80 likes | 222 Views
AAAv6. N. Asokan/Nokia Research Thomas Eklund/Switchcore Patrik Flykt/Nokia Research Charles E. Perkins/Nokia Research IETF 47 draft-ietf-perkins-aaav6-00.txt. Authorized Network Access v6. Where is control exercised? How does node know what to do?
E N D
AAAv6 N. Asokan/Nokia Research Thomas Eklund/Switchcore Patrik Flykt/Nokia Research Charles E. Perkins/Nokia Research IETF 47 draft-ietf-perkins-aaav6-00.txt
Authorized Network Access v6 • Where is control exercised? • How does node know what to do? • What happened to the foreign agent/attendant?
Where to exercise control • Default router already provides access to Internet • Incoming packets directed by router’s Neighbor Cache • Outgoing packets may be controlled by router’s Ingress Filtering
How does node know how to act? • Advertisements from router • Configured with MN-NAI • Stateless vs. Stateful action, as usual • Is router the attendant? • in this case, additional relay functionality • Or, does router advertise the attendant’s address? • in this case, additional filtering rules needed
Stateless operation AAAF AAAH • New node sends a Router Solicitation with credentials and MN-NAI • Router returns a Router Advertisement with the results • Of course, AAA is not stateless Default Router charliep@nokia.com
Operation with DHCPv6 • Node supplies MN-NAI and credentials as part of DHCP Request • Node gets authorization indication in the status field of the DHCP Reply
Packet types • MN-NAI extension to Router Solicitation • AAA Credential extension to Router Solicitation • AAA Reply to Router Advertisement • MN-NAI and AAA Credential extensions to DHCP Request • AAA Reply extension to DHCP Reply
Issues • Key distribution? • Generalized Key extensions a la MIER? • Unmediated interaction with AAAL? • Advertise the need for AAA as is done for managed links now? • Relationship between address lifetime, key lifetime, and renewal of authorization? • Relationship with aaa-hooks? • Relationship with DHCPv4 + AAA?