RADEXT Working Group M. Grayson Internet-Draft Cisco Systems Intended status: Informational J. Redmore Expires: 11 April 2026 CableLabs 8 October 2025 A syntax for the RADIUS Connect-Info attribute used in Wi-Fi networks draft-grayson-connectinfo-05 Abstract This document describes a syntax for the Connect-Info attribute used with the Remote Authentication Dial In User Service (RADIUS) protocol, enabling RADIUS clients to provide RADIUS servers information pertaining to the operation of an IEEE 802.11 wireless network. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on 11 April 2026. Copyright Notice Copyright (c) 2025 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/ license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License. Grayson & Redmore Expires 11 April 2026 [Page 1] Internet-Draft Connect-Info October 2025 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 4 1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 4 2. Types of Connect-Info Metrics . . . . . . . . . . . . . . . . 4 3. ABNF syntax for Connect-Info . . . . . . . . . . . . . . . . 6 4. Example encoding in Access-Request . . . . . . . . . . . . . 10 5. Implementations . . . . . . . . . . . . . . . . . . . . . . . 12 6. Security Considerations . . . . . . . . . . . . . . . . . . . 12 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 12 8.1. Normative References . . . . . . . . . . . . . . . . . . 12 8.2. Informative References . . . . . . . . . . . . . . . . . 12 Changelog . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 13 Contributors . . . . . . . . . . . . . . . . . . . . . . . . . . 14 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 14 1. Introduction The Connect-Info attribute is defined in [RFC2865] to enable a Network Access Server (NAS) to indicate to a RADIUS server "the nature of the user's connection". [RFC2869] includes the recommendation that: The connection speed SHOULD be included at the beginning of the first Connect-Info attribute in the packet. If the transmit and receive connection speeds differ, they MAY both be included in the first attribute with the transmit speed first (the speed the NAS modem transmits at), a slash (/), the receive speed, then optionally other information. but where the definition of "speed" is not defined in [RFC2869]. The Connect-Info attribute can be sent in both Access-Request and Accounting-Request messages, as shown in Figure 1. +--------------------------------------------------------------+ | Attribute | Request | Accept | Reject | Challenge | Acct-Req | +--------------------------------------------------------------+ | Connect- | 0-1 | 0 | 0 | 0 | 0+ | | Info (77) | | | | | | +--------------------------------------------------------------+ Figure 1: RFC2869 defined occurrence rules for Connect-Info attribute Grayson & Redmore Expires 11 April 2026 [Page 2] Internet-Draft Connect-Info October 2025 Many NAS implementations have implemented the Connect-Info attribute. Wi-Fi vendors supporting the Connect-Info attribute start the text field with "CONNECT" that is typically followed by a floating point value representing the maximum connection speed in Mbps. Implementations follow this with text information about the IEEE 802.11 amendment supported, as illustrated in Figure 2. Connect-Info = "CONNECT 11.00 Mbps 802.11b" Figure 2: Example #1 Wi-Fi Connect-Info attribute Other implementations have extended this baseline to signal additional information to the RADIUS server using a slash (/) delimiter, as illustrated in Figure 3. Note, these examples together with the recommendation in [RFC2869] are illustrations of complex data types, as described in section 3.2.3 of [RFC6158]. Connect-Info = "CONNECT 54.00 Mbps / 802.11n / RSSI: 53 / Channel: 1" Figure 3: Example #2 Wi-Fi Connect-Info attribute There are use-cases that benefit from being able to share Wi-Fi access network quality metrics between a NAS and a server, including where the NAS is operated by an Access Network Provider (ANP) and the server is operated by an Identity Provider (IDP). Reception of the Connect-Info attribute by a RADIUS server is intended to be used to assist the IDP in making authorization decisions. The rest of this document describes a syntax for the Connect-Info attribute that is simultaneously able to support existing, complex data type, vendor implementations, while being enhanced with additional optional information to support new use-cases and requirements. Whereas [RFC6158] discourages the introduction of new complex data types where viable alternatives exist, it is argued that the present document does not introduce a new complex data type, rather extends the syntax used in existing implementations of the Connect-Info attribute that currently encode a complex data type. Grayson & Redmore Expires 11 April 2026 [Page 3] Internet-Draft Connect-Info October 2025 Note, the techniques by which a server uses the information encoded in the Connect-Info attribute to assist in making authorization decisions are not defined in this document. Some servers MAY define the use a threshold for one or more parameters received in an access- request, other systems MAY use historical Connect-Info records from previously authenticated sessions, including those in the accounting- request messages received from the same NAS, still other systems MAY decide to algorithmically combine the parameters into a new metric used when making authorization decisions. 1.1. Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. 1.2. Terminology Access Network Provider (ANP): A Wi-Fi operator that has configured its Wi-Fi equipment to support inbound roaming of users. Identity Provider (IDP): An entity that authenticates end-user Wi-Fi devices onto ANP networks. Received Signal Strength Indicator (RSSI): A measurement of the power level that is received by an antenna from a wireless device. 2. Types of Connect-Info Metrics The access network characteristics that can be shared between NAS and AAA include those that can be used to derive a quality metric of the performance of a Wi-Fi network. These include characteristics associated with the IEEE 802.11 connection: * the Wi-Fi 802.11 version, * the Wi-Fi channel number and global operating class as defined in [IEEE80211], and * the Wi-Fi transmit and receive bit rates. Grayson & Redmore Expires 11 April 2026 [Page 4] Internet-Draft Connect-Info October 2025 Other use cases benefit from being able to share characteristics able to be calculated by the Wi-Fi access point's 802.11 driver, including: * received signal strength indicator (RSSI), * frame loss rate, and * frame retry rate. Still other use cases benefit from sharing characteristics pertaining to the static configuration of the Wi-Fi network, including: * the configured value of the minimum RSSI level for a device to associate/authenticate to the access point. Finally, other use cases benefit from sharing quality characteristics that are not uniquely associated with a specific connection, including measured values of: * delay between the Wi-Fi access network and the Internet, * airtime utilization experienced by the Wi-Fi access point, and * noise floor experienced by the Wi-Fi access point. The identified use cases include those where the metrics shared using the Connect-Info attribute are compared between different Wi-Fi systems, that can be operated using equipment from different vendors. In such a scenario, the algorithm used to generate a metric by a first installation can be different from the algorithm used to generate the same metric by a second installation. In order to facilitate comparisons in such a situation, there are benefits in sharing additional information pertaining to how a metric is calculated. This additional information includes: * whether a calculation represents an average or a median value, * whether an average value represent a linear or exponential moving average, and * the configuration of the time duration over which a metric was calculated. Grayson & Redmore Expires 11 April 2026 [Page 5] Internet-Draft Connect-Info October 2025 3. ABNF syntax for Connect-Info The Augmented Backus-Naur form (ABNF) is a syntax for specifications defined in [RFC5234]. The proposed ABNF syntax for the text of the Connect-Info attribute used with Wi-Fi networks is shown below. This syntax is intended to encompass current vendor implementations while supporting optional enhancements to support sharing of new parameters. ;---------------------------------------------------------------------- ; Connect-Info RADIUS Attribute #77 Syntax for Wi-Fi networks ;---------------------------------------------------------------------- connect-info-77 = "CONNECT" 1*SP connectAttribute *( DELIMITER keyValueAttribute ) connectAttribute = ((MAXSPEED " Mbps") / PHYRATE) DELIMITER WIFIGEN ; indication of maximum ; achievable data rate ; together with Wi-Fi ; 802.11 generation ; information ;---------------------------------------------------------------------- ; keyValueAttributes - NON-DEVICE/CLIENT RELATED. ; ; These key-value pairs MAY be included in the Connect-Info attribute ; when the attribute is included in the Access-Request or ; Accounting-Request message. ; ; Note, to accommodate different legacy implementations, either signed ; or absolute values of RSSI-min and Noise can be signaled ;---------------------------------------------------------------------- keyValueAttribute =/ "Channel:" *SP CHANNUM ; Wi-Fi channel number keyValueAttribute =/ "Global-OC:" *SP GOC ; Wi-Fi Global Operating ; Class as defined in ; IEEE 802.11 Annex E keyValueAttribute =/ "RSSI-min:" *SP SS ; the configured minimum ; RSSI in dBm on the WLAN ; Access Point keyValueAttribute =/ "Noise:" *SP SS ["(" CALC ")"] ; the current noise floor ; in the operating band ; measured in dBm and Grayson & Redmore Expires 11 April 2026 [Page 6] Internet-Draft Connect-Info October 2025 ; optionally the ; algorithm used to ; calculate the value keyValueAttribute =/ "ChanUtil:" *SP PCT ["(" CALC ")"] ; percentage of time AP ; considers channel busy ; due to 802.11 traffic, ; encoded as an integer % ; and optionally the ; algorithm used to ; calculate the value keyValueAttribute =/ "WAN-RTT:" *SP RTT ["(" CALC ")"] ; the round-trip time in ; milliseconds from the ; Wi-Fi access network ; to the Internet ; and optionally the ; algorithm used to ; calculate the value ;---------------------------------------------------------------------- ; keyValueAttributes - DEVICE/CLIENT RELATED ; ; The calculation of FrameLoss and FrameRetry attributes benefit from ; being based on a number of frames exchanged between device and access ; point. ; ; Their inclusion in the Connect-Info attribute MAY be limited to ; use cases where the attribute is included in the Accounting-Request ; message when the Acct-Status-Type has a value of Interim-Update or ; Stop. ; ; Note, values of TxBitRate and RxBitRate MAY indicate values of 0 Mbps ; when included in Accounting-Request message with Acct-Status-Type ; value of Stop. ; ; Note, to accommodate different legacy implementations, either signed ; or absolute values of RSSI can be signaled ;---------------------------------------------------------------------- keyValueAttribute =/ "RSSI:" *SP SS ["(" CALC ")"] ; the value of Station ; RSSI in dBm and ; optionally the ; algorithm used to ; calculate the value Grayson & Redmore Expires 11 April 2026 [Page 7] Internet-Draft Connect-Info October 2025 keyValueAttribute =/ "TxBitRate:" *SP RATE ; the latest TxRate used ; by the AP to send to ; the device in Mbps keyValueAttribute =/ "RxBitRate:" *SP RATE ; the latest RxRate used ; by the AP to receive ; from the device in Mbps keyValueAttribute =/ "FrameLoss:" *SP PCT ; the average downlink ; 802.11 frame loss rate ; experienced, encoded as ; an integer % keyValueAttribute =/ "FrameRetry:" *SP PCT ; the average downlink ; 802.11 frame retry rate ; experienced, encoded as ; an integer % ;---------------------------------------------------------------------- ; keyValueAttributes - extensibility syntax. ; ; This syntax enables the syntax to be extended in the future. ;---------------------------------------------------------------------- keyValueAttribute =/ 1*NO-DELIM-COLON ":" *SP 1*NO-DELIM-COLON ; Syntax permitting ; extensibility ;---------------------------------------------------------------------- ; Definitions ;---------------------------------------------------------------------- MAXSPEED = (DIGIT / (NZDIGIT DIGIT) / (NZDIGIT DIGIT DIGIT) / (NZDIGIT DIGIT DIGIT DIGIT) / (NZDIGIT DIGIT DIGIT DIGIT DIGIT)) "." DIGIT DIGIT ; Maximum AP to Device speed in Mbps, ; (0.00 - 99999.99), calculated as: ; SC * MD * CR * SS / (SYM + GD) ; where: ; SC = Number of Data Sub-Carriers ; CR = Coding Rate, e.g., 0.5 (BPSK), ; 0.75 (256QAM) ; MD = Modulation rate (1-8), ; where 2^MD = num mod'n states ; SS = number of spatial streams ; SYM = symbol interval (micro-seconds) ; GD = guard interval (micro-seconds) Grayson & Redmore Expires 11 April 2026 [Page 8] Internet-Draft Connect-Info October 2025 PHYRATE = "MaxRate:" *SP "MCS" (DIGIT/(NZDIGIT DIGIT)) "-" NZDIGIT "SS" ; where the digits after "MCS" corresponds to the ; Modulation and Coding Scheme and the digits ; preceding "SS" correspond to the number of ; spatial streams RATE = (DIGIT / (NZDIGIT DIGIT) / (NZDIGIT DIGIT DIGIT) / (NZDIGIT DIGIT DIGIT DIGIT)) ["." DIGIT] WIFIGEN = ("802.11" AMENDMENT) / WFA-GEN-NAME AMENDMENT = "b" / "g" / "a" / "n" / "ac" / "ax" / "be" ; the original 802.11 amendment WFA-GEN-NAME = "Wi-Fi" ( "4" / "5" / "6" / "7" ) ; the Wi-Fi Alliance designated generational name SS = ["-"] (DIGIT / (NZDIGIT DIGIT) / ("1" DIGIT DIGIT)) ; Value of Received Signal Strength when expressed ; in dBm. To accommodate different legacy ; implementations, both 41 and -41 represent ; -41 dBm CHANNUM = NZDIGIT / (NZDIGIT DIGIT) / ("1" DIGIT DIGIT) / ("2" U4DIGIT DIGIT) ; Encoding for Channel Numbers (1 - 249) GOC = NZDIGIT / (NZDIGIT DIGIT) / ("1" DIGIT DIGIT) / ("2" U4DIGIT DIGIT) / ("2" U5DIGIT U5DIGIT) ; Encoding of Global Operating Class (1-255) PCT = DIGIT / (NZDIGIT DIGIT) / "100" ; Percentage (0 - 100) RTT = NZDIGIT / (NZDIGIT DIGIT) / (NZDIGIT DIGIT DIGIT ) ; Encoding round-trip delay 0-999 ms CALC = METRIC [ "-" ALG ] ; Encoding details of the metric and optionally ; details of the algorithm used to calculate the ; metric METRIC = "AVG" / "MED" / "MIN" / "MAX" ; AVG indicates the metric is an average value ; MED indicates the metric is a median value ; MIN indicates the metric is a minimum value ; MAX indicates the metric is a maximum value Grayson & Redmore Expires 11 April 2026 [Page 9] Internet-Draft Connect-Info October 2025 ALG = "LIN" DURATION ; LIN indicates the algorithm used is a linear ; process ALG =/"EXP" WEIGHT ; EXP indicates the algorithm used is an ; exponential moving average DURATION = (DIGIT / (NZDIGIT DIGIT) / (NZDIGIT DIGIT DIGIT)) "S" ; The duration in seconds over which an algorithm ; operates WEIGHT = NZDIGIT ; where the exponential weighting is 2^WEIGHT DELIMITER = SLASH / 1*SP ; existing vendor delimiters NO-DELIM-COLON = %x21-2e / %x30-39 / %x3b-7e ; any characters excluding delimiters - space ; (0x20) and slash (0x2f) - as well as colon (0x3a) SP = %x20 SLASH = *SP %x2F *SP DIGIT = %x30-39 ; 0-9 NZDIGIT = %x31-39 ; 1-9 U4DIGIT = %x30-34 ; 0-4 (up to 4) U5DIGIT = %x30-35 ; 0-5 (up to 5) Figure 4: ABNF definition for encoding of Connect-Info text field 4. Example encoding in Access-Request The Connect-Info attribute value is limited to 253 bytes. Example encodings using the ABNF definition are illustrated in Figure 5, indicating that the metrics can be signaled while keeping the attribute size below 253 bytes. In these examples, less than 215 bytes are used to encode the access network metric information. Grayson & Redmore Expires 11 April 2026 [Page 10] Internet-Draft Connect-Info October 2025 Connect-Info = "CONNECT 54.00 Mbps / 802.11n / Channel: 1 / RSSI: 53" Connect-Info = "CONNECT 400.00 Mbps 802.11ac Channel:44 RSSI:50 RSSI-min:80" Connect-Info = "CONNECT 400.00 Mbps 802.11ac Channel:44 Global-OC:116 RSSI:-50 RSSI-min:-80 WAN-RTT:50" Connect-Info = "CONNECT 400.00 Mbps Wi-Fi5 Channel:44 RSSI:48(AVG-EXP8) RSSI-min:80 Noise:94" Connect-Info = "CONNECT 400.00 Mbps 802.11ac Channel:44 RSSI:48(AVG-EXP8) RSSI-min:80 Noise:94(MED-LIN80S) ChanUtil:25(AVG-LIN600S)" Connect-Info = "CONNECT 400.00 Mbps Wi-Fi5 Channel:44 RSSI:56(AVG-EXP8) RSSI-min:80 Noise:90(MED-LIN80S) ChanUtil:35(AVG-LIN300S) TxBitRate:150.0 RxBitRate:150.0" Connect-Info = "CONNECT 400.00 Mbps 802.11ac Channel:44 Global-OC:116 RSSI:56(AVG-EXP8) RSSI-min:80 Noise:90(MED-LIN80S) ChanUtil:35(AVG-LIN300S) TxBitRate:150.0 RxBitRate:150.0 FrameLoss:3 FrameRetry:6" Connect-Info = "CONNECT 400.00 Mbps 802.11ac Channel:44 Global-OC:116 RSSI:56(AVG-EXP8) RSSI-min:80 Noise:90(MED-LIN80S) ChanUtil:35(AVG-LIN300S) WAN-RTT:35(AVG-LIN600S) TxBitRate:150.0 RxBitRate:150.0 FrameLoss:3 FrameRetry:6" Connect-Info = "CONNECT MaxRate:MCS11-2SS / Wi-Fi6 / Channel:37 / Global-OC:131 / RSSI:43(AVG-EXP8) / Noise:50 / ChanUtil:2(AVG-LIN5S)" Connect-Info = "CONNECT 400.00 Mbps 802.11ac Channel:44 RSSI:48(AVG-EXP8) RSSI-min:80 Noise:94 SomeHistogramExtension:[0,1,3,6,7]" Figure 5: Example encodings of Connect-Info attribute using ABNF definition Grayson & Redmore Expires 11 April 2026 [Page 11] Internet-Draft Connect-Info October 2025 5. Implementations In July 2024, a proof of concept was built using modified hostapd code (https://w1.fi/) that is able to populate the connect-info attributes according to the syntax defined above. In December 2024, Helium Network (www.helium.com) upgraded their deployment of 17,000 OpenWi-Fi/OpenWRT Wi-Fi Access points to support the enhanced connect-info attribute. 6. Security Considerations This document describes a syntax that enables a RADIUS client to provide a RADIUS server information pertaining to the operation of an IEEE 802.11 wireless network. The terms agreed between the operator of the RADIUS client and the operator of the RADIUS server SHOULD include restrictions on the use of such non-personal information by the operator of the RADIUS server, for example limiting the use of such information to making RADIUS server authorization decisions and prohibiting a RADIUS server from disclosing information signalled in the Connect-Info attribute to any third-party. 7. IANA Considerations This document has no IANA Actions. 8. References 8.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, . 8.2. Informative References [IEEE80211] IEEE, "Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications", n.d., . Grayson & Redmore Expires 11 April 2026 [Page 12] Internet-Draft Connect-Info October 2025 [RFC2865] Rigney, C., Willens, S., Rubens, A., and W. Simpson, "Remote Authentication Dial In User Service (RADIUS)", RFC 2865, DOI 10.17487/RFC2865, June 2000, . [RFC2869] Rigney, C., Willats, W., and P. Calhoun, "RADIUS Extensions", RFC 2869, DOI 10.17487/RFC2869, June 2000, . [RFC5234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax Specifications: ABNF", STD 68, RFC 5234, DOI 10.17487/RFC5234, January 2008, . [RFC6158] DeKok, A., Ed. and G. Weber, "RADIUS Design Guidelines", BCP 158, RFC 6158, DOI 10.17487/RFC6158, March 2011, . Changelog * 01 - Added extensibility to ABNF and corrected syntax. Added security considerations section. Added note on TxBitRate/ RxBitRate when included in Accounting-Request type Stop. * 02 - Corrected ABNF syntax definition of RATE. * 03 - Switched to individual submission. Updated ABNF to ease parsing of key/value pairs. * 04 - Updated ABNF i) switching from band to global operating class, ii) added Wi-Fi Alliance generational name support as an alternative to 802.11 amendment designator, iii) permit legacy absolute and signed representations of signal strength, and iv) added WAN-RTT attribute * 05 - Added clarifications that information is shared to enable a RADIUS server to make improved authorization decisions. Switched back to IETF submission. Added text about aligning with legacy implementations that do not adhere to RFC6158. Acknowledgements The authors would like to thank all the members of the WBA's Access Network Metrics project team who have helped review and refine the Connect-Info syntax. Thanks to Jouni Malinen for his review and recommendation to define encoding for Global Operating Class. Grayson & Redmore Expires 11 April 2026 [Page 13] Internet-Draft Connect-Info October 2025 Contributors Sri Gundavelli Cisco Systems 170 West Tasman Drive San Jose, 95134 United States of America Email: sgundave@cisco.com Bruno Tomas Wireless Broadband Alliance 5000 Executive Parkway, Suite 302 San Ramon, 94583 United States of America Email: bruno@wballiance.com Michael Sym Single Digits 4 Bedford Farms Drive, Suite 210 Bedford, 1608 United States of America Email: msym@singledigits.com Blair Bullock Boldyn Networks Pleasanton, United States of America Email: blair.bullock@boldyn.com Authors' Addresses Mark Grayson Cisco Systems 10 New Square Park Feltham TW14 8HA United Kingdom Email: mgrayson@cisco.com Grayson & Redmore Expires 11 April 2026 [Page 14] Internet-Draft Connect-Info October 2025 Joshua Redmore CableLabs 858 Coal Creek Cr. Louisville, 80027 United States of America Email: j.redmore@cablelabs.com Grayson & Redmore Expires 11 April 2026 [Page 15]