1 / 8

AAAv6

AAAv6. N. Asokan/Nokia Research Thomas Eklund/Switchcore Patrik Flykt/Nokia Research Charles E. Perkins/Nokia Research IETF 47 draft-ietf-perkins-aaav6-00.txt. Authorized Network Access v6. Where is control exercised? How does node know what to do?

abner
Download Presentation

AAAv6

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. AAAv6 N. Asokan/Nokia Research Thomas Eklund/Switchcore Patrik Flykt/Nokia Research Charles E. Perkins/Nokia Research IETF 47 draft-ietf-perkins-aaav6-00.txt

  2. Authorized Network Access v6 • Where is control exercised? • How does node know what to do? • What happened to the foreign agent/attendant?

  3. Where to exercise control • Default router already provides access to Internet • Incoming packets directed by router’s Neighbor Cache • Outgoing packets may be controlled by router’s Ingress Filtering

  4. How does node know how to act? • Advertisements from router • Configured with MN-NAI • Stateless vs. Stateful action, as usual • Is router the attendant? • in this case, additional relay functionality • Or, does router advertise the attendant’s address? • in this case, additional filtering rules needed

  5. Stateless operation AAAF AAAH • New node sends a Router Solicitation with credentials and MN-NAI • Router returns a Router Advertisement with the results • Of course, AAA is not stateless Default Router charliep@nokia.com

  6. Operation with DHCPv6 • Node supplies MN-NAI and credentials as part of DHCP Request • Node gets authorization indication in the status field of the DHCP Reply

  7. Packet types • MN-NAI extension to Router Solicitation • AAA Credential extension to Router Solicitation • AAA Reply to Router Advertisement • MN-NAI and AAA Credential extensions to DHCP Request • AAA Reply extension to DHCP Reply

  8. Issues • Key distribution? • Generalized Key extensions a la MIER? • Unmediated interaction with AAAL? • Advertise the need for AAA as is done for managed links now? • Relationship between address lifetime, key lifetime, and renewal of authorization? • Relationship with aaa-hooks? • Relationship with DHCPv4 + AAA?

More Related