RADIUS Extensions Working Group S. Winter Internet-Draft RESTENA Intended status: Standards Track July 16, 2012 Expires: January 17, 2013 RADIUS Accounting for traffic classes draft-winter-radext-fancyaccounting-02 Abstract This document specifies new attributes for RADIUS Accounting to enable NAS reporting of subsets of the total traffic in a user session. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on January 17, 2013. Copyright Notice Copyright (c) 2012 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Winter Expires January 17, 2013 [Page 1] Internet-Draft RADIUS Fancy Accounting July 2012 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1. Requirements Language . . . . . . . . . . . . . . . . . . . 3 2. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . 3 2.1. Acct-Traffic-Class attribute . . . . . . . . . . . . . . . 3 2.1.1. Acct-Traffic-Class-Name attribute . . . . . . . . . . . 4 2.1.2. Acct-Traffic-Class-Input-Octets attribute . . . . . . . 5 2.1.3. Acct-Traffic-Class-Output-Octets attribute . . . . . . 5 2.1.4. Acct-Traffic-Class-Input-Packets attribute . . . . . . 5 2.1.5. Acct-Traffic-Class-Output-Packets attribute . . . . . . 6 2.2. URN values for attribute Acct-Traffic-Class-Name . . . . . 6 3. Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 4. Attribute Occurence Table . . . . . . . . . . . . . . . . . . . 8 5. Security Considerations . . . . . . . . . . . . . . . . . . . . 9 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 9 7. Normative References . . . . . . . . . . . . . . . . . . . . . 9 Winter Expires January 17, 2013 [Page 2] Internet-Draft RADIUS Fancy Accounting July 2012 1. Introduction RADIUS Accounting [RFC2866] defines counters for octets and packets, both in the incoming and outgoing direction. Usage of these counters enables an operator create volume-based billing models and to execute proper capacity planning on its infrastructure. The Accounting model is based on the assumption that all traffic in a user session is treated equally; i.e. that there are no differences in the billing model of one class of traffic over another. Actual deployments suggest that this assumption is no longer valid. In particular, different traffic classes are defined with DSCP; and billing the use of these traffic classes separately is an understandable request. Plus, the introduction of dual-stack operation on links creates an understandable interest of getting separate statistics about the amount of IPv4 vs. IPv6 usage on a link; be it for billing or statistical reasons. This document defines Accounting attributes that supplement (but not replace) the accounting counters in RFC2866. It utilizes the new "extended attributes" in RADIUS ([I-D.ietf-radext-radius-extensions]) to a) group accounting reports about traffic classes together and b) enable 64-Bit counts in a single attribute with the Integer64 datatype. 1.1. Requirements Language In this document, several words are used to signify the requirements of the specification. The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119. [RFC2119] 2. Definitions 2.1. Acct-Traffic-Class attribute The attribute Acct-Traffic-Class is a TLV container for a group of sub-attributes which specify the class of traffic that is being reported about, and the amount of traffic in a user session that falls into this class. Attribute: 245.1 Acct-Traffic-Class Winter Expires January 17, 2013 [Page 3] Internet-Draft RADIUS Fancy Accounting July 2012 Type: TLV Length: >3 octets There can be multiple instances of this attribute in a Accounting- Interim-Update or a Accounting-Stop packet. The attribute MUST NOT be present in an Accounting-Start packet. It is not required that the sum of all traffic in all instances is the total sum of octets and packets in the user's session. I.e. the traffic classes used in the Accounting packet do not need to partition the total traffic in non-overlapping segments. The total number of octets and packets in a user session continues to be sent in the RFC2866 attributes. 2.1.1. Acct-Traffic-Class-Name attribute The attribute Acct-Traffic-Class-Name, sub-attribute in the group Acct-Traffic-Class, defines the class of traffic for which the other attributes in the instance of Acct-Traffic-Class count octets and packets. Every group instance MUST contain exactly one Acct-Traffic- Class-Name. Attribute: 245.1.2 Acct-Traffic-Class-Name Type: STRING Value: 1-250 octets There are two options for the value of this attribute. Option 1: Acct-Traffic-Class-Name string starting with the substring "urn:". Usage of this option implies that the traffic name is in the form of a URN and requires that a public specification of this URN exists. That specification must include the type of traffic being counted with this traffic class, and the exact definition of where in the network packets the byte-count starts and ends. This document defines a set of known, well-defined traffic accounting classes in an IANA-managed registry in Section 2.2. New values for this registry are assigned on expert review basis. Option 2: Acct-Traffic-Class-Name string not starting with "urn:". This option is for local use of special-purpose accounting as defined by the NAS administrator, where no defined URN matches the meaning of the traffic to be counted. The meaning of the content needs to be communicated out-of-band between the NAS and RADIUS Server operator. Example: Acct-Traffic-Class-Name = "UDP traffic to AS2606". Winter Expires January 17, 2013 [Page 4] Internet-Draft RADIUS Fancy Accounting July 2012 2.1.2. Acct-Traffic-Class-Input-Octets attribute The attribute Acct-Traffic-Class-Input-Octets, sub-attribute in the group Acct-Traffic-Class, carries the number of octets that belong to the class of traffic indicated by Acct-Traffic-Class-Name and have been sent to the entity for which the accounting packet was generated. It MUST occur at most once inside every instance of the Acct-Traffic-Class TLV. If a traffic parameter value is transmitted in this attribute in an Accouting-Request "Interim Update", then the final value of that traffic parameter MUST be reported in the corresponding Accounting-Request "Stop". Attribute: 245.1.3 Acct-Traffic-Class-Input-Octets Type: Integer64 Value: number of octets sent to entity, matching the class of traffic 2.1.3. Acct-Traffic-Class-Output-Octets attribute The attribute Acct-Traffic-Class-Output-Octets, sub-attribute in the group Acct-Traffic-Class, carries the number of octets that belong to the class of traffic indicated by Acct-Traffic-Class-Name and have been sent from the entity for which the accounting packet was generated. It MUST occur at most once inside every instance of the Acct-Traffic-Class TLV. If a traffic parameter value is transmitted in this attribute in an Accouting-Request "Interim Update", then the final value of that traffic parameter MUST be reported in the corresponding Accounting-Request "Stop". Attribute: 245.1.4 Acct-Traffic-Class-Output-Octets Type: Integer64 Value: number of octets sent from entity, matching the class of traffic 2.1.4. Acct-Traffic-Class-Input-Packets attribute The attribute Acct-Traffic-Class-Input-Packets, sub-attribute in the group Acct-Traffic-Class, carries the number of packets that belong to the class of traffic indicated by Acct-Traffic-Class-Name and have been sent to the entity for which the accounting packet was generated. It MUST occur at most once inside every instance of the Acct-Traffic-Class TLV. If a traffic parameter value is transmitted in this attribute in an Accouting-Request "Interim Update", then the final value of that traffic parameter MUST be reported in the Winter Expires January 17, 2013 [Page 5] Internet-Draft RADIUS Fancy Accounting July 2012 corresponding Accounting-Request "Stop". Attribute: 245.1.5 Acct-Traffic-Class-Input-Packets Type: Integer64 Value: number of packets sent to entity, matching the class of traffic 2.1.5. Acct-Traffic-Class-Output-Packets attribute The attribute Acct-Traffic-Class-Output-Packets, sub-attribute in the group Acct-Traffic-Class, carries the number of packets that belong to the class of traffic indicated by Acct-Traffic-Class-Name and have been sent from the entity for which the accounting packet was generated. It MUST occur at most once inside every instance of the Acct-Traffic-Class TLV. If a traffic parameter value is transmitted in this attribute in an Accouting-Request "Interim Update", then the final value of that traffic parameter MUST be reported in the corresponding Accounting-Request "Stop". Attribute: 245.1.6 Acct-Traffic-Class-Output-Packets Type: Integer64 Value: number of packets sent from entity, matching the class of traffic 2.2. URN values for attribute Acct-Traffic-Class-Name The following URN values are defined for RADIUS Accounting Traffic Classes: Name: "urn:ietf:radius-accounting:ip:4" Purpose: volume count of IPv4 payloads Start of byte count: 1st byte of the IP header of the packet End of byte count: last byte of IP layer of the packet Name: "urn:ietf:radius-accounting:ip:6" Purpose: volume count of IPv6 payloads Start of byte count: 1st byte of the IP header of the packet Winter Expires January 17, 2013 [Page 6] Internet-Draft RADIUS Fancy Accounting July 2012 End of byte count: last byte of IP layer of the packet Name: "urn:ietf:radius-accounting:dscp:0" Purpose: volume count of packet payloads with DSCP = 0 Start of byte count: 1st byte of the IP header of the packet End of byte count: last byte of IP layer of the packet Name: "urn:ietf:radius-accounting:tcp" Purpose: volume count of TCP packets Start of byte count: 1st byte of the TCP header of the packet End of byte count: last byte of TCP layer of the packet Name: "urn:ietf:radius-accounting:udp" Purpose: volume count of UDP payloads Start of byte count: 1st byte of the UDP header of the packet End of byte count: last byte of UDP layer of the packet (more values to be added...) 3. Example A NAS is configured to create statistics regarding IPv6 usage of CPE for statistical reasons, and of the amount of HTTP traffic sent to the example.com web site for billing reasons. User john@example.com starts a user session, transfers 1200 Bytes in 10 packets via IPv6 to the internet, and receives 4500 Bytes in 30 packets over IPv6 from the internet. In the same session, The user visits the IPv4-only example.com web site by sending 6000 bytes in 4 packets to the web site, and receiving 450000 Bytes in 35 packets from the web site. Then, the user terminates the session and an Accounting-Stop packet is generated. The NAS sends the recorded octet and packet values to his RADIUS Accounting server. Since there is no URN value for "Traffic on TCP/80 to example.com, all IP versions" for use in the Acct-Traffic- Winter Expires January 17, 2013 [Page 7] Internet-Draft RADIUS Fancy Accounting July 2012 Class-Name attribute, the NAS has been configured to indicate this class of traffic in a corresponding custom string. The relevant attributes in the Accounting-Stop packet are: Acct-Traffic-Class Acct-Traffic-Class-Name = "urn:ietf:radius-accunting:ip:6" Acct-Traffic-Class-Input-Octets = 4500 Acct-Traffic-Class-Output-Octets = 1200 Acct-Traffic-Class-Input-Packets = 30 Acct-Traffic-Class-Output-Packets = 10 Acct-Traffic-Class Acct-Traffic-Class-Name = "Traffic on TCP/80 to example.com, all IP versions" Acct-Traffic-Class-Input-Octets = 450000 Acct-Traffic-Class-Output-Octets = 6000 Acct-Traffic-Class-Input-Packets = 35 Acct-Traffic-Class-Output-Packets = 4 4. Attribute Occurence Table This table lists the allowed occurences of the previously defined attributes in Accounting packets. Start Interim Stop Reply Attribute ----- ------- ---- ----- --------------------------------- 0 0-n 0-s 0 Acct-Traffic-Class 0 0-m 0-t 0 Acct-Traffic-Class-Name 0 0-o 0-u 0 Acct-Traffic-Class-Input-Octets 0 0-p 0-v 0 Acct-Traffic-Class-Output-Octets 0 0-q 0-w 0 Acct-Traffic-Class-Input-Packets 0 0-r 0-x 0 Acct-Traffic-Class-Output-Packets Figure 1: Attribute Occurence Note 1: since all sub-attributes occur at most once inside any given Acct-Traffic-Class TLV, the sub-attributes can not occur more often than the TLV itself. I.e. m=n, t>=m, u>=o, v>=p,w>=q, and x>=r. 5. Security Considerations Reveals user's traffic usage patterns. Shouldn't be sent unencrpyptedly. 6. IANA Considerations This document has actions for IANA. TBD later. 7. Normative References [RFC2866] Rigney, C., "RADIUS Accounting", RFC 2866, June 2000. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [I-D.ietf-radext-radius-extensions] DeKok, A. and A. Lior, "Remote Authentication Dial In User Service (RADIUS) Protocol Extensions", draft-ietf-radext- radius-extensions-06 (work in progress), June 2012. Author's Address Stefan Winter Fondation RESTENA 6, rue Richard Coudenhove-Kalergi Luxembourg 1359 LUXEMBOURG Phone: +352 424409 1 Fax: +352 422473 EMail: stefan.winter@restena.lu URI: http://www.restena.lu. Winter Expires January 17, 2013 [Page 9]