Presentation is loading. Please wait.

Presentation is loading. Please wait.

AAA Mobile IPv6 Application Framework draft-yegin-mip6-aaa-fwk-00.txt Alper Yegin IETF 61 – 12 Nov 2004.

Similar presentations


Presentation on theme: "AAA Mobile IPv6 Application Framework draft-yegin-mip6-aaa-fwk-00.txt Alper Yegin IETF 61 – 12 Nov 2004."— Presentation transcript:

1 AAA Mobile IPv6 Application Framework draft-yegin-mip6-aaa-fwk-00.txt Alper Yegin IETF 61 – 12 Nov 2004

2 2 Why AAA? Centralized service management Especially useful when MN can use any one of multiple HAs –HAs on the same subnet –HAs in the same service provider domain –HAs across service provider domains

3 3 Why Talking About a Framework? There are multiple ways to utilize AAA for Mobile IPv6 service (see solution space!) Before we embark on solutions, MIP6 WG should: –Identify different frameworks of using AAA for MIP6 –Select one or more framework (many considerations go in here) –Identify requirements/solutions based on that –Take the RADIUS/Diameter solutions to AAA++ WG, handle MIP6 changes (if any) in MIP6 WG

4 4 Frameworks (1) Using network access AAA to deliver MIP6 bootstrapping information to MN –draft-giaretta-mip6-authorization-eap-01 –draft-le-aaa-mipv6-requirements-03 –draft-ohnishi-mip6-aaa-problem-statement-00 (2) Using network access AAA to deliver MIP6 bootstrapping information to NAS –draft-chowdhury-mip6-bootstrap-radius-00 –It is assumed that info will be delivered from NAS to MN via another protocol (e.g., draft-jang-dhc-haopt-00)

5 5 Frameworks (3) Piggybacking MIP6 signaling (BU) with network access AAA –draft-le-aaa-mipv6-requirements-03 (4) AAA of Mobile IPv6 signaling (IKE, BU) –MIP6 AAA is independent of network access AAA –Described in this I-D

6 6 Framework 4 Mobile Home agent/ AAA node IKE, AAA client RADIUS or server Mobile IPv6 Diameter MN HA AAA server | | Auth/Authz for | | IKE | MIPv6 IPsec SA | | | | | Binding Update | Authz for BU | | | | | Binding Update | Authz for BU | | | | v time

7 7 Example Framework4 Implementation Using EAP/IKEv2 for authentication MIP6 MN/ MIP6 HA/ EAP auth server/ EAP peer EAP/IKEv2, EAP auth’or/ EAP/RADIUS, AAA server Mobile IPv6 AAA Client RADIUS EAP enables –end2end authentication between MN and AAA server –SA establishment between MN and HA (AAA-Key) Note: IKE/IPsec-less implementations of this framework is possible (draft-ietf-mip6-auth-protocol- 00).

8 8 Relation to MIP6 Bootstrapping Framework 4 assumes MN already knows the HA –Rely on static configuration or other dynamic discovery schemes MN-HA SA is dynamically created as a result of MIP6-AAA execution Home address can be assigned before, during, or after the MIP6-AAA execution Therefore, this framework provides a partial solution to bootstrapping problem

9 9 Summary Identification of frameworks and detailed discussion on one (fwk4) Proposal to MIP6 WG: –Start by framework identification (discovery) Solution introductions help that –Select one or more (how?) –Identify required changes on MIP6 (if any) and AAA protocols –Produce requirements for AAA -- augmented or new AAA applications (interface to AAA++ WG)


Download ppt "AAA Mobile IPv6 Application Framework draft-yegin-mip6-aaa-fwk-00.txt Alper Yegin IETF 61 – 12 Nov 2004."

Similar presentations


Ads by Google