extended attributes
DESCRIPTION
Extended Attributes. RADEXT - IETF 81. Alan DeKok FreeRADIUS Avi Lior Bridgewater. Motivation. RADEXT discussions have been long We need a solution soon (i.e. within 2-3 years) Other proposals were complex Attribute audit shows the needs to be simple. One Octet of Change. Now. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Extended Attributes](https://reader037.vdocuments.mx/reader037/viewer/2022102708/56815a9f550346895dc826f6/html5/thumbnails/1.jpg)
Extended Attributes
RADEXT - IETF 81
Alan DeKokFreeRADIUS
Avi LiorBridgewater
![Page 2: Extended Attributes](https://reader037.vdocuments.mx/reader037/viewer/2022102708/56815a9f550346895dc826f6/html5/thumbnails/2.jpg)
RADEXT - IETF 81
Motivation
• RADEXT discussions have been long
• We need a solution soon (i.e. within 2-3 years)
• Other proposals were complex
• Attribute audit shows the needs to be simple
![Page 3: Extended Attributes](https://reader037.vdocuments.mx/reader037/viewer/2022102708/56815a9f550346895dc826f6/html5/thumbnails/3.jpg)
RADEXT - IETF 81
One Octet of Change
Type
1 octet
Length
1 octet
Ext-Type
1 octet
Value …
1..252 octets
Type
1 octet
Length
1 octet
Value …
1..252 octets
Now
Extended format
![Page 4: Extended Attributes](https://reader037.vdocuments.mx/reader037/viewer/2022102708/56815a9f550346895dc826f6/html5/thumbnails/4.jpg)
RADEXT - IETF 81
That’s pretty much it.
• “Steal” one octet from “Value” for extended types
• Allocate 4 attributes of this format (241..244)
• 256*4 =~ 1K new attributes
• Should be enough for the forseeable future
![Page 5: Extended Attributes](https://reader037.vdocuments.mx/reader037/viewer/2022102708/56815a9f550346895dc826f6/html5/thumbnails/5.jpg)
RADEXT - IETF 81
Grouping• Flexible grouping by defining a TLV data
type
• Already in WiMAX, 3GPP2, and other SDOs / vendors.
• Code is widely deployed in production systems TLV-Type
1 octet
TLV-Length
1 octet
Value …
1..253 octets
![Page 6: Extended Attributes](https://reader037.vdocuments.mx/reader037/viewer/2022102708/56815a9f550346895dc826f6/html5/thumbnails/6.jpg)
RADEXT - IETF 81
TLV Properties• Can carry any existing or future data type
• Including TLVs.
• Multiple TLVs can be carried in one Ext-Attr
• Nested or concatenated
• Nesting is limited only by TLV-Length field
• 253 / 3 =~ 80
• Practicalities show a depth of 5 is sufficient
![Page 7: Extended Attributes](https://reader037.vdocuments.mx/reader037/viewer/2022102708/56815a9f550346895dc826f6/html5/thumbnails/7.jpg)
RADEXT - IETF 81
Naming: Not just 8 bits
• We need to name the new attribute types.
• Use OID style “dotted number”
• 241.{1-255}
• 241.1 “This-Is-A-New-attr”
• Versus
• 1 “User-Name”
• Naming applies only for the IANA registry
![Page 8: Extended Attributes](https://reader037.vdocuments.mx/reader037/viewer/2022102708/56815a9f550346895dc826f6/html5/thumbnails/8.jpg)
RADEXT - IETF 81
TLV Naming• Leverage the same “dotted number”
notation!
• 241.1.2
• RADIUS Attr 241, of type “ext-attr”
• Extended Attr 1, data type “tlv”
• TLV 2, data type “integer”
• Allows for ~250 fields in a struct
• Extends type space past 1K attributes
![Page 9: Extended Attributes](https://reader037.vdocuments.mx/reader037/viewer/2022102708/56815a9f550346895dc826f6/html5/thumbnails/9.jpg)
RADEXT - IETF 81
“Long” Attributes
• Leverage the Ext-Type format, and add “flags”
• Allocate 2 attributes of this type (245, 246)
Type
1 octet
Length
1 octet
Ext-Type
1 octet
Flags
1 octet
Value …
1..251 octets
Extended format with flags
![Page 10: Extended Attributes](https://reader037.vdocuments.mx/reader037/viewer/2022102708/56815a9f550346895dc826f6/html5/thumbnails/10.jpg)
RADEXT - IETF 81
Flags
• 1 bit of “C” for Continuation
• Same meaning as existing ext-attrs / WiMAX
• 7 bits of “reserved”
• We have no idea what to do with these
• It’s likely that these will never be used
![Page 11: Extended Attributes](https://reader037.vdocuments.mx/reader037/viewer/2022102708/56815a9f550346895dc826f6/html5/thumbnails/11.jpg)
RADEXT - IETF 81
Additional notes• 24{1-6}.26 are VSAs, with fixed format
• Allows for many more standardized VSAs
• 24{1-6}.{241-255} are reserved
• No “experimental” or “implementation-specific”
• They have not been useful
• Detailed instructions for IANA are included
![Page 12: Extended Attributes](https://reader037.vdocuments.mx/reader037/viewer/2022102708/56815a9f550346895dc826f6/html5/thumbnails/12.jpg)
RADEXT - IETF 81
Implementations• Two interoperable implementations:
• In FreeRADIUS “master” branch
• http://git.freeradius.org
• IEA Software
• http://www.iea-software.com/products/radlogin4.cfm
• BSD licensed library will be released this year
• Looking for more!
![Page 13: Extended Attributes](https://reader037.vdocuments.mx/reader037/viewer/2022102708/56815a9f550346895dc826f6/html5/thumbnails/13.jpg)
RADEXT - IETF 81
Summary• ~1.5K new attributes (many 1000’s with
TLVs)
• Grouping via TLVs (proven to work in SDOs)
• Standard way to have “long” attrs (to 4K of data)
• Vendors have ~1.5K new VSAs to work with
• draft includes simple test encoder
• Helps with interoperability checks
![Page 14: Extended Attributes](https://reader037.vdocuments.mx/reader037/viewer/2022102708/56815a9f550346895dc826f6/html5/thumbnails/14.jpg)
RADEXT - IETF 81
Questions?
• Who has read the draft?
• Any feedback?
• Who will implement it soon?