1 / 8

George Tsirtsis G.Tsirtsis@flarion

“BURP Requirements behind draft-ietf-dhc-aaa-ra-00.txt”. George Tsirtsis G.Tsirtsis@flarion.com . What is the point of this?. PPP for ‘on-demand’ user/terminal connectivity Dial-up users Cable, DSL and wireless introduce ‘always-on’ connectivity

sugar
Download Presentation

George Tsirtsis G.Tsirtsis@flarion

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. “BURP Requirements behind draft-ietf-dhc-aaa-ra-00.txt” George Tsirtsis G.Tsirtsis@flarion.com

  2. What is the point of this? • PPP for ‘on-demand’ user/terminal connectivity • Dial-up users • Cable, DSL and wireless introduce ‘always-on’ connectivity • But users also move around and between terminals • DHCP + PPP Internet Access model is needed • To allow any user to access the Internet from any terminal

  3. PPP Internet Access Model 3.Internet Access 2.AAA* AAA Access Router • 2.AAA* • User authentication but also.. • user’s profile: • accounting requirements • multicast capability, • -diffServ markings etc 1.PPP

  4. DHCP Server Proposed DHCP Internet Access Model 3.DHCP Relay 4.Internet Access 2.AAA* AAA 3.AAA* User authentication but also user’s profile as in PPP Access Router + Relay Agent 1.DHCP

  5. Why full AAA instead of just “registration”? • Full AAA provides a superset of “registration” • And thus can do registration only if required • But can also do Access Control, accounting etc • “Registration” is not useful without policing and potentially accounting • AAA provides all the above • If the goal is to find alternative to PPP then that is the only choice • Otherwise we are going to lose functionality in the process

  6. Why use the Access Router • All As in AAA collocate with AR • So, AAA is done ones! • So it is simpler – distribution stops at AR level • Firewalling, accounting and profiling happens at the same point • AAA client is in the first IP Router (…the edge) • AAA include IP profile which has to be installed at the AR • AAA is triggered at IP layer (or sub-IP but L2 independent) • So it can apply to all link layers • So existing link layers do not have to change • So future link layers do not have to think about it • So we can use multiple link layer hops between end node and AR

  7. Why DHCP? And why not… • End nodes need IP address to operate • DHCP provides IP addresses • Maps them to Link Layer addresses • But even if they do not…they need other config. (DNS, etc) • DHCP already implements RAs • RAs look like other side of AAA clients • They are positioned in the right place (AR) • Most nodes support DHCP • Why not DHCP? • Well established protocol – widely deployed I.e.: difficult to change • It is better to do one thing and do it right • Some IPv6 nodes may not support DHCPv6 (more complex than dhcpv4, plug and play available)

  8. A new protocol?…maybe…. • A new protocol would allow modular support of services (autoconfig, dhcp, authentication, etc) • But, lets keep the good things about dhcp-aaa • BURP between end node and AR • BURP triggers (or is integrated with) AAA client at AR • Keep in mind what functionality PPP provides….anything less may not be good enough.

More Related