[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Captive-portals] API / ICMP for status and remaining time

The idea is that the Dest Unreach + Capport Extension is one notification for both legacy and capport devices. It is largely up to the NAS depending on what it wants legacy devices to understand. 

On Tue, Sep 6, 2016 at 2:04 PM, Dave Dolson <[email protected]> wrote:


I’m unclear on when a new message type (section 2.7) should be used vs. an extension (section 2.8)?





From: David Bird [mailto:[email protected]]
Sent: Tuesday, September 06, 2016 3:59 PM

To: Dave Dolson
Cc: [email protected]; Alexander Roscoe
Subject: Re: [Captive-portals] API / ICMP for status and remaining time


I've updated the I-D here https://github.com/wlanmac/draft-wkumari-capport-icmp-unreach, comments appreciated.


The Policy Class 'hint' can be any value that both the NAS and CP understand. Not all implementations will use it; it is only really useful if your NAS might send users to the CP for one of several reasons. A very simple use-case could be that the NAS puts the destination port in the Policy Class so that the CP knows what services you were trying to access.


On Wed, Aug 31, 2016 at 2:00 PM, Dave Dolson <[email protected]> wrote:


Yes, I would like to see that draft updated, thanks.


Would this new hint support different reasons? E.g., bad weather warning vs. payment required?





From: David Bird [mailto:[email protected]]
Sent: Wednesday, August 31, 2016 9:29 AM
To: Dave Dolson
Cc: [email protected]; Alexander Roscoe

Subject: Re: [Captive-portals] API / ICMP for status and remaining time


I am working updating https://tools.ietf.org/html/draft-wkumari-capport-icmp-unreach-01. I plan to add a 'policy class' uint32 to the ICMP message that can be used as a site specific 'hint' to the captive portal. This uint32 is site specific and -can- be unique per visitor and should only be used by portal as a hint/reason (capport URL gotten from DHCP rfc 7710) .


On Aug 31, 2016 5:55 AM, "Dave Dolson" <[email protected]> wrote:

An ICMP extension could notify a sender that a 5-tuple connection is walled off‎. It works for all IP protocols (TCP, UDP, GRE, even ICMP-echo).

‎This will be more real-time than relying on the sender to periodically probe well-known servers on port 80.


Such a message should indicate a reason, which could be a URL to a JSON/REST interface.


Or, it could simply be an event that means "go probe port 80 to get redirected"




From: David Bird

Sent: Tuesday, August 30, 2016 9:07 PM

To: Alexander Roscoe

Subject: Re: [Captive-portals] API / ICMP for status and remaining time


I believe ICMP is useful for realtime, 5-tuple flow specific (as well as general), notifications, but it should not be used to carry any session parameters or meaningful data. A REST API would be better for that. 


On Tue, Aug 30, 2016 at 2:49 PM, Alexander Roscoe <[email protected]> wrote:

I am looking at the mechanisms to communicate captive portal states to
users. I think a RESTful API would be viable candidate for
communicating this information.  The same URL from RFC7710 or the URL
given by the 302 redirect could be used to as the endpoint for this
service as well.  Clients could reach out to this endpoint to get
status such as "Time Remaining" or "TX/RX transferred".  RESTful
interfaces can be easily setup and can be easily extended to add new

Along side REST, I was looking at the ICMP as a conduit to transmit
this information as well.  Information could be pushed to the clients'
device and then digested rather than pulled like a RESTful protocol.
I think an implementation of this setup could work well on a
deployment where the AAA server resides on the same system as the
gateway because the information in the ICMP is easily accessible.
When the AAA server exists on another system it may pose a problem.
For example, many networks that use captive portals block external
ICMP messages and/or NAT devices to client, therefore the gateway
would need to proxy these packets.  This adds more complexity to the
network design. Also, ICMP message would be very rigid and not as
extendable as a RESTful service. Maybe rigid might be a good thing?

Thoughts?  Did I miss another type of conduit to transfer status...
excluding SOAP :)

Alexander Roscoe

Captive-portals mailing list
[email protected]