draft-ietf-radext-filter-rules-01-txt - PowerPoint PPT Presentation

ostinmannual
draft ietf radext filter rules 01 txt l.
Skip this Video
Loading SlideShow in 5 Seconds..
draft-ietf-radext-filter-rules-01-txt PowerPoint Presentation
Download Presentation
draft-ietf-radext-filter-rules-01-txt

play fullscreen
1 / 11
Download Presentation
draft-ietf-radext-filter-rules-01-txt
364 Views
Download Presentation

draft-ietf-radext-filter-rules-01-txt

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. draft-ietf-radext-filter-rules-01-txt Bernard Aboba Farid Adrangi Paul Congdon Avi Lior Mauricio Sanchez draft-ietf-radext-filter-00-txt Bernard Aboba Paul Congdon Mauricio Sanchez IETF 66 – Montreal, Quebec

  2. Agenda • Draft Comparison • draft-ietf-radext-filter-00-txt • Motivation • Draft Status • draft-ietf-radext-filter-rules-01-txt • Updates since last time • Issues and open items

  3. Draft Comparison draft-ietf-radext-filter-rules-01 • Two Attributes • NAS-Traffic-Rule • Acct-NAS-Traffic-Rule • Based on Diameter’s IPFilterRule format • Provides more functionality than IPFilterRule • More rule types • More actions draft-ietf-radext-filter-00 • One Attribute • NAS-Filter-Rule • Uses Diameter’s IPFilterRule format verbatim • Provides the same functionality as IPFilterRule and NAS-Filter-Rule AVP

  4. draft-ietf-radext-filter-00-txtMotivation • 3GPP has standardized on DIAMETER, but… • RADIUS still entrenched in many cases • Need exists to translate from DIAMETER NAS-Filter-Rule AVP to RADIUS attribute • draft-ietf-radext-filter-00-txt defines one RADIUS attribute • NAS-Filter-Rule • References RFC3588 IPFilterRule format for its syntax

  5. draft-ietf-radext-filter-00-txtDraft Status • First -00 draft posted June 16, 2006 • One issue pending resolution in draft -01 • 199: Attribute Length • One issue open • 198: Attribute Concatenation/Splitting

  6. Issue 198: Attribute Concatenation/Splitting • Issue: How to deal long rules >253 bytes (attribute limit) • Proposals galore • Add delimiter to rule syntax (LF, CR, etc.) • Always split at 253 byte boundaries • Add delimiter attribute (2-byte attribute) • Use RFC2868 tunnel ‘tagged’ attribute • Forget attribute<->rule matching • Force rule length to be <253 bytes • Use extended RADIUS attribute format • Do nothing!

  7. draft-ietf-radext-filter-rules-01-txt Updates since last time • Draft -01 posted June 22, 2006 • Renamed draft to “RADIUS Attributes for Filtering and Redirection” • Resolved Issues • I115: Editorial comments • I167: Compatibility with RFC2866, RFC3576 • I168: Editorial comments

  8. draft-ietf-radext-filter-rules-01-txt Open Issues • I111 – Accounting (Greg W.) • Mostly closed; Awaiting for insight from 3GPP reps • I114 – NAS-Filter-Rule Accounting (Bernard A.) • Awaiting Bernard’s response to proposal from Jan/10/06 • Diameter Compatibility • I130 – Diameter Interoperability (Bernard A.) • I164 – Review (Jari A.) • I169 – Handling unparseable rules (Greg W.) • Awaiting Greg’s response to proposal from June/22/06 • I170 – Precedence and Order for NAS-Filter-Rule (Greg W.) • Discussion ongoing • I192 – Comments (Jouni K.) • Editorial changes made in -01 draft; Awaiting Jouni’s response to proposal from June/24/06

  9. I130 – Diameter Interoperability (Bernard A.)I164 – Review (Jari A.)Yet another proposal • Both issues still open because of need for DIAMETER compatibility • At IETF 65 proposal was for RADIUS/DIAMETER lockstep • #1: DIME WG exposed to NAS-Traffic-Rule syntax and given chance to chime in • #2: RADEXT WG completes attribute with DIME WG formal blessing of syntax • #3: Diameter’s IPFilterRule format to be moved into NASReq and updated with NAS-Traffic-Rule’s syntax • Insurmountable issue found on point 3 • IPFilterRule already format in use and cannot me moved or modified. • New proposal: Tweaked IETF65 proposal • DIME WG to define a new AVP that copies RADIUS NAS-Traffic-Rule attribute • DIAMETER compatibility for RADIUS NAS-Traffic-Rule straightforward

  10. I170 - Precedence and Order for NAS-Filter-Rule • Current debate around: • "A NAS MAY apply deny rules of its own before the supplied rules, for example to protect the access device owner's infrastructure.” • This text points out an unsaid fact • A NAS will protect itself using additional ‘rules’ • May just be easier to leave unsaid • Out of sight, out of mind

  11. Next Steps for Drafts • Draft-ietf-radext-filter-00-txt • Resolve Issue 180 • Submit -01 and do WG last call? • Draft-ietf-radext-filter-rules-01-txt • Close out open issues • Submit -02 draft for WG last call • Kickstart draft-ietf-radext-redirection-00 draft