RADEXT Working Group M. Grayson Internet-Draft Cisco Systems Intended status: Informational J. Redmore Expires: 3 September 2026 CableLabs 2 March 2026 A syntax for the RADIUS Connect-Info attribute used in Wi-Fi networks draft-grayson-connectinfo-08 Abstract This document describes a syntax for the Connect-Info attribute used with the RADIUS protocol, enabling RADIUS clients to provide RADIUS servers information pertaining to a user's connection with an IEEE 802.11 wireless network. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on 3 September 2026. Copyright Notice Copyright (c) 2026 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/ license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License. Grayson & Redmore Expires 3 September 2026 [Page 1] Internet-Draft Connect-Info March 2026 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 4 1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 4 2. Types of Connect-Info Metrics . . . . . . . . . . . . . . . . 4 3. ABNF syntax for Connect-Info . . . . . . . . . . . . . . . . 5 4. Encoding Recommendations . . . . . . . . . . . . . . . . . . 8 4.1. Access-Request . . . . . . . . . . . . . . . . . . . . . 8 4.2. Accounting-Request . . . . . . . . . . . . . . . . . . . 9 5. Implementations . . . . . . . . . . . . . . . . . . . . . . . 10 6. Security Considerations . . . . . . . . . . . . . . . . . . . 10 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 11 8.1. Normative References . . . . . . . . . . . . . . . . . . 11 8.2. Informative References . . . . . . . . . . . . . . . . . 11 Changelog . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 12 Contributors . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 13 1. Introduction The Connect-Info attribute is defined in [RFC2869] to enable a Network Access Server (NAS) to indicate to a RADIUS server "the nature of the user's connection". [RFC2869] includes the recommendation that: The connection speed SHOULD be included at the beginning of the first Connect-Info attribute in the packet. If the transmit and receive connection speeds differ, they MAY both be included in the first attribute with the transmit speed first (the speed the NAS modem transmits at), a slash (/), the receive speed, then optionally other information. The Connect-Info attribute can be sent in both Access-Request and Accounting-Request messages, as shown in Figure 1. +--------------------------------------------------------------+ | Attribute | Request | Accept | Reject | Challenge | Acct-Req | +--------------------------------------------------------------+ | Connect- | 0-1 | 0 | 0 | 0 | 0+ | | Info (77) | | | | | | +--------------------------------------------------------------+ Figure 1: RFC2869 defined occurrence rules for Connect-Info attribute Grayson & Redmore Expires 3 September 2026 [Page 2] Internet-Draft Connect-Info March 2026 Many NAS implementations have implemented the Connect-Info attribute. Wi-Fi vendors supporting the Connect-Info attribute start the text field with "CONNECT" that is followed by a floating point value representing the maximum connection speed in Mbps. Implementations follow this with text information about the IEEE 802.11 amendment supported, as illustrated in Figure 2. Connect-Info = "CONNECT 11.00 Mbps 802.11b" Figure 2: Example #1 Wi-Fi Connect-Info attribute Other implementations have extended this baseline to signal additional information to the RADIUS server using a slash (/) delimiter, as illustrated in Figure 3. Connect-Info = "CONNECT 54.00 Mbps / 802.11n / RSSI: 53 / Channel: 1" Figure 3: Example #2 Wi-Fi Connect-Info attribute There are use-cases that benefit from being able to share Wi-Fi network connection metrics between a NAS and a RADIUS server, including where the NAS is operated by a Wi-Fi Access Network Provider (ANP) and the server is operated by an Identity Provider (IDP). Reception of the Connect-Info attribute by a RADIUS server is intended to be used to assist the IDP in making authorization decisions. The rest of this document describes a syntax for the Connect-Info attribute that is simultaneously able to support existing Wi-Fi vendor implementations as illustrated in Figure 2 and Figure 3, while being enhanced with additional optional information to support new use-cases and requirements. The technique by which a RADIUS server uses the information encoded in the Connect-Info attribute to assist in making authorization decisions is not defined in this document. Some servers may define the use a threshold for one or more parameters received in a RADIUS Access-Request, other systems may use historical Connect-Info records from previously authenticated sessions, including those in the RADIUS Accounting-Request messages received from the same NAS, still other systems may decide to algorithmically combine the parameters into a new metric used when making authorization decisions. The examples in Figure 2 and Figure 3 together with the recommendation in [RFC2869] are representations of complex data types, as described in section 3.2.3 of [RFC6158]. Whereas section 3.2.4 of [RFC6158] discourages the use of complex data types where viable alternatives are available, it is argued that the present Grayson & Redmore Expires 3 September 2026 [Page 3] Internet-Draft Connect-Info March 2026 document does not introduce a new complex data type, rather defines and extends the syntax widely used in existing implementations of the Connect-Info attribute that currently encode information using a complex data type. 1.1. Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. 1.2. Terminology Access Network Provider (ANP): A Wi-Fi operator that has configured its Wi-Fi equipment to support inbound roaming of users. Identity Provider (IDP): An entity that authenticates end-user Wi-Fi devices onto ANP networks. Received Signal Strength Indicator (RSSI): A measurement of the power level that is received by an antenna from a wireless device. 2. Types of Connect-Info Metrics The characteristics associated with the IEEE 802.11 connection that can be shared between NAS and RADIUS server include those that can be used to derive a quality metric of the performance of a Wi-Fi network. These are: * transmit and receive bit rates, * received signal strength indicator (RSSI), * frame loss rate, and * frame retry rate. Grayson & Redmore Expires 3 September 2026 [Page 4] Internet-Draft Connect-Info March 2026 While not uniquely associated with a single IEEE 802.11 connection, Section 1 describes legacy implementations which include generic parameters concerning the configuration of the Wi-Fi network signaled in the Connect-Info attribute. These legacy parameters are: * the maximum Wi-Fi transmit rate, * the Wi-Fi amendment [IEEE80211], and * the Wi-Fi channel number. 3. ABNF syntax for Connect-Info The Augmented Backus-Naur form (ABNF) is a syntax for specifications defined in [RFC5234]. The proposed ABNF syntax for the text of the Connect-Info attribute used with Wi-Fi networks is shown below. This syntax is intended to encompass current vendor implementations, including parameter ordering, while supporting optional enhancements to support sharing of new parameters. ;--------------------------------------------------------------------- ; Connect-Info RADIUS Attribute #77 Syntax for Wi-Fi networks ;--------------------------------------------------------------------- connect-info-77 = "CONNECT" [legacyAttributes] *( DELIMITER keyValueAttribute ) [ DELIMITER legacyChannelNum ] *( DELIMITER keyValueAttribute ) ;--------------------------------------------------------------------- ; Legacy attributes not linked to a specific connection ;--------------------------------------------------------------------- legacyAttributes = 1*SP MAXSPEED " Mbps" DELIMITER WIFIAMENDMENT ; An optional indication of max achievable data rate ; together with Wi-Fi 802.11 amendment information legacyChannelNum = "Channel:" *SP CHANNUM ; An optional 802.11 channel number ;--------------------------------------------------------------------- ; keyValueAttributes - attributes linked to a specific connection; ;--------------------------------------------------------------------- keyValueAttribute = "RSSI:" *SP SS ["(" AGGR ")"] ; The value of Station RSSI in dBm and optionally the ; aggregation technique use for reporting a value derived ; from multiple measurements Grayson & Redmore Expires 3 September 2026 [Page 5] Internet-Draft Connect-Info March 2026 keyValueAttribute =/ "TxBitRate:" *SP RATE ["(" AGGR ")"] ; The AP to device transmission rate in Mbps and ; optionally the aggregation technique use for ; reporting a value derived from multiple measurements keyValueAttribute =/ "RxBitRate:" *SP RATE ["(" AGGR ")"] ; The device to AP transmission rate in Mbps and ; optionally the aggregation technique use for ; reporting a value derived from multiple measurements keyValueAttribute =/ "FrameLoss:" *SP PCT ["(" AGGR ")"] ; The AP to device 802.11 frame loss rate experienced, ; encoded as an integer percentage and optionally the ; aggregation technique use for reporting a value derived ; from multiple measurements keyValueAttribute =/ "FrameRetry:" *SP PCT ["(" AGGR ")"] ; The AP to device 802.11 frame retry rate experienced, ; encoded as an integer percentage and optionally the ; aggregation technique use for reporting a value derived ; from multiple measurements ;--------------------------------------------------------------------- ; keyValueAttributes - extensibility syntax. ; ; This syntax enables the syntax to be extended in the future. ;--------------------------------------------------------------------- keyValueAttribute =/ 1*NO-DELIM-COLON ":" *SP 1*NO-DELIM-COLON ; Syntax permitting extensibility ;--------------------------------------------------------------------- ; Definitions for legacy attributes ;--------------------------------------------------------------------- MAXSPEED = (DIGIT / (NZDIGIT DIGIT) / (NZDIGIT DIGIT DIGIT) / (NZDIGIT DIGIT DIGIT DIGIT) / (NZDIGIT DIGIT DIGIT DIGIT DIGIT)) "." DIGIT DIGIT ; Maximum AP to Device speed in Mbps, (0.00 - 99999.99), ; calculated as: ; SC * MD * CR * SS / (SYM + GD) ; where: ; SC = Number of Data Sub-Carriers ; CR = Coding Rate, e.g., 0.5 (BPSK), ; 0.75 (256QAM) ; MD = Modulation rate (1-8), ; where 2^MD = num mod'n states ; SS = number of spatial streams Grayson & Redmore Expires 3 September 2026 [Page 6] Internet-Draft Connect-Info March 2026 ; SYM = symbol interval (micro-seconds) ; GD = guard interval (micro-seconds) WIFIAMENDMENT = "802.11" AMENDMENT AMENDMENT = "b" / "g" / "a" / "n" / "ac" / "ax" / "be" ; the original 802.11 amendment ; Note, whereas the industry has moved to define the use ; of Wi-Fi 4/5/6/7 terminology, the amendment is still ; used here to enable backwards compatibility with ; legacy implementations CHANNUM = NZDIGIT / (NZDIGIT DIGIT) / ("1" DIGIT DIGIT) / ("2" U4DIGIT DIGIT) ; Encoding for Channel Numbers (1 - 249) ; Note - with the introduction of Wi-Fi operation in ; 6 GHz, the Channel Number no longer uniquely identifies ; the band of operation ;--------------------------------------------------------------------- ; Definitions for connection orientated attributes ;--------------------------------------------------------------------- SS = ["-"](DIGIT / (NZDIGIT DIGIT) / ("1" DIGIT DIGIT)) ; Value of received signal strength expressed in dBm ; To accommodate different legacy implementations, both 41 ; and -41 represent -41 dBm RATE = (DIGIT / (NZDIGIT DIGIT) / (NZDIGIT DIGIT DIGIT) / (NZDIGIT DIGIT DIGIT DIGIT)) ["." DIGIT] ; A transmit or receive rate in Mbps PCT = DIGIT / (NZDIGIT DIGIT) / "100" ; Percentage (0 - 100) AGGR = ALGO SP ( WINDOW / WEIGHT ) ; How multiple measurements are combined into a single ; reported value ALGO = "MIN" / "MAX" / ("AVG" "-" VARIANT ) / "ACC" ; The algorithm used for combining multiple samples: ; MIN = minimum value over window ; MAX = maximum value over window ; AVG = average value over window or exponent ; ACC = accumulated ratio over window, corresponding to ; ( num[N] - num[1]) / ( denom[N] - denom[1] ) ; and where ACC only applies to loss and retry rates Grayson & Redmore Expires 3 September 2026 [Page 7] Internet-Draft Connect-Info March 2026 VARIANT = "LIN" / "EXP" ; LIN = linear (arithmetic mean) average calculation ; EXP = exponential weighted average calculation WINDOW = (DIGIT / (NZDIGIT DIGIT) / (NZDIGIT DIGIT DIGIT)) TIMEUNIT ; The time window over which the algorithm operates, ; measured in units of TIMEUNIT WEIGHT = NZDIGIT ; The weighting of the AVG-EXP algorithm, where the ; exponential weight is 2^WEIGHT TIMEUNIT = "S" / "M" ; S = units of seconds, M = units of minutes DELIMITER = SLASH / 1*SP ; existing vendor delimiters NO-DELIM-COLON = %x21-2e / %x30-39 / %x3b-7e ; any characters excluding delimiters - space (0x20) and ; slash (0x2f) - as well as colon (0x3a) SP = %x20 SLASH = *SP %x2F *SP DIGIT = %x30-39 ; 0-9 NZDIGIT = %x31-39 ; 1-9 U4DIGIT = %x30-34 ; 0-4 (up to 4) Figure 4: ABNF definition for encoding of Connect-Info text field 4. Encoding Recommendations Example encodings using the ABNF definition are illustrated in Figure 5 and Figure 6. These illustrate that the metrics can be signaled while keeping the attribute size below 253 bytes. 4.1. Access-Request The inclusion of the above defined parameters in a Connect-Info attribute signaled in a RADIUS Access-Request message is restricted by the number of IEEE 802.11 frames over which the calculation are based. In such cases, the transmit bit rates, receive bit rates and RSSI level may correspond to the instantaneous value of the specific parameter. When signaling an instantaneous value, the "AGGR" definition SHOULD NOT be included in the reported Connect-Info attribute. Grayson & Redmore Expires 3 September 2026 [Page 8] Internet-Draft Connect-Info March 2026 Connect-Info = "CONNECT 54.00 Mbps / 802.11n / Channel: 1 / RSSI: 53" Connect-Info = "CONNECT 400.00 Mbps 802.11ac Channel:44 RSSI:50" Connect-Info = "CONNECT RSSI:56 TxBitRate:150.0 RxBitRate:150.0" Connect-Info = "CONNECT 400.00 Mbps 802.11ac RSSI:56 TxBitRate:150.0 RxBitRate:150.0" Figure 5: Example encodings of Connect-Info attribute in RADIUS Access-Request message 4.2. Accounting-Request The inclusion of the Connect-Info attribute signaled in a RADIUS Accounting-Request with Acct-Status-Type set to Start, may be restricted by the number of IEEE 802.11 frames over which the calculation are based. In such cases, the transmit bit rates, receive bit rates and RSSI level MAY correspond to the instantaneous value of the specific parameter in which case the reporting with the "AGGR" definition SHOULD follow the rules introduced in Section 4.1. In other cases, i.e., where the Connect-Info attribute is signaled in RADIUS Accounting-Request messages with Acct-Status-Type set to Interim-Update or Stop, the NAS SHOULD use multiple measurements when calculating the reported value: * the reported transmit and receive bit rates SHOULD represent the maximum values experienced since the last time the connect-info was signaled, i.e. the "ALGO" term SHOULD be set to "MAX". * the received signal strength indicator (RSSI) SHOULD represent the average RSSI value, where the average value calculated MAY be either a linear average or an exponential weighted average, i.e. the "ALGO" term SHOULD be set to "AVG". * frame loss rate and frame retry rate SHOULD represent the accumulated ratio, i.e. the "ALGO" term SHOULD be set to "ACC". Grayson & Redmore Expires 3 September 2026 [Page 9] Internet-Draft Connect-Info March 2026 Connect-Info = "CONNECT RSSI:56(AVG-LIN 10M) TxBitRate:150.0(MAX 10M) RxBitRate:150.0(MAX 10M)" Connect-Info = "CONNECT 400.00 Mbps 802.11ac RSSI:56(AVG-LIN 600S) TxBitRate:150.0(MAX 600S) RxBitRate:150.0(MAX 600S) FrameLoss:3(ACC 60S) FrameRetry:6(ACC 60S)" Connect-Info = "CONNECT TxBitRate:150.0(MAX 30S) RxBitRate:120.5(MAX 30S) RSSI:-65(AVG-EXP 6) FrameLoss:2(ACC 30S) FrameRetry:4(ACC 30S)" Figure 6: Example encodings of Connect-Info attribute in RADIUS Accounting- Request message 5. Implementations In July 2024, a proof of concept was built using modified hostapd code (https://w1.fi/) that is able to populate the connect-info attributes according to the syntax defined above. In December 2024, Helium Network (www.helium.com) upgraded their deployment of 17,000 OpenWi-Fi/OpenWRT Wi-Fi Access points to support the enhanced connect-info attribute. 6. Security Considerations This document describes a syntax that enables a RADIUS client to provide a RADIUS server with information pertaining to the operation of an IEEE 802.11 wireless network, including connection metrics such as RSSI. While the Connect-Info attribute is intended to convey non-personal information, some metrics, particularly RSSI, can indirectly reveal information about the physical location or movement of an end user relative to the access point. When combined with other data, such as access point locations, RSSI values may enable inference of the user's presence or proximity within a specific area, potentially raising privacy concerns. Operators SHOULD consider the following when deploying and processing Connect-Info attributes: * The terms agreed between the operator of the RADIUS client and the operator of the RADIUS server SHOULD include restrictions on the use, storage, and disclosure of connection metrics that may be privacy-sensitive, such as RSSI. Grayson & Redmore Expires 3 September 2026 [Page 10] Internet-Draft Connect-Info March 2026 * The RADIUS server SHOULD limit use of these metrics to operational purposes, such as authorization decisions, and SHOULD NOT disclose information signaled in the Connect-Info attribute to any third party except where required by applicable law. * Where possible, operators SHOULD avoid associating RSSI and similar metrics with persistent user identifiers, to minimize the risk of user tracking. * Implementations SHOULD ensure that Connect-Info attributes are transmitted only over secure channels (e.g., using RADIUS secured with TLS), to protect against unauthorized interception. 7. IANA Considerations This document has no IANA Actions. 8. References 8.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, . 8.2. Informative References [IEEE80211] IEEE, "Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications", n.d., . [RFC2869] Rigney, C., Willats, W., and P. Calhoun, "RADIUS Extensions", RFC 2869, DOI 10.17487/RFC2869, June 2000, . [RFC5234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax Specifications: ABNF", STD 68, RFC 5234, DOI 10.17487/RFC5234, January 2008, . Grayson & Redmore Expires 3 September 2026 [Page 11] Internet-Draft Connect-Info March 2026 [RFC6158] DeKok, A., Ed. and G. Weber, "RADIUS Design Guidelines", BCP 158, RFC 6158, DOI 10.17487/RFC6158, March 2011, . Changelog * 01 - Added extensibility to ABNF and corrected syntax. Added security considerations section. Added note on TxBitRate/ RxBitRate when included in Accounting-Request type Stop. * 02 - Corrected ABNF syntax definition of RATE. * 03 - Following RADEXT recommendation, switched to independent submission. Updated ABNF to ease parsing of key/value pairs. * 04 - Updated ABNF i) switching from band to global operating class, ii) added Wi-Fi Alliance generational name support as an alternative to 802.11 amendment designator, iii) permit legacy absolute and signed representations of signal strength, and iv) added WAN-RTT attribute * 05 - Following RADEXT recommendation, switched back to IETF submission. Added clarifications that information is shared to enable a RADIUS server to make improved authorization decisions. Added text about aligning with legacy implementations that do not adhere to RFC6158. * 06 - Following RADEXT feedback at IETF 124, removed non-connection orientated key-value pairs from the syntax definition. * 07 - Updated the ABNF following feedback from Iegor Sergieienkov. * 08 - Corrected missing exponential weight in ABNF and updated security section to deal with RSSI/location. Acknowledgements The authors would like to thank all the members of the WBA's Access Network Metrics project team, as well as Iegor Sergieienkov, who have helped review and refine the Connect-Info syntax. Contributors Sri Gundavelli Cisco Systems 170 West Tasman Drive San Jose, 95134 United States of America Grayson & Redmore Expires 3 September 2026 [Page 12] Internet-Draft Connect-Info March 2026 Email: sgundave@cisco.com Bruno Tomas Wireless Broadband Alliance 5000 Executive Parkway, Suite 302 San Ramon, 94583 United States of America Email: bruno@wballiance.com Michael Sym Single Digits 4 Bedford Farms Drive, Suite 210 Bedford, 1608 United States of America Email: msym@singledigits.com Blair Bullock Boldyn Networks Pleasanton, United States of America Email: blair.bullock@boldyn.com Joey Padden Helium Boulder, United States of America Email: jpadden@helium.com Authors' Addresses Mark Grayson Cisco Systems 10 New Square Park Feltham TW14 8HA United Kingdom Email: mgrayson@cisco.com Grayson & Redmore Expires 3 September 2026 [Page 13] Internet-Draft Connect-Info March 2026 Joshua Redmore CableLabs 858 Coal Creek Cr. Louisville, 80027 United States of America Email: j.redmore@cablelabs.com Grayson & Redmore Expires 3 September 2026 [Page 14]