IETF Logo Mail Archive

RE: Issue 226: RFC 3576bis and Renumbering

"Glen Zorn \(gwz\)" <gwz@cisco.com> Sun, 20 May 2007 21:28 UTC

Envelope-to: radiusext-data@psg.com
Delivery-date: Sun, 20 May 2007 21:29:47 +0000
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: Issue 226: RFC 3576bis and Renumbering
Date: Sun, 20 May 2007 14:28:50 -0700
Message-ID: <4C0FAAC489C8B74F96BEAD85EAEB2625040099E4@xmb-sjc-215.amer.cisco.com>
Thread-Topic: Issue 226: RFC 3576bis and Renumbering
Thread-Index: Acea3g12uvy+1EY4QLykpngGSdxmnwARyoQQ
From: "Glen Zorn (gwz)" <gwz@cisco.com>
To: Alan DeKok <aland@nitros9.org>, Bernard Aboba <bernard_aboba@hotmail.com>
Cc: radiusext@ops.ietf.org
DKIM-Signature: v=0.5; a=rsa-sha256; q=dns/txt; l=1852; t=1179696532; x=1180560532; c=relaxed/simple; s=sjdkim5002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=gwz@cisco.com; z=From:=20=22Glen=20Zorn=20\(gwz\)=22=20<gwz@cisco.com> |Subject:=20RE=3A=20Issue=20226=3A=20=20RFC=203576bis=20and=20Renumbering |Sender:=20; bh=SbAzRGdRRdo+koVRIJjFvU+Nx974sOZ6xf3TERfCqBw=; b=DGl5+u3w9zisVFd0YtSnody9h3MlXGkknh17wtmY/Cu0vilYOJujBWifRwolIjweOC/1nfvB 1ifpDlSB3ofrmFMPxKG8CGqyXBcXn9o/ZwDloKbZZmPptwRrPtZphLkW;
Authentication-Results: sj-dkim-5; header.From=gwz@cisco.com; dkim=pass (sig from cisco.com/sjdkim5002 verified; ); 

Alan DeKok <> allegedly scribbled on Sunday, May 20, 2007 5:53 AM:

> Bernard Aboba wrote:
>> The problem described in this issue is that a CoA-Request packet
>> cannot be used for renumbering.  This is because RFC 3576 defines the
>> Framed-IP-Address, Framed-IPv6-Prefix and Framed-Interface-Id
>> attributes as session identification attributes.
> 
>   Looking at issues & fixes, I'm not sure why we didn't require all
> NASes to generate a unique session ID in the Access-Request packet. 
> Once that's done, the session can be identified by that ID, rather
> than by an ad-hoc collection of network identifiers that are
> protocol-specific.  
> 

Me, neither: I've been advocating just that for several years now
(http://www.ietf.org/internet-drafts/draft-zorn-radius-logoff-09.txt).
The proposal has been essentially ignored, however, so I expect that
I'll be submitting it to the RFC Editor as an individual submission
shortly.

>> I'd like to put forward a potential approach to address this concern,
>> which is to introduce two new attributes, User-IPv4-Address and
>> User-IPv6-Address, in order to identify a session by IP address. 
>> This would allow the Framed-IP-Address, Framed-IPv6-Prefix,
>> Framed-Interface-Id and Delegated-IPv6-Address attributes to be
>> included for the purpose of renumbering.
> 
>   If the NAS is sending Acct-Session-Id, why not just use that to
> identify the session?  If the NAS isn't sending it (or isn't sending
> accounting packets at all), then the proposal above already suggests
> changing the NAS behavior.  Why not just require sending
> Acct-Session-Id in all Access-Requests?    
> 
>   If that is unacceptable, then your proposal seems reasonable.  But
> I'm wary of adding duplicate attributes for niche solutions. 
> 
>   Alan DeKok.

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

v2.23.0 | Report a Bug | By Email