IETF Logo Mail Archive

Re: [dhcwg] [radext] draft-ietf-dhc-dhcpv6-radius-opt-10

"Leaf Yeh" <leaf.yeh.sdo@gmail.com> Fri, 05 April 2013 10:15 UTC

Return-Path: <leaf.yeh.sdo@gmail.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8A15221F9743; Fri, 5 Apr 2013 03:15:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.417
X-Spam-Level:
X-Spam-Status: No, score=-2.417 tagged_above=-999 required=5 tests=[AWL=1.182, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PwGrDbWNGf7H; Fri, 5 Apr 2013 03:15:12 -0700 (PDT)
Received: from mail-pb0-f54.google.com (mail-pb0-f54.google.com [209.85.160.54]) by ietfa.amsl.com (Postfix) with ESMTP id B3A9721F9740; Fri, 5 Apr 2013 03:15:12 -0700 (PDT)
Received: by mail-pb0-f54.google.com with SMTP id xa7so1933210pbc.27 for <multiple recipients>; Fri, 05 Apr 2013 03:15:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:from:to:cc:references:in-reply-to:subject:date :message-id:mime-version:content-type:content-transfer-encoding :x-mailer:thread-index:content-language; bh=Pstwb3DvG18PePUpsyez9O8sipEbFaehH9gq4MRI9lI=; b=w0Pv930FSaN9gABwsTraCURnyPdhcEOJ4PuOdD595a2R2HvrDamtfYgRBdANqaQ+1y CMgo736Dy2KoLhYBnmbdOqfsuQ3I+Nd9dRAn6iazzjGiVjdJsBJcgkId2+pvXHAOK2M9 hJnIl/9cxKz8toKW1YjBkQuLH+2btOHDgGR5qr0FDg1raIHy1TNkawzZJS+unhJKeWqs jtlSrPkFjM2eyS0AwnzNSiaizF9h5p6oVUMwsvvIkza60eOGVoPWs5CN/XVr7+Yg7XwI lK0d9ZGWWZkfNf2M1Q6mWZTD9157p6jdb4SyZbzq6iZ+ZFiqy79Sqj0wcfjkHcKtGKx9 NPRw==
X-Received: by 10.66.122.97 with SMTP id lr1mr14237249pab.147.1365156912382; Fri, 05 Apr 2013 03:15:12 -0700 (PDT)
Received: from PC ([111.193.205.188]) by mx.google.com with ESMTPS id t5sm13914550pbi.10.2013.04.05.03.15.08 (version=TLSv1 cipher=RC4-SHA bits=128/128); Fri, 05 Apr 2013 03:15:11 -0700 (PDT)
From: Leaf Yeh <leaf.yeh.sdo@gmail.com>
To: 'Peter Deacon' <peterd@iea-software.com>, radext@ietf.org
References: <B51C71CC-654D-43F3-A50A-321C171CD562@gmail.com> <alpine.WNT.2.00.1304041005110.3988@SMURF>
In-Reply-To: <alpine.WNT.2.00.1304041005110.3988@SMURF>
Date: Fri, 05 Apr 2013 18:15:01 +0800
Message-ID: <515ea42f.c521440a.26ee.ffffcc8e@mx.google.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: Ac4xZGO6qHzaALX1QfiJLr6UMIrzDwAApjaQ
Content-Language: zh-cn
Cc: 'dhcwg' <dhcwg@ietf.org>
Subject: Re: [dhcwg] [radext] draft-ietf-dhc-dhcpv6-radius-opt-10
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dhcwg>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Apr 2013 10:15:13 -0000

Peter - With the DHCPv6 relay forwarding should relays forward attributes it
does not know about to server?  From my read (section 5) it seems to say
attributes are forwarded if the relay validates value which seems to imply
it can't forward attributes it does not know about?

Good question. I think the point here is the DHCPv6 relay only forward those
valid attribute in the registry of 'RADIUS attributes permitted in DHCPv6
RADIUS option'. If the DHCPv6 server supports OPTION_RADIUS defined here, it
should know all the attributes received from the relay. If the DHCPv6 server
still does not know the attributes in OPTION_RADIUS, the server just ignore
those attributes per the Postel's Law.


Peter - The DHCP analogue (RFC 4014 sec 4) lists other attributes just
wondering what is different here that makes the attribute lists different
...IPv6 specific company excluded of course.

I guess you are talking about the following attributes (in the table of the
section 4 in RFC 4014):
           1   User-Name (RFC 2865 [3])
           6   Service-Type (RFC 2865)
          27   Session-Timeout (RFC 2865)
I still have not got the points (or understood the use case) for:
a. User-Name : why the User-Name of AAA (or RADIUS) will be necessary to
forward the DHCPv6 server; the standard DHCPv6 server sounds never use it
before;
b. Service-Type : what kind of service-type of AAA (or RADIUS,
http://www.iana.org/assignments/radius-types/radius-types.xml#radius-types-4
) will be necessary to forward the DHCPv6 server; 
c. Session-Timeout : I think the NAS (DHCPv6 relay + RADIUS client) can be
the 1st control point of trusted network , it can decide whether to forward
the DHCPv6 messages from the client to the server. After the session is
timeout, it just stop forward the DHCPv6 messages from the client to the
server. This RADIUS attribute also sounds not necessary to forward to the
DHCPv6 server. Right?


Best Regards,
Leaf



-----Original Message-----
From: radext-bounces@ietf.org [mailto:radext-bounces@ietf.org] On Behalf Of
Peter Deacon
Sent: Friday, April 05, 2013 2:44 AM
To: radext@ietf.org
Cc: draft-ietf-dhc-dhcpv6-radius-opt@tools.ietf.org
Subject: Re: [radext] draft-ietf-dhc-dhcpv6-radius-opt-10

On Thu, 4 Apr 2013, Jouni Korhonen wrote:

> draft-ietf-dhc-dhcpv6-radius-opt-10 has recently passed WGLC in DHC WG. 
> RADEXT WG is solicited for review. We can provide input as part of the 
> IETF LC once it is started.  Remember to CC the RADEXT so we can keep 
> track of the (possible) comments better.

I like this scheme.  Just have two questions.

With the DHCPv6 relay forwarding should relays forward attributes it does
not know about to server?  From my read (section 5) it seems to say
attributes are forwarded if the relay validates value which seems to imply
it can't forward attributes it does not know about?

The DHCP analogue (RFC 4014 sec 4) lists other attributes just wondering
what is different here that makes the attribute lists different ...IPv6
specific company excluded of course.

regards,
Peter
_______________________________________________
radext mailing list
radext@ietf.org
https://www.ietf.org/mailman/listinfo/radext

v2.23.0 | Report a Bug | By Email