1 / 13

RADIUS Mobile IPv6 Support draft-ietf-mip6-radius-01.txt

RADIUS Mobile IPv6 Support draft-ietf-mip6-radius-01.txt. Kuntal Chowdhury Avi Lior Hannes Tschofenig. Changes. Editorial changes Added text to attributes regarding its occurrences Updated “Table of Attributes” section with regard to accounting Added “Diameter Considerations” section.

latoya
Download Presentation

RADIUS Mobile IPv6 Support draft-ietf-mip6-radius-01.txt

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. RADIUS Mobile IPv6 Supportdraft-ietf-mip6-radius-01.txt Kuntal Chowdhury Avi Lior Hannes Tschofenig

  2. Changes • Editorial changes • Added text to attributes regarding its occurrences • Updated “Table of Attributes” section with regard to accounting • Added “Diameter Considerations” section

  3. Next Step • Meet RADEXT standards with regard to attribute formatting. • Define what to put in Service-Type and/or NAS-Port-Type attributes. • Make sure that the Diameter Mobility work in DIME is inline with this document.

  4. Backup Slides

  5. Overview • RADIUS based AAA infrastructure can be used in conjunction with MIPv6 • The essential information set for bootstrapping a MIPv6 MN can be sent to the AR or the HA via RADIUS attributes • The 01 version of the I-D covers bootstrapping scenarios for the following: • Split Scenario • Integrated Scenario

  6. Split Scenario • MSA != MSP • RADIUS interaction triggered by protocol (MIP6/IKEv2 ) transaction at the HA • The HA acts a RADIUS Client. • At the end of the RADIUS transaction the HA should have relevant MIPv6 specific parameters • The RADIUS server may also instruct the HA to perform DNS update for the MN

  7. Integrated Scenario • ASA != MSA • At the time of access auth/authz, the RADIUS server in the ASA (/MSA) may download the relevant MIPv6 parameters to the NAS/AR • The NAS/AR acts as the RADIUS Client • The HA aslo acts as the RADIUS Client

  8. RADIUS Attributes • The Following attributes are identified at present: • Home Agent Address • Home Agent FQDN • Home Link Prefix • Home Address • DNS Update Mobility Option

  9. Additional Enhancements • The necessary support for the following are planned to be included in the next revision • MIP6 Auth protocol (RFC 4285) and • The associated bootstrapping I-D: draft-devarapalli-mip6-authprotocol-bootstrap

  10. AAA-Goals: Compliance • G1.1 – G1.4: • These are standard requirements for a AAA protocol mutual authentication, integrity, replay protection, confidentiality. • IPsec can be used to achieve the goals • G1.5 Inactive Peer Detection • needs further investigation, since heartbeat messages do not exist in RADIUS. • However, there are robust RADIUS failover mechanisms deployed today for this purpose

  11. AAA-Goals: Compliance • G2.1: Use of NAI over HA-AAA • Username Attribute can be used for this • G2.2: Query for MIPv6 authz • HA can send Access-Request to authz the user • G2.3: Enforce operational limitations • RADIUS based NAS-filter-rule, QoS, prepaid…work in progress in IETF

  12. AAA-Goals: Compliance • G2.4 – G2.6: MIPv6 session limit, disconnect, re-authz etc. • RADIUS attributes likes session-timeout, Change-of-Authorization, Disconnect Message, prepaid extensions can be leveraged to meet these goals. • G3.1: Accounting HA-AAA interface • Existing accounting messages can be used • Do we need AR/NAS-AAA accounting?

  13. AAA-Goals: Compliance • G4.1: HA-AAA intf, pass through EAP auth with HA as the EAP authenticator • In general, RADIUS meets this goal. • Details can be worked out for relevant scenarios. • G5.1: DNS update • Already defined the DNS Update Mobility Option Attribute

More Related