draft-ietf-softwire-map-radius-01.txt   draft-ietf-softwire-map-radius-02.txt 
Network Working Group Sheng Jiang (Editor)
Internet Draft Yu Fu Softwire S. Jiang
Intended status: Standards Track Bing Liu Internet-Draft Y. Fu
Expires: June 21, 2014 Huawei Technologies Co., Ltd Intended status: Standards Track B. Liu
Peter Deacon Expires: December 21, 2014 Huawei Technologies Co., Ltd
IEA Software, Inc. P. Deacon
December 18, 2013 IEA Software, Inc.
June 19, 2014
RADIUS Attribute for MAP RADIUS Attribute for MAP
draft-ietf-softwire-map-radius-02
draft-ietf-softwire-map-radius-01.txt Abstract
Status of this Memo Mapping of Address and Port (MAP) is a stateless mechanism for
running IPv4 over IPv6-only infrastructure. It provides both IPv4
and IPv6 connectivity services simultaneously during the IPv4/IPv6
co-existing period. The Dynamic Host Configuration Protocol for IPv6
(DHCPv6) MAP options has been defined to configure MAP Customer Edge
(CE). However, in many networks, the configuration information may
be stored in Authentication Authorization and Accounting (AAA)
servers while user configuration is mainly from Broadband Network
Gateway (BNG) through DHCPv6 protocol. This document defines a
Remote Authentication Dial In User Service (RADIUS) attribute that
carries MAP configuration information from AAA server to BNG. The
MAP RADIUS attribute are designed following the simplify principle.
It provides just enough information to form the correspondent DHCPv6
MAP option.
Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute working Task Force (IETF). Note that other groups may also distribute
documents as Internet-Drafts. The list of current Internet-Drafts is working documents as Internet-Drafts. The list of current Internet-
at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on June 21, 2014. This Internet-Draft will expire on December 21, 2014.
Copyright Notice Copyright Notice
Copyright (c) 2012 IETF Trust and the persons identified as the Copyright (c) 2014 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Abstract This document may contain material from IETF Documents or IETF
Contributions published or made publicly available before November
Mapping of Address and Port (MAP) is a stateless mechanism for 10, 2008. The person(s) controlling the copyright in some of this
running IPv4 over IPv6-only infrastructure. It provides both IPv4 and material may not have granted the IETF Trust the right to allow
IPv6 connectivity services simultaneously during the IPv4/IPv6 co- modifications of such material outside the IETF Standards Process.
existing period. The Dynamic Host Configuration Protocol for IPv6 Without obtaining an adequate license from the person(s) controlling
(DHCPv6) MAP options has been defined to configure MAP Customer Edge the copyright in such materials, this document may not be modified
(CE). However, in many networks, the configuration information may be outside the IETF Standards Process, and derivative works of it may
stored in Authentication Authorization and Accounting (AAA) servers not be created outside the IETF Standards Process, except to format
while user configuration is mainly from Broadband Network Gateway it for publication as an RFC or to translate it into languages other
(BNG) through DHCPv6 protocol. This document defines a Remote than English.
Authentication Dial In User Service (RADIUS) attribute that carries
MAP configuration information from AAA server to BNG. The MAP RADIUS
attribute are designed following the simplify principle. It provides
just enough information to form the correspondent DHCPv6 MAP option.
Table of Contents Table of Contents
1. Introduction ................................................. 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Terminology .................................................. 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. MAP Configuration process with RADIUS ........................ 3 3. MAP Configuration process with RADIUS . . . . . . . . . . . . 3
4. Attributes ................................................... 6 4. Attributes . . . . . . . . . . . . . . . . . . . . . . . . . 6
4.1. MAP-Configuration Attribute ............................. 6 4.1. MAP-Configuration Attribute . . . . . . . . . . . . . . . 6
4.2. MAP Rule Options ........................................ 6 4.2. MAP Rule Options . . . . . . . . . . . . . . . . . . . . 6
4.3. Sub Options for MAP Rule Option ......................... 7 4.3. Sub Options for MAP Rule Option . . . . . . . . . . . . . 7
4.3.1. Rule-IPv6-Prefix Sub Option ........................ 7 4.3.1. Rule-IPv6-Prefix Sub Option . . . . . . . . . . . . . 7
4.3.2. Rule-IPv4-Prefix Sub Option ........................ 8 4.3.2. Rule-IPv4-Prefix Sub Option . . . . . . . . . . . . . 8
4.3.3. Encapsulation/Translation Flag Sub Option........... 9 4.3.3. EA Length Sub Option . . . . . . . . . . . . . . . . 9
4.3.4. PSID Sub Option ................................... 10 4.3.4. BR-IPv6-Address Sub Option . . . . . . . . . . . . . 9
4.3.5. PSID Length Sub Option ............................ 10 4.3.5. PSID Sub Option . . . . . . . . . . . . . . . . . . . 9
4.3.6. PSID Offset Sub Option ............................ 11 4.3.6. PSID Length Sub Option . . . . . . . . . . . . . . . 10
4.4. Table of attributes .................................... 11 4.3.7. PSID Offset Sub Option . . . . . . . . . . . . . . . 10
5. Diameter Considerations ..................................... 12 4.4. Table of attributes . . . . . . . . . . . . . . . . . . . 11
6. Security Considerations ..................................... 12 5. Diameter Considerations . . . . . . . . . . . . . . . . . . . 11
7. IANA Considerations ......................................... 12 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12
8. Acknowledgments ............................................. 12 7. Security Considerations . . . . . . . . . . . . . . . . . . . 12
9. References .................................................. 13 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 12
9.1. Normative References ................................... 13 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 12
9.2. Informative References ................................. 14 9.1. Normative References . . . . . . . . . . . . . . . . . . 13
9.2. Informative References . . . . . . . . . . . . . . . . . 13
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 14
1. Introduction 1. Introduction
Recently providers start to deploy IPv6 and consider how to transit Recently providers start to deploy IPv6 and consider how to transit
to IPv6. Mapping of Address and Port (MAP) to IPv6. Mapping of Address and Port (MAP)[I-D.ietf-softwire-map] is
[I-D.ietf-softwire-map] is a stateless mechanism for running IPv4 a stateless mechanism for running IPv4 over IPv6-only infrastructure.
over IPv6-only infrastructure. It provides both IPv4 and IPv6 It provides both IPv4 and IPv6 connectivity services simultaneously
connectivity services simultaneously during the IPv4/IPv6 co-existing during the IPv4/IPv6 co-existing period. MAP has adopted Dynamic
period. MAP has adopted Dynamic Host Configuration Protocol for IPv6 Host Configuration Protocol for IPv6 (DHCPv6) [RFC3315] as auto-
(DHCPv6) [RFC3315] as auto-configuring protocol. The MAP Customer configuring protocol. The MAP Customer Edge (CE) uses the DHCPv6
Edge (CE) uses the DHCPv6 extension options extension options [I-D.ietf-softwire-map-dhcp] to discover MAP Border
[I-D.mdt-softwire-map-dhcp-option] to discover MAP Border Relay (in Relay (in tunnel model only) and to configure relevant MAP rules.
tunnel model only) and to configure relevant MAP rules.
In many networks, user configuration information may be managed by In many networks, user configuration information may be managed by
AAA (Authentication, Authorization, and Accounting) servers. Current AAA (Authentication, Authorization, and Accounting) servers. Current
AAA servers communicate using the Remote Authentication Dial In User AAA servers communicate using the Remote Authentication Dial In User
Service (RADIUS) [RFC2865] protocol. In a fixed line broadband Service (RADIUS) [RFC2865] protocol. In a fixed line broadband
network, the Broadband Network Gateways (BNGs) act as the access network, the Broadband Network Gateways (BNGs) act as the access
gateway of users. The BNGs are assumed to embed a DHCPv6 server gateway of users. The BNGs are assumed to embed a DHCPv6 server
function that allows them to locally handle any DHCPv6 requests function that allows them to locally handle any DHCPv6 requests
initiated by hosts. initiated by hosts.
Since the MAP configuration information is stored in AAA servers and Since the MAP configuration information is stored in AAA servers and
user configuration is mainly through DHCPv6 protocol between BNGs and user configuration is mainly through DHCPv6 protocol between BNGs and
hosts/CEs, new RADIUS attributes are needed to propagate the hosts/CEs, new RADIUS attributes are needed to propagate the
information from AAA servers to BNGs. The MAP RADIUS attribute are information from AAA servers to BNGs. The MAP RADIUS attributes
designed following the simplify principle, while providing enough designed in this document are especially for the MAP encapsulation
information to form the correspondent DHCPv6 MAP option. mode, while providing enough information to form the correspondent
[I-D.mdt-softwire-map-dhcp-option]. DHCPv6 MAP option [I-D.ietf-softwire-map-dhcp].
2. Terminology 2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC2119 [RFC2119]. document are to be interpreted as described in [RFC2119].
The terms MAP CE and MAP Border Relay are defined in The terms MAP CE and MAP Border Relay are defined in
[I-D.ietf-softwire-map]. [I-D.ietf-softwire-map].
3. MAP Configuration process with RADIUS 3. MAP Configuration process with RADIUS
The below Figure 1 illustrates how the RADIUS protocol and DHCPv6 The below Figure 1 illustrates how the RADIUS protocol and DHCPv6
cooperate to provide MAP CE with MAP configuration information. cooperate to provide MAP CE with MAP configuration information.
MAP CE BNG AAA Server MAP CE BNG AAA Server
| | | | | |
|------DHCPv6 Solicit----->| | |------DHCPv6 Solicit----->| |
|(Option Request w/ MAP option) | |(Option Request w/ MAP option) |
| |--Access-Request(MAP Attr)-->| | |--Access-Request(MAP Attr)-->|
| | | | | |
| |<--Access-Accept(MAP Attr)---| | |<--Access-Accept(MAP Attr)---|
|<---DHCPv6 Advertisement--| | |<---DHCPv6 Advertisement--| |
| | | | | |
|------DHCPv6 Request---->| | |------DHCPv6 Request---->| |
| (MAP Option) | | | (MAP Option) | |
|<---- -DHCPv6 Reply-------| | |<---- -DHCPv6 Reply-------| |
| (MAP option) | | | (MAP option) | |
| | | | | |
DHCPv6 RADIUS DHCPv6 RADIUS
Figure 1: the cooperation between DHCPv6 and RADIUS
combining with RADIUS authentication
BNGs act as a RADIUS client and as a DHCPv6 server. First, the MAP CE Figure 1: the cooperation between DHCPv6 and RADIUS combining with
MAY initiate a DHCPv6 Solicit message that includes an Option Request RADIUS authentication
option (6) [RFC3315] with the MAP option
[draft-ietf-softwire-map-dhcp] from the MAP CE. But note that the ORO BNGs act as a RADIUS client and as a DHCPv6 server. First, the MAP
CE MAY initiate a DHCPv6 Solicit message that includes an Option
Request option (6) [RFC3315] with the MAP option
[I-D.ietf-softwire-map-dhcp] from the MAP CE. But note that the ORO
(Option Request option) with the MAP option could be optional if the (Option Request option) with the MAP option could be optional if the
network was planned as MAP-enabled as default. When BNG receives the network was planned as MAP-enabled as default. When BNG receives the
SOLICIT, it SHOULD initiates radius Access-Request message, in which SOLICIT, it SHOULD initiates radius Access-Request message, in which
the User-Name attribute (1) SHOULD be filled by the MAP CE MAC the User-Name attribute (1) SHOULD be filled by the MAP CE MAC
address, to the RADIUS server and the User-password attribute (2) address, to the RADIUS server and the User-password attribute (2)
SHOULD be filled by the shared MAP password that has been SHOULD be filled by the shared MAP password that has been
preconfigured on the DHCPv6 server, requesting authentication as preconfigured on the DHCPv6 server, requesting authentication as
defined in [RFC2865] with MAP-Configuration attribute, defined in the defined in [RFC2865] with MAP-Configuration attribute, defined in the
next Section. If the authentication request is approved by the AAA next Section. If the authentication request is approved by the AAA
server, an Access-Accept message MUST be acknowledged with the IPv6- server, an Access-Accept message MUST be acknowledged with the IPv6-
MAP-Configuration Attribute. After receiving the Access-Accept MAP-Configuration Attribute. After receiving the Access-Accept
message with MAP-Configuration Attribute, the BNG SHOULD respond the message with MAP-Configuration Attribute, the BNG SHOULD respond the
user an Advertisement message. Then the user can requests for a MAP user an Advertisement message. Then the user can requests for a MAP
Option, the BNG SHOULD reply the user with the message containing the Option, the BNG SHOULD reply the user with the message containing the
MAP option. The recommended format of the MAC address is as defined MAP option. The recommended format of the MAC address is as defined
in Calling-Station-Id (Section 3.20 in [RFC3580]) without the SSID in Calling-Station-Id (Section 3.20 in [RFC3580] without the SSID
(Service Set Identifier) portion. (Service Set Identifier) portion.
Figure 2 describes another scenario, in which the authorization Figure 2 describes another scenario, in which the authorization
operation is not coupled with authentication. Authorization relevant operation is not coupled with authentication. Authorization relevant
to MAP is done independently after the authentication process. As to MAP is done independently after the authentication process. As
similar to above scenario, the ORO with the MAP option in the initial similar to above scenario, the ORO with the MAP option in the initial
DHCPv6 request could be optional if the network was planned as MAP- DHCPv6 request could be optional if the network was planned as MAP-
enabled as default. enabled as default.
MAP CE BNG AAA Server MAP CE BNG AAA Server
| | | | | |
|------DHCPv6 Request---->| | |------DHCPv6 Request---->| |
|(Option Request w/ MAP option) | |(Option Request w/ MAP option) |
| |--Access-Request(MAP Attr)-->| | |--Access-Request(MAP Attr)-->|
| | | | | |
| |<--Access-Accept(MAP Attr)---| | |<--Access-Accept(MAP Attr)---|
| | | | | |
|<-----DHCPv6 Reply--------| | |<-----DHCPv6 Reply--------| |
| (MAP option) | | | (MAP option) | |
| | | | | |
DHCPv6 RADIUS DHCPv6 RADIUS
Figure 2: the cooperation between DHCPv6 and RADIUS
decoupled with RADIUS authentication Figure 2: the cooperation between DHCPv6 and RADIUS decoupled with
RADIUS authentication
In the abovementioned scenario, the Access-Request packet SHOULD In the abovementioned scenario, the Access-Request packet SHOULD
contain a Service-Type attribute (6) with the value Authorize Only contain a Service-Type attribute (6) with the value Authorize Only
(17); thus, according to [RFC5080], the Access-Request packet MUST (17); thus, according to [RFC5080], the Access-Request packet MUST
contain a State attribute that obtained from the previous contain a State attribute that obtained from the previous
authentication process. authentication process.
In both above-mentioned scenarios, Message-authenticator (type 80) In both above-mentioned scenarios, Message-authenticator (type 80)
[RFC2869] SHOULD be used to protect both Access-Request and Access- [RFC2869] SHOULD be used to protect both Access-Request and Access-
Accept messages. Accept messages.
After receiving the MAP-Configuration Attribute in the initial After receiving the MAP-Configuration Attribute in the initial
Access-Accept, the BNG SHOULD store the received MAP configuration Access-Accept, the BNG SHOULD store the received MAP configuration
parameters locally. When the MAP CE sends a DHCPv6 Request message to parameters locally. When the MAP CE sends a DHCPv6 Request message
request an extension of the lifetimes for the assigned address, the to request an extension of the lifetimes for the assigned address,
BNG does not have to initiate a new Access-Request towards the AAA the BNG does not have to initiate a new Access-Request towards the
server to request the MAP configuration parameters. The BNG could AAA server to request the MAP configuration parameters. The BNG
retrieve the previously stored MAP configuration parameters and use could retrieve the previously stored MAP configuration parameters and
them in its reply. use them in its reply.
If the BNG does not receive the MAP-Configuration Attribute in the If the BNG does not receive the MAP-Configuration Attribute in the
Access-Accept it MAY fallback to a pre-configured default MAP Access-Accept it MAY fallback to a pre-configured default MAP
configuration, if any. If the BNG does not have any pre-configured configuration, if any. If the BNG does not have any pre-configured
default MAP configuration or if the BNG receives an Access-Reject, default MAP configuration or if the BNG receives an Access-Reject,
the tunnel cannot be established. the tunnel cannot be established.
As specified in [RFC3315], section 18.1.4, "Creation and Transmission As specified in [RFC3315], section 18.1.4, "Creation and Transmission
of Rebind Messages ", if the DHCPv6 server to which the DHCPv6 Renew of Rebind Messages ", if the DHCPv6 server to which the DHCPv6 Renew
message was sent at time T1 has not responded by time T2, the MAP CE message was sent at time T1 has not responded by time T2, the MAP CE
(DHCPv6 client) SHOULD enters the Rebind state and attempt to contact (DHCPv6 client) SHOULD enters the Rebind state and attempt to contact
any available server. In this situation, the secondary BNG receiving any available server. In this situation, the secondary BNG receiving
the DHCPv6 message MUST initiate a new Access-Request towards the AAA the DHCPv6 message MUST initiate a new Access-Request towards the AAA
server. The secondary BNG MAY include the MAP-Configuration Attribute server. The secondary BNG MAY include the MAP-Configuration
in its Access-Request. Attribute in its Access-Request.
4. Attributes 4. Attributes
This section defines MAP-Rule Attribute which is used in the MAP This section defines MAP-Rule Attribute which is used in the MAP
scenario. The attribute design follows [RFC6158] and referring to [I- scenario. The attribute design follows [RFC6158] and referring
D.ietf-radext-radius-extensions]. to[RFC6929].
The MAP RADIUS attribute are designed following the simplify The MAP RADIUS attribute are designed following the simplify
principle. The sub options are organized into two categories: the principle. The sub options are organized into two categories: the
necessary and the optional. necessary and the optional.
4.1. MAP-Configuration Attribute 4.1. MAP-Configuration Attribute
The MAP-Configuration Attribute is structured as follows: The MAP-Configuration Attribute is structured as follows:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | | | Type | Length | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +
| | | |
+ MAP Rule Option(s) + + MAP Rule Option(s) +
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
TBD
Length
2 + the length of the Rule option(s)
MAP Rule Option (s)
A variable field that may contains one or more Rule option(s),
defined in Section 4.2.
Type 4.2. MAP Rule Options
TBD
Length
2 + the length of the Rule option(s)
MAP Rule Option (s)
A variable field that may contains one or more Rule option(s),
defined in Section 4.2.
4.2. MAP Rule Options
Depending on deployment scenario, one Default Mapping rule and zero Depending on deployment scenario, one Default Mapping rule and zero
or more other type Mapping Rules MUST be included in one or more other type Mapping Rules MUST be included in one MAP-
MAP-Configuration Attribute. Configuration Attribute.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | | | Type | Length | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +
| | | |
+ Sub Options + + Sub Options +
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
1 Basic Mapping Rule (Not Forwarding Mapping Rule)
2 Forwarding Mapping Rule (Not Basic Mapping Rule)
3 Default Mapping Rule
4 Basic & Forwarding Mapping Rule
Length
2 + the length of the sub options
Sub Option
A variable field that contains necessary sub options defined in
Section 4.3 and zero or several optional sub options, defined
in Section 4.4.
Type 4.3. Sub Options for MAP Rule Option
1 Basic Mapping Rule (Not Forwarding Mapping Rule)
2 Forwarding Mapping Rule (Not Basic Mapping Rule)
3 Default Mapping Rule
4 Basic & Forwarding Mapping Rule
Length
2 + the length of the sub options
Sub Option
A variable field that contains necessary sub options defined in
Section 4.3 and zero or several optional sub options, defined
in Section 4.4.
4.3. Sub Options for MAP Rule Option
The sub options do not include EA-Len Embedded-Address length ,
because it can be calculated by the combine of prefix4len, prefix6-
len, PSID and offset bits.
4.3.1. Rule-IPv6-Prefix Sub Option 4.3.1. Rule-IPv6-Prefix Sub Option
The Rule-IPv6-Prefix Sub Option is necessary for every MAP Rule The Rule-IPv6-Prefix Sub Option is necessary for every MAP Rule
option. It should appear for once and only once. option. It should appear for once and only once.
The IPv6 Prefix sub option is follow the framed IPv6 prefix designed The IPv6 Prefix sub option is followed the framed IPv6 prefix
in [RFC3162]. designed in [RFC3162].
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| SubType | SubLen | Reserved | prefix6-len | | SubType | SubLen | Reserved | prefix6-len |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
| rule-ipv6-prefix | | rule-ipv6-prefix |
| | | |
| | | |
skipping to change at page 8, line 15 skipping to change at page 8, line 15
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| SubType | SubLen | Reserved | prefix6-len | | SubType | SubLen | Reserved | prefix6-len |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
| rule-ipv6-prefix | | rule-ipv6-prefix |
| | | |
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
SubType SubType
1 (SubType number, for the Rule-IPv6-Prefix6 sub option) 1 (SubType number, for the Rule-IPv6-Prefix6 sub option)
SubLen SubLen
20 (the length of the Rule-IPv6-Prefix6 sub option) 20 (the length of the Rule-IPv6-Prefix6 sub option)
Reserved Reserved
Reserved for future usage. It should be set to all zero. Reserved for future usage. It should be set to all zero.
prefix6-len prefix6-len
length of the IPv6 prefix, specified in the rule-ipv6-prefix length of the IPv6 prefix, specified in the rule-ipv6-prefix
field, expressed in bits field, expressed in bits
rule-ipv6-prefix rule-ipv6-prefix
a 128-bits field that specifies an IPv6 prefix that appears in a 128-bits field that specifies an IPv6 prefix that appears in
a MAP rule a MAP rule
"For the encapsulation mode the Rule IPv6 prefix can be the full IPv6 4.3.2. Rule-IPv4-Prefix Sub Option
address of the BR." [I-D.ietf-softwire-map]
4.3.2. Rule-IPv4-Prefix Sub Option
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| SubType | SubLen | Reserved | prefix4-len | | SubType | SubLen | Reserved | prefix4-len |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| rule-ipv4-prefix | | rule-ipv4-prefix |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
SubType
SubType
2 (SubType number, for the Rule-IPv4-Prefix6 sub option) 2 (SubType number, for the Rule-IPv4-Prefix6 sub option)
SubLen SubLen
8 (the length of the Rule-IPv4-Prefix6 sub option) 8 (the length of the Rule-IPv4-Prefix6 sub option)
Reserved Reserved
Reserved for future usage. It should be set to all zero. Reserved for future usage. It should be set to all zero.
Prefix4-len Prefix4-len
length of the IPv6 prefix, specified in the rule-ipv6-prefix length of the IPv6 prefix, specified in the rule-ipv6-prefix
field, expressed in bits field, expressed in bits
rule-ipv4-prefix rule-ipv4-prefix
a 32-bits field that specifies an IPv4 prefix that appears in a 32-bits field that specifies an IPv4 prefix that appears in
a MAP rule a MAP rule
4.3.3. Encapsulation/Translation Flag Sub Option 4.3.3. EA Length Sub Option
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| SubType | SubLen | E/T Flag | | SubType | SubLen | EA-len |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
SubType SubType
3 (SubType number, for the EA Length sub option)
3 (SubType number, for the E/T flag sub option)
SubLen SubLen
4 (the length of the EA Length sub option)
EA-len
16 bits long field that specifies the Embedded-Address (EA)
bit length. Allowed values range from 0 to 48.
4 (the length of the E/T flag sub option) 4.3.4. BR-IPv6-Address Sub Option
E/T Flag
indicate the MAP transport mode: encapsulation or translation.
all 0 for encapsulation, all 1 for translation.
If this sub option is not present, the default is to be assumed as
encapsulation mode.
4.3.4. PSID Sub Option
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| SubType | SubLen | PSID | | SubType | SubLen | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
| BR-ipv6-address |
| |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
SubType SubType
4 (SubType number, for the BR-ipv6-address sub option)
4 (SubType number, for the PSID Sub Option sub option)
SubLen SubLen
20 (the length of the BR-ipv6-address sub option)
Reserved
Reserved for future usage. It should be set to all zero.
BR-ipv6-address
a 128-bits field that specifies the IPv6 address for the BR.
4 (the length of the PSID Sub Option sub option) 4.3.5. PSID Sub Option
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| SubType | SubLen | PSID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
PSID (Port-set ID) SubType
Explicit 16-bit (unsigned word) PSID value. The PSID value 5 (SubType number, for the PSID Sub Option sub option)
algorithmically identifies a set of ports assigned to a CE. The SubLen
first k-bits on the left of this 2-octets field is the PSID 4 (the length of the PSID Sub Option sub option)
value. The remaining (16-k) bits on the right are padding zeros. PSID (Port-set ID)
Explicit 16-bit (unsigned word) PSID value. The PSID value
algorithmically identifies a set of ports assigned to a CE. The
first k-bits on the left of this 2-octets field is the PSID
value. The remaining (16-k) bits on the right are padding zeros.
4.3.5. PSID Length Sub Option 4.3.6. PSID Length Sub Option
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| SubType | SubLen | PSID-len | | SubType | SubLen | PSID-len |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
SubType SubType
6 (SubType number, for the PSID Length sub option)
5 (SubType number, for the PSID Length sub option)
SubLen SubLen
4 (the length of the PSID Length sub option) 4 (the length of the PSID Length sub option)
PSID-len PSID-len
Bit length value of the number of significant bits in the PSID Bit length value of the number of significant bits in the PSID
field. (also known as 'k'). When set to 0, the PSID field is to field. (also known as 'k'). When set to 0, the PSID field is to
be ignored. After the first 'a' bits, there are k bits in the be ignored. After the first 'a' bits, there are k bits in the
port number representing valid of PSID. Subsequently, the port number representing valid of PSID. Subsequently, the
address sharing ratio would be 2 ^k. address sharing ratio would be 2 ^k.
4.3.6. PSID Offset Sub Option 4.3.7. PSID Offset Sub Option
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| SubType | SubLen | PSID Offset | | SubType | SubLen | PSID Offset |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
SubType SubType
7 (SubType number, for the PSID Offset sub option)
6 (SubType number, for the PSID Offset sub option)
SubLen SubLen
4 (the length of the PSID Offset sub option) 4 (the length of the PSID Offset sub option)
PSID Offset PSID Offset
4 bits long field that specifies the numeric value for the MAP 4 bits long field that specifies the numeric value for the MAP
algorithm's excluded port range/offset bits (A-bits), as per algorithm's excluded port range/offset bits (A-bits), as per
section 5.1.1 in [I-D.ietf-softwire-map]. Default must be set section 5.1.1 in [I-D.ietf-softwire-map]. Default must be set
to 4. to 4.
4.4. Table of attributes 4.4. Table of attributes
The following table provides a guide to which attributes may be found The following table provides a guide to which attributes may be found
in which kinds of packets, and in what quantity. in which kinds of packets, and in what quantity.
Request Accept Reject Challenge Accounting # Attribute Request Accept Reject Challenge Accounting # Attribute
Request Request
0-1 0-1 0 0 0-1 TBD1 MAP- 0-1 0-1 0 0 0-1 TBD1 MAP-
Configuration Configuration
0-1 0-1 0 0 0-1 1 User-Name 0-1 0-1 0 0 0-1 1 User-Name
0-1 0 0 0 0 2 User-Password 0-1 0 0 0 0 2 User-Password
skipping to change at page 12, line 5 skipping to change at page 11, line 44
The following table defines the meaning of the above table entries. The following table defines the meaning of the above table entries.
0 This attribute MUST NOT be present in packet. 0 This attribute MUST NOT be present in packet.
0+ Zero or more instances of this attribute MAY be present in 0+ Zero or more instances of this attribute MAY be present in
packet. packet.
0-1 Zero or one instance of this attribute MAY be present in 0-1 Zero or one instance of this attribute MAY be present in
packet. packet.
1 Exactly one instance of this attribute MUST be present in 1 Exactly one instance of this attribute MUST be present in
packet. packet.
5. Diameter Considerations 5. Diameter Considerations
This attribute is usable within either RADIUS or Diameter [RFC6733]. This attribute is usable within either RADIUS or Diameter [RFC6733].
Since the Attributes defined in this document will be allocated from Since the Attributes defined in this document will be allocated from
the standard RADIUS type space, no special handling is required by the standard RADIUS type space, no special handling is required by
Diameter entities. Diameter entities.
6. Security Considerations 6. IANA Considerations
This document requires the assignment of two new RADIUS Attributes
Types in the "Radius Types" registry (currently located at
http://www.iana.org/assignments/radius-types for the following
attributes:
o MAP-Configuration TBD1
IANA should allocate the numbers from the standard RADIUS Attributes
space using the "IETF Review" policy [RFC5226].
7. Security Considerations
In MAP scenarios, both CE and BNG are within a provider network, In MAP scenarios, both CE and BNG are within a provider network,
which can be considered as a closed network and a lower security which can be considered as a closed network and a lower security
threat environment. A similar consideration can be applied to the threat environment. A similar consideration can be applied to the
RADIUS message exchange between BNG and the AAA server. RADIUS message exchange between BNG and the AAA server.
Known security vulnerabilities of the RADIUS protocol are discussed Known security vulnerabilities of the RADIUS protocol are discussed
in [RFC2607], [RFC2865], and [RFC2869]. Use of IPsec [RFC4301] for in [RFC2607], [RFC2865], and[RFC2869]. Use of IPsec [RFC4301] for
providing security when RADIUS is carried in IPv6 is discussed in providing security when RADIUS is carried in IPv6 is discussed in
[RFC3162]. [RFC3162].
A malicious user may use MAC address proofing and/or dictionary A malicious user may use MAC address proofing and/or dictionary
attack on the shared MAP password that has been preconfigured on the attack on the shared MAP password that has been preconfigured on the
DHCPv6 server to get unauthorized MAP configuration information. DHCPv6 server to get unauthorized MAP configuration information.
Security considerations for MAP specific between MAP CE and BNG are Security considerations for MAP specific between MAP CE and BNG are
discussed in [I-D.ietf-softwire-map]. Furthermore, generic DHCPv6 discussed in [I-D.ietf-softwire-map]. Furthermore, generic DHCPv6
security mechanisms can be applied DHCPv6 intercommunication between security mechanisms can be applied DHCPv6 intercommunication between
MAP CE and BNG. MAP CE and BNG.
Security considerations for the Diameter protocol are discussed in Security considerations for the Diameter protocol are discussed in
[RFC6733]. [RFC6733].
7. IANA Considerations 8. Acknowledgements
This document requires the assignment of two new RADIUS Attributes
Types in the "Radius Types" registry (currently located at
http://www.iana.org/assignments/radius-types for the following
attributes:
o MAP-Configuration TBD1
IANA should allocate the numbers from the standard RADIUS Attributes The authors would like to thank the valuable comments made by Peter
space using the "IETF Review" policy [RFC5226]. Lothberg, Wojciech Dec, and Suresh Krishnan for this document.
8. Acknowledgments This document was produced using the xml2rfc tool [RFC2629].
The authors would like to thank for valuable comments from Peter 9. References
Lothberg, Wojciech Dec, and Suresh Krishnan .etc. 9.1. Normative References
9. References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
9.1. Normative References [RFC2865] Rigney, C., Willens, S., Rubens, A., and W. Simpson,
"Remote Authentication Dial In User Service (RADIUS)", RFC
2865, June 2000.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC3162] Aboba, B., Zorn, G., and D. Mitton, "RADIUS and IPv6", RFC
Requirement Levels", BCP 14, RFC 2119, March 1997. 3162, August 2001.
[RFC2865] Rigney, C., Willens, S., Rubens, A., and W. Simpson, [RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C.,
"Remote Authentication Dial In User Service (RADIUS)", RFC and M. Carney, "Dynamic Host Configuration Protocol for
2865, June 2000. IPv6 (DHCPv6)", RFC 3315, July 2003.
[RFC2869] Rigney, C., Willats, W., and P. Calhoun, "RADIUS [RFC3580] Congdon, P., Aboba, B., Smith, A., Zorn, G., and J. Roese,
Extensions", RFC 2869, June 2000. "IEEE 802.1X Remote Authentication Dial In User Service
(RADIUS) Usage Guidelines", RFC 3580, September 2003.
[RFC3162] Aboba, B., Zorn, G., and D. Mitton, "RADIUS and IPv6", RFC [RFC5080] Nelson, D. and A. DeKok, "Common Remote Authentication
3162, August 2001. Dial In User Service (RADIUS) Implementation Issues and
Suggested Fixes", RFC 5080, December 2007.
[RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., and [RFC6158] DeKok, A. and G. Weber, "RADIUS Design Guidelines", BCP
M. Carney, "Dynamic Host Configuration Protocol for IPv6 158, RFC 6158, March 2011.
(DHCPv6)", RFC 3315, July 2003.
[RFC4301] Kent, S. and K. Seo, "Security Architecture for the [RFC6929] DeKok, A. and A. Lior, "Remote Authentication Dial In User
Internet Protocol", RFC 4301, December 2005. Service (RADIUS) Protocol Extensions", RFC 6929, April
2013.
[RFC5080] Nelson, D. and DeKok A., "Common Remote Authentication Dial 9.2. Informative References
In User Service (RADIUS) Implementation Issues and
Suggested Fixes", RFC 5080, December 2007.
[RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an [I-D.ietf-softwire-map]
IANA Considerations Section in RFCs", RFC 5226, May 2008. Troan, O., Dec, W., Li, X., Bao, C., Matsushima, S.,
Murakami, T., and T. Taylor, "Mapping of Address and Port
with Encapsulation (MAP)", draft-ietf-softwire-map-10
(work in progress), January 2014.
[RFC6158] DeKok, A. and G. Weber, "RADIUS Design Guidelines", RFC [I-D.ietf-softwire-map-dhcp]
6158, March 2011. Mrugalski, T., Troan, O., Farrer, I., Perreault, S., Dec,
W., Bao, C., leaf.yeh.sdo@gmail.com, l., and X. Deng,
"DHCPv6 Options for configuration of Softwire Address and
Port Mapped Clients", draft-ietf-softwire-map-dhcp-07
(work in progress), March 2014.
[RFC6733] V. Fajardo, Ed., J. Arkko, J. Loughney, G. Zorn, Ed., [RFC2607] Aboba, B. and J. Vollbrecht, "Proxy Chaining and Policy
"Diameter Base Protocol", RFC 6733, October 2012. Implementation in Roaming", RFC 2607, June 1999.
[I-D.ietf-softwire-map] [RFC2629] Rose, M., "Writing I-Ds and RFCs using XML", RFC 2629,
O. Troan, et al., "Mapping of Address and Port (MAP)", June 1999.
draft-ietf-softwire-map, working in progress.
[I-D.mdt-softwire-map-dhcp-option] [RFC2869] Rigney, C., Willats, W., and P. Calhoun, "RADIUS
T. Mrugalski, et al., "DHCPv6 Options for Mapping of Extensions", RFC 2869, June 2000.
Address and Port", draft-mdt-softwire-map-dhcp-option,
working in progress.
9.2. Informative References [RFC4301] Kent, S. and K. Seo, "Security Architecture for the
Internet Protocol", RFC 4301, December 2005.
[RFC2607] Aboba, B. and J. Vollbrecht, "Proxy Chaining and Policy [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an
Implementation in Roaming", RFC 2607, June 1999. IANA Considerations Section in RFCs", BCP 26, RFC 5226,
May 2008.
[I-D.ietf-radext-radius-extensions] [RFC6733] Fajardo, V., Arkko, J., Loughney, J., and G. Zorn,
DeKok, A. and A. Lior, "Remote Authentication Dial In User "Diameter Base Protocol", RFC 6733, October 2012.
Service (RADIUS) Protocol Extensions", draft-ietf-radext-
radius-extensions, work in process.
Author's Addresses Authors' Addresses
Sheng Jiang Sheng Jiang
Huawei Technologies Co., Ltd Huawei Technologies Co., Ltd
Huawei Building, 156 Beiqing Rd. Q14, Huawei Campus, No.156 Beiqing Road
Hai-Dian District, Beijing 100095 Hai-Dian District, Beijing, 100095
P.R. China P.R. China
Email: jiangsheng@huawei.com Email: jiangsheng@huawei.com
Yu Fu Yu Fu
Huawei Technologies Co., Ltd Huawei Technologies Co., Ltd
Huawei Building, 156 Beiqing Rd. Q14, Huawei Campus, No.156 Beiqing Road
Hai-Dian District, Beijing 100095 Hai-Dian District, Beijing, 100095
P.R. China P.R. China
Email: eleven.fuyu@huawei.com Email: eleven.fuyu@huawei.com
Bing Liu Bing Liu
Huawei Technologies Co., Ltd Huawei Technologies Co., Ltd
Huawei Building, 156 Beiqing Rd. Q14, Huawei Campus, No.156 Beiqing Road
Hai-Dian District, Beijing 100095 Hai-Dian District, Beijing, 100095
P.R. China P.R. China
Email: leo.liubing@huawei.com
Email: leo.liubing@huawei.com
Peter Deacon Peter Deacon
IEA Software, Inc. IEA Software, Inc.
P.O. Box 1170 P.O. Box 1170
Veradale, WA 99037 Veradale, WA 99037
USA USA
EMail: peterd@iea-software.com
Email: peterd@iea-software.com
 End of changes. 128 change blocks. 
285 lines changed or deleted 272 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/