80 likes | 184 Views
“BURP Requirements behind draft-ietf-dhc-aaa-ra-00.txt”. George Tsirtsis G.Tsirtsis@flarion.com . What is the point of this?. PPP for ‘on-demand’ user/terminal connectivity Dial-up users Cable, DSL and wireless introduce ‘always-on’ connectivity
E N D
“BURP Requirements behind draft-ietf-dhc-aaa-ra-00.txt” George Tsirtsis G.Tsirtsis@flarion.com
What is the point of this? • PPP for ‘on-demand’ user/terminal connectivity • Dial-up users • Cable, DSL and wireless introduce ‘always-on’ connectivity • But users also move around and between terminals • DHCP + PPP Internet Access model is needed • To allow any user to access the Internet from any terminal
PPP Internet Access Model 3.Internet Access 2.AAA* AAA Access Router • 2.AAA* • User authentication but also.. • user’s profile: • accounting requirements • multicast capability, • -diffServ markings etc 1.PPP
DHCP Server Proposed DHCP Internet Access Model 3.DHCP Relay 4.Internet Access 2.AAA* AAA 3.AAA* User authentication but also user’s profile as in PPP Access Router + Relay Agent 1.DHCP
Why full AAA instead of just “registration”? • Full AAA provides a superset of “registration” • And thus can do registration only if required • But can also do Access Control, accounting etc • “Registration” is not useful without policing and potentially accounting • AAA provides all the above • If the goal is to find alternative to PPP then that is the only choice • Otherwise we are going to lose functionality in the process
Why use the Access Router • All As in AAA collocate with AR • So, AAA is done ones! • So it is simpler – distribution stops at AR level • Firewalling, accounting and profiling happens at the same point • AAA client is in the first IP Router (…the edge) • AAA include IP profile which has to be installed at the AR • AAA is triggered at IP layer (or sub-IP but L2 independent) • So it can apply to all link layers • So existing link layers do not have to change • So future link layers do not have to think about it • So we can use multiple link layer hops between end node and AR
Why DHCP? And why not… • End nodes need IP address to operate • DHCP provides IP addresses • Maps them to Link Layer addresses • But even if they do not…they need other config. (DNS, etc) • DHCP already implements RAs • RAs look like other side of AAA clients • They are positioned in the right place (AR) • Most nodes support DHCP • Why not DHCP? • Well established protocol – widely deployed I.e.: difficult to change • It is better to do one thing and do it right • Some IPv6 nodes may not support DHCPv6 (more complex than dhcpv4, plug and play available)
A new protocol?…maybe…. • A new protocol would allow modular support of services (autoconfig, dhcp, authentication, etc) • But, lets keep the good things about dhcp-aaa • BURP between end node and AR • BURP triggers (or is integrated with) AAA client at AR • Keep in mind what functionality PPP provides….anything less may not be good enough.