Presentation is loading. Please wait.

Presentation is loading. Please wait.

Enhancing international roaming performance : NAPTR Records in DNS

Published byJoana Everetts Modified over 9 years ago

Similar presentations

Presentation on theme: "Enhancing international roaming performance : NAPTR Records in DNS"— Presentation transcript:

1 Enhancing international roaming performance : NAPTR Records in DNS
Dr Alan Buxey #nws41

2 Introduction How packets go through eduroam
A solution to reduce the bottleneck/load The result Explanation/How It Works Issues Future extensions Summary Questions/feedback

3 Hierarchical architecture of eduroam
James using eduroam in some German City ‘magic’ happens and he is online RADIUS packets routed by fixed lists at the top (european proxy) Lots of hops. Inefficient. .net, .org, .edu etc all cause problems

4 ..a lot of conversation! All of this goes on across the Proxy path!
UDP too, so chances of issues

5 The “quick-win” fix? Dynamic Discovery
Dynamic Discovery of relevant national proxy Places routing hints towards the responsible national proxy into DNS, making routing more efficient eduroam say: “As an IdP, you do not have to know much about the mechanics behind this” …..but we beg to differ in opinion ;-)

6 Dynamic discovery at the National level
Request goes up to National level The national proxy does a lookup camford.ac.uk is via UK Sent to UK using RADSEC Everything else as before…just a fewer hops (and often much shorter distance!)

7 How did it know to send to the UK?
DNS query for a NAPTR record (based on realm) Network Authority PoinTeR – resource record type Not in common use (used a lot with SIP!) Powerful options…but eduroam implementation is ‘simple’, as follows

8 NAPTR definition camford.ac.uk IN NAPTR "s" "x-eduroam:radius.tls" "" _radsec._tcp.roaming.ja.net. camford.ac.uk – zone name/label for which the NAPTR entry is defined 43200 – DNS lifetime for the entry (in seconds) as per other records IN – This entry is for Internet consumption – like other records NAPTR – This entry is a Network Authority Pointer 100 – Order number, lower prefered…only have one entry anyway!) 10 – Priority, if multiple with same order, highest first (only have one entry anyway!) “s” – do a DNS query for a SRV record after getting the value. Any other entry (e.g. u or a) is invalid! "x-eduroam:radius.tls" – The service. Only use if you want to use this service, basically means eduroam using RADIUS with TLS – it’s a fixed value. “” – REGEX support. Very powerful, used in SIP, we don’t use it in eduroam _radsec._tcp.roaming.ja.net – target. If you want to use the x-eduroam service, get the SRV records, resolve the hostname and the ports to use

9 The SRV part (demonstrated)
# dig -t SRV _radsec._tcp.roaming.ja.net ; <<>> DiG 9.8.2rc1-RedHat rc1.el6_4.4 <<>> -t SRV _radsec._tcp.roaming.ja.net ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46221 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 4, ADDITIONAL: 7 ;; QUESTION SECTION: ;_radsec._tcp.roaming.ja.net. IN SRV ;; ANSWER SECTION: _radsec._tcp.roaming.ja.net IN SRV roaming2.ja.net. _radsec._tcp.roaming.ja.net IN SRV roaming0.ja.net. _radsec._tcp.roaming.ja.net IN SRV roaming1.ja.net. So port 2083 on those 3 servers for camford.ac.uk

10 Issues? Makes the path less ‘predictable’ – packets not simply to ‘end hosts or european proxy’ Packets may go to different servers based on DNS – what happened at 14:00? Microsoft 2008 or earlier? No NAPTR for you  (Google “NAPTR record windows 2008 DNS” and Janet community NAPTR page is the top hit  )

11 Future? Do NAPTR checks at the organisation level – no National Proxies eduroam service site does query Home/ID site replied with its own values Software maturity required (many RADIUS servers wont support this for years..if at all) Technical specification/policies changed (all requests must go via national proxy for remote sites) Logging/stats submissions e.g. F-TICKS

12 Summary How packets go through eduroam (hierarchy)
A solution to reduce the bottleneck/load (DS) The result (shorter path/distance) Explanation/How It Works (NAPTR records) Issues (troubleshooting, DNS that doesn’t do it) Future extensions (further RADSEC/DS deployment)

13 One small step for admins, one giant leap for RADIUS packets
Questions? Feedback? 1966 group. NOT the modern ‘The Thrills’

Download ppt "Enhancing international roaming performance : NAPTR Records in DNS"

Similar presentations

SIP, Firewalls and NATs Oh My!. www.dynamicsoft.com SIP Summit 2001 5.01.01 SIP, Firewalls and NATs, Oh My! Getting SIP Through Firewalls Firewalls Typically.

SIP, Firewalls and NATs Oh My!. SIP Summit SIP, Firewalls and NATs, Oh My! Getting SIP Through Firewalls Firewalls Typically.
RadSec – A better RADIUS protocol

RadSec – A better RADIUS protocol
1 Data-Oriented Network Architecture (DONA) Scott Shenker (M. Chowla, T. Koponen, K. Lakshminarayanan, A. Ramachandran, A. Tavakoli, I. Stoica)

1 Data-Oriented Network Architecture (DONA) Scott Shenker (M. Chowla, T. Koponen, K. Lakshminarayanan, A. Ramachandran, A. Tavakoli, I. Stoica)
Naming, Addressing, & Discovery

Naming, Addressing, & Discovery
Information-Centric Networks09c-1 Week 9 / Paper 3 VoCCN: Voice Over Content-Centric Networks –V. Jacobson, D. K. Smetters, N. H. Briggs, M. F. Plass,

Information-Centric Networks09c-1 Week 9 / Paper 3 VoCCN: Voice Over Content-Centric Networks –V. Jacobson, D. K. Smetters, N. H. Briggs, M. F. Plass,
Eduroam Forum Networkshop41 9 th April 2013. Welcome Edward Wincott eduroam Service Manager

Eduroam Forum Networkshop41 9 th April Welcome Edward Wincott eduroam Service Manager
Trust Router Overview IETF 86, Orlando, FL Trust Router Bar BOF Margaret Wasserman

Trust Router Overview IETF 86, Orlando, FL Trust Router Bar BOF Margaret Wasserman
Eduroam-ng TF-Mobility, Barcelona, 6 September 2005.

Eduroam-ng TF-Mobility, Barcelona, 6 September 2005.
DDI3 Uniform Resource Names: Locating and Providing the Related DDI3 Objects Part of Session: DDI 3 Tools: Possibilities for Implementers IASSIST Conference,

DDI3 Uniform Resource Names: Locating and Providing the Related DDI3 Objects Part of Session: DDI 3 Tools: Possibilities for Implementers IASSIST Conference,
CST 415 - Computer Networks NAT CST 415 4/10/2017 CST 415 - Computer Networks.

CST Computer Networks NAT CST 415 4/10/2017 CST Computer Networks.
Future Directions For IP Architectures Ipv6 Cs686 Sadik Gokhan Caglar.

Future Directions For IP Architectures Ipv6 Cs686 Sadik Gokhan Caglar.
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
IPv6 – IPv4 Network Address, Port & Protocol Translation & Multithreaded DNS Gateway Navpreet Singh, Abhinav Singh, Udit Gupta, Vinay Bajpai, Toshu Malhotra.

IPv6 – IPv4 Network Address, Port & Protocol Translation & Multithreaded DNS Gateway Navpreet Singh, Abhinav Singh, Udit Gupta, Vinay Bajpai, Toshu Malhotra.
COS 461 Fall 1997 Routing COS 461 Fall 1997 Typical Structure.

COS 461 Fall 1997 Routing COS 461 Fall 1997 Typical Structure.
Chapter 8 Managing Windows Server 2008 Network Services

Chapter 8 Managing Windows Server 2008 Network Services
1 Internet Protocol Version 6 (IPv6) What the caterpillar calls the end of the world, nature calls a butterfly. - Anonymous.

1 Internet Protocol Version 6 (IPv6) What the caterpillar calls the end of the world, nature calls a butterfly. - Anonymous.
2.1 Installing the DNS Server Role Overview of the Domain Name System Role Overview of the DNS Namespace DNS Improvements for Windows Server 2008 Considerations.

2.1 Installing the DNS Server Role Overview of the Domain Name System Role Overview of the DNS Namespace DNS Improvements for Windows Server 2008 Considerations.
Key Negotiation Protocol & Trust Router draft-howlett-radsec-knp ABFAB, IETF 80 31 March, Prague.

Key Negotiation Protocol & Trust Router draft-howlett-radsec-knp ABFAB, IETF March, Prague.
An Engineering Approach to Computer Networking

An Engineering Approach to Computer Networking
Internet Networking Spring 2006 Tutorial 12 Web Caching Protocols ICP, CARP.

Internet Networking Spring 2006 Tutorial 12 Web Caching Protocols ICP, CARP.

Similar presentations

Ads by Google