80 likes | 90 Views
SNMP for the PAA-EP protocol PANA wg - IETF 61 Washington DC. draft-ietf-pana-snmp-02.txt. Yacine El Mghazli (Alcatel) Yoshihiro Ohba (Toshiba) Julien Bournelle (GET/INT). SNMP on the PAA-EP interface History. PANA charter: The PANA working group mandates SNMP for PAA-EP Chronology:
E N D
SNMP for the PAA-EP protocolPANA wg - IETF 61 Washington DC draft-ietf-pana-snmp-02.txt Yacine El Mghazli (Alcatel) Yoshihiro Ohba (Toshiba) Julien Bournelle (GET/INT)
SNMP on the PAA-EP interfaceHistory • PANA charter: • The PANA working group mandates SNMP for PAA-EP • Chronology: • IETF55: PAA-EP interface requirements • IETF56/57/58: PAA-EP protocol evaluation • IETF59: SNMP draft accepted as a PANA work item • IETF60/61: SNMP draft updated • Currently draft-ietf-pana-snmp-02.txt
Additional PANA MIB objectsfor L2 access control & Specific Notifs • PANA-specific objects extends the IPSP SPD-MIB with: • Generic L2 Filters • In the –02 version • New PaC presence Notification • In the –02 version • L2 protection (keying material) • TBD
Major changes since -01 • MIB design • MIB module re-designed to support generic Link-layer filtering • panaL2FilterTable • PaC presence Notification re-designed • panaNewPacIpNotification • panaNewPacL2Notification • Conformance section done • Security section -> done • Edits -> mostly a careful use of SNMPv3 terminology • Mailing list feedback/comments on -01 -> fixed
Next steps and open issues for -03 • Link-layer protection • Some additonal objects design might be needed • Might re-use existing • 802.11i • what else ? • Section on MIB usage examples in the PANA context • Needs a review by IPSP wg • MIB doctor to act as a technical advisor for the PANA WG • One more iteration before WGLC
AAA auth PANA auth SNMP Install filter # PaC traffic Functional basic principle PAA AAA backend One single IP subnet PaC AR EP
Re-use of existing IPSec configuration MIBsfor IP level access control • IPSec configuration MIB splitted into 3 separate modules • IPSec SPD configuration MIB module (IPSP wg) • Rule/Filter/Action Policy structure • Various IP filters, including IP header filter • Notification Variables re-usable for the PaC presence notif • IPSec IKE configuration MIB module (IPSP wg) • For IP-based access control (draft-ietf-pana-ipsec) • Pre-shared key configuration (PSK) • Derived at the PAA level • ID_KEY_ID configuration (aggressive mode) • PANA_Session_id|PANA_Key_Id