Draft ietf radext filter rules 01 txt
Download
1 / 11

draft-ietf-radext-filter-rules-01-txt - PowerPoint PPT Presentation


  • 341 Views
  • Uploaded on

draft-ietf-radext-filter-rules-01-txt Bernard Aboba Farid Adrangi Paul Congdon Avi Lior Mauricio Sanchez draft-ietf-radext-filter-00-txt Bernard Aboba Paul Congdon Mauricio Sanchez IETF 66 – Montreal, Quebec Agenda Draft Comparison draft-ietf-radext-filter-00-txt Motivation

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'draft-ietf-radext-filter-rules-01-txt ' - ostinmannual


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Draft ietf radext filter rules 01 txt l.jpg

draft-ietf-radext-filter-rules-01-txt

Bernard Aboba

Farid Adrangi

Paul Congdon

Avi Lior

Mauricio Sanchez

draft-ietf-radext-filter-00-txt

Bernard Aboba

Paul Congdon

Mauricio Sanchez

IETF 66 – Montreal, Quebec


Agenda l.jpg
Agenda

  • Draft Comparison

  • draft-ietf-radext-filter-00-txt

    • Motivation

    • Draft Status

  • draft-ietf-radext-filter-rules-01-txt

    • Updates since last time

    • Issues and open items


Draft comparison l.jpg
Draft Comparison

draft-ietf-radext-filter-rules-01

  • Two Attributes

    • NAS-Traffic-Rule

    • Acct-NAS-Traffic-Rule

  • Based on Diameter’s IPFilterRule format

  • Provides more functionality than IPFilterRule

    • More rule types

    • More actions

draft-ietf-radext-filter-00

  • One Attribute

    • NAS-Filter-Rule

  • Uses Diameter’s IPFilterRule format verbatim

  • Provides the same functionality as IPFilterRule and NAS-Filter-Rule AVP


Draft ietf radext filter 00 txt motivation l.jpg
draft-ietf-radext-filter-00-txtMotivation

  • 3GPP has standardized on DIAMETER, but…

    • RADIUS still entrenched in many cases

    • Need exists to translate from DIAMETER NAS-Filter-Rule AVP to RADIUS attribute

  • draft-ietf-radext-filter-00-txt defines one RADIUS attribute

    • NAS-Filter-Rule

    • References RFC3588 IPFilterRule format for its syntax


Draft ietf radext filter 00 txt draft status l.jpg
draft-ietf-radext-filter-00-txtDraft Status

  • First -00 draft posted June 16, 2006

  • One issue pending resolution in draft -01

    • 199: Attribute Length

  • One issue open

    • 198: Attribute Concatenation/Splitting


Issue 198 attribute concatenation splitting l.jpg
Issue 198: Attribute Concatenation/Splitting

  • Issue: How to deal long rules >253 bytes (attribute limit)

  • Proposals galore

    • Add delimiter to rule syntax (LF, CR, etc.)

    • Always split at 253 byte boundaries

    • Add delimiter attribute (2-byte attribute)

    • Use RFC2868 tunnel ‘tagged’ attribute

    • Forget attribute<->rule matching

    • Force rule length to be <253 bytes

    • Use extended RADIUS attribute format

    • Do nothing!


Draft ietf radext filter rules 01 txt updates since last time l.jpg
draft-ietf-radext-filter-rules-01-txt Updates since last time

  • Draft -01 posted June 22, 2006

  • Renamed draft to “RADIUS Attributes for Filtering and Redirection”

  • Resolved Issues

    • I115: Editorial comments

    • I167: Compatibility with RFC2866, RFC3576

    • I168: Editorial comments


Draft ietf radext filter rules 01 txt open issues l.jpg
draft-ietf-radext-filter-rules-01-txt Open Issues

  • I111 – Accounting (Greg W.)

    • Mostly closed; Awaiting for insight from 3GPP reps

  • I114 – NAS-Filter-Rule Accounting (Bernard A.)

    • Awaiting Bernard’s response to proposal from Jan/10/06

  • Diameter Compatibility

    • I130 – Diameter Interoperability (Bernard A.)

    • I164 – Review (Jari A.)

  • I169 – Handling unparseable rules (Greg W.)

    • Awaiting Greg’s response to proposal from June/22/06

  • I170 – Precedence and Order for NAS-Filter-Rule (Greg W.)

    • Discussion ongoing

  • I192 – Comments (Jouni K.)

    • Editorial changes made in -01 draft; Awaiting Jouni’s response to proposal from June/24/06


I130 diameter interoperability bernard a i164 review jari a yet another proposal l.jpg
I130 – Diameter Interoperability (Bernard A.)I164 – Review (Jari A.)Yet another proposal

  • Both issues still open because of need for DIAMETER compatibility

  • At IETF 65 proposal was for RADIUS/DIAMETER lockstep

    • #1: DIME WG exposed to NAS-Traffic-Rule syntax and given chance to chime in

    • #2: RADEXT WG completes attribute with DIME WG formal blessing of syntax

    • #3: Diameter’s IPFilterRule format to be moved into NASReq and updated with NAS-Traffic-Rule’s syntax

  • Insurmountable issue found on point 3

    • IPFilterRule already format in use and cannot me moved or modified.

  • New proposal: Tweaked IETF65 proposal

    • DIME WG to define a new AVP that copies RADIUS NAS-Traffic-Rule attribute

    • DIAMETER compatibility for RADIUS NAS-Traffic-Rule straightforward


I170 precedence and order for nas filter rule l.jpg
I170 - Precedence and Order for NAS-Filter-Rule

  • Current debate around:

    • "A NAS MAY apply deny rules of its own before the supplied rules, for example to protect the access device owner's infrastructure.”

  • This text points out an unsaid fact

    • A NAS will protect itself using additional ‘rules’

  • May just be easier to leave unsaid

    • Out of sight, out of mind


Next steps for drafts l.jpg
Next Steps for Drafts

  • Draft-ietf-radext-filter-00-txt

    • Resolve Issue 180

    • Submit -01 and do WG last call?

  • Draft-ietf-radext-filter-rules-01-txt

    • Close out open issues

    • Submit -02 draft for WG last call

    • Kickstart draft-ietf-radext-redirection-00 draft


ad