1 / 6

PANA State Machine Issue Resolution (draft-ietf-pana-statemachine-01.txt)

PANA State Machine Issue Resolution (draft-ietf-pana-statemachine-01.txt). Victor Fajardo, Yoshihiro Ohba and Rafael Marin Lopez. Issue #01 EAP_Restart() not required as an initialization action in PaC statemachine since all exit actions from the OFFLINE state performs EAP_Restart()

arleen
Download Presentation

PANA State Machine Issue Resolution (draft-ietf-pana-statemachine-01.txt)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. PANA State Machine Issue Resolution(draft-ietf-pana-statemachine-01.txt) Victor Fajardo, Yoshihiro Ohba and Rafael Marin Lopez IETF63 PANA WG

  2. Issue #01 • EAP_Restart() not required as an initialization action in PaC statemachine since all exit actions from the OFFLINE state performs EAP_Restart() • Resolution: EAP_Restart() is removed in initialization action of PaC statemachine Issue #02 • Nonce, PPAC, PCAP and ISP information AVP are missing in PSR/PSA exchange in PAC statemachine • Resolution: No action. The AVP’s are excluded for simplicity since it does not affect the state during the PSR/PSA exchange Issue #03 • During separate authentication, if the 1st EAP authentication succeeded and 2nd EAP authentication fails but PAA policy decides that access should be granted, the PAC statemachine closes the session IETF63 PANA WG

  3. Issue #03 (Continued) • Resolution: The EAP_FAILURE event in WAIT_EAP_RESULT state of the PaC statemachine has been modified from: EAP_FAILURE if (key_available()) CLOSED PBA.insert_avp("MAC"); Tx:PBA(); To: EAP_FAILURE && if (key_available()) OPEN (SEPARATE==Set) && PBA.insert_avp("MAC"); ppac_available() && if (CARRY_DEVICE_ID) (!PBR.exist_avp PBA.insert_avp ("Protection- ("Device-Id"); Capability") || PBA.insert_avp("PPAC"); (PBR.exist_avp Tx:PBA(); ("Protection- Authorize(); Capability") && SessionTimerStart(); pcap_supported())) IETF63 PANA WG

  4. Issue #04 • The PANA_PROTECTION_CAPABILITY_UNSUPPORTED error code is not supported in PaC and PAA statemachine. draft-ietf-pana-pana-10.txt specifies when this error code is sent. • Resolution: Added pcap_supported() procedure in PaC statemachine’s WAIT_EAP_RESULT state for every state transition leading to an OPEN state. Also added the following handlers when pcap_supported() procedure fails: EAP_SUCCESS && if (key_available()) WAIT_PEA !ppac_available() PER.insert_avp("MAC"); PER.RESULT_CODE = PANA_PPAC_CAPABILITY_UNSUPPORTED Tx:PER(); RtxTimerStart(); EAP_FAILURE && if (key_available()) WAIT_PEA (SEPARATE==Set) && PER.insert_avp("MAC"); (PBR.exist_avp PER.RESULT_CODE= ("Protection- PANA_PROTECTION_ Capability") && CAPABILITY_UNSUPPORTED !pcap_supported()) Tx:PER(); RtxTimerStart(); IETF63 PANA WG

  5. Issue #05 • In STATEFUL_DISC state of PAA statemachine, re-transmission timer is not stopped in Rx:PSA event • Resolution: RtxTimerStop() is added in the exit action of Rx:PSA state transition in STATEFUL_DISC state of PAA FSM Issue #06 • In WAIT_EAP_MSG_IN_DISC, the state transition action should perform ISP selection. • Resolution: The EAP_RESPONSE events exit action now calls choose_isp() procedure. If the procedure succeeds then the appropriate PSA.insert_avp("ISP") procedure is also called Issue #07 • If EAP retransmission is not handled in WAIT_PAN_OR_PAR state of the PAA statemachine, a dead-lock situation can occur if the PaC moves to WAIT_PAA state because of an EAP_RESP_TIMEOUT event and the PaC has just sent a PAN without an EAP-Payload IETF63 PANA WG

  6. Issue #07 (Continued) • Resolution: An EAP_REQUEST entry in WAIT_PAN_OR_PAR in the PAA statemachine has been added as follows: EAP_REQUEST if (key_available()) WAIT_PAN_OR_PAR PAR.insert_avp("MAC"); if (SEPARATE==Set) { PAR.S_flag=1; if (NAP_AUTH==Set) PAR.N_flag=1; } Tx:PAR(); RtxTimerStart(); IETF63 PANA WG

More Related