Network Working GroupInternet Engineering Task Force (IETF) W. Dec, Ed.Internet-DraftRequest for Comments: 6911 Cisco Systems, Inc.Intended status:Category: Standards Track B. SarikayaExpires: August 16, 2013ISSN: 2070-1721 Huawei USA G.ZornZorn, Ed. Network Zen D. Miles Google B. Lourdelet Juniper NetworksFebruary 12,April 2013 RADIUSattributesAttributes for IPv6 Access Networksdraft-ietf-radext-ipv6-access-16Abstract This document specifies additional IPv6 RADIUSattributesAttributes useful in residential broadband network deployments. Theattributes,Attributes, which are used for authorization and accounting, enable assignment of a host IPv6 address and an IPv6 DNS server address viaDHCPv6;DHCPv6, assignment of an IPv6 route announced via routeradvertisement;advertisement, assignment of a named IPv6 delegated prefixpool;pool, and assignment of a named IPv6 pool for host DHCPv6 addressing.Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119].Status ofthisThis Memo ThisInternet-Draftissubmitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documentsan Internet Standards Track document. This document is a product of the Internet Engineering Task Force (IETF).Note that other groups may also distribute working documents as Internet-Drafts. The listIt represents the consensus ofcurrent Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents validthe IETF community. It has received public review and has been approved fora maximumpublication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 5741. Information about the current status ofsix monthsthis document, any errata, and how to provide feedback on it may beupdated, replaced, or obsoleted by other documentsobtained atany time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on August 16, 2013.http://www.rfc-editor.org/info/rfc6911. Copyright Notice Copyright (c) 2013 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3 2. Deployment Scenarios . . . . . . . . . . . . . . . . . . . ..3 2.1. IPv6 Address Assignment . . . . . . . . . . . . . . . . . 4 2.2. DNS Servers . . . . . . . . . . . . . . . . . . . . . . .45 2.3. IPv6 Route Information . . . . . . . . . . . . . . . . ..5 2.4. Delegated IPv6 Prefix Pool . . . . . . . . . . . . . . .. 56 2.5. Stateful IPv6address pool .Address Pool . . . . . . . . . . . . . . .56 3. Attributes . . . . . . . . . . . . . . . . . . . . . . . . ..6 3.1. Framed-IPv6-Address . . . . . . . . . . . . . . . . . . . 6 3.2. DNS-Server-IPv6-Address . . . . . . . . . . . . . . . . .78 3.3. Route-IPv6-Information . . . . . . . . . . . . . . . . .. 89 3.4. Delegated-IPv6-Prefix-Pool . . . . . . . . . . . . . . .. 910 3.5. Stateful-IPv6-Address-Pool . . . . . . . . . . . . . . .. 1011 3.6. Table ofattributesAttributes . . . . . . . . . . . . . . . . . . .1011 4. Diameter Considerations . . . . . . . . . . . . . . . . . . .1112 5. Security Considerations . . . . . . . . . . . . . . . . . . .1112 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . .1112 7.AcknowledgementsAcknowledgments . . . . . . . . . . . . . . . . . . . . . . .1213 8. References . . . . . . . . . . . . . . . . . . . . . . . . .. 1213 8.1. Normative References . . . . . . . . . . . . . . . . . .. 1213 8.2. Informative References . . . . . . . . . . . . . . . . .. 12 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . .13 1. Introduction This document specifies additional RADIUSattributesAttributes used to support configuration of DHCPv6 and/or ICMPv6 Router Advertisement (RA) parameters on a per-user basis. Theattributes,Attributes, which complement those defined in [RFC3162] and [RFC4818], support the following: oAssignmentThe assignment of specific IPv6 addresses to hosts via DHCPv6. oAssignmentThe assignment of an IPv6 DNS server address, via DHCPv6 or Router Advertisement [RFC6106]. oConfigurationThe configuration of more specific routes to be announced to the user via the Route Information Option defined in[RFC4191][RFC4191], Section 2.3. o The assignment of a named delegated prefix pool for use with "IPv6 Prefix Options forDHCPv6"Dynamic Host Configuration Protocol (DHCP) version 6" [RFC3633]. o The assignment of a named stateful address pool for use with DHCPv6 stateful address assignment [RFC3315]. 1.1. Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119]. 2. Deployment Scenarios The extensions in thisdraftdocument are intended to be applicable across a wide variety of network access scenarioswherein which RADIUS is involved. One such typical network scenario is illustrated in Figure 1. It is composed ofaan IP Routing Residential Gateway (RG) orhost,host; a Layer 2Access-Node (AN) e.g.Access Node (AN), e.g., a Digital Subscriber Line Access Multiplexer- DSLAM,(DSLAM); an IP Network AccessServers (NASes), andServer (NAS) (incorporating anAuthentication Authorization &Authentication, Authorization, and Accounting (AAA) client); and a AAA server. +-----+ | AAA | | | +--+--+ ^ ..(Radius).(RADIUS) . v +------+ +---+---+ +------+ |AN| |NAS| | RG/ +-------| AN +-----------+----------+ NAS | | host | | | | | +------+ (DSL) +------+ (Ethernet) +-------+ Figure 1 In the depictedscenarioscenario, the NAS may utilize an IP address configuration protocol(e.g. a DHCPv6 server)(e.g., DHCPv6) to handle address assignment to RGs/hosts. The RADIUS server authenticates eachRG/ hostRG/host and returnstotheattributesAttributes used for authorization and accounting. TheseattributesAttributes can include a host's IPv6 address, a DNS serveraddressaddress, and a set of IPv6 routes to be advertised via any suitable protocol,ege.g., ICMPv6(Neighbour(Neighbor Discovery). The name of a prefix pool to be used for DHCPv6 PrefixDelegation,Delegation or the name of an address pool to be used for DHCPv6 address assignment can also beattributesAttributes provided to the NAS by the RADIUS AAA server. The followingsub-sectionssubsections discuss how theseattributesAttributes are used in more detail. 2.1. IPv6 Address Assignment DHCPv6 [RFC3315] provides a mechanism to assign one or more non- temporary IPv6 addresses to hosts. To provide a DHCPv6 server residing on a NAS with one or more IPv6 addresses to be assigned, this document specifies the Framed-IPv6-AddressAttribute.Attribute (Section 3.1). While [RFC3162] permits the specification of an IPv6 addressto be specifiedvia the combination of the Framed-Interface-Id and Framed-IPv6-Prefixattributes,Attributes, this separation is more natural for use with PPP's IPv6 Control Protocol than it is for use with DHCPv6, and the use of a single IPv6 addressattributeAttribute makes for easier processing of accounting records.SinceBecause DHCPv6 can be deployed on the same network as ICMPv6 stateless address autoconfiguration (SLAAC) [RFC4862], it is possible that the NAS will require both stateful and stateless configuration information.ThereforeTherefore, it is possible for the Framed-IPv6-Address,Framed-IPv6-PrefixFramed-IPv6-Prefix, andFramed- Interface-Id attributesFramed-Interface-Id Attributes [RFC3162] to be included within the same packet. To avoid ambiguity in this case, the Framed-IPv6-AddressattributeAttribute is intended for authorization and accounting ofDHCPv6- assigned addressesDHCPv6-assigned addresses, and the Framed-IPv6-Prefix and Framed-Interface-IdattributesAttributes are used for authorization and accounting of addresses assigned via SLAAC. 2.2. DNS Servers DHCPv6 provides an option for configuring a host with the IPv6 address of a DNS server. The IPv6 address of a DNS server can also be conveyed to the host using ICMPv6 with Router Advertisements, via the[RFC6106] option.Recursive DNS Server Option [RFC6106]. To provide the NAS with the IPv6 address ofaone or more DNSserver,servers, this document specifies the DNS-Server-IPv6-AddressAttribute.Attribute (Section 3.2). 2.3. IPv6 Route InformationAnThe IPv6 Route Informationoption, defined in [RFC4191]Option [RFC4191], is intended to be used to inform a host connected to the NAS that a specific route is reachable via any given NAS. This document specifies theRADIUS attributeRoute-IPv6-Information Attribute (Section 3.3) that allows the AAA server to provision the announcement by the NAS of a specific Route Information Option to an accessing host. The NAS may advertise this route using the method defined in[RFC4191],RFC 4191 orusingother equivalent methods. Any other information, such as preference orlife-timelifetime values, that is to be present in the actual announcement using a given method is assumed to be determined by the NAS using means notscopedspecified by this document(e.g. Local(e.g., local configuration on the NAS). While the Framed-IPv6-Prefixattribute defined in [RFC3162]Attribute ([RFC3162], Section2.3 causes2.3) allows the route to be advertised in an RA, it cannot be used to configure more specific routes. While the Framed-IPv6-Routeattribute defined in [RFC3162]Attribute ([RFC3162], Section2.52.5) causes the route to be configured on theNAS,NAS and potentially to be announced via an IP routing protocol, depending on the value of Framed-Routing, it does not result in the route being announced in an RA. 2.4. Delegated IPv6 Prefix Pool DHCPv6 Prefix Delegation (DHCPv6-PD) [RFC3633] involves a delegating router selecting a prefix and delegating it on a temporary basis to a requesting router. The delegating router may implement a number of strategies as to how it chooses what prefix is to be delegated to a requesting router, one of them being the use of a local named prefix pool. The Delegated-IPv6-Prefix-PoolattributeAttribute (Section 3.4) allows the RADIUS server to convey a prefix pool name to a NAS that is hosting a DHCPv6-PD server and that is acting as a delegating router.SinceBecause DHCPv6 Prefix Delegation can be used with SLAAC on the same network, it is possible for the Delegated-IPv6-Prefix-Pool and Framed-IPv6-PoolattributesAttributes to be included within the same packet. To avoid ambiguity in this scenario, use of the Delegated-IPv6- Prefix-PoolattributeAttribute should be restricted to authorization and accounting of prefix pools used in DHCPv6 PrefixDelegationDelegation, and the Framed-IPv6-PoolattributeAttribute should be used for authorization and accounting of prefix pools used in SLAAC. 2.5. Stateful IPv6address poolAddress Pool DHCPv6 [RFC3315] provides a mechanism to assign one or more non- temporary IPv6 addresses to hosts. Section 3.1 introduces the Framed-IPv6-AddressattributeAttribute to be usedfor providingto provide a DHCPv6 server residing on a NAS with one or more IPv6 addresses to be assigned to the clients. An alternative way to achieve a similar result is for the NAS to select the IPv6 address to be assigned from an address pool configured for this purpose on the NAS. This document specifies the Stateful-IPv6-Address-PoolattributeAttribute (Section 3.5) to allow the RADIUS server to convey a pool name to be used for such statefulDHCPv6 based addressing,DHCPv6-based addressing and for any subsequent accounting. 3. Attributes The fields shown in the diagrams below are transmitted from left to right. 3.1. Framed-IPv6-AddressThis attributeThe Framed-IPv6-Address Attribute indicates an IPv6 address that is assigned to theNAS- facingNAS-facing interface of the RG/host. It MAY be used in Access-Acceptpackets,packets and MAY appear multiple times. It MAY be used in anAccess- RequestAccess-Request packet as a hint by the NAS to the RADIUS server that it would preferthesethis IPv6address(es),address, but the RADIUS server is not required to honor the hint.SinceBecause it is assumed that the NAS will add a route corresponding to the address, it is not necessary for the RADIUS server to also send a host Framed-IPv6-RouteattributeAttribute for the same address. ThisattributeAttribute can be used by a DHCPv6 process on the NAS to assign a unique IPv6 address to the RG/host. A summary of the Framed-IPv6-AddressattributeAttribute format is shown below. The format of theaddressAddress field isas peridentical to that of the corresponding field in the NAS-IPv6-Address Attribute [RFC3162]. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Address +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Address (cont) +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Address (cont) +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Address (cont) +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Address (cont) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ TypeTBA1168 for Framed-IPv6-Address Length 18 AddressThe IPv6 address field contains aA 128-bit IPv6 address. 3.2. DNS-Server-IPv6-Address The DNS-Server-IPv6-AddressattributeAttribute contains the IPv6 address of a DNS server. ThisattributeAttribute MAY be included multiple times in Access- Acceptpackets,packets when the intention is for a NAS to announce more than one DNS serveraddressesaddress toaan RG/host. Thesame order of the attributes is expected to be followed in the announcements to the RADIUS client. The attributeAttribute MAY be used in an Access-Request packet as a hint by the NAS to the RADIUS server regarding the DNS IPv6 address, but the RADIUS server is not required to honor the hint. The content of thisattributeAttribute can beinserted in acopied to an instance of the DHCPv6option as specified inDNS Recursive Name Server Option [RFC3646] orinto an IPv6 RouterAdvertisment as perAdvertisement Recursive DNS Server Option [RFC6106]. If more than one DNS-Server-IPv6-Address Attribute is present in the Access- Accept packet, the addresses from the Attributes SHOULD be copied in the same order as received. A summary of the DNS-Server-IPv6-AddressattributeAttribute format is given below. The format of theaddressAddress field is the same asperthat of the corresponding field in the NAS-IPv6-Address Attribute [RFC3162]. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Address +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Address (cont) +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Address (cont) +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Address (cont) +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Address (cont) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ TypeTBA2169 for DNS-Server-IPv6-Address Length 18 Address The 128-bit IPv6 address of a DNS server. 3.3. Route-IPv6-InformationThis attributeThe Route-IPv6-Information Attribute specifies a prefix (and corresponding route) for the user on the NAS, which is to be announced using the Route Information Option defined in "Default Router Preferences and More Specific Routes"[RFC4191][RFC4191], Section 2.3. It is used in the Access-Accept packet and can appear multiple times. It MAY be used in anAccess- RequestAccess-Request packet as a hint by the NAS to the RADIUS server, but the RADIUS server is not required to honor the hint. TheRoute-IPv6- Information attributeRoute-IPv6-Information Attribute format is depicted below. The format of the prefix is as per [RFC3162]. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Reserved | Prefix-Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | . Prefix (variable) . . . | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ TypeTBA3170 for Route-IPv6-Information LengthLengthLength, in bytes. At least 4 and no larger than 20;typicallytypically, 12 or less. Prefix Length 8-bit unsigned integer. The number of leading bits in the prefix that are valid. The valuerangescan range from 0 to 128. The prefix field is 0,88, or 16 octets depending on Length. Prefix Variable-length field containing an IP prefix. The prefix length field contains the number of valid leading bits in the prefix. The bits in the prefix after the prefixlength (if any)length, if any, are reserved and MUST be initialized to zero. 3.4. Delegated-IPv6-Prefix-PoolThis attributeThe Delegated-IPv6-Prefix-Pool Attribute contains the name of an assigned pool that SHOULD be used to select an IPv6 delegated prefix for the user on the NAS. If a NAS does not support prefix pools, the NAS MUST ignore thisattribute.Attribute. It MAY be used in an Access-Request packet as a hint by the NAS to the RADIUS server regarding the pool, but the RADIUS server is not required to honor the hint. A summary of the Delegated-IPv6-Prefix-PoolattributeAttribute format is shown below. 0 1 2 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | String... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ TypeTBA4171 for Delegated-IPv6-Prefix-Pool LengthLengthLength, in bytes. At least 3. String The string field contains the name of an assigned IPv6 prefix pool configured on the NAS. The field is not NULL (hexadecimal 00) terminated. Note: The string data type is as documented in[RFC6158],[RFC6158] and carries binary data that is external to theRadiusRADIUS protocol,ege.g., the name of a pool of prefixes configured on the NAS. 3.5. Stateful-IPv6-Address-PoolThis attributeThe Stateful-IPv6-Address-Pool Attribute contains the name of an assigned pool that SHOULD be used to select an IPv6 address for the user on the NAS. If a NAS does not support address pools, the NAS MUST ignore thisattribute.Attribute. A summary of theStateful-IPv6-Address-Pool attributeStateful-IPv6-Address- Pool Attribute format is shown below. It MAY be used in anAccess-RequestAccess- Request packet as a hint by the NAS to the RADIUS server regarding the pool, but the RADIUS server is not required to honor the hint. 0 1 2 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | String... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ TypeTBA5172 for Stateful-IPv6-Address-Pool LengthLengthLength, in bytes. At least 3. String The string field contains the name of an assigned IPv6 stateful address pool configured on the NAS. The field is not NULL (hexadecimal 00) terminated. Note: The string data type is as documented in[RFC6158],[RFC6158] and carries binary data that is external to theRadiusRADIUS protocol,ege.g., the name of a pool of addresses configured on the NAS. 3.6. Table ofattributesAttributes The following table provides a guide to whichattributesAttributes may be found in which kinds of packets, and in what quantity. The optional inclusion of the options in Access Request messages is intended to allow for anetwork access server (NAS)NAS to provide the RADIUS server with a hint of theattributesAttributes in advance of user authentication, which may be useful in caseswherein which a userre-connectsreconnects or has a static address. The server is under no obligation to honor such hints. Request Accept Reject Challenge Accounting # Attribute Request 0+ 0+ 0 0 0+TBA1168 Framed-IPv6-Address 0+ 0+ 0 0 0+TBA2169 DNS-Server-IPv6-Address 0+ 0+ 0 0 0+TBA3170 Route-IPv6-Information 0+ 0+ 0 0 0+TBA4171 Delegated-IPv6-Prefix-Pool 0+ 0+ 0 0 0+TBA5172 Stateful-IPv6-Address-Pool 4. Diameter Considerations Given that theattributesAttributes defined in this document are allocated from the standard RADIUS type space (see Section 6), no special handling is required by Diameter entities. 5. Security Considerations This document specifies additional IPv6 RADIUSattributesAttributes useful in residential broadband network deployments. In such networks, the RADIUS protocol may run either over IPv4 or overIPv6IPv6, and known security vulnerabilities of the RADIUS protocol,e.g.e.g., [SECI], apply to theattributesAttributes defined in this document. A trust relationship between a NAS and RADIUS server is expected to be in place, with communication optionally secured byIPSecIPsec orTLS [RFC6614] .Transport Layer Security (TLS) [RFC6614]. 6. IANA ConsiderationsThis document requires the assignment ofIANA has assigned five new RADIUSattributeAttribute types in the "Radius Attribute Types" registry (currently located athttp://www.iana.org/assignments/radius-typeshttp://www.iana.org/assignments/radius-types) for the followingattributes:Attributes: o Framed-IPv6-Address o DNS-Server-IPv6-Address o Route-IPv6-Information o Delegated-IPv6-Prefix-Pool o Stateful-IPv6-Address-Pool 7.AcknowledgementsAcknowledgments The authors would like to thank Bernard Aboba, Benoit Claise, Peter Deacon, Alan DeKok, Ralph Droms, Brian Haberman, Alfred Hines, Stephen Farrell, Jouni Korhonen, Roberta Maglione,Leaf Yeh,Pete Resnick, Mark Smith,Pete Resnik, Ralph Droms, Stephen Farrell, Brian Haberman,and Leaf Yeh for their help and comments in reviewing this document. 8. References 8.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless Address Autoconfiguration", RFC 4862, September 2007. 8.2. Informative References [RFC3162] Aboba, B., Zorn, G., and D. Mitton, "RADIUS and IPv6", RFC 3162, August 2001. [RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., and M. Carney, "Dynamic Host Configuration Protocol for IPv6 (DHCPv6)", RFC 3315, July 2003. [RFC3633] Troan, O. and R. Droms, "IPv6 Prefix Options for Dynamic Host Configuration Protocol (DHCP) version 6", RFC 3633, December 2003. [RFC3646] Droms, R., "DNS Configuration options for Dynamic Host Configuration Protocol for IPv6 (DHCPv6)", RFC 3646, December 2003. [RFC4191] Draves, R. and D. Thaler, "Default Router Preferences and More-Specific Routes", RFC 4191, November 2005. [RFC4818] Salowey, J. and R. Droms, "RADIUS Delegated-IPv6-Prefix Attribute", RFC 4818, April 2007. [RFC6106] Jeong, J., Park, S., Beloeil, L., and S. Madanapalli, "IPv6 Router Advertisement Options for DNS Configuration", RFC 6106, November 2010. [RFC6158] DeKok, A. and G. Weber, "RADIUS Design Guidelines", BCP 158, RFC 6158, March 2011. [RFC6614] Winter, S., McCauley, M., Venaas, S., and K. Wierenga, "Transport Layer Security (TLS) Encryption for RADIUS", RFC 6614, May 2012. [SECI]-, "http://regul.uni-mb.si/~meolic/ptk-seminarske/ radius.pdf",Hill, J., "An Analysis of the RADIUS Authentication Protocol", November2001.2001, <http://regul.uni-mb.si/~meolic/ ptk-seminarske/radius.pdf>. Authors' Addresses Wojciech Dec (editor) Cisco Systems, Inc. Haarlerbergweg 13-19Amsterdam , NOORD-HOLLANDAmsterdam, Noord-Holland 1101 CH NetherlandsEmail:EMail: wdec@cisco.com Behcet Sarikaya Huawei USA 1700 AlmaDr.Drive, Suite 500 Plano, TX US Phone: +1 972-509-5599Email:EMail: sarikaya@ieee.org Glen Zorn (editor) Network Zen1310 East Thomas Street Seattle, WA US Email: gwz@net-zen.net227/358 Thanon Sanphawut Bang Na, Bangkok 10260 Thailand Phone: +66 (0) 8-1000-4155 EMail: glenzorn@gmail.com David Miles GooglePhone: Fax: Email: david.miles@google.com URI:EMail: davidmiles@google.com Benoit Lourdelet Juniper Networks FranceEmail:EMail: blourdel@juniper.net