1 / 11

draft-ietf-radext-filter-rules-01-txt

draft-ietf-radext-filter-rules-01-txt Bernard Aboba Farid Adrangi Paul Congdon Avi Lior Mauricio Sanchez draft-ietf-radext-filter-00-txt Bernard Aboba Paul Congdon Mauricio Sanchez IETF 66 – Montreal, Quebec Agenda Draft Comparison draft-ietf-radext-filter-00-txt Motivation

ostinmannual
Download Presentation

draft-ietf-radext-filter-rules-01-txt

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. draft-ietf-radext-filter-rules-01-txt Bernard Aboba Farid Adrangi Paul Congdon Avi Lior Mauricio Sanchez draft-ietf-radext-filter-00-txt Bernard Aboba Paul Congdon Mauricio Sanchez IETF 66 – Montreal, Quebec

  2. Agenda • Draft Comparison • draft-ietf-radext-filter-00-txt • Motivation • Draft Status • draft-ietf-radext-filter-rules-01-txt • Updates since last time • Issues and open items

  3. Draft Comparison draft-ietf-radext-filter-rules-01 • Two Attributes • NAS-Traffic-Rule • Acct-NAS-Traffic-Rule • Based on Diameter’s IPFilterRule format • Provides more functionality than IPFilterRule • More rule types • More actions draft-ietf-radext-filter-00 • One Attribute • NAS-Filter-Rule • Uses Diameter’s IPFilterRule format verbatim • Provides the same functionality as IPFilterRule and NAS-Filter-Rule AVP

  4. draft-ietf-radext-filter-00-txtMotivation • 3GPP has standardized on DIAMETER, but… • RADIUS still entrenched in many cases • Need exists to translate from DIAMETER NAS-Filter-Rule AVP to RADIUS attribute • draft-ietf-radext-filter-00-txt defines one RADIUS attribute • NAS-Filter-Rule • References RFC3588 IPFilterRule format for its syntax

  5. draft-ietf-radext-filter-00-txtDraft Status • First -00 draft posted June 16, 2006 • One issue pending resolution in draft -01 • 199: Attribute Length • One issue open • 198: Attribute Concatenation/Splitting

  6. Issue 198: Attribute Concatenation/Splitting • Issue: How to deal long rules >253 bytes (attribute limit) • Proposals galore • Add delimiter to rule syntax (LF, CR, etc.) • Always split at 253 byte boundaries • Add delimiter attribute (2-byte attribute) • Use RFC2868 tunnel ‘tagged’ attribute • Forget attribute<->rule matching • Force rule length to be <253 bytes • Use extended RADIUS attribute format • Do nothing!

  7. draft-ietf-radext-filter-rules-01-txt Updates since last time • Draft -01 posted June 22, 2006 • Renamed draft to “RADIUS Attributes for Filtering and Redirection” • Resolved Issues • I115: Editorial comments • I167: Compatibility with RFC2866, RFC3576 • I168: Editorial comments

  8. draft-ietf-radext-filter-rules-01-txt Open Issues • I111 – Accounting (Greg W.) • Mostly closed; Awaiting for insight from 3GPP reps • I114 – NAS-Filter-Rule Accounting (Bernard A.) • Awaiting Bernard’s response to proposal from Jan/10/06 • Diameter Compatibility • I130 – Diameter Interoperability (Bernard A.) • I164 – Review (Jari A.) • I169 – Handling unparseable rules (Greg W.) • Awaiting Greg’s response to proposal from June/22/06 • I170 – Precedence and Order for NAS-Filter-Rule (Greg W.) • Discussion ongoing • I192 – Comments (Jouni K.) • Editorial changes made in -01 draft; Awaiting Jouni’s response to proposal from June/24/06

  9. I130 – Diameter Interoperability (Bernard A.)I164 – Review (Jari A.)Yet another proposal • Both issues still open because of need for DIAMETER compatibility • At IETF 65 proposal was for RADIUS/DIAMETER lockstep • #1: DIME WG exposed to NAS-Traffic-Rule syntax and given chance to chime in • #2: RADEXT WG completes attribute with DIME WG formal blessing of syntax • #3: Diameter’s IPFilterRule format to be moved into NASReq and updated with NAS-Traffic-Rule’s syntax • Insurmountable issue found on point 3 • IPFilterRule already format in use and cannot me moved or modified. • New proposal: Tweaked IETF65 proposal • DIME WG to define a new AVP that copies RADIUS NAS-Traffic-Rule attribute • DIAMETER compatibility for RADIUS NAS-Traffic-Rule straightforward

  10. I170 - Precedence and Order for NAS-Filter-Rule • Current debate around: • "A NAS MAY apply deny rules of its own before the supplied rules, for example to protect the access device owner's infrastructure.” • This text points out an unsaid fact • A NAS will protect itself using additional ‘rules’ • May just be easier to leave unsaid • Out of sight, out of mind

  11. Next Steps for Drafts • Draft-ietf-radext-filter-00-txt • Resolve Issue 180 • Submit -01 and do WG last call? • Draft-ietf-radext-filter-rules-01-txt • Close out open issues • Submit -02 draft for WG last call • Kickstart draft-ietf-radext-redirection-00 draft

More Related