RE: 答复: Q on Ver.-05 of draft-ietf-radext-ipv6-access after IETF81 radext session
Leaf yeh <leaf.y.yeh@huawei.com> Tue, 16 August 2011 15:45 UTC
Return-Path: <owner-radiusext@ops.ietf.org>
X-Original-To: ietfarch-radext-archive-IeZ9sae2@ietfa.amsl.com
Delivered-To: ietfarch-radext-archive-IeZ9sae2@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B8DD321F8B48 for <ietfarch-radext-archive-IeZ9sae2@ietfa.amsl.com>; Tue, 16 Aug 2011 08:45:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.168
X-Spam-Level:
X-Spam-Status: No, score=-4.168 tagged_above=-999 required=5 tests=[AWL=1.978, BAYES_00=-2.599, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-4, SARE_SUB_ENC_UTF8=0.152]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iDyrhgaEzaHF for <ietfarch-radext-archive-IeZ9sae2@ietfa.amsl.com>; Tue, 16 Aug 2011 08:45:30 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by ietfa.amsl.com (Postfix) with ESMTP id 5521D11E80A0 for <radext-archive-IeZ9sae2@lists.ietf.org>; Tue, 16 Aug 2011 08:45:30 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.76 (FreeBSD)) (envelope-from <owner-radiusext@ops.ietf.org>) id 1QtLmj-0004c1-Lb for radiusext-data0@psg.com; Tue, 16 Aug 2011 15:42:33 +0000
Received: from szxga03-in.huawei.com ([119.145.14.66]) by psg.com with esmtp (Exim 4.76 (FreeBSD)) (envelope-from <leaf.y.yeh@huawei.com>) id 1QtLmW-0004be-Sj for radiusext@ops.ietf.org; Tue, 16 Aug 2011 15:42:21 +0000
Received: from huawei.com (szxga03-in [172.24.2.9]) by szxga03-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTP id <0LQ100LZP2AG1Y@szxga03-in.huawei.com> for radiusext@ops.ietf.org; Tue, 16 Aug 2011 23:42:16 +0800 (CST)
Received: from szxrg02-dlp.huawei.com ([172.24.2.119]) by szxga03-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTP id <0LQ1008YU2AGGQ@szxga03-in.huawei.com> for radiusext@ops.ietf.org; Tue, 16 Aug 2011 23:42:16 +0800 (CST)
Received: from 172.24.2.119 (EHLO szxeml201-edg.china.huawei.com) ([172.24.2.119]) by szxrg02-dlp.huawei.com (MOS 4.1.9-GA FastPath queued) with ESMTP id ADF70441; Tue, 16 Aug 2011 23:42:15 +0800 (CST)
Received: from SZXEML410-HUB.china.huawei.com (10.82.67.137) by szxeml201-edg.china.huawei.com (172.24.2.39) with Microsoft SMTP Server (TLS) id 14.1.270.1; Tue, 16 Aug 2011 23:42:09 +0800
Received: from SZXEML510-MBS.china.huawei.com ([169.254.8.116]) by szxeml410-hub.china.huawei.com ([169.254.101.122]) with mapi id 14.01.0270.001; Tue, 16 Aug 2011 23:42:10 +0800
Date: Tue, 16 Aug 2011 15:42:08 +0000
From: Leaf yeh <leaf.y.yeh@huawei.com>
Subject: RE: 答复: Q on Ver.-05 of draft-ietf-radext-ipv6-access after IETF81 radext session
In-reply-to: <CA6F0D68.14D2C%wdec@cisco.com>
X-Originating-IP: [172.24.2.41]
To: Wojciech Dec <wdec@cisco.com>, "David B. Nelson" <d.b.nelson@comcast.net>
Cc: "draft-ietf-radext-ipv6-access@tools.ietf.org" <draft-ietf-radext-ipv6-access@tools.ietf.org>, "radiusext@ops.ietf.org" <radiusext@ops.ietf.org>, fine sz <fine_sz@huawei.com>, Qiujin <qiujin@huawei.com>, Wangshuxiang <wangshuxiang@huawei.com>, "draft-tan-v6ops-fast6-aaa@tools.ietf.org" <draft-tan-v6ops-fast6-aaa@tools.ietf.org>, Bernard Aboba <bernard_aboba@hotmail.com>
Message-id: <E6CA1FED-0FC6-4142-B7B7-A4801B68DFF6@mimectl>
MIME-version: 1.0
Content-type: multipart/alternative; boundary="Boundary_(ID_uCjQEmRTm/NCae5CCZJxmg)"
Content-language: zh-CN
Accept-Language: zh-CN, en-US
Thread-topic: 答复: Q on Ver.-05 of draft-ietf-radext-ipv6-access after IETF81 radext session
Thread-index: AcxK5yu3GGjTmDXYQN+8DXe4n1z3TwA1YP+A//99JICAAALPAIAAhpWC///+E3v///vpIIAAHSBY///8hsP///hb8P//4L6o///A+qL/9rzAo//ro/OA/8mB5lD/jIfrZf8ZYB+A/jK3ogD8ZCVCEPjHfvZQ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
X-CFilter-Loop: Reflected
References: <2027097252.176133.1313421711590.JavaMail.root@sz0057a.westchester.pa.mail.comcast.net> <CA6F0D68.14D2C%wdec@cisco.com>
Sender: owner-radiusext@ops.ietf.org
Precedence: bulk
List-ID: <radiusext.ops.ietf.org>
Wojciech - Ok. So help me out here: An operator has two pools, A for business customers, B for residential. In both cases the operator expects Foo-bar addressing method to be used and customers in A or B. How does the NAS pick the right pool based on receiving a single attribute containing an enumerated code-point for Foo-bar? The default behavior configured on the NAS will pick the right address/prefix pools per the 'User-Type' (or Node/Access-Type), if it has not received the attributes of pool-name attributes (Framed-Pool, Framed-IPv6-Pool, or Delegated-IPv6-Prefix-Pool, Stateful-IPv6-Address-Pool ) from AAA server. The 2nd use case of 'User/Node/Access-Type' is that the attributes combination of 'User/Node/Access-Type' + single (or multiple) attributes of 'Framed-Pool' [ or Framed-IPv6-Pool' (if we'd like to keep this attribute) or 'Delegated-IPv6-Prefix-Pool' (if we insist on using this attribute) or 'Stateful-IPv6-Address-Pool' (if we insist on using this attribute) ] can be used to indicate the right address/prefix pools for that specified user after authentication. In the case defined above, the attributes authorized by AAA server can be 'User/Node/Access-Type' + 'Framed-Pool' containing A or 'User/Node/Access-Type ' + 'Framed-Pool' containing B. But if the pool B is in the default configuration of NAS, the attribute authorized by AAA server can only include 'User/Node/Access-Type'. In any case, the AAA server need definitely understand the name & type & purpose of the various type of pools condifured on the NAS before the authorization for the users. NAS need definitely interpret those name strings containing in the pool-name attributes (Framed-Pool or etc) received from the AAA server. That might means we don't really need to indicate the category (or type) of the pool names. Wojciech - Precedent = rfc3162, rfc4818, and earlier non IPv6 ones, each define named pools for a specific purpose. RFC4818 has not defined any concept for pools. http://datatracker.ietf.org/doc/rfc4818/?include_text=1 http://www.iana.org/assignments/radius-types/radius-types.xml Best Regards, Leaf -----Original Message----- From: Wojciech Dec [mailto:wdec@cisco.com] Sent: Monday, August 15, 2011 11:53 PM To: David B. Nelson Cc: draft-ietf-radext-ipv6-access@tools.ietf.org; radiusext@ops.ietf.org; fine sz; Qiujin; Wangshuxiang; draft-tan-v6ops-fast6-aaa@tools.ietf.org; Leaf yeh; roberta maglione; jacniq@gmail.com; Bernard Aboba Subject: Re: 答复: Q on Ver.-05 of draft-ietf-radext-ipv6-access after IETF81 radext session On 15/08/2011 17:21, "David B. Nelson" <d.b.nelson@comcast.net> wrote: >> ... it looks very much as relying on the special NAS feature >> to interpret *the contents* of the attribute as to the pools... > > Special NAS feature? Why is the interpretation of this proposed RADIUS > attribute any more special than NAS behavior that interprets any other > attribute? It's almost always the *contents* of attributes that is > interpreted by the NAS, Ok. So help me out here: An operator has two pools, A for business customers, B for residential. In both cases the operator expects Foo-bar addressing method to be used and customers in A or B. How does the NAS pick the right pool based on receiving a single attribute containing an enumerated code-point for Foo-bar? > >> ...to be used, only this time with the contents being laid down as >> the enumerated type code points in a draft. > > I think an enumerated type is preferable to parsing strings when the semantics > of the attribues is to apply one of a limited number of discreet choices. The alternative, which is what I and others are proposing is to follow precedent and use separate string attributes for their role - *as proposed* in the current ipv6-access draft. > >> This does not help given a) past precedent in terms of Radius >> pool definitions (there are already 2 pools, and they are being >> used), nor b) give the operator an explicit indication regarding >> the use of a pool, rather than implicit. > > I don't undertand either of these points. What *RADIUS* precedent exists, and > by that I mean a precedent in normative text? If you're referring to ad-hoc > implementation practice, in the absence of any normative guidance, I suggest > that in standardizing a solution to that sort of gap in the protocol, one > would not be unduly influenced by the fact that various ad-hoc solutions had > been implemented. That would defeat the purpose of standardizing behavior. Precedent = rfc3162, rfc4818, and earlier non IPv6 ones, each define named pools for a specific purpose. > >> Besides the above, as with any enumerated type, issues will start >> should there be another combination that someone comes up with or >> wants... > > The IANA code point allocation procedures should be sufficiently open to > permit adding additional "flavors" without invoking IETF consensus or WG > approvals. Sure. We appear to be talking about code-points for values within a single attribute, fine examples, ( for which no IANA code points were assigned) include the existing Service-Type and Error-Cause attributes. In enumerating this, by definition there is a restriction which is not called for in this situation. Should an operator choose to say assign 2 prefixes to a subscriber for DHCP-PD, but one for SLAAC, they would need to get an IANA code point... And then have the vendor(s) support that, etc. Never mind open IANA code point allocation procedures - this looks to be practically unwise. > >> Frankly, other than it being another way of doing things, I personally >> don¹t see much of a benefit. > > If you are invested in an existing implementation using another approach I can > understand that, but a clearly defined, enumerated value attribute seems more > attractive to me. Before going further, perhaps you could consider/comment on the current proposal in: http://tools.ietf.org/html/draft-ietf-radext-ipv6-access-05 Thanks, Wojciech. > > -- Dave
- Q on Ver.-05 of draft-ietf-radext-ipv6-access aft… Leaf yeh
- RE: Q on Ver.-05 of draft-ietf-radext-ipv6-access… Maglione Roberta
- Re: Q on Ver.-05 of draft-ietf-radext-ipv6-access… Jacni Qin
- RE: Q on Ver.-05 of draft-ietf-radext-ipv6-access… Maglione Roberta
- 答复: Q on Ver.-05 of draft-ietf-radext-ipv6-access… Leaf yeh
- RE: Q on Ver.-05 of draft-ietf-radext-ipv6-access… Maglione Roberta
- Re: Q on Ver.-05 of draft-ietf-radext-ipv6-access… Jacni Qin
- RE: Q on Ver.-05 of draft-ietf-radext-ipv6-access… Maglione Roberta
- Re: Q on Ver.-05 of draft-ietf-radext-ipv6-access… Jacni Qin
- Re: Q on Ver.-05 of draft-ietf-radext-ipv6-access… Jacni Qin
- RE: Q on Ver.-05 of draft-ietf-radext-ipv6-access… Maglione Roberta
- Re: Q on Ver.-05 of draft-ietf-radext-ipv6-access… Jacni Qin
- 答复: Q on Ver.-05 of draft-ietf-radext-ipv6-access… Leaf yeh
- RE: Q on Ver.-05 of draft-ietf-radext-ipv6-access… Maglione Roberta
- 答复: Q on Ver.-05 of draft-ietf-radext-ipv6-access… Leaf yeh
- Re: =?Big5?B?tarOYA==?=: Q on Ver.-05 of draft-ie… Wojciech Dec
- RE: 答复: Q on Ver.-05 of draft-ietf-radext-ipv6-ac… Bernard Aboba
- RE: 答复: Q on Ver.-05 of draft-ietf-radext-ipv6-ac… Leaf yeh
- Re: 答复: Q on Ver.-05 of draft-ietf-radext-ipv6-ac… David B. Nelson
- Re: =?Big5?B?tarOYA==?=: Q on Ver.-05 of draft-ie… Wojciech Dec
- Re: 答复: Q on Ver.-05 of draft-ietf-radext-ipv6-ac… David B. Nelson
- Re: =?Big5?B?tarOYA==?=: Q on Ver.-05 of draft-ie… Wojciech Dec
- RE: 答复: Q on Ver.-05 of draft-ietf-radext-ipv6-ac… Leaf yeh
- Re: =?Big5?B?tarOYA==?=: Q on Ver.-05 of draft-ie… Wojciech Dec
- RE: 答复: Q on Ver.-05 of draft-ietf-radext-ipv6-ac… Leaf yeh
- RE: 答复: Q on Ver.-05 of draft-ietf-radext-ipv6-ac… Leaf yeh
- RE: 答复: Q on Ver.-05 of draft-ietf-radext-ipv6-ac… Leaf yeh
- RE: 答复: Q on Ver.-05 of draft-ietf-radext-ipv6-ac… Leaf yeh
- RE: 答复: Q on Ver.-05 of draft-ietf-radext-ipv6-ac… Leaf yeh
- Re: =?Big5?B?tarOYA==?=: Q on Ver.-05 of draft-ie… Wojciech Dec