Re: [radext] draft-maglione-pcp-radius-ext-04
Tassos Chatzithomaoglou <achatz@forthnetgroup.gr> Fri, 03 August 2012 15:55 UTC
Return-Path: <achatz@forthnetgroup.gr>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D720321F8DF1 for <radext@ietfa.amsl.com>; Fri, 3 Aug 2012 08:55:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.506
X-Spam-Level:
X-Spam-Status: No, score=-3.506 tagged_above=-999 required=5 tests=[AWL=1.092, BAYES_00=-2.599, GB_I_LETTER=-2, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hKXXfDQP0lf9 for <radext@ietfa.amsl.com>; Fri, 3 Aug 2012 08:55:30 -0700 (PDT)
Received: from mx-out.forthnet.gr (mx-out.forthnet.gr [193.92.150.107]) by ietfa.amsl.com (Postfix) with ESMTP id 9563921F8D5B for <radext@ietf.org>; Fri, 3 Aug 2012 08:55:29 -0700 (PDT)
Received: from mx-av-04.forthnet.gr (mx-av.forthnet.gr [193.92.150.27]) by mx-out-01.forthnet.gr (8.14.4/8.14.4) with ESMTP id q73FtRkB012371; Fri, 3 Aug 2012 18:55:27 +0300
Received: from MX-IN-02.forthnet.gr (mx-in-02.forthnet.gr [193.92.150.185]) by mx-av-04.forthnet.gr (8.14.4/8.14.4) with ESMTP id q73FtRVE028754; Fri, 3 Aug 2012 18:55:27 +0300
Received: from [130.129.20.221] (dhcp-14dd.meeting.ietf.org [130.129.20.221]) (authenticated bits=0) by MX-IN-02.forthnet.gr (8.14.4/8.14.4) with ESMTP id q73FtMh0017140; Fri, 3 Aug 2012 18:55:25 +0300
Authentication-Results: MX-IN-02.forthnet.gr smtp.mail=achatz@forthnetgroup.gr; auth=pass (PLAIN)
Message-ID: <501BF4ED.6020000@forthnetgroup.gr>
Date: Fri, 03 Aug 2012 08:57:33 -0700
From: Tassos Chatzithomaoglou <achatz@forthnetgroup.gr>
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:14.0) Gecko/20120713 Thunderbird/14.0
MIME-Version: 1.0
To: Maglione Roberta <roberta.maglione@telecomitalia.it>
References: <501B0463.9040307@forthnetgroup.gr> <282BBE8A501E1F4DA9C775F964BB21FE519702F12D@GRFMBX704BA020.griffon.local>
In-Reply-To: <282BBE8A501E1F4DA9C775F964BB21FE519702F12D@GRFMBX704BA020.griffon.local>
Content-Type: multipart/alternative; boundary="------------020807040107060308040306"
Cc: "radext@ietf.org" <radext@ietf.org>
Subject: Re: [radext] draft-maglione-pcp-radius-ext-04
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/radext>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Aug 2012 15:55:36 -0000
Thanks for the answer Roberta. This is also what i had in mind.
imho, a paragraph should be added explaining the use cases, so the
purpose of this attribute is better understood.
Also, i did a quick review of the doc and i have a few comments to make,
mostly semantics.
Since draft-ietf-pcp-dhcp defines that the OPTION_PCP_SERVER option can
include multiple PCP Server Domain Names, wouldn't it be appropriate for
this doc to use this behavior too?
Also, although the above draft instructs to use a name, generally
speaking PCP doesn't require a domain name. So
> A PCP client must know the Fully Qualified Domain Name (FQDN) of a
> PCP server, before it can communicate with the later in order to
> perform the relevant PCP functions.
A PCP client must know how to contact the PCP server, either by the Fully Qualified Domain Name (FQDN) of it
or by its IP address, before it can communicate with it in order to
perform the relevant PCP functions.
A note like the following should be added in the beginning:
In order to make use of this option, this document assumes
appropriate name resolution means (e.g.,Section 6.1.1 of [RFC1123] <http://tools.ietf.org/html/rfc1123#section-6.1.1>)
are available on the host client.
Under terminology, this should probably be added.
Name is a domain name (as perSection 3.1 of [RFC1035] <http://tools.ietf.org/html/rfc1035#section-3.1>) that
contains one or more labels. In particular, a PCP Server name may be
structured as DNS qualified name or be composed of strings such as
can be passed to getaddrinfo (Section 6.1 of [RFC3493] <http://tools.ietf.org/html/rfc3493#section-6.1>), including
address literals, etc.
> When the co-located DHCPv6 server receives
> a DHCPv6 message containing the PCP Server Option, it SHALL use the
> name returned in the RADIUS attribute as defined in this memo to
> populate the DHCPv6 PCP Server option defined in [I-D.ietf-pcp-dhcp <http://tools.ietf.org/html/draft-maglione-pcp-radius-ext-04#ref-I-D.ietf-pcp-dhcp>]
I worry about the SHALL wording here.
I would prefer to have it user configurable (MUST) on the NAS and if
enabled, then used (MUST).
Figure 2, if i understand it correctly, refers to IPoE sessions, so it
probably should be rephrased.
The same applies to figure 3 too.
Also:
> The Figure 2 illustrates how the RADIUS protocol and DHCPv6 work
> together to accomplish PCP client configuration when DHCPv6 is used
> to provide connectivity to the user.
The Figure 2 illustrates how the RADIUS protocol and DHCPv6 work
together to accomplish PCP client configuration when IPoE & DHCPv6 are used
to provide connectivity to the user.
> The difference between this message flow and previous one is that in
> this scenario the interaction between NAS and AAA/ RADIUS Server is
> triggered by the DHCPv6 Solicit message received by the NAS from the
> B4 acting as DHCPv6 client, while in case of a PPP Session the
> trigger is the PPP LCP Config Request message received by the NAS.
The difference between this message flow and previous one is that in
this scenario the interaction between NAS and AAA/ RADIUS Server is
triggered by the DHCPv6 Solicit message received by the NAS from the
PCP client acting as DHCPv6 client, while in case of a PPP Session the
trigger is the PPP LCP Config Request message received by the NAS.
> If the NAS does not receive the PCP server name attribute in the
> Access-Accept it MAY fallback to a pre-configured default tunnel
> name, if any. If the NAS does not have any pre-configured default
> tunnel name or if the NAS receives an Access-Reject, the PCP client
> can not be configured by the NAS.
If the NAS does not receive the PCP server name attribute in the
Access-Accept it MAY fallback to a pre-configured default PCP server
name, if any. If the NAS does not have any pre-configured default
PCP Server name or if the NAS receives an Access-Reject, the PCP client
can not be configured by the NAS.
> The scenario with PPP Session and IPv4 only connectivity does not
> require the DHCP protocol: the whole configuration of the client is
> performed by PPP. This case is out of scope of this document because
> in order to complete the configuration of the PCP client a new PPP
> IPC option would be required.
the above should probably be PPP IPCP option.
PCP-Server-Name is referenced many times in all lower-case letters.
Probably it's better to make it all the same.
Regards,
Tassos
On 2/8/2012 4:06 ??, Maglione Roberta wrote:
> Hello Tassos,
> Thanks for your comments.
> The scenario we had in mind when we wrote this document is similar to the one you have just described, but the PCP is not on the BNAS it is external in the Service Provider's network and we want to be able to have subscribers of the same NAS using different PCP servers. The reason why we would like to use radius is because we would like to be able to tie together the PCP server information with the subscriber's profile stored in the Radius server.
> If we don't have RADIUS part, we need to pre-provision the NAS with the PCP Server name, to be used in the DHCP option for each subscriber/group of subscribers. Please see attached slides.
> If you think that more explanations are needed in order to clarify the use case we can add more text in the draft.
>
> Thanks
> Roberta
>
> -----Original Message-----
> From:radext-bounces@ietf.org [mailto:radext-bounces@ietf.org] On Behalf Of Tassos Chatzithomaoglou
> Sent: venerdì 3 agosto 2012 0.51
> To:radext@ietf.org
> Subject: [radext] draft-maglione-pcp-radius-ext-04
>
> I am thinking of a similar implementation in our network, but after
> looking at the doc i couldn't find any clear example of usage.
>
> i.e. If you can define a PCP server locally on the NAS (DHCP server),
> why do you want to supply it through radius too?
>
> In our case, we want to differentiate service per subscriber or group of
> subscribers (in terms of port mappings) and also have the capability to
> have subscribers of the same NAS use different PCP servers in the future
> (this also helps in testing a new PCP server by a limited number of
> subscribers).
>
> So, do you think a paragraph could be added regarding actual use cases
> of this attribute?
>
> --
> Tassos
>
> _______________________________________________
> radext mailing list
> radext@ietf.org
> https://www.ietf.org/mailman/listinfo/radext
>
> Questo messaggio e i suoi allegati sono indirizzati esclusivamente alle persone indicate. La diffusione, copia o qualsiasi altra azione derivante dalla conoscenza di queste informazioni sono rigorosamente vietate. Qualora abbiate ricevuto questo documento per errore siete cortesemente pregati di darne immediata comunicazione al mittente e di provvedere alla sua distruzione, Grazie.
>
> This e-mail and any attachments is confidential and may contain privileged information intended for the addressee(s) only. Dissemination, copying, printing or use by anybody else is unauthorised. If you are not the intended recipient, please delete this message and any attachments and advise the sender by return e-mail, Thanks.
>
- [radext] draft-maglione-pcp-radius-ext-04 Tassos Chatzithomaoglou
- Re: [radext] draft-maglione-pcp-radius-ext-04 Maglione Roberta
- Re: [radext] draft-maglione-pcp-radius-ext-04 Tassos Chatzithomaoglou
- Re: [radext] draft-maglione-pcp-radius-ext-04 Maglione Roberta