1 / 9

AAA Mobile IPv6 Application Framework

AAA Mobile IPv6 Application Framework. draft-yegin-mip6-aaa-fwk-00.txt Alper Yegin. IETF 61 – 12 Nov 2004. Why AAA?. Centralized service management Especially useful when MN can use any one of multiple HAs HAs on the same subnet HAs in the same service provider domain

jolanta
Download Presentation

AAA Mobile IPv6 Application Framework

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. AAA Mobile IPv6 Application Framework draft-yegin-mip6-aaa-fwk-00.txt Alper Yegin IETF 61 – 12 Nov 2004

  2. Why AAA? • Centralized service management • Especially useful when MN can use any one of multiple HAs • HAs on the same subnet • HAs in the same service provider domain • HAs across service provider domains

  3. Why Talking About a Framework? • There are multiple ways to utilize AAA for Mobile IPv6 service (see solution space!) • Before we embark on solutions, MIP6 WG should: • Identify different frameworks of using AAA for MIP6 • Select one or more framework (many considerations go in here) • Identify requirements/solutions based on that • Take the RADIUS/Diameter solutions to AAA++ WG, handle MIP6 changes (if any) in MIP6 WG

  4. Frameworks • (1) Using network access AAA to deliver MIP6 bootstrapping information to MN • draft-giaretta-mip6-authorization-eap-01 • draft-le-aaa-mipv6-requirements-03 • draft-ohnishi-mip6-aaa-problem-statement-00 • (2) Using network access AAA to deliver MIP6 bootstrapping information to NAS • draft-chowdhury-mip6-bootstrap-radius-00 • It is assumed that info will be delivered from NAS to MN via another protocol (e.g., draft-jang-dhc-haopt-00)

  5. Frameworks • (3) Piggybacking MIP6 signaling (BU) with network access AAA • draft-le-aaa-mipv6-requirements-03 • (4) AAA of Mobile IPv6 signaling (IKE, BU) • MIP6 AAA is independent of network access AAA • Described in this I-D

  6. Framework 4 Mobile <---------------> Home agent/ <--------------> AAA node IKE, AAA client RADIUS or server Mobile IPv6 Diameter MN HA AAA server | | Auth/Authz for | | IKE | MIPv6 IPsec SA | |<------------------->|<-------------------->| | | | | Binding Update | Authz for BU | |<------------------->|<-------------------->| | | | | | | | | | | Binding Update | Authz for BU | |<------------------->|<-------------------->| | | | v time

  7. Example Framework4 Implementation • Using EAP/IKEv2 for authentication MIP6 MN/ <----------------> MIP6 HA/ <---------------> EAP auth server/ EAP peer EAP/IKEv2, EAP auth’or/ EAP/RADIUS, AAA server Mobile IPv6 AAA Client RADIUS • EAP enables • end2end authentication between MN and AAA server • SA establishment between MN and HA (AAA-Key) • Note: IKE/IPsec-less implementations of this framework is possible (draft-ietf-mip6-auth-protocol-00).

  8. Relation to MIP6 Bootstrapping • Framework 4 assumes MN already knows the HA • Rely on static configuration or other dynamic discovery schemes • MN-HA SA is dynamically created as a result of MIP6-AAA execution • Home address can be assigned before, during, or after the MIP6-AAA execution • Therefore, this framework provides a partial solution to bootstrapping problem

  9. Summary • Identification of frameworks and detailed discussion on one (fwk4) • Proposal to MIP6 WG: • Start by framework identification (discovery) • Solution introductions help that • Select one or more (how?) • Identify required changes on MIP6 (if any) and AAA protocols • Produce requirements for AAA -- augmented or new AAA applications (interface to AAA++ WG)

More Related