Re: [radext] draft-cheng-behave-cgn-cfg-radius-ext-07 feedback
Alan DeKok <aland@deployingradius.com> Fri, 25 July 2014 18:47 UTC
Return-Path: <aland@deployingradius.com>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A024D1A0334 for <radext@ietfa.amsl.com>; Fri, 25 Jul 2014 11:47:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RKVS_2HSI_us for <radext@ietfa.amsl.com>; Fri, 25 Jul 2014 11:47:41 -0700 (PDT)
Received: from power.freeradius.org (power.freeradius.org [88.190.25.44]) by ietfa.amsl.com (Postfix) with ESMTP id B2F4C1A030C for <radext@ietf.org>; Fri, 25 Jul 2014 11:47:41 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by power.freeradius.org (Postfix) with ESMTP id 3144C22403BA; Fri, 25 Jul 2014 20:47:41 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at power.freeradius.org
Received: from power.freeradius.org ([127.0.0.1]) by localhost (power.freeradius.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6yuy2kSE4P90; Fri, 25 Jul 2014 20:47:37 +0200 (CEST)
Received: from Thor.local (unknown [70.50.219.241]) by power.freeradius.org (Postfix) with ESMTPSA id 400B62240168; Fri, 25 Jul 2014 20:47:37 +0200 (CEST)
Message-ID: <53D2A648.6090606@deployingradius.com>
Date: Fri, 25 Jul 2014 14:47:36 -0400
From: Alan DeKok <aland@deployingradius.com>
User-Agent: Thunderbird 2.0.0.24 (Macintosh/20100228)
MIME-Version: 1.0
To: Arran Cudbard-Bell <a.cudbardb@freeradius.org>
References: <mailman.0.1406300368.3016.radext@ietf.org> <D1A82475-4CAA-49D8-A2E3-AC07F4879F15@freeradius.org>
In-Reply-To: <D1A82475-4CAA-49D8-A2E3-AC07F4879F15@freeradius.org>
X-Enigmail-Version: 0.96.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/radext/X-whMeOpyzV-v4XqY-gpPNNqHb8
Cc: radext@ietf.org
Subject: Re: [radext] draft-cheng-behave-cgn-cfg-radius-ext-07 feedback
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/radext/>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Jul 2014 18:47:43 -0000
After some other discussion with Arran, I think there is another way to solve this problem. As background, this document allows for a NAS to communicate a TCP/UDP port set information for specific hosts. It seems duplicate effort to re-define all of the port / protocol information in a RADIUS document. These information elements are already defined in IPFIX: http://www.iana.org/assignments/ipfix/ipfix.xhtml Port ranges, protocols, etc. are all there. I wrote a document for IPFIX to RADIUS mappings: http://tools.ietf.org/html/draft-dekok-radius-ipfix-00 The intent was to allow for flow-specific accounting in RADIUS. That goal was talked about a lot 2-3 years ago, but has since been ignored. I believe that we can re-use it here. The only change necessary to my IPFix document is to add the following: - use of Acct-Multi-Session-Id to have flow-specific accounting streams - use Acct-Multi-Session-Id and Acct-Status-Type start / stop to indicate port range allocate / de-allocate. The benefits here are numerous, I think. RADIUS gains flow-specific accounting, and port range allocation signaling. However, RADIUS does *not* need to manage any attributes related to ports, protocols, ranges, etc. All of that is already defined in IPFIX. We could just reference IPFIX, and be done. Alan DeKok.
- [radext] draft-cheng-behave-cgn-cfg-radius-ext-07… Arran Cudbard-Bell
- Re: [radext] draft-cheng-behave-cgn-cfg-radius-ex… Alan DeKok
- Re: [radext] draft-cheng-behave-cgn-cfg-radius-ex… Sam Hartman
- Re: [radext] draft-cheng-behave-cgn-cfg-radius-ex… Alan DeKok
- Re: [radext] draft-cheng-behave-cgn-cfg-radius-ex… Alan DeKok
- Re: [radext] draft-cheng-behave-cgn-cfg-radius-ex… Jouni Korhonen
- Re: [radext] draft-cheng-behave-cgn-cfg-radius-ex… Alan DeKok
- Re: [radext] draft-cheng-behave-cgn-cfg-radius-ex… Arran Cudbard-Bell
- Re: [radext] draft-cheng-behave-cgn-cfg-radius-ex… Arran Cudbard-Bell
- Re: [radext] draft-cheng-behave-cgn-cfg-radius-ex… Alan DeKok
- Re: [radext] draft-cheng-behave-cgn-cfg-radius-ex… Arran Cudbard-Bell
- Re: [radext] draft-cheng-behave-cgn-cfg-radius-ex… Jouni Korhonen
- Re: [radext] draft-cheng-behave-cgn-cfg-radius-ex… Dean cheng