IPv6 accounting RADIUS SQL schema?
mducharme at gmail.com
Sat Aug 18 23:11:20 CEST 2018
I would say it is even more complicated:
If assigning framed prefixes is enabled on the NAS, each customer is
given a /64 prefix and router advertisements are sent out so that the
CPE can get a global address via SLAAC (reported as Framed-IPv6-Prefix
If DHCPv6-PD is enabled on the NAS, each customer who requests a prefix
will be assigned one, typically a /56 (reported as
Delegated-IPv6-Prefix). If DHCPv6 address assignment is enabled, then
the CPE can get a global IP through DHCPv6 (reported as
So if the customer has a router that supports everything and has
everything enabled, it could get two addresses on its WAN port, one via
SLAAC and one via DHCPv6, and then a prefix via DHCPv6-PD for use on the
internal network (LAN ports, guest wifi, etc.). If only routers are
connecting via PPP and not customer computers directly, you can look at
the Delegated-IPv6-Prefix to see what prefix the customer's computers
are using. If customer computers connected directly to the NAS (ex.
through an L2TP VPN), then the computer will use either a global address
via SLAAC (found in the Framed-IPv6-Prefix and Framed-Interface-Id
accounting) or a global address via DHCPv6 (found in
Framed-IPv6-Address), or both.
Because, depending on the exact situation, the end user device may be on
an address in the Delegated-IPv6-Prefix (this is the case if they go
through a router) or an address in the Framed-IPv6-Prefix (if they are
on SLAAC) or an address in Framed-IPv6-Address (if they receive an
address through DHCPv6 address assignment), all three fields must be
stored. As an ISP, we are required to forward copyright infringement
notices to customers, and in order to look up the address on the notice,
we need to search all three fields (unlike in IPv4 where we only search
On 8/18/2018 4:11 AM, Nathan Ward wrote:
>> On 18/08/2018, at 10:44 PM, Alan Buxey <alan.buxey at gmail.com> wrote:
>> how does this all work in practice where the clien thas multiple concurrent
>> IPv6 addresses on the NAS? does the NAS send multiple records (one for
>> each address), send multiple IPv6 addresses in a single
>> update RADIUS datagram ?
> IPv4+IPv6 varies between NAS models and configurations:
> Sometimes you get IPv6-only “sessions” (i.e. maybe auth, and accounting).
> Sometimes you get combined IPv4 and IPv6 sessions.
> Sometimes you get a session for PPP and IPv4, and another for IPv6.
> Within that, IPv6 with multiple addresses/prefixes generally results in a single session. Is is very common (the norm) to have multiple addresses - i.e. a subscriber will get a /128 for their “WAN” address, and a /56 or similar for things behind their CPE. These are represented as Framed-IPv6-Prefix and Delegated-IPv6-Prefix respectively, though Cisco (on ASR9k at least) don’t send Framed-IPv6-Prefix and instead send it as Cisco-AVPair = “addrv6=blah”. The usual nonsense, as you can imagine :-)
> Check out 3.6 of RFC6911.
> Nathan Ward
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users