Presentation is loading. Please wait.

Presentation is loading. Please wait.

AAA-Mobile IPv6 Frameworks Alper Yegin IETF 62. 2 Objective Identify various frameworks where AAA is used for the Mobile IPv6 service Agree on one (or.

Published byVivian Davis Modified over 8 years ago

Similar presentations

Presentation on theme: "AAA-Mobile IPv6 Frameworks Alper Yegin IETF 62. 2 Objective Identify various frameworks where AAA is used for the Mobile IPv6 service Agree on one (or."— Presentation transcript:

1 AAA-Mobile IPv6 Frameworks Alper Yegin IETF 62

2 2 Objective Identify various frameworks where AAA is used for the Mobile IPv6 service Agree on one (or more) to standardize

3 3 Why AAA? MIP6-AAA protocol (e.g., RADIUS) interworking for: –Centralized auth, authz, and acct management Use AAA interfaces during a MIP6 session –HA, HoA, MN-HA key discovery Use AAA interfaces before a MIP6 session

4 4 Framework 4 AAA protocol is executed between the HA and the AAA server for MIP6 AAA MN-HA key is generated during MIP6 session establishment (optionally HoA as well) Considerations –Independent of the network access AAA –MN must already know the HA –Accounting: Signaling and traffic counters on the HA MNNAS AAA server HA RADIUSMIP6

5 5 Framework 1 Using network access AAA to deliver MIP6 configuration info (HA, optionally HoA and MN- HA key) Considerations –Optimized –ASP must know MSP info (integrated SP) –Applicability of EAP for host configuration MNNAS AAA server HA info/EAP_method {HoA,key}/RADIUSMIP6 Fwk-4

6 6 Framework 2 Using network access AAA to deliver MIP6 configuration info first to the NAS, than to the MN Considerations –Similar to RADIUS Framed-IP-Address attribute –If NAS is DHCP relay, info needs to be relayed to DHCP server first. DHCP relay agent option MNNAS AAA server HA info/RADIUS {HoA,key}/RADIUSMIP6 Fwk-4 info/{DHCP, PANA}

7 7 Framework 3 Piggybacking MIP6 signaling (BU) with network access AAA BU may also be transported via EAP lower-layers Considerations –Optimized (RTT to home domain reduced) –Integrated SP –Added complexity MN must learn HA, CoA during/before network access AAA AAA server encaps/decaps or tunnels BU to HA Authorization result coordination between MIP6 and network access services MNNAS HA AAA server BU(?)BU/EAP_method

8 8 MIP6 Bootstrapping HA discoveryHoA discoveryMN-HA key generation - DNS - RFC3775 anycast - IKEv2 - mip6-mn-ident-option - Fwk-4 - Fwk-2 + PANA/DHCP - IKEv2 - mip6-mn-ident-option - Fwk-4 - Fwk-2 + PANA/DHCP (for MN); Fwk-4 (for HA) - Fwk-1 - IKEv2 - mip6-mn-ident-option - Fwk-1 (for MN); Fwk-4 (for HA) - Fwk-4

9 9 Where to go now? Fwk-4: New AAA-MIP6 application for HA-AAA interface Fwk-1: EAP method attributes for MIP6 config Fwk-2: AAA attributes + PANA/DHCP options for MIP6 config Fwk-3: BU piggybacked in network access AAA (EAP lower-layer or method attributes)

10 10 Appendix

11 11 Framework 4 Mobile Home agent/ AAA node IKE, BU AAA client RADIUS or server Diameter MN HA AAA server | | Auth/Authz for | | IKE | MIPv6 IPsec SA | | | | | Binding Update | Authz for BU | | | | | Binding Update | Authz for BU | | | | v time

12 12 Example Framework4 Implementation Using EAP/IKEv2 for authentication MIP6 MN/ MIP6 HA/ EAP auth server/ EAP peer EAP/IKEv2, BU EAP auth’or/ EAP/RADIUS, AAA server AAA Client RADIUS EAP enables –end2end authentication between MN and AAA server –SA establishment between MN and HA (AAA-Key) Note: IKE/IPsec-less implementations of this framework is possible (draft-ietf-mip6-auth-protocol- 00).

Download ppt "AAA-Mobile IPv6 Frameworks Alper Yegin IETF 62. 2 Objective Identify various frameworks where AAA is used for the Mobile IPv6 service Agree on one (or."

Similar presentations

Washinton D.C., November 2004 IETF 61 st – mip6 WG Goals for AAA-HA interface (draft-giaretta-mip6-aaa-ha-goals-00) Gerardo Giaretta Ivano Guardini Elena.

Washinton D.C., November 2004 IETF 61 st – mip6 WG Goals for AAA-HA interface (draft-giaretta-mip6-aaa-ha-goals-00) Gerardo Giaretta Ivano Guardini Elena.
MIP Extensions: FMIP & HMIP

MIP Extensions: FMIP & HMIP
1Nokia Siemens Networks Presentation / Author / Date University of Twente On the Security of the Mobile IP Protocol Family Ulrike Meyer and Hannes Tschofenig.

1Nokia Siemens Networks Presentation / Author / Date University of Twente On the Security of the Mobile IP Protocol Family Ulrike Meyer and Hannes Tschofenig.
Mobile IPv6 趨勢介紹 1. Mobile IP and its Variants Mobile IPv4 (MIPv4) – MIPv4 – Low-Latency Handover for MIPv4 (FMIPv4) – Regional Registration for MIPv4.

Mobile IPv6 趨勢介紹 1. Mobile IP and its Variants Mobile IPv4 (MIPv4) – MIPv4 – Low-Latency Handover for MIPv4 (FMIPv4) – Regional Registration for MIPv4.
1 DSMIP6 Support QUALCOMM Inc. Jun Wang, George Cherian, Masa Shirota Notice.

1 DSMIP6 Support QUALCOMM Inc. Jun Wang, George Cherian, Masa Shirota Notice.
AAA Mobile IPv6 Application Framework draft-yegin-mip6-aaa-fwk-00.txt Alper Yegin IETF 61 – 12 Nov 2004.

AAA Mobile IPv6 Application Framework draft-yegin-mip6-aaa-fwk-00.txt Alper Yegin IETF 61 – 12 Nov 2004.
Overview of the Mobile IPv6 Bootstrapping Problem James Kempf DoCoMo Labs USA Thursday March 10, 2005.

Overview of the Mobile IPv6 Bootstrapping Problem James Kempf DoCoMo Labs USA Thursday March 10, 2005.
Mobile IPv6 - NSIS Interaction for Firewall traversal draft-thiruvengadam-nsis-mip6-fw-04 S. Thiruvengadam Hannes Tschofenig Franck Le Niklas Steinleitner.

Mobile IPv6 - NSIS Interaction for Firewall traversal draft-thiruvengadam-nsis-mip6-fw-04 S. Thiruvengadam Hannes Tschofenig Franck Le Niklas Steinleitner.
Bootstrapping MIP6 Using DNS and IKEv2 (BMIP) James Kempf Samita Chakrarabarti Erik Nordmark draft-chakrabarti-mip6-bmip-01.txt Monday March 7, 2005.

Bootstrapping MIP6 Using DNS and IKEv2 (BMIP) James Kempf Samita Chakrarabarti Erik Nordmark draft-chakrabarti-mip6-bmip-01.txt Monday March 7, 2005.
1IETF59 DNSOP WG IPv6 DNS Discovery Issues Jaehoon Paul Jeong ETRI 1st March 2004 59th IETF – Seoul,

1IETF59 DNSOP WG IPv6 DNS Discovery Issues Jaehoon Paul Jeong ETRI 1st March th IETF – Seoul,
Carrying Location Objects in RADIUS Hannes Tschofenig, Farid Adrangi, Avi Lior, Mark Jones.

Carrying Location Objects in RADIUS Hannes Tschofenig, Farid Adrangi, Avi Lior, Mark Jones.
Basavaraj Patil IETF 78.  Implementation details: Implemented on Nokia N900 and Ubuntu 10, and Debian 5 linux variants TLS connection is established.

Basavaraj Patil IETF 78.  Implementation details: Implemented on Nokia N900 and Ubuntu 10, and Debian 5 linux variants TLS connection is established.
1 © 2001, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Easy VPN Solutions Applications and Implementation with Cisco IOS.

1 © 2001, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Easy VPN Solutions Applications and Implementation with Cisco IOS.
Slide 1, Dr. Wolfgang Böhm, Mobile Internet, © Siemens AG 2001 Dr. Wolfgang Böhm Siemens AG, Mobile Internet Dr. Wolfgang.

Slide 1, Dr. Wolfgang Böhm, Mobile Internet, © Siemens AG 2001 Dr. Wolfgang Böhm Siemens AG, Mobile Internet Dr. Wolfgang.
Media-Independent Pre-Authentication (draft-ohba-mobopts-mpa-framework-01.txt) (draft-ohba-mobopts-mpa-implementation-01.txt) Ashutosh Dutta, Telcordia.

Media-Independent Pre-Authentication (draft-ohba-mobopts-mpa-framework-01.txt) (draft-ohba-mobopts-mpa-implementation-01.txt) Ashutosh Dutta, Telcordia.
1 MIPv6 CN-Targeted Location Privacy and Optimized Routing draft-weniger-mobopts-mip6-cnlocpriv-01 IETF #68, Prague, March 2007.

1 MIPv6 CN-Targeted Location Privacy and Optimized Routing draft-weniger-mobopts-mip6-cnlocpriv-01 IETF #68, Prague, March 2007.
1 Sideseadmed (IRT0040) loeng 5/2010 Avo

1 Sideseadmed (IRT0040) loeng 5/2010 Avo
November 200461st IETF MIP6 WG Mobile IPv6 Bootstrapping Architecture using DHCP draft-ohba-mip6-boot-arch-dhcp-00 Yoshihiro Ohba, Rafael Marin Lopez,

November st IETF MIP6 WG Mobile IPv6 Bootstrapping Architecture using DHCP draft-ohba-mip6-boot-arch-dhcp-00 Yoshihiro Ohba, Rafael Marin Lopez,
50 th IETF BURP BOF, March 20, 2001 Applicability of a User Registration Protocol Yoshihiro Ohba (Toshiba America Research, Inc.) Henry Haverinen (Nokia)

50 th IETF BURP BOF, March 20, 2001 Applicability of a User Registration Protocol Yoshihiro Ohba (Toshiba America Research, Inc.) Henry Haverinen (Nokia)
1 EAP Usage Issues Feb 05 Jari Arkko. 2 Typical EAP Usage PPP authentication Wireless LAN authentication –802.1x and 802.11i IKEv2 EAP authentication.

1 EAP Usage Issues Feb 05 Jari Arkko. 2 Typical EAP Usage PPP authentication Wireless LAN authentication –802.1x and i IKEv2 EAP authentication.

Similar presentations

Ads by Google