IETF Logo Mail Archive

Re: [dhcwg] [radext] draft-ietf-dhc-dhcpv6-radius-opt-10

Peter Deacon <peterd@iea-software.com> Fri, 05 April 2013 16:11 UTC

Return-Path: <peterd@iea-software.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A543121F97AE; Fri, 5 Apr 2013 09:11:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.444
X-Spam-Level:
X-Spam-Status: No, score=-2.444 tagged_above=-999 required=5 tests=[AWL=0.155, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ibqEdphDfMiV; Fri, 5 Apr 2013 09:11:37 -0700 (PDT)
Received: from aspen.internal.iea-software.com (remote.iea-software.com [70.89.142.196]) by ietfa.amsl.com (Postfix) with ESMTP id C2BB921F976F; Fri, 5 Apr 2013 09:11:36 -0700 (PDT)
Received: from SMURF (unverified [10.0.3.195]) by aspen.internal.iea-software.com (Rockliffe SMTPRA 7.0.6) with ESMTP id <B0005878285@aspen.internal.iea-software.com>; Fri, 5 Apr 2013 09:11:36 -0700
Date: Fri, 05 Apr 2013 09:11:31 -0700
From: Peter Deacon <peterd@iea-software.com>
To: Leaf Yeh <leaf.yeh.sdo@gmail.com>
In-Reply-To: <515ea42f.c521440a.26ee.ffffcc8e@mx.google.com>
Message-ID: <alpine.WNT.2.00.1304050824570.3988@SMURF>
References: <B51C71CC-654D-43F3-A50A-321C171CD562@gmail.com> <alpine.WNT.2.00.1304041005110.3988@SMURF> <515ea42f.c521440a.26ee.ffffcc8e@mx.google.com>
User-Agent: Alpine 2.00 (WNT 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
X-Mailman-Approved-At: Fri, 05 Apr 2013 09:14:11 -0700
Cc: radext@ietf.org, 'dhcwg' <dhcwg@ietf.org>
Subject: Re: [dhcwg] [radext] draft-ietf-dhc-dhcpv6-radius-opt-10
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dhcwg>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Apr 2013 16:11:37 -0000

On Fri, 5 Apr 2013, Leaf Yeh wrote:

> Peter - With the DHCPv6 relay forwarding should relays forward attributes it
> does not know about to server?  From my read (section 5) it seems to say
> attributes are forwarded if the relay validates value which seems to imply
> it can't forward attributes it does not know about?

> Good question. I think the point here is the DHCPv6 relay only forward 
> those valid attribute in the registry of 'RADIUS attributes permitted in 
> DHCPv6 RADIUS option'. If the DHCPv6 server supports OPTION_RADIUS 
> defined here, it should know all the attributes received from the relay. 
> If the DHCPv6 server still does not know the attributes in 
> OPTION_RADIUS, the server just ignore those attributes per the Postel's 
> Law.

Hi Leaf,

Ok, my only concern here is relays tend to be "dumb" and outnumber DHCPv6 
servers in number and vendors involved.  It might be difficult to ever add 
new attributes in production as you would have to touch all relays to 
allow a new attribute to pass.  My guess VSAs would likely end up filling 
any gaps anyway.

> Peter - The DHCP analogue (RFC 4014 sec 4) lists other attributes just
> wondering what is different here that makes the attribute lists different
> ...IPv6 specific company excluded of course.

> I guess you are talking about the following attributes (in the table of the
> section 4 in RFC 4014):
>           1   User-Name (RFC 2865 [3])
>           6   Service-Type (RFC 2865)
>          27   Session-Timeout (RFC 2865)

> I still have not got the points (or understood the use case) for:
> a. User-Name : why the User-Name of AAA (or RADIUS) will be necessary to
> forward the DHCPv6 server; the standard DHCPv6 server sounds never use it
> before;
> b. Service-Type : what kind of service-type of AAA (or RADIUS,
> http://www.iana.org/assignments/radius-types/radius-types.xml#radius-types-4
> ) will be necessary to forward the DHCPv6 server;
> c. Session-Timeout : I think the NAS (DHCPv6 relay + RADIUS client) can be
> the 1st control point of trusted network , it can decide whether to forward
> the DHCPv6 messages from the client to the server. After the session is
> timeout, it just stop forward the DHCPv6 messages from the client to the
> server. This RADIUS attribute also sounds not necessary to forward to the
> DHCPv6 server. Right?

Yes, I can't think of much either.

User-Name might be used to correlate any user specific settings stored in 
DHCP server or just logging purposes to understand end user associated 
with DHCP queries.

regards,
Peter

v2.23.0 | Report a Bug | By Email