IPv6 RADIUS attributes for DHCP based networks

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in .

This document specifies RADIUS attributes used to support DHCP based IPv6 access networks : DNS Server IPv6 address and IPv6 addresses.

The attributes defined in this document are targeted at enhancing the IPv6 access deployment scenarios involving DHCPv6 [RFC3315]. The IPv6-Address attribute is used by a router fulfilling DHCPv6 Server function for individual addresses when it receives configuration information from a RADIUS server, as illustrated in the following message sequence.

| | | |-----Request------------------->| | |<---------Accept(IPv6-Address)--| |<-Advertise(Address)-------| | |---Request(Address)------->| | |<---Reply(Address)---------| | ]]> This attributes offers an entire IPv6 address to the DHCPv6 Server in contrast to Interface-id [RFC3162] that offers only 64 bits. Even concatenated with Framed-IPv6 prefix [RFC3162] to make a 128 bit IPv6 address, this does not address scenarios where there is a need to offer multiple addresses or off-link IPv6 addresses that are not part of the prefix stored in the Framed-IPv6-Prefix attribute. Storing the IPv6 address in the subscriber RADIUS profile is particularly useful as the Service Provider will know in advance the customers uplink IPv6 address, hence facilitating management or security policy implementation. The IPv6-DNS attribute is used by a router fulfilling DHCPv6 Server function for individual addresses when it receives configuration information from a RADIUS server, as illustrated in the following message sequence.

| | | |-Request----------------------->| | |<-------Accept(Ipv6-DNS)--------| |<-Advertise(DNS)------------| | |-Request(DNS)-------------->| | |<--Reply(DNS)---------------| | ]]> The attributes offer the capability to specify IPv6 DNS Server address on a subscriber basis instead of hardcoding the value on the DHCP Server on a pool basis. This is particularly useful in wholesale scenarios where the list of DNS Servers to provide depends on the subscriber itself.

This Attribute indicates an IPv6 Address that is assigned to the uplink of the user equipment. This attribute will be mapped to Non-temporary Addresses option in DHCPv6. It MAY be used in Access-Accept packets, and can appear multiple times. It MAY be used in an Access-Request packet as a hint by the NAS to the server that it would prefer these IPv6 address(es), but the server is not required to honor the hint. Since it is assumed that the NAS, when necessary will add a route corresponding to the address, it is not necessary for the server to also send a host Framed-IPv6-Route attribute for the same address. A summary of the IPv6-Address Attribute format is shown below. The fields are transmitted from left to right.

The IPv6-DNS Attribute contains an ordered list of addresses of the Domain Name Service (DNS) Servers to be used by the DHCPv6 Client. This attribute is mapped into the DNS Recursive Name Server option [RFC3646]. This attribute MAY be included in both Access-Accept and Accounting-Request packets. A summary of the IPv6-DNS Attribute format is given below. The fields are transmitted left to right.

The following table provides a guide to which attributes may be found in which kinds of packets, and in what quantity.

Security considerations do not differ from the one expressed in RFC3162.

This document requires the assignment of two new RADIUS attribute numbers for the following attributes: