Network Working Group F. Adrangi, Intel INTERNET DRAFT P. Congdon, C. Black, Hewlett Packard Category: Informational A. Lior, Bridgewater Systems Expires: Dec 2004 F. Bari, AT&T Wireless July 16, 2004 Network Bandwidth Parameters draft-adrangi-radius-bandwidth-capability-01.txt Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet- Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. Abstract This document describes bandwidth profile parameters and a protocol framework that enables an AAA server to specify the parameters that should be allocated by the access network for duration of an authorized user session. Adrangi, et al. Expires Dec 16, 2004 [Page 1] Internet Draft Network Bandwidth Parameters July 16 2004 Table of Contents 1. Introduction....................................................2 1.2 Requirements language..........................................3 2. Overview........................................................3 2.1 Bandwidth Parameters...........................................3 2.1.1 Minimum Bandwidth for ingress and egress.....................3 2.1.2 Maximum Bandwidth for ingress and egress.....................3 2.2 Protocol.......................................................3 2.2.1 Static Bandwidth Allocation..................................5 2.2.2 Dynamic Bandwidth Allocation.................................6 2.2.2.1 Push Method................................................6 2.2.2.2 Pull Method................................................8 2.3 Diameter RADIUS Interoperability...............................9 3. Attribute Format/Syntax.........................................9 4. Table of Attribute(s)..........................................11 5. IANA Considerations............................................12 6. Security Considerations........................................12 7. Acknowledgements...............................................13 8. References.....................................................13 AuthorsÆ Addresses................................................13 1. Introduction The bandwidth that a user is authorized within an access network can be a result of the access network capabilities based on its architecture and access technology, and the type of user subscription to the home network (e.g., gold, silver, bronze user types). This document describes a simple protocol framework that enables an access network to advertise its network bandwidth capabilities that it can allocate for a given client connection. And, it enables the home network to indicate the desired network bandwidth capabilities for the user connection within the access network. User bandwidth can be determined during initial authentication authorization of the session. It is also desirable to change the bandwidth mid-session. For example, the user may want to purchase additional bandwidth to download a large file. This document enables operators to dynamically modify the bandwidth allocation for a session. This document defines new AAA attributes that can optionally be used for the following; . Conveying bandwidth parameters to the home network that an access network can allocate for a given user session Adrangi, et al. Expires Dec 30, 2004 [Page 2] Internet Draft Network Bandwidth Parameters July 16 2004 . Conveying the desired bandwidth parameters from the home network that should be allocated by the access network for the duration of the user session. These attributes are also used for reporting the allocated bandwidth in accounting records. The attributes are described for RADIUS [1], but works as is also in Diameter [RFC 3588], and through the translation rules defined in [Diameter NASREQ]. 1.2 Requirements language In this document, several words are used to signify the requirements of the specification. These words are often capitalized. The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. 2. Overview This section describes the bandwidth parameters and the protocol by which these parameters can be exchanged between a NAS and the AAA server to help the access network determine the bandwidth parameters that should be allocated for the userÆs connection by the access. 2.1 Bandwidth Parameters Bandwidth Profile parameters consists of four parameters: minimum bandwidth, and maximum bandwidth specified both for ingress and egress. The following subsections describe these parameters. 2.1.1 Minimum Bandwidth for ingress and egress It indicates the minimum peak ingress/egress data rate that the authorized user should get within the access network. This value is a target, rather than a guarantee. 2.1.2 Maximum Bandwidth for ingress and egress It indicates the average maximum ingress/egress data rate that an access network can allow to an authorized user. 2.2 Protocol Two protocols are described. One protocol is used to allocate bandwidth when a service is initiated (referred to as Static Bandwidth Allocation); the other protocol describes how to change Adrangi, et al. Expires Dec 30, 2004 [Page 3] Internet Draft Network Bandwidth Parameters July 16 2004 bandwidth attribute dynamically that is, mid-session (also referred to as Dynamic Bandwidth Allocation). Both protocols exchange bandwidth parameters using the various AAA messages, and they are comprised of three phases: bandwidth Advertisement, Selection, and Confirmation. Bandwidth Advertisement: MAY be sent in Access-Request packet in RADIUS, and the AAR and DER commands in Diameter [Diameter NASREQ, Diameter EAP], from the NAS to the home AAA server. The attributes convey possible/available bandwidth parameters that can be allocated for the access network client connection to the AAA server by the NAS. Bandwidth Selection: MAY be sent in Access-Accept packet and Change of Authorization (COA) messages in RADIUS. MAY also be sent in RAR command in Diameter [4]. Selection conveys the desired bandwidth parameters for an access network client connection to the NAS by the home AAA server. Bandwidth Confirmation: If Bandwidth Selection is received and enforced, the attributes MUST be sent in Accounting-Request packets in RADIUS and in ACR command in Diameter. Confirmation indicates that the desired bandwidth parameters specified by a home network are being enforced by the access network. The Bandwidth Attributes, defined in section 3, are used to carry the Bandwidth Advertisement, Selection, Confirmation in various RADIUS packets and Diameter commands. An Advertisement, Selection, Confirmation is said to be valid if it contains the four aforementioned bandwidth parameters. For a valid Advertisement, Selection or Confirmation, the minimum bandwidth rate values for ingress and egress traffic MUST be equal or less than their corresponding maximum bandwidth rate values. If a Selection is sent in response to an Advertisement, for the Selection to be considered valid, the bandwidth parameters in the Selection MUST NOT exceed the corresponding bandwidth parameters in the Advertisement. A bandwidth rate value of zero in Selection should be interpreted as a ödonÆt careö value. Adrangi, et al. Expires Dec 30, 2004 [Page 4] Internet Draft Network Bandwidth Parameters July 16 2004 The following subsections describe static and dynamic bandwidth allocation. 2.2.1 Static Bandwidth Allocation Static bandwidth allocation is performed during the initial session authentication / authorization. The following diagram shows the protocol interaction between the NAS and the home RADIUS server for determining network bandwidth rates that an access network needs to allocate for a client connection within the access network. Client NAS home RADIUS server | | | | | | | Authentication | | | Phase Begin | | |----------------->| Access-Request | | | + | | | BA for Advertisement | | |----------------------------->| | | | |<> | | | | | | | | |<-----------------------------| | | Access-Accept | | Authentication | + | | Accept | BA for Selection | |<-----------------| | | | | | | | | | Accounting Request | | | + | | | BA for Confirmation | | |----------------------------->| | | | The NAS MAY send an Advertisement in an Access-Request message. If the home RADIUS server receives an invalid Advertisement, then the RADIUS server MUST silently discard the Access- Request. A home RADIUS server MAY send the Selection after receiving a valid Advertisement. It MAY also send the Selection in the absence of an Advertisement, based on local policies such as Adrangi, et al. Expires Dec 30, 2004 [Page 5] Internet Draft Network Bandwidth Parameters July 16 2004 the clientÆs subscription profile. When the NAS receives an invalid Selection, it MUST treat the Access-Accept message as an Access Reject. If the NAS receives a valid Selection in response to an Access- Request that did not contain an Advertisement, then the NAS MAY honor the Selection. If the NAS receives a valid Selection in response to an Access- Request that contained a valid Advertisement, then the NAS MUST honor the Selection. In the absence of a Selection after sending a valid Advertisement, in accordance with local policy, the access network MAY enforce its default bandwidth rate values or it MAY use öbest effortö bandwidth for that client connection. 2.2.2 Dynamic Bandwidth Allocation Dynamic bandwidth allocation uses the Change of Authorization (COA) RADIUS message as defined in [3], and the Diameter RAR message as defined in [4]. These messages are referred to as the re-authorization messages in this specification. In accordance with [3] there are two methods for dynamically changing authorization attributes of a session. These two methods are described in this section. At anytime during the session the home AAA server may send the NAS a re-authorization message containing session identification attributes (see [3] for the possible options). The re-authorization message may include authorization attributes in which case it is "pushing" the bandwidth attributes to the NAS. Or, it may instruct the NAS to generate an authorize-only AAA exchange to "pull" the bandwidth attributes. In RADIUS this exchange is an Access-Request with Service-Type set to "Authorize-Only". In Diameter it is the AAR command with the Auth-Request-Type AVP set to AUTHORIZE_ONLY. In either "push" or "pull" method, upon successful acceptance of the new bandwidth parameters for the session, the NAS MUST generate an Accouting-Stop record that contains the old bandwidth attributes followed by an Accounting-Start message that contains the new bandwidth attributes. In order to allow for downstream correlation of the accounting records, an NAS that supports dynamic bandwidth allocation MUST include Acct-Multi-Session-Id when writing accounting records. 2.2.2.1 Push Method Adrangi, et al. Expires Dec 30, 2004 [Page 6] Internet Draft Network Bandwidth Parameters July 16 2004 In the Push Method, to effect a dynamic bandwidth change the home RADIUS server sends a re-authorization message and includes a valid Selection. The RADIUS server MAY also include other attributes in the re-authorization message. NAS Home RADIUS Server | | | | |re-authorization + BAs for Selection | |<---------------------------------------------| | | | | | re-authorization ACK | |--------------------------------------------->| | | | | | Accounting-Stop + old BAs for Confirmation | |--------------------------------------------->| | | | Accounting-Start + new bandwidth | |--------------------------------------------->| | | | | Upon the successful reception of the re-authorization message (see [3] for details) by the NAS, if the re-authorization message contains an invalid Selection, the NAS MUST respond with a re-authorization NAK with Error Cause (101) set to öInvalid Requestö (404). If the NAS is able to offer the requested bandwidth to the specified session, the NAS MUST reply with a re-authorization ACK and it MUST generate an Accounting-Stop record containing the old bandwidth attributes followed by an Accounting-Start record containing the new bandwidth attributes. If the NAS can not comply with the request for new bandwidth it MUST reply with re-authorization NAK with Error Cause (101) set to "Resources Unavailable"(506). If the NAS receives a re-authorization message that does not include Bandwidth attributes then the NAS must not alter the bandwidth already allocated to the session. Adrangi, et al. Expires Dec 30, 2004 [Page 7] Internet Draft Network Bandwidth Parameters July 16 2004 2.2.2.2 Pull Method Alternatively, in the pull method, to effect a dynamic bandwidth change, as per [3], the home network sends a re- authorization message to instruct the AN to generate an Authorize-Only request (Access-Request with Service-Type set to Authorize-Only). NAS Home RADIUS server | | | re-authorization + Service-Type = öAuthorize Onlyö | |<-----------------------------------------------------| | | |re-authorization NAK + Service-Type = öAuthorize Onlyö| | + Error-Cause "Request Initiated" | |----------------------------------------------------->| | | | Access-Request + Service-Type öAuthorize Onlyö | | + BAs for Advertisement | |----------------------------------------------------->| | | | Access-Accept + BAs for Selection | |<-----------------------------------------------------| | | | Accounting-Stop + old BAs for Confirmation | |----------------------------------------------------->| | | | Accounting-Start + new BAs for Confirmation | |----------------------------------------------------->| | | | | As with the static bandwidth allocation (described earlier), the AN MAY Advertise the currently available bandwidth in the Authorize-Only message. Upon receiving the Authorize-Only message from the AN, the RADIUS server MUST respond with either an Access-Accept message or an Access-Reject message. When responding with an Access-Accept message, the RADIUS server MAY include the BAs for Selection. If the Authorize- Only message included an Advertisement, the bandwidth parameters in Selection MUST be within the bounds of bandwidth parameters in the Advertisement received in the Authorize-Only message. Adrangi, et al. Expires Dec 30, 2004 [Page 8] Internet Draft Network Bandwidth Parameters July 16 2004 Upon receiving an Access-Reject in response to the Authorize- Only, the AN will terminate the session and send an Accounting-Stop record. Upon receiving an Access-Accept in response to an Authorize- Only request that does not contain bandwidth Selection, the access network MUST allocate its default bandwidth rate values, and then the NAS MUST generate an Accouting-Stop record that contains the old bandwidth attributes followed by an Accounting-Start message that contains the new bandwidth attributes. Upon receiving an Access-Accept packet that contains an invalid Bandwidth Selection, the AN MUST treat the response as an Access-Reject and immediately terminate the session. Upon receiving an Access-Accept message in response to an Authorize-Only message that contained the Bandwidth Advertisement, then providing the bandwidth selections are within the bounds of the Advertisement, then AN MUST honor the requested bandwidth and generate an Accounting-Stop message that contains the old bandwidth attributes followed by an Account-Start message that contains the new bandwidth attributes. If the bandwidth Selection were outside the bounds of the Advertisement, then the AN MUST treat the Access-Accept as an Access-Reject and immediately terminate the session. Upon receiving an Access-Accept message that contains a valid Selection in response to an Authorize-Only that did not contain the Advertisement, the AN MAY honor the Selection or it MAY continue to honor the previously agreed to bandwidth. In the former case, the AN must generate an Accounting Stop message containing the old bandwidth attributes followed by an Accounting-Start message containing the current bandwidth attributes. 2.3 Diameter RADIUS Interoperability In deployments where both RADIUS clients talking with Diameter Servers or Diameter Client talking with RADIUS server then a translation agent will be deployed and operate in accordance to the NASREQ specification. 3. Attribute Format/Syntax This section describes format and syntax for the attributes that carry the network bandwidth parameters. The attributes are used for bandwidth parameters Advertisement, Selection, and Confirmation. Adrangi, et al. Expires Dec 30, 2004 [Page 9] Internet Draft Network Bandwidth Parameters July 16 2004 A summary of the AN Bandwidth Parameter Attributes is shown below. 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Value | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Value | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type TBD - Ingress Average Minimum Bandwidth Rate Length 6 Value An integer value representing the ingress average minimum bandwidth rate in bytes per second. 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Value | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Value | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type TBD - Ingress Average Maximum Bandwidth Rate Length 6 Value An integer value representing the egress average minimum bandwidth rate in bytes per second Adrangi, et al. Expires Dec 30, 2004 [Page 10] Internet Draft Network Bandwidth Parameters July 16 2004 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Value | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Value | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type TBD Egress Average Minimum Bandwidth Rate Length 6 Value An integer value representing the ingress average maximum bandwidth rate in bytes per second 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Value | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Value | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type TBD Egress Average Maximum Bandwidth Rate Length 6 Value An integer value representing the egress average maximum bandwidth Rate in bytes per second 4. Table of Attribute(s) Adrangi, et al. Expires Dec 30, 2004 [Page 11] Internet Draft Network Bandwidth Parameters July 16 2004 The following table provides a guide to which attribute(s) may be found in which kinds of packets, and in what quantity. Request Accept Reject Challenge Accounting # Attribute Request 0-1 0-1 0 0 0-1 TBD Ingress Minimum Band. 0-1 0-1 0 0 0-1 TBD Ingress Maximum Band. 0-1 0-1 0 0 0-1 TBD Egress Minimum Band. 0-1 0-1 0 0 0-1 TBD Egress Minimum Band. For Change-of-Authorization Messages Request ACK NAK # Attribute 0-1 0 0 TBD Ingress Minimum Bandwidth 0-1 0 0 TBD Ingress Maximum Bandwidth 0-1 0 0 TBD Egress Minimum Bandwidth 0-1 0 0 TBD Egress Maximum Bandwidth Note 1 : if the Change-of-Authorization message contains any bandwidth attributes then all the bandwidth attributes received for this session are overwritten. If the Change-of-Authorization message does not contain any bandwidth attributes then, the previously received bandwidth attributes remain in effect. Note 2: if one of the attribute is included in a qualified RADIUS packet, then all the three attributes MUST be included. 5. IANA Considerations This document requires the assignment of four new RADIUS attribute numbers for the following attribute(s): 1) Ingress Average Minimum Bandwidth Rate 2) Ingress Average Maximum Bandwidth Rate 3) Egress Average Minimum Bandwidth Rate 4) Egress Average Maximum Bandwidth Rate Please See section 3 for the registered list of numbers. 6. Security Considerations Adrangi, et al. Expires Dec 30, 2004 [Page 12] Internet Draft Network Bandwidth Parameters July 16 2004 The attributes in this document have no additional security considerations beyond those already identified in [1]. 7. Acknowledgements The authors would specially like to thank Jari Arkko (of Ericsson) for his through review of the draft, providing feedback/comments and proposing text. The authors would like to thank Bernard Aboba (of Microsoft), Parviz Yegani (of Cisco), Stefan De_cnodder (of alcatel) for their feedback and guidance. 8. References [1] Rigney, C., Rubens, A., Simpson, W. and S. Willens, "Remote Authentication Dial In User Server (RADIUS)", RFC 2865, June 2000. [2] Rigney, C., "RADIUS Accounting", RFC 2866, June 2000. [3] Chiba, M., Dommety, G., Eklud, M., Mitton, D., Aboba, B., öDynamic Authorization Extensions to Remote Authentication Dial In User Service (RADIUS)ö, RFC 3576, July 2003. [4] Calhoun, et al., ö Diameter Base Protocolö, RFC 3588, September 2003. AuthorsÆ Addresses Farid Adrangi Intel Corporation 2111 N.E. 25th Avenue Hillsboro OR USA Chuck Black ProCurve Networking Business Hewlett-Packard Company 8000 Foothills Blvd Roseville, CA 95747 Phone: +1 916 785 9713 Fax: +1 916 785 1199 Email: chuck.black@hp.com Paul Congdon ProCurve Networking Business Adrangi, et al. Expires Dec 30, 2004 [Page 13] Internet Draft Network Bandwidth Parameters July 16 2004 Hewlett-Packard Company 8000 Foothills Blvd - MS 5662 Roseville, CA 95747 Phone: +1 916 785 5753 Fax: +1 916 785 8478 Email: paul.congdon@hp.com Avi Lior Bridgewater Systems Corporation 303 Terry Fox Drive Suite 100 Ottawa, Ontario K2K 3J1 Canada Farooq Bari AT&T Wireless 7277 164th Avenue N.E. Redmond WA USA Phone: +1 425-580-5526 EMail: farooq.bari@attws.com Full Copyright Statement Copyright (C) The Internet Society (2002). All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns. Adrangi, et al. Expires Dec 30, 2004 [Page 14] Internet Draft Network Bandwidth Parameters July 16 2004 This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Acknowledgement Funding for the RFC Editor function is currently provided by the Internet Society. Adrangi, et al. Expires Dec 30, 2004 [Page 15]