1. 1 RADIUS Mobile IPv6 Support draft-ietf-mip6-radius-01.txt Kuntal Chowdhury Avi Lior Hannes Tschofenig

2. 2 Changes Editorial changes Added text to attributes regarding its occurrences Updated “Table of Attributes” section with regard to accounting Added “Diameter Considerations” section

3. 3 Next Step Meet RADEXT standards with regard to attribute formatting. Define what to put in Service-Type and/or NAS-Port-Type attributes. Make sure that the Diameter Mobility work in DIME is inline with this document.

4. 4 Backup Slides

5. 5 Overview RADIUS based AAA infrastructure can be used in conjunction with MIPv6 The essential information set for bootstrapping a MIPv6 MN can be sent to the AR or the HA via RADIUS attributes The 01 version of the I-D covers bootstrapping scenarios for the following: –Split Scenario –Integrated Scenario

6. 6 Split Scenario MSA != MSP RADIUS interaction triggered by protocol (MIP6/IKEv2 ) transaction at the HA The HA acts a RADIUS Client. At the end of the RADIUS transaction the HA should have relevant MIPv6 specific parameters The RADIUS server may also instruct the HA to perform DNS update for the MN

7. 7 Integrated Scenario ASA != MSA At the time of access auth/authz, the RADIUS server in the ASA (/MSA) may download the relevant MIPv6 parameters to the NAS/AR The NAS/AR acts as the RADIUS Client The HA aslo acts as the RADIUS Client

8. 8 RADIUS Attributes The Following attributes are identified at present: –Home Agent Address –Home Agent FQDN –Home Link Prefix –Home Address –DNS Update Mobility Option

9. 9 Additional Enhancements The necessary support for the following are planned to be included in the next revision –MIP6 Auth protocol (RFC 4285) and –The associated bootstrapping I-D: draft- devarapalli-mip6-authprotocol-bootstrap

10. 10 AAA-Goals: Compliance G1.1 – G1.4: –These are standard requirements for a AAA protocol mutual authentication, integrity, replay protection, confidentiality. –IPsec can be used to achieve the goals G1.5 Inactive Peer Detection –needs further investigation, since heartbeat messages do not exist in RADIUS. –However, there are robust RADIUS failover mechanisms deployed today for this purpose

11. 11 AAA-Goals: Compliance G2.1: Use of NAI over HA-AAA –Username Attribute can be used for this G2.2: Query for MIPv6 authz –HA can send Access-Request to authz the user G2.3: Enforce operational limitations –RADIUS based NAS-filter-rule, QoS, prepaid…work in progress in IETF

12. 12 AAA-Goals: Compliance G2.4 – G2.6: MIPv6 session limit, disconnect, re-authz etc. –RADIUS attributes likes session-timeout, Change-of-Authorization, Disconnect Message, prepaid extensions can be leveraged to meet these goals. G3.1: Accounting HA-AAA interface –Existing accounting messages can be used –Do we need AR/NAS-AAA accounting?

13. 13 AAA-Goals: Compliance G4.1: HA-AAA intf, pass through EAP auth with HA as the EAP authenticator –In general, RADIUS meets this goal. –Details can be worked out for relevant scenarios. G5.1: DNS update –Already defined the DNS Update Mobility Option Attribute