1 / 11

Multi-hop PANA

Multi-hop PANA. IETF 62. Currently: “For simplicity, it is assumed that the PAA is attached to the same link as the device (i.e., no intermediary IP routers).” Objective of this presentation: Discuss removal of this constraint Benefit: Flexible deployments Cost: see slides….

zulema
Download Presentation

Multi-hop PANA

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Multi-hop PANA IETF 62

  2. Currently: • “For simplicity, it is assumed thatthe PAA is attached to the same link as the device (i.e., no intermediary IP routers).” • Objective of this presentation: • Discuss removal of this constraint • Benefit: Flexible deployments • Cost: see slides…

  3. mhop EAP Bar Bof • Need mhop EAP lower-layer for AAA of: • network access service • Pre-authentication • Ad-hoc networks • Simple • MIP6 • SNMP • “any” service • Scope of mhop PANA is “network access AAA” • mhop PANA may help some of the network access scenarios

  4. Considerations • PAA discovery • IP addressing • EP location • NAT traversal • TTL check

  5. PAA Discovery • If the PAA is not on-link, how does the PAA discovery work? • Option 1: Define a new DHCP option • Option 2: “Traffic driven discovery” • EP detects PDI, RS, DHCP, etc.; triggers PAA via PANA-SNMP • Option 3: Preconfigured • No changes on the PANA spec. • If there are multiple PAAs? • Same issue applies to 1-hop PANA as well • Current spec: PaC picks any

  6. IP Addressing • A link-local PRPA is not suitable for mhop PANA deployments. • Include a “deployment consideration” text in the PANA framework I-D: • “If PAA is multiple hops away from the PaC, the access network must allow non-link-local PRPA configuration.”

  7. EP Location • No changes are proposed on the location of EP • L2 access device (e.g., IEEE 802.11 AP) • Access router • PAA must know the location of EP(s) • Same as before.

  8. NAT traversal (1/2) PaC EP/AR NAT PAA • What happens if there is a NAT between EP and PAA? • IP-Address and DI AVPs checked against IP header • DI AVP: Bind DI to PANA session • PaC DI is the IP address when IPsec is used. • PAA delivers DI to EP. • IP-Address AVP: • Bind PAA IP address to PANA session • If PaC IP address changes (e.g., run DHCP after PANA), PaC notifies PAA • Did we really need the integrity checks? • IP address theft/spoofing – IP address ownership issue

  9. NAT traversal (2/2) • UDP destination port in request messages set to PANA_port. • PAA requests sent to PaC -- port mapping issue • Proposal: • Option 1: Remove the integrity checks, handle port issue • Option 2: Include a deployment considerations text: “NAT between PaC and PAA is not supported”.

  10. TTL • Drop the TTL check on both PaC and PAA

  11. Any other issues? • Re-charter? • “For simplicity, it is assumed thatthe PAA is attached to the same link as the device (i.e., no intermediary IP routers).”

More Related