130 likes | 292 Views
RADIUS Mobile IPv6 Support draft-ietf-mip6-radius-01.txt. Kuntal Chowdhury Avi Lior Hannes Tschofenig. Changes. Editorial changes Added text to attributes regarding its occurrences Updated “Table of Attributes” section with regard to accounting Added “Diameter Considerations” section.
E N D
RADIUS Mobile IPv6 Supportdraft-ietf-mip6-radius-01.txt Kuntal Chowdhury Avi Lior Hannes Tschofenig
Changes • Editorial changes • Added text to attributes regarding its occurrences • Updated “Table of Attributes” section with regard to accounting • Added “Diameter Considerations” section
Next Step • Meet RADEXT standards with regard to attribute formatting. • Define what to put in Service-Type and/or NAS-Port-Type attributes. • Make sure that the Diameter Mobility work in DIME is inline with this document.
Overview • RADIUS based AAA infrastructure can be used in conjunction with MIPv6 • The essential information set for bootstrapping a MIPv6 MN can be sent to the AR or the HA via RADIUS attributes • The 01 version of the I-D covers bootstrapping scenarios for the following: • Split Scenario • Integrated Scenario
Split Scenario • MSA != MSP • RADIUS interaction triggered by protocol (MIP6/IKEv2 ) transaction at the HA • The HA acts a RADIUS Client. • At the end of the RADIUS transaction the HA should have relevant MIPv6 specific parameters • The RADIUS server may also instruct the HA to perform DNS update for the MN
Integrated Scenario • ASA != MSA • At the time of access auth/authz, the RADIUS server in the ASA (/MSA) may download the relevant MIPv6 parameters to the NAS/AR • The NAS/AR acts as the RADIUS Client • The HA aslo acts as the RADIUS Client
RADIUS Attributes • The Following attributes are identified at present: • Home Agent Address • Home Agent FQDN • Home Link Prefix • Home Address • DNS Update Mobility Option
Additional Enhancements • The necessary support for the following are planned to be included in the next revision • MIP6 Auth protocol (RFC 4285) and • The associated bootstrapping I-D: draft-devarapalli-mip6-authprotocol-bootstrap
AAA-Goals: Compliance • G1.1 – G1.4: • These are standard requirements for a AAA protocol mutual authentication, integrity, replay protection, confidentiality. • IPsec can be used to achieve the goals • G1.5 Inactive Peer Detection • needs further investigation, since heartbeat messages do not exist in RADIUS. • However, there are robust RADIUS failover mechanisms deployed today for this purpose
AAA-Goals: Compliance • G2.1: Use of NAI over HA-AAA • Username Attribute can be used for this • G2.2: Query for MIPv6 authz • HA can send Access-Request to authz the user • G2.3: Enforce operational limitations • RADIUS based NAS-filter-rule, QoS, prepaid…work in progress in IETF
AAA-Goals: Compliance • G2.4 – G2.6: MIPv6 session limit, disconnect, re-authz etc. • RADIUS attributes likes session-timeout, Change-of-Authorization, Disconnect Message, prepaid extensions can be leveraged to meet these goals. • G3.1: Accounting HA-AAA interface • Existing accounting messages can be used • Do we need AR/NAS-AAA accounting?
AAA-Goals: Compliance • G4.1: HA-AAA intf, pass through EAP auth with HA as the EAP authenticator • In general, RADIUS meets this goal. • Details can be worked out for relevant scenarios. • G5.1: DNS update • Already defined the DNS Update Mobility Option Attribute