthesize IPv4-embedded IPv6 addresses. The BNG uses the IPv6 prefixes returned in the RADIUS Softwire46-Multicast Attribute to populate the DHCPv6 PREFIX64 Option [RFC8115].

All of these attributes are allocated from the RADIUS "Extended Type" code space per [RFC6929].

All of these attribute designs follow [RFC6158] and [RFC6929].

This document adheres to [RFC8044] for defining the new attributes.

3.1. Softwire46-Configuration Attribute

This attribute is of type "tlv", as defined in the RADIUS Protocol Extensions [RFC6929]. It contains some sub-attributes, with the following requirements:

The Softwire46-Configuration Attribute is structured as follows:

  Type
    241 (To be confirmed by IANA). 

  Length
    Indicates the total length, in bytes, of all fields of
    this attribute, including the Type, Length, Extended-Type, 
    and the entire length of the embedded attributes.

   Extended-Type
      TBD1

   Value
      Contains one or more of the following attributes. Each attribute
      type may appear at most once:

      Softwire46-MAP-E
         For configuring MAP-E clients. For the construction of
         this attribute, efer to Section 3.1.1.1.

      Softwire46-MAP-T
         For configuring MAP-T clients. For the construction of
         this attribute, refer to Section 3.1.1.2.

      Softwire46-Lightweight-4over6
         For configuring Lightweight 4over6 clients. For the
         construction of this attribute, refer to Section 3.1.1.3.

The Softwire46-Configuration Attribute is associated with the following identifier: 241.Extended-Type(TBD1).

3.1.1. Softwire46 Attributes

The Softwire46 attributes can only be encapsulated in the Softwire46-Configuration Attribute. Depending on the deployment scenario, a client might request for more than one transition mechanism at a time. There MUST be at least one Softwire46 attribute encapsulated in one Softwire46-Configuration Attribute. There MUST be at most one instance of each type of Softwire46 attribute encapsulated in one Softwire46-Configuration Attribute.

There are three types of Softwire46 attributes, namely:Section 3.1.3. The hierarchy of the Softwire46 attributes is shown in Figure 1. Section 3.1.2 describes which sub-attributes are mandatory, optional, or not permitted for each defined Softwire46 attribute.

  1. Softwire46-MAP-E (Section 3.1.1.1)
  2. Softwire46-MAP-T (Section 3.1.1.2)
  3. Softwire46-Lightweight 4over6 (Section 3.1.1.3)

Each type of Softwire46 attribute contains a number of sub-attributes, defined in

                                              
                                                /1.Rule-IPv6-Prefix  
S                      /                       |   
o  /                  | 1.Softwire46-Rule -----+ 2.Rule-IPv4-Prefix 
f | Softwire46-MAP-E--+                        |    
t |                   | 2.Softwire46-BR        | 3.EA Length   
w |                   |                         \   
i |                   |                               /1.PSID-offset
r |                   |                              |    
e |                   | 5.Softwire46-PORTPARAMS -----+ 2.PSID-len 
- |                    \                             |    
C |                                                  | 3.PSID  
o |                                                   \   
n |
f |                                             /1.Rule-IPv6-Prefix  
i |                    /                       |    
g |                   | 1.Softwire46-Rule------+ 2.Rule-IPv4-Prefix 
u | Softwire46-MAP-T--+                        |    
r |                   | 3.Softwire46-DMR       | 3.EA Length 
a |                   |                         \   
t |                   |                               /1.PSID-offset
i |                   |                              |    
o |                   | 5.Softwire46-PORTPARAMS------+ 2.PSID-len 
n |                    \                             |    
  |                                                  | 3.PSID
A |                                                   \  
t |                     
t |                                                 /1.IPv4-address
r |                    /                           |   
i |                   | 4.Softwire46-v4v6Bind -----+ 2.Bind-IPv6-Prefix 
b | Softwire46-       |                             \   
u | Lightweight-4over6+                               /1.PSID-offset
t  \                  |                              |    
e                     | 5.Softwire46-PORTPARAMS  ----+ 2.PSID-len 
                       \                             |    
                                                     | 3.PSID 
                                                      \  

Figure 1: Softwire46 Attributes Hierarchy

3.1.1.1. Softwire46-MAP-E Attribute

Softwire46-MAP-E attribute is designed for carrying the configuration information for MAP-E. The structure of Softwire46-MAP-E is shown below:

   TLV-Type
     1  

   TLV-Length
     Indicates the length of this attribute, including
     the TLV-Type, TLV-Length, and TLV-Value fields.

   TLV-Value
     Contains a set of sub-attributes, with the following requirements:

     It MUST contain Softwire46-Rule, defined in Section 3.1.3.1.

     It MUST contain Softwire46-BR, defined in Section 3.1.3.2.

     It MAY contain Softwire46-PORTPARAMS, defined in Section 3.1.3.5.

3.1.1.2. Softwire46-MAP-T Attribute

Softwire46-MAP-T attribute is designed for carrying the configuration information for MAP-T. The structure of Softwire46-MAP-T is shown below:

  TLV-Type
     2 

  TLV-Length
     Indicates the length of this attribute, including
     the TLV-Type, TLV-Length, and TLV-Value fields.

  TLV-Value
     Contains a set of sub-attributes, with the following requirements:

     It MUST contain Softwire46-Rule, defined in Section 3.1.3.1.

     It MUST contain Softwire46-DMR, defined in Section 3.1.3.3.

     It MAY contain Softwire46-PORTPARAMS, defined in Section 3.1.3.5.

3.1.1.3. Softwire46-Lightweight-4over6 Attribute

Softwire46-Lightweight-4over6 attribute is designed for carrying the configuration information for Lightweight 4over6. The structure of Softwire46-Lightweight-4over6 is shown below:

  TLV-Type
     3 

  TLV-Length
     Indicates the length of this attribute, including
     the TLV-Type, TLV-Length, and TLV-Value fields.

  TLV-Value
     Contains a set of sub-attributes as follows:

     It MUST contain Softwire46-BR, defined in Section 3.1.3.2.

     It MUST contain Softwire46-V4V6Bind, defined in Section 3.1.3.4.

     It MAY contain Softwire46-PORTPARAMS, defined in Section 3.1.3.5.
     

3.1.2. Softwire46 Sub-Attributes

Table 2 shows which encapsulated sub-attributes are mandatory, optional, or not permitted for each defined Softwire46 attribute.

+-----------------------+-------+-------+--------------------+
| Sub-Attributes        | MAP-E | MAP-T | Lightweight 4over6 |
+-----------------------+-------+-------+--------------------+
| Softwire46-BR         |   1   |   0   |          1         |
| Softwire46-Rule       |   1   |   1   |          0         |
| Softwire46-DMR        |   0   |   1   |          0         |
| Softwire46-V4V6Bind   |   0   |   0   |          1         |
| Softwire46-PORTPARAMS |  0-1  |  0-1  |         0-1        |
+-----------------------+-------+-------+--------------------+

Table 2: Softwire46 Sub-Attributes

The following table defines the meaning of the above table entries.

0     Not Permitted
0+    Optional, zero or more instances of the attribute
      may be present. 
0-1   Optional, zero or one instance of the attribute
      may be present. 
1     Mandatory

3.1.3. Specification of the Softwire46 Sub-Attributes

3.1.3.1. Softwire46-Rule Attribute

Softwire46-Rule can only be encapsulated in Softwire46-MAP-E (Section 3.1.1.1) or Softwire46-MAP-T (Section 3.1.1.2). Depending on the deployment scenario, one Basic Mapping Rule (BMR) and zero or more Forwarding Mapping Rules (FMRs) MUST be included in one Softwire46-MAP-E or Softwire46-MAP-T.

Each type of Softwire46-Rule also contains a number of sub-attributes, including Rule-IPv6-Prefix, Rule-IPv4-Prefix, and EA-Length. The structure of the sub-attributes for Softwire46-Rule is defined in Section 3.1.4.

Defining multiple TLV-types achieves the same design goals as the "Softwire46 Rule Flags" defined in Section 4.1 of [RFC7598]. Using TLV-type set to 4 is equivalent to setting the F-flag in the OPTION_S46_RULE S46 Rule Flags field.

  TLV-Type
     4 Basic Mapping Rule only (not to be used for forwarding)
     5 Forwarding Permitted Mapping Rule (may be used for
        forwarding. Can also be a Basic Mapping Rule)

  TLV-Length
     Indicates the length of this attribute, including
     the TLV-Type, TLV-Length, and TLV-Value fields.

  Data Type
     The attribute Softwire46-Rule is of type tlv (Section 3.13 of
     [RFC8044]).

  TLV-Value
     This field contains a set of attributes as follows:

     Rule-IPv6-Prefix
        This attribute contains the IPv6 prefix for use in the MAP rule.
        Refer to Section 3.1.4.1.

     Rule-IPv4-Prefix
        This attribute contains the IPv4 prefix for use in the MAP rule.
        Refer to Section 3.1.4.2.

     EA-Length
        This attribute contains the Embedded-Address (EA) bit length.
        Refer to Section 3.1.4.1.

3.1.3.2. Softwire46-BR Attribute

Softwire46-BR can only be encapsulated in Softwire46-MAP-E (Section 3.1.1.1) or Softwire46-Lightweight-4over6 (Section 3.1.1.3).

There MUST be at least one Softwire46-BR included in each Softwire46-MAP-E or Softwire46-Lightweight-4over6.

The structure of Softwire46-BR is shown below:

   TLV-Type
      6

   TLV-Length
      18 octets

   Data Type
      The attribute Softwire46-BR is of type ip6addr (Section 3.9 of
      [RFC8044]).

   TLV-Value
      br-ipv6-address. A fixed-length field of 16 octets that 
      specifies the IPv6 address for the Softwire46 Border Relay (BR).

3.1.3.3. Softwire46-DMR Attribute

Softwire46-DMR may only appear in Softwire46-MAP-T (Section 3.1.1.2). There MUST be exactly one Softwire46-DMR included in one Softwire46-MAP-T.

The structure of Softwire46-DMR is shown below:

   TLV-Type
      7

   TLV-Length
      4 + length of dmr-ipv6-prefix specified in octets.

   Data Type
      The attribute Softwire46-DMR is of type ip6pref (Section 3.10 of
      [RFC8044]).

   TLV-Value
      dmr-ipv6-prefix. A variable-length field specifying the IPv6 
      prefix for the BR. This field is right-padded with zeros to
      the nearest octet boundary when dmr-prefix6-len is not
      divisible by 8. Prefixes with from 0 to 96 are allowed.

3.1.3.4. Softwire46-V4V6Bind Attribute

Softwire46-V4V6Bind may only be encapsulated in Softwire46-Lightweight-4over6 (Section 3.1.1.3). There MUST be exactly one Softwire46-V4V6Bind included in each Softwire46-Lightweight-4over6.

The structure of Softwire46-V4V6Bind is shown below:

   TLV-Type
      8

   TLV-Length
      Indicates the length of this attribute, including
      the TLV-Type, TLV-Length, and TLV-Value fields.

   Data Type
      The attribute Softwire46-V4V6Bind is of type tlv (Section 3.13 of
      [RFC8044]).

   TLV-Value
      This field contains a set of attributes as follows:

      IPv4-address
         This attribute contains an IPv4 address, used to specify 
         the full or shared IPv4 address of the CE. Refer to 
         Section 3.1.5.1.

      Bind-IPv6-Prefix
         This attribute contains an IPv6 prefix used to indicate which 
         configured prefix the Softwire46 CE should use for constructing
         the softwire. Refer to Section 3.1.5.2.
 

3.1.3.5. Softwire46-PORTPARAMS Attribute

Softwire46-PORTPARAMS is optional. It is used to specify port set information for IPv4 address sharing between clients. Softwire46-PORTPARAMS MAY be included in any of the Softwire46 attributes.

The structure of Softwire46-PORTPARAMS is shown below:

 
   TLV-Type
      9

   TLV-Length
      Indicates the length of this attribute, including
      the TLV-Type, TLV-Length, and TLV-Value fields.

   Data Type
      The attribute Softwire46-PORTPARAMS is of type tlv (Section 3.13 
      of [RFC8044]).

   TLV-Value
      This field contains a set of attributes as follows:

      PSID-offset
         This attribute specifies the numeric value for the Softwire46
         algorithm's excluded port range/offset bits (a bits). Refer to 
         Section 3.1.6.1.

      PSID-len 
         This attribute specifies the number of significant bits in the
         PSID field (also known as 'k'). Refer to Section 3.1.6.2.

      PSID 
         This attribute specifies PSID value. Refer to Section 3.1.6.3.

3.1.4. Sub-Attributes for Sofwtire46-Rule

There are two types of Softwire46-Rule: the Basic Mapping Rule and the Forwarding Mapping Rule, indicated by the value in the TLV-Type field of Softwire46-Rule (see Section 3.1.3.1).

Each type of Softwire46-Rule also contains a number of Sub-attributes as detailed in the following sub-sections.

3.1.4.1. Rule-IPv6-Prefix Attribute

Rule-IPv6-Prefix is REQUIRED for every Softwire46-Rule. There MUST be exactly one Rule-IPv6-Prefix encapsulated in each type of Softwire46-Rule.

Rule-IPv6-Prefix follows the framed IPv6 prefix designed in [RFC3162] and [RFC8044].

The structure of Rule-IPv6-Prefix is shown below:

   TLV-Type
      10

   TLV-Length 
      20 octets

   Data Type
      The attribute Rule-IPv6-Prefix is of type ipv6pref (Section 3.10 
      of [RFC8044]).

   TLV-Value
      rule-ipv6-prefix. 128-bits long field that specifies an IPv6 
      prefix appearing in the MAP rule.

3.1.4.2. Rule-IPv4-Prefix Attribute

This attribute is used to convey the MAP Rule IPv4 prefix. The structure of Rule-IPv4-Prefix is shown below:

   TLV-Type
      11 

   TLV-Length 
      8 octets

   Data Type
      The attribute Rule-IPv4-Prefix is of type ipv4pref (Section 3.11
      of [RFC8044]).

   TLV-Value
      rule-ipv4-prefix. 32-bits long. Specifies the IPv4 prefix 
      appearing in the MAP rule.

3.1.4.3. EA-Length Attribute

This attribute is used to convey the Embedded-Address(EA) bit length. The structure of EA-Length is shown below:

   TLV-Type 
      12

   TLV-Length 
      6 octets

   Data Type
      The attribute EA-Length is of type integer (Section 3.1 of
      [RFC8044]).

  TLV-Value
      EA-len; 32-bits long. Specifies the Embedded-Address(EA) bit 
      length. Allowed values range from 0 to 48.

3.1.5. Attributes for Softwire46-v4v6Bind

3.1.5.1. IPv4-address Attribute

The IPv4-address MAY be used to specify the full or shared IPv4 address of the CE.

The structure of IPv4-address is shown below:

   TLV-Type
      13

   TLV-Length  
      6 octets 

   Data Type
      The attribute IPv4-address is of type ipv4addr (Section 3.8 
      of [RFC8044]).

   TLV-Value
      32-bits long. Specifies the IPv4 address to appear in
      Softwire46-V4V6Bind (Section 3.1.3.4).

3.1.5.2. Bind-IPv6-Prefix Attribute

The Bind-IPv6-Prefix is used by the CE to identify the correct IPv6 prefix to be used as the tunnel source.

The structure of Bind-IPv6-Prefix is shown below:

   TLV-Type
      14

   TLV-Length
      4 + length of bind-ipv6-prefix specified in octets.

   Data Type
      The attribute Bind-IPv6-Prefix is of type ipv6pref (Section 3.10 
      of [RFC8044]).

   TLV-Value 
      bind-ipv6-prefix. A variable-length field specifying the IPv6 
      prefix or address for the Softwire46 CE. This field is 
      right-padded with zeros to the nearest octet boundary
      when bindprefix6-len is not divisible by 8.

3.1.6. Attributes for S46-PORTPARAMS

3.1.6.1. PSID-offset Attribute

This attribute is used to convey the Port Set Identifier offset as defined in [RFC7597]. This attribute is encoded 32 bits as per the recommendation in Appendix A.2.1 of [RFC6158].

The structure of PSID-offset is shown below:

   TLV-Type
      15

   TLV-Length 
      6 octets 

   Data Type
      The attribute PSID-offset is of type integer (Section 3.1 
      of [RFC8044]).

   TLV-Value 
      Contains the PSID-Offset (8-bits) right
      justified, and the unused bits in this field MUST
      be set to zero. This field that specifies the
      numeric value for the Softwire46 algorithm's excluded 
      port range/offset bits (a bits), as per Section 5.1 
      of RFC7597. Allowed values are between 0 and 15. 
      Default values for this field are specific to the 
      Softwire mechanism being implemented and are defined 
      in the relevant specification document.

3.1.6.2. PSID-len Attribute

This attribute is used to convey the PSID length as defined in [RFC7597]. This attribute is encoded 32 bits as per the recommendation in Appendix A.2.1 of [RFC6158].

The structure of PSID-len is shown below:

   TLV-Type
      16

   TLV-Length
      6 octets

   Data Type
      The attribute PSID-len is of type integer (Section 3.1
      of [RFC8044]).

   TLV-Value 
      Contains the PSID-len (8-bits) right
      justified, and the unused bits in this field MUST
      be set to zero. This field specifies the number of 
      significant bits in the PSID field (also known as
      'k'). When set to 0, the PSID field is to be ignored.
      After the first 'a' bits, there are k bits in the
      port number representing the value of the PSID.
      Subsequently, the address sharing ratio would be 
      2^k.

3.1.6.3. PSID Attribute

This attribute is used to convey the PSID as defined in [RFC7597]. This attribute is encoded 32 bits as per the recommendation in Appendix A.2.1 of [RFC6158].

The structure of PSID is shown below:

   TLV-Type
      17

   TLV-Length 
      6 octets

   Data Type
      The attribute Bind-IPv6-Prefix is of type integer (Section 3.1 
      of [RFC8044]).

   TLV-Value 
      Contains the PSID (16-bits) right justified, and the unused bits 
      in this field MUST be set to zero. 
      The PSID value algorithmically identifies a set of ports 
      assigned to a CE. The first k bits on the left of this 
      2-octet field is the PSID value. The remaining (16-k) bits 
      on the right are padding zeros.

3.2. Softwire46-Priority Attribute

The Softwire46-Priority Attribute includes an orderd list of Softwire64 mechanisms allowing the client to prioritize which mechanism to use, corresponding to OPTION_S46_PRIORITY defined in [RFC8026]. The following requirements apply:

   Type
     241 (To be confirmed by IANA)

   Length
     Indicates the length of this attribute, 
     including the Type, Length, Extended-Type and Value fields.

   Extended-Type
     TBD5

   TLV-Value
    The attribute include one or more Softwire46-Option-Code TLVs:
       A Softwire46-Priority Attribute MUST contain at least one 
       Softwire46-Option-Code TLV (Section 3.2.1).

       Softwire46 mechanisms are prioritized in the appearance order
       of the in the Softwire46-Priority Attribute. 

The Softwrie46-Priority Attribute is structured as follows:

The Softwire46-Priority Attribute is associated with the following identifier: 241.Extended-Type (TBD5).

3.2.1. Softwire46-Option-Code

This attribute is used to convey an option code assigned to a Softwire64 mechanism [RFC8026]. This attribute is encoded 32 bits as per the recommendation in Appendix A.2.1 of [RFC6158].

The structure of Softwire46-Option-Code is shown below:

   TLV-Type
      18

   TLV-Length 
      6 octets

   Data Type
      The attribute Softwire46-Option-Code is of type integer
     (Section 3.1 of [RFC8044]).

   TLV-Value 
      A 32-bit IANA-registered option code representing a Softwire46
      mechanism. The codes and their corresponding Softwire46
      mechanisms are listed in Section 7.3.

3.3. Softwire46-Multicast Attribute

The Softwire46-Multicast Attribute conveys the IPv6 prefixes to be used to synthesize multicast and unicast IPv4-embedded IPv6 addresses as per [RFC8114]. This attribute is of type "tlv" and contains additional TLVs. The following requirements apply:

The Softwire46-Multicast Attribute is structured as follows:

   Type
     241 (To be confirmed by IANA)

   Length
     This field indicates the total length in bytes of all fields of
     this attribute, including the Type, Length, Extended-Type, and the
     entire length of the embedded attributes.

   Extended-Type
     TBD6

   Value
     This field contains a set of attributes as follows:

     ASM-Prefix64
       This attribute contains the ASM IPv6 prefix. Refer to 
       Section 3.3.1.

     SSM-Prefix64
       This attribute contains the SSM IPv6 prefix. Refer to 
       Section 3.3.2.

     U-Prefix64
       This attribute contains the IPv4 prefix used for address
       translation. Refer to Section 3.3.3.
      

The Softwire46-Multicast Attribute is associated with the following identifier: 241.Extended-Type(TBD6).

3.3.1. ASM-Prefix64 Attribute

The ASM-Prefix64 attribute is structured as follows:

   TLV-Type
      19
  
   TLV-Length
      16 octets. The length of ssm-prefix64 must be to 96 [RFC8115].

   Data Type
      The attribute ASM-Prefix64 is of type ipv6prefix (Section 3.10 of
      [RFC8044]).

   TLV-Value
      This field specifies the IPv6 multicast prefix (asm-prefix64)
      to be used to synthesize the IPv4-embedded IPv6 addresses of the
      multicast groups in the ASM mode. The conveyed multicast IPv6
      prefix MUST belong to the ASM range. 
      

3.3.2. SSM-Prefix64 Attribute

The SSM-Prefix64 attribute is structured as follows:

   Type
     20

   TLV-Length
      16 octets. The length of ssm-prefix64 must be to 96 [RFC8115].

   Data Type
      The attribute SSM-Prefix64 is of type ipv6prefix (Section 3.10 of
      [RFC8044]).

   TLV-Type
      This field specifies the IPv6 multicast prefix (ssm-prefix64)
      to be used to synthesize the IPv4-embedded IPv6 addresses of the
      multicast groups in the SSM mode. The conveyed multicast IPv6
      prefix MUST belong to the SSM range. 
      

3.3.3. U-Prefix64 Attribute

The structure of U-Prefix64 is shown below:

   TLV-Type
      21

   TLV-Length
      4 + length of unicast-prefix. As specified in [RFC6052], 
      the unicast-prefix prefix-length MUST be set to 32, 40, 48,
      56, 64, or 96.
   
   Data Type
      The attribute U-Prefix64 is of type ipv6prefix (Section 3.10 of
      [RFC8044]).
   
   TLV-Value
      This field identifies the IPv6 unicast prefix to
      be used in SSM mode for constructing the IPv4-embedded IPv6
      addresses representing the IPv4 multicast sources in the IPv6
      domain. It may also be used to extract the IPv4 address from the
      received multicast data flows.      

4. A Sample Configuration Process with RADIUS

Figure 2 illustrates how the RADIUS and DHCPv6 protocols interwork to provide CE with softwire configuration information.

 
 CE                             BNG                         AAA Server
 |                               |                               |
 |-------1.DHCPv6 Solicit------->|                               |
 |(ORO with unicast and/or m'cast|                               |
 |    container option code(s))  |                               |
 |                               |                               |
 |                               |-------2.Access-Request------->|
 |                               |   (Softwire46-Configuration   |
 |                               |       Attribute and/or        |
 |                               |Softwire46-Multicast Attribute)|
 |                               |                               |
 |                               |<------3.Access-Accept---------|
 |                               |   (Softwire46-Configuration   |
 |                               |       Attribute and/or        |
 |                               |Softwire46-Multicast Attribute)|
 |                               |                               |
 |<----4.DHCPv6 Advertisement----|                               |
 |     (container option(s))     |                               |
 |                               |                               |
 |-------5.DHCPv6  Request------>|                               |
 |     (container Option(s))     |                               |
 |                               |                               |
 |<--------6.DHCPv6 Reply--------|                               |
 |     (container option(s))     |                               |
 |                               |                               |
              DHCPv6                         RADIUS

Figure 2: Interaction between DHCPv6 and AAA Server with RADIUS authentication

  1. The CE creates a DHCPv6 Solicit message. For unicast softwire configuration, the message includes an OPTION_REQUEST_OPTION (6) with the Softwire46 Container option codes as defined in [RFC7598]. OPTION_S46_CONT_MAPE (94) should be included for MAP-E, OPTION_S46_CONT_MAPT (95) for MAP-T, and OPTION_S46_CONT_LW (96) for Lightweight 4over6. For multicast configuration, the option number for OPTION_V6_PREFIX64 (113) is included in the client's ORO. The message is sent to the BNG.
  2. On receipt of the Solicit message, the BNG constructs a RADIUS Access-Request message containing a User-Name Attribute (1) (containing either a CE MAC address, interface-id or both), a User-Password Attribute (2) (with a pre-configured shared password as defined in [RFC2865]. The Softwire46-Configuration Attribute and/or Softwire46-Multicast Attribute are also included (as requested by the client). The resulting message is sent to the AAA server.
  3. The AAA server authenticates the request. If this is successful, and suitable configuration is available, an Access-Accept message is sent to the BNG containing the requested Softwire46-Configuration Attribute or Softwire46-Multicast Attribute. It is the responsibility of the AAA server to ensure the consistency of the provided configuration.
  4. The BNG maps the received softwire configuration into the corresponding fields in the DHCPv6 softwire configuration option(s). Theses are included in the DHCPv6 Advertise message which is sent to the CE.
  5. The CE send a DHCPv6 Request message. In the ORO, the option code(s) of any of the required softwire options that were received in the Advertise message are included.
  6. The BNG sends a Reply message to the client containing the softwire container options enumerated in the ORO.

The authorization operation could also be done independently, after the authentication process. In this case, steps 1-5 are completed as above, then the following steps are performed:

6a.
When the BNG receives the DHCPv6 Request, it constructs a RADIUS Access-Request message, which contains a Service-Type Attribute (6) with the value "Authorize Only" (17), the corresponding Softwire46-Configuration Attribute, and a State Attribute obtained from the previous authentication process according to [RFC5080]. The resulting message is sent to the AAA server.
7a.
The AAA checks the authorization request. If it is approved, an Access-Accept message is returned to the BNG with the corresponding Softwire46-Configuration Attribute.
8a.
The BNG sends a Reply message to the client containing the softwire container options enumerated in the ORO.

In addition to the above, the following points need to be considered:

In some deployments, the DHCP server may use the Accounting-Request to report to a AAA server the softwire configuration returned to a requesting host. It is the responsibility of the DHCP server to ensure the consistency of the configuration provided to requesting hosts. Reported data to a AAA server may be required for various operational purposes (e.g., regulatory).

5. Table of Attributes

This document specifies three new RADIUS attributes, and their formats are as follows:

The following table describes which attributes may be found, in which kinds of packets and in what quantity.

Request Accept Reject Challenge Accounting  #       Attribute
                                 Request
 0-1     0-1     0      0         0-1      241.TBD1 Softwire46-
                                                    Configuration
 0-1     0-1     0      0         0-1      241.TBD5 Softwire46-
                                                    Priority
 0-1     0-1     0      0         0-1      241.TBD6 Softwire46-
                                                    Multicast

6. Security Considerations

Known security vulnerabilities of the RADIUS protocol are discussed in [RFC2607], [RFC2865], and[RFC2869]. Use of IPsec [RFC4301] for providing security when RADIUS is carried in IPv6 is discussed in [RFC3162].

Specific security considerations for interactions between the MAP CE and the BNG are discussed in [RFC7597] and [RFC7599]. Security considerations for Lightweight 4over6 are discussed in [RFC7596]. Security considerations for DHCPv6-Based Softwire46 Prioritization Mechanism are discussed in [RFC8026]. Security considerations for multicast scenarios are discussed in [RFC8114]. Furthermore, generic DHCPv6 security mechanisms can be applied to DHCPv6 intercommunication between the CE and the BNG.

7. IANA Considerations

IANA is requested to make new code point assignments for RADIUS attributes as described in the following subsections.

7.1. New RADIUS Attributes

This document requests IANA to assign the Attribute Types defined in this document from the RADIUS namespace as described in the "IANA Considerations" section of [RFC3575], in accordance with BCP 26 [RFC8126].

This document requests that IANA register three new RADIUS attributes, from the "Short Extended Space" of [RFC6929]. The attributes are: Softwire46-Configuration Attribute, Softwire46-Priority Attribute, and Softwire46-Multicast Attribute:

   Type        Description                Data Type   Reference
   ----        -----------                ---------   ---------
   241.TBD1     Softwire46-Configuration   tlv         Section 3.1 
   241.TBD5     Softwire46-Priority        tlv         Section 3.2
   241.TBD6     Softwire46-Multicast       tlv         Section 3.3

7.2. RADIUS Softwire46 Configuration and Multicast Attributes

IANA is requested to create a new registry called "RADIUS Softwire46 Configuration and Multicast Attributes".

All attributes in this registry have one or more parent RADIUS attributes in nesting (refer to [RFC6929]).

This registry must be initially populated with the following values:

Value  Description                     Data Type    Reference
-----  -----------                     ---------    ---------
0      Reserved
1      Softwire46-MAP-E                tlv          Section 3.1.1.1
2      Softwire46-MAP-T                tlv          Section 3.1.1.2
3      Softwire46-Lightweight-4over6   tlv          Section 3.1.1.3 
4      Softwire46-Rule                 tlv          Section 3.1.3.1
5      Softwire46-Rule                 tlv          Section 3.1.3.1
6      Softwire46-BR                   ipv6addr     Section 3.1.3.2
7      Softwire46-DMR                  ipv6prefix   Section 3.1.3.3
8      Softwire46-V4V6Bind             tlv          Section 3.1.3.4
9      Softwire46-PORTPARAMS           tlv          Section 3.1.3.5
10     Rule-IPv6-Prefix                ipv6prefix   Section 3.1.4.1
11     Rule-IPv4-Prefix                ipv4prefix   Section 3.1.4.2
12     EA-Length                       integer      Section 3.1.4.3
13     IPv4-address                    ipv4addr     Section 3.1.5.1
14     Bind-IPv6-Prefix                ipv6prefix   Section 3.1.5.2
15     PSID-offset                     integer      Section 3.1.6.1
16     PSID-len                        integer      Section 3.1.6.2
17     PSID                            integer      Section 3.1.6.3
18     Softwire64-Option-Code          integer      Section 3.2.1
19     ASM-Prefix64                    ipv6prefix   Section 3.3.1
20     SSM-Prefix64                    ipv6prefix   Section 3.3.2
21     U-Prefix64                      ipv6prefix   Section 3.3.3
22-255 Unassigned

The registration procedure for this registry is Standards Action as defined in [RFC8126].

7.3. Softwire46 Mechanisms and Their Identifying Option Codes

The Softwire46-Priority Attribute defines a 16-bit Softwire46-option-code field, for which IANA is requested to create and maintain a new registry entitled "Option Codes Permitted in the Softwire46-Priority Attribute". The registration procedure for this registry is Standards Action as defined in [RFC8126].

This document requests IANA to register the three option codes of the Softwire46 mechanisms permitted to be included in the Softwire46-Priority Attribute. The value of option code corresponds to the TLV-Type defined in Section 3.1.1. Additional options may be added to this list in the future using the IETF Review process described in Section 4.8 of [RFC8126].

Table 3 shows the option codes required, and the Softwire46 mechanisms that they represent. The option code for DS-Lite is derived from the IANA allocated RADIUS Attribute Type value for DS-Lite [RFC6519]. The option codes for MAP-E, MAP-T, and Lightweight 4over6 need to be assigned. The option codes for MAP-E, MAP-T, and Lightweight 4over6 should also be used as the TLV-Type values for the MAP-E, MAP-T, and Lightweight 4over6 attributes defined in Section 3.1.1.

          +-----------+--------------------+-----------+
          |Option Code|Softwire46 Mechanism| Reference |
          +-----------+--------------------+-----------+
          |    TBD2   |        MAP-E       |  RFC7597  |
          |    TBD3   |        MAP-T       |  RFC7599  |
          |    TBD4   | Lightweight 4over6 |  RFC7596  |
          |    144    |      DS-Lite       |  RFC6519  |
          +--------------------------------+-----------+

Table 3: Option Codes to S46 Mechanisms

8. Contributing Authors

Qiong Sun
China Telecom
Beijing  China
Email: sunqiong@ctbri.com.cn

Qi Sun
Tsinghua University
Department of Computer Science, Tsinghua University
Beijing 100084
P.R.China
Phone: +86-10-6278-5822
Email: sunqibupt@gmail.com

Cathy Zhou
Huawei Technologies
Bantian, Longgang District
Shenzhen 518129
Email: cathy.zhou@huawei.com

Tina Tsou
Huawei Technologies(USA)
2330 Central Expressway
Santa Clara, CA 95050
USA
Email: Tina.Tsou.Zouting@huawei.com

ZiLong Liu
Tsinghua University
Beijing 100084
P.R.China
Phone: +86-10-6278-5822
Email: liuzilong8266@126.com

Yong Cui
Tsinghua University
Beijing 100084
P.R.China
Phone: +86-10-62603059
Email: yong@csnet1.cs.tsinghua.edu.cn

    

9. Acknowledgements

The authors would like to thank the valuable comments made by Peter Lothberg, Wojciech Dec, Ian Farrer, Suresh Krishnan, Qian Wang, Wei Meng, Cui Wang, Alan Dekok, Stefan Winter, and Yu Tianpeng to this document.

This document was merged with draft-sun-softwire-lw4over6-radext-01 and draft-wang-radext-multicast-radius-ext-00, thanks to everyone who contributed to this document.

This document was produced using the xml2rfc tool [RFC7991].

10. References

10.1. Normative References

[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997.
[RFC2865] Rigney, C., Willens, S., Rubens, A. and W. Simpson, "Remote Authentication Dial In User Service (RADIUS)", RFC 2865, DOI 10.17487/RFC2865, June 2000.
[RFC3162] Aboba, B., Zorn, G. and D. Mitton, "RADIUS and IPv6", RFC 3162, DOI 10.17487/RFC3162, August 2001.
[RFC3575] Aboba, B., "IANA Considerations for RADIUS (Remote Authentication Dial In User Service)", RFC 3575, DOI 10.17487/RFC3575, July 2003.
[RFC5080] Nelson, D. and A. DeKok, "Common Remote Authentication Dial In User Service (RADIUS) Implementation Issues and Suggested Fixes", RFC 5080, DOI 10.17487/RFC5080, December 2007.
[RFC6052] Bao, C., Huitema, C., Bagnulo, M., Boucadair, M. and X. Li, "IPv6 Addressing of IPv4/IPv6 Translators", RFC 6052, DOI 10.17487/RFC6052, October 2010.
[RFC6158] DeKok, A. and G. Weber, "RADIUS Design Guidelines", BCP 158, RFC 6158, DOI 10.17487/RFC6158, March 2011.
[RFC6929] DeKok, A. and A. Lior, "Remote Authentication Dial In User Service (RADIUS) Protocol Extensions", RFC 6929, DOI 10.17487/RFC6929, April 2013.
[RFC8026] Boucadair, M. and I. Farrer, "Unified IPv4-in-IPv6 Softwire Customer Premises Equipment (CPE): A DHCPv6-Based Prioritization Mechanism", RFC 8026, DOI 10.17487/RFC8026, November 2016.
[RFC8044] DeKok, A., "Data Types in RADIUS", RFC 8044, DOI 10.17487/RFC8044, January 2017.
[RFC8114] Boucadair, M., Qin, C., Jacquenet, C., Lee, Y. and Q. Wang, "Delivery of IPv4 Multicast Services to IPv4 Clients over an IPv6 Multicast Network", RFC 8114, DOI 10.17487/RFC8114, March 2017.
[RFC8115] Boucadair, M., Qin, J., Tsou, T. and X. Deng, "DHCPv6 Option for IPv4-Embedded Multicast and Unicast IPv6 Prefixes", RFC 8115, DOI 10.17487/RFC8115, March 2017.
[RFC8126] Cotton, M., Leiba, B. and T. Narten, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 8126, DOI 10.17487/RFC8126, June 2017.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017.
[RFC8415] Mrugalski, T., Siodelski, M., Volz, B., Yourtchenko, A., Richardson, M., Jiang, S., Lemon, T. and T. Winters, "Dynamic Host Configuration Protocol for IPv6 (DHCPv6)", RFC 8415, DOI 10.17487/RFC8415, November 2018.

10.2. Informative References

[RFC2607] Aboba, B. and J. Vollbrecht, "Proxy Chaining and Policy Implementation in Roaming", RFC 2607, DOI 10.17487/RFC2607, June 1999.
[RFC2869] Rigney, C., Willats, W. and P. Calhoun, "RADIUS Extensions", RFC 2869, DOI 10.17487/RFC2869, June 2000.
[RFC4301] Kent, S. and K. Seo, "Security Architecture for the Internet Protocol", RFC 4301, DOI 10.17487/RFC4301, December 2005.
[RFC6333] Durand, A., Droms, R., Woodyatt, J. and Y. Lee, "Dual-Stack Lite Broadband Deployments Following IPv4 Exhaustion", RFC 6333, DOI 10.17487/RFC6333, August 2011.
[RFC6346] Bush, R., "The Address plus Port (A+P) Approach to the IPv4 Address Shortage", RFC 6346, DOI 10.17487/RFC6346, August 2011.
[RFC6519] Maglione, R. and A. Durand, "RADIUS Extensions for Dual-Stack Lite", RFC 6519, DOI 10.17487/RFC6519, February 2012.
[RFC7596] Cui, Y., Sun, Q., Boucadair, M., Tsou, T., Lee, Y. and I. Farrer, "Lightweight 4over6: An Extension to the Dual-Stack Lite Architecture", RFC 7596, DOI 10.17487/RFC7596, July 2015.
[RFC7597] Troan, O., Dec, W., Li, X., Bao, C., Matsushima, S., Murakami, T. and T. Taylor, "Mapping of Address and Port with Encapsulation (MAP-E)", RFC 7597, DOI 10.17487/RFC7597, July 2015.
[RFC7598] Mrugalski, T., Troan, O., Farrer, I., Perreault, S., Dec, W., Bao, C., Yeh, L. and X. Deng, "DHCPv6 Options for Configuration of Softwire Address and Port-Mapped Clients", RFC 7598, DOI 10.17487/RFC7598, July 2015.
[RFC7599] Li, X., Bao, C., Dec, W., Troan, O., Matsushima, S. and T. Murakami, "Mapping of Address and Port using Translation (MAP-T)", RFC 7599, DOI 10.17487/RFC7599, July 2015.
[RFC7991] Hoffman, P., "The "xml2rfc" Version 3 Vocabulary", RFC 7991, DOI 10.17487/RFC7991, December 2016.

Appendix A. DHCPv6 to RADIUS Field Mappings

The following sections detail the mappings between the softwire DHCPv6 option fields and the relevant RADIUS attributes as defined in this document.

A.1. OPTION_S46_RULE (89) to Softwire46-Rule Sub-TLV Field Mappings

OPTION_S46_RULE Field Softwire46-Rule Name TLV Field
flags N/A TLV-type (TBD7, TBD8)
ea-len EA-Length EA-len
prefix4-len Rule-IPv4-Prefix ruleprefix4-len
ipv4-prefix Rule-IPv4-Prefix rule-ipv4-prefix
prefix6-len Rule-IPv6-Prefix ruleprefix6-len
ipv6-prefix Rule-IPv6-Prefix rule-ipv6-prefix

A.2. OPTION_S46_BR (90) to Softwire46-BR Field Mappings

OPTION_S46_BR Field Softwire46-BR Field
br-ipv6-address br-ipv6-address

A.3. OPTION_S46_DMR (91) to Softwire46-DMR

OPTION_S46_BR Field Softwire46-DMR Field
dmr-prefix6-len dmr-prefix6-len
dmr-ipv6-prefix dmr-ipv6-prefix

A.4. OPTION_S46_V4V6BIND (92) to Softwire46-V4V6Bind

OPTION_S46_V4V6BIND Field Softwire46-V4V6Bind Name TLV Field
ipv4-address IPv4-address ipv4-address
bindprefix6-len Bind-IPv6-Prefix bind6prefix-len
bind-ipv6-prefix Bind-IPv6-Prefix bind-ipv6-prefix

A.5. OPTION_S46_PORTPARAMS (93) to Softwire46-PORTPARAMS Field Mappings

OPTION_S46_PORTPARAMS Field Softwire46-PORTPARAMS Name TLV Field
offset PSID-offset PSID-Offset
PSID-len PSID-len PSID-len
PSID PSID PSID

A.6. OPTION_S46_PRIORITY (111) to Softwire46-PORTPARAMS Field Mappings

OPTION_S46_PRIORITY Field Softwire46-Priority Attribute Field
s46-option-code Softwire46-option-code

A.7. OPTION_V6_PREFIX64 (113) to Softwire46-Multicast Attribute Field Mappings

OPTION_V6_PREFIX64 Field Softwire46-Multicast Attribute TLV Name TLV Field
asm-length ASM-Prefix64 Prefix-Length
ASM_mPrefix64 ASM-Prefix64 ASM Prefix64
ssm-length SSM-Prefix64 Prefix-Length
SSM_mPrefix64 SSM-Prefix64 SSM Prefix64
unicast-length U-Prefix64 Prefix-Length
uPrefix64 U-Prefix64 Unicast Prefix64

Authors' Addresses

Sheng Jiang Huawei Technologies Co., Ltd Q14, Huawei Campus, No.156 Beiqing Road Hai-Dian District, Beijing, 100095, P.R. China EMail: jiangsheng@huawei.com
Yu Fu CNNIC No.4 South 4th Street, Zhongguancun Hai-Dian District, Beijing, 100190, P.R. China EMail: eleven711711@foxmail.com
Bing Liu Huawei Technologies Co., Ltd Q14, Huawei Campus, No.156 Beiqing Road Hai-Dian District, Beijing, 100095, P.R. China EMail: leo.liubing@huawei.com
Peter Deacon IEA Software, Inc. P.O. Box 1170 Veradale, WA 99037 USA EMail: peterd@iea-software.com
Chongfeng Xie China Telecom Beijing, P.R. China EMail: xiechf.bri@chinatelecom.cn
Tianxiang Li Tsinghua University Beijing, 100084 P.R.China EMail: peter416733@gmail.com
Mohamed Boucadair (editor) Orange Rennes, 35000 France, EMail: mohamed.boucadair@orange.com