AAA-Mobile IPv6 Frameworks Alper Yegin IETF 62. 2 Objective Identify various frameworks where AAA is used for the Mobile IPv6 service Agree on one (or.

Slides:



Advertisements
Similar presentations
Washinton D.C., November 2004 IETF 61 st – mip6 WG Goals for AAA-HA interface (draft-giaretta-mip6-aaa-ha-goals-00) Gerardo Giaretta Ivano Guardini Elena.
Advertisements

MIP Extensions: FMIP & HMIP
1Nokia Siemens Networks Presentation / Author / Date University of Twente On the Security of the Mobile IP Protocol Family Ulrike Meyer and Hannes Tschofenig.
Mobile IPv6 趨勢介紹 1. Mobile IP and its Variants Mobile IPv4 (MIPv4) – MIPv4 – Low-Latency Handover for MIPv4 (FMIPv4) – Regional Registration for MIPv4.
1 DSMIP6 Support QUALCOMM Inc. Jun Wang, George Cherian, Masa Shirota Notice.
AAA Mobile IPv6 Application Framework draft-yegin-mip6-aaa-fwk-00.txt Alper Yegin IETF 61 – 12 Nov 2004.
Overview of the Mobile IPv6 Bootstrapping Problem James Kempf DoCoMo Labs USA Thursday March 10, 2005.
Mobile IPv6 - NSIS Interaction for Firewall traversal draft-thiruvengadam-nsis-mip6-fw-04 S. Thiruvengadam Hannes Tschofenig Franck Le Niklas Steinleitner.
Bootstrapping MIP6 Using DNS and IKEv2 (BMIP) James Kempf Samita Chakrarabarti Erik Nordmark draft-chakrabarti-mip6-bmip-01.txt Monday March 7, 2005.
1IETF59 DNSOP WG IPv6 DNS Discovery Issues Jaehoon Paul Jeong ETRI 1st March th IETF – Seoul,
Carrying Location Objects in RADIUS Hannes Tschofenig, Farid Adrangi, Avi Lior, Mark Jones.
Basavaraj Patil IETF 78.  Implementation details: Implemented on Nokia N900 and Ubuntu 10, and Debian 5 linux variants TLS connection is established.
1 © 2001, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Easy VPN Solutions Applications and Implementation with Cisco IOS.
Slide 1, Dr. Wolfgang Böhm, Mobile Internet, © Siemens AG 2001 Dr. Wolfgang Böhm Siemens AG, Mobile Internet Dr. Wolfgang.
Media-Independent Pre-Authentication (draft-ohba-mobopts-mpa-framework-01.txt) (draft-ohba-mobopts-mpa-implementation-01.txt) Ashutosh Dutta, Telcordia.
1 MIPv6 CN-Targeted Location Privacy and Optimized Routing draft-weniger-mobopts-mip6-cnlocpriv-01 IETF #68, Prague, March 2007.
1 Sideseadmed (IRT0040) loeng 5/2010 Avo
November st IETF MIP6 WG Mobile IPv6 Bootstrapping Architecture using DHCP draft-ohba-mip6-boot-arch-dhcp-00 Yoshihiro Ohba, Rafael Marin Lopez,
50 th IETF BURP BOF, March 20, 2001 Applicability of a User Registration Protocol Yoshihiro Ohba (Toshiba America Research, Inc.) Henry Haverinen (Nokia)
1 EAP Usage Issues Feb 05 Jari Arkko. 2 Typical EAP Usage PPP authentication Wireless LAN authentication –802.1x and i IKEv2 EAP authentication.
EAP WG EAP Key Management Framework Draft-ietf-eap-keying-03.txt Bernard Aboba Microsoft.
1 IPsec-based MIP6 Security Qualcomm Inc. Starent Inc. Notice: Contributors grant free, irrevocable license to 3GPP2 and its Organization Partners to incorporate.
1 Notice Contributors grant a free, irrevocable license to 3GPP2 and its Organization Partners to incorporate text or other copyrightable material contained.
Mobile IPv6 Location Privacy Solutions UPDATE draft-irtf-mobopts-location-privacy-solutions-04.txt Ying Qiu, Fan Zhao, Rajeev Koodli.
1 Motorola PMIPv4 Call Flows: Bearer Setup with Dual Anchoring Parviz YeganiVojislav VuceticAlmon Tang (408) (732) (847)
1 Julien Laganier MEXT WG, IETF-79, Nov Authorizing MIPv6 Binding Update with Cryptographically Generated Addresses
July 16, Diameter EAP Application (draft-ietf-aaa-eap-02.txt) on behalf of...
1 © NOKIA Nokia_TIA-835D_MIPv6_authentication / 18AUG03 / ETacsik MIPv6 authentication MIPv6 authentication – AAAv6 MIPv6 authentication – PANA MIPv6 authentication.
IP Address Location Privacy and Mobile IPv6 draft-koodli-mip6-location-privacy-00.txt draft-koodli-mip6-location-privacy-solutions-00.txt.
All Rights Reserved © Alcatel-Lucent 2007, ##### 1 | Presentation Title | January 2007 UMB Security Evolution Proposal Abstract: This contribution proposes.
1 RADIUS Mobile IPv6 Support draft-ietf-mip6-radius-01.txt Kuntal Chowdhury Avi Lior Hannes Tschofenig.
RADIUS issues in IPv6 deployments draft-hu-v6ops-radius-issues-ipv6-01 J. Hu, YL. Ouyang, Q. Wang, J. Qin,
1 IETF 78: NETEXT Working Group IPSec/IKEv2 Access Link Support in Proxy Mobile IPv6 IPSec/IKEv2-based Access Link Support in Proxy Mobile IPv6 Sri Gundavelli.
AAA and Mobile IPv6 Franck Le AAA WG - IETF55. Why Diameter support for Mobile IPv6? Mobile IPv6 is a routing protocol and does not deal with issues related.
1 Mobility Support in IPv6 (MIPv6) Chun-Chuan Yang Dept. Computer Science & Info. Eng. National Chi Nan University.
1 NetLMM Vidya Narayanan Jonne Soininen
PANA Framework Prakash Jayaraman, Rafa Marin Lopez, Yoshihiro Ohba, Mohan Parthasarathy, Alper Yegin IETF 59.
111 © 2001, Cisco Systems, Inc. All rights reserved. Presentation_ID Mobile IPv4 Dynamic Home Agent Assignment Framework (draft-kulkarni-mobileip-dynamic-assignment-01.txt)
EAP Keying Framework Draft-aboba-pppext-key-problem-06.txt EAP WG IETF 56 San Francisco, CA Bernard Aboba.
07/03/ nd IETF – Minneapolis Mobile IPv6 WG meeting PF_KEY Extension as an Interface between Mobile IPv6 and IPsec/IKE Shinta Sugimoto Francis Dupont.
+ Solution Overview (LR procedure) The whole sequence for localized routing Local routing capability detection Local routing Initiation LR scope or LR.
1 HRPD Roamer Authentication Zhibi Wang, Sarvar Patel, Simon Mizikovsky, Nancy Lee.
Enabling Binding Update via access authorization Charles Perkins, Basavaraj Patil IETF 82 [netext] WG / Taipei November 16, 2011.
Mobile IPv6 with IKEv2 and revised IPsec architecture IETF 61
2006/7/10IETF66 RADEXT WG1 Pre-authentication AAA Requirements Yoshihiro Ohba Alper Yegin
1 Alternative (Future) Proposals for MIPv6 Security MIP6 BOF/WG IETF-57 Jari Arkko, Ericsson Research NomadicLab Charlie Perkins, Nokia Research Center.
Revising RFC 3775 MEXT WG, IETF 70 Vijay Devarapalli
Washinton D.C., November 2004 IETF 61 st – mip6 WG MIPv6 authorization and configuration based on EAP (draft-giaretta-mip6-authorization-eap-02) Gerardo.
Nov. 9, 2004IETF61 PANA WG PANA Specification Last Call Issues Yoshihiro Ohba, Alper Yegin, Basavaraj Patil, D. Forsberg, Hannes Tschofenig.
Network Mobility (NEMO) Advanced Internet 2004 Fall
1 Mobility for IPv6 [MIP6] November 12 th, 2004 IETF61.
San Diego, August 2004 IETF 60 th – mip6 WG MIPv6 authorization and configuration based on EAP (draft-giaretta-mip6-authorization-eap-01) Gerardo Giaretta.
Minneapolis, March 2005 IETF 62 nd – mip6 WG Goals for AAA-HA interface (draft-giaretta-mip6-aaa-ha-goals-00) Gerardo Giaretta Ivano Guardini Elena Demaria.
Diameter Mobile IPv6: HA-to-AAAH support draft-ietf-dime-mip6-split-01.txt Julien Bournelle (Ed.) Gerardo Giaretta Hannes Tschofenig Madjid Nakhjiri.
Mobile IPv6 Location Privacy Solutions UPDATE draft-irtf-mobopts-location-privacy-solutions-04.txt Ying Qiu, Fan Zhao, Rajeev Koodli.
Paris, August 2005 IETF 63 rd – mip6 WG Mobile IPv6 bootstrapping in split scenario (draft-ietf-mip6-bootstrapping-split-00) mip6-boot-sol DT Gerardo Giaretta,
IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: IETF Liaison Report Date Submitted: May 14, 2009 Presented at IEEE session.
MIP6 RADIUS IETF-72 Update draft-ietf-mip6-radius-05.txt A. LiorBridgewater Systems K. ChowdhuryStarent Networks H. Tschofenig Nokia Siemens Networks.
1 IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: EAP Pre-authentication Problem Statement in IETF HOKEY WG Date Submitted: September,
San Diego, November 2006 IETF 67 th – mip6 WG Goals for AAA-HA interface (draft-ietf-mip6-aaa-ha-goals-03) Gerardo Giaretta Ivano Guardini Elena Demaria.
Thoughts on Bootstrapping Mobility Securely Chairs, with help from James Kempf, Jari Arkko MIP6 WG/BOF 57 th IETF Vienna Wed. July 16, 2003.
Pre-authentication Problem Statement (draft-ohba-hokeyp-preauth-ps-00
<draft-ohba-pana-framework-00.txt>
Booting up on the Home Link
Media-Independent Pre-authentication (MPA) Framework
Carrying Location Objects in RADIUS
Pre-authentication Overview
for IP Mobility Protocols
IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: IETF Liaison Report Date Submitted: March 18, 2010 Presented at IEEE session.
IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: IETF Liaison Report Date Submitted: May 13, 2010 Presented at IEEE session.
Presentation transcript:

AAA-Mobile IPv6 Frameworks Alper Yegin IETF 62

2 Objective Identify various frameworks where AAA is used for the Mobile IPv6 service Agree on one (or more) to standardize

3 Why AAA? MIP6-AAA protocol (e.g., RADIUS) interworking for: –Centralized auth, authz, and acct management Use AAA interfaces during a MIP6 session –HA, HoA, MN-HA key discovery Use AAA interfaces before a MIP6 session

4 Framework 4 AAA protocol is executed between the HA and the AAA server for MIP6 AAA MN-HA key is generated during MIP6 session establishment (optionally HoA as well) Considerations –Independent of the network access AAA –MN must already know the HA –Accounting: Signaling and traffic counters on the HA MNNAS AAA server HA RADIUSMIP6

5 Framework 1 Using network access AAA to deliver MIP6 configuration info (HA, optionally HoA and MN- HA key) Considerations –Optimized –ASP must know MSP info (integrated SP) –Applicability of EAP for host configuration MNNAS AAA server HA info/EAP_method {HoA,key}/RADIUSMIP6 Fwk-4

6 Framework 2 Using network access AAA to deliver MIP6 configuration info first to the NAS, than to the MN Considerations –Similar to RADIUS Framed-IP-Address attribute –If NAS is DHCP relay, info needs to be relayed to DHCP server first. DHCP relay agent option MNNAS AAA server HA info/RADIUS {HoA,key}/RADIUSMIP6 Fwk-4 info/{DHCP, PANA}

7 Framework 3 Piggybacking MIP6 signaling (BU) with network access AAA BU may also be transported via EAP lower-layers Considerations –Optimized (RTT to home domain reduced) –Integrated SP –Added complexity MN must learn HA, CoA during/before network access AAA AAA server encaps/decaps or tunnels BU to HA Authorization result coordination between MIP6 and network access services MNNAS HA AAA server BU(?)BU/EAP_method

8 MIP6 Bootstrapping HA discoveryHoA discoveryMN-HA key generation - DNS - RFC3775 anycast - IKEv2 - mip6-mn-ident-option - Fwk-4 - Fwk-2 + PANA/DHCP - IKEv2 - mip6-mn-ident-option - Fwk-4 - Fwk-2 + PANA/DHCP (for MN); Fwk-4 (for HA) - Fwk-1 - IKEv2 - mip6-mn-ident-option - Fwk-1 (for MN); Fwk-4 (for HA) - Fwk-4

9 Where to go now? Fwk-4: New AAA-MIP6 application for HA-AAA interface Fwk-1: EAP method attributes for MIP6 config Fwk-2: AAA attributes + PANA/DHCP options for MIP6 config Fwk-3: BU piggybacked in network access AAA (EAP lower-layer or method attributes)

10 Appendix

11 Framework 4 Mobile Home agent/ AAA node IKE, BU AAA client RADIUS or server Diameter MN HA AAA server | | Auth/Authz for | | IKE | MIPv6 IPsec SA | | | | | Binding Update | Authz for BU | | | | | Binding Update | Authz for BU | | | | v time

12 Example Framework4 Implementation Using EAP/IKEv2 for authentication MIP6 MN/ MIP6 HA/ EAP auth server/ EAP peer EAP/IKEv2, BU EAP auth’or/ EAP/RADIUS, AAA server AAA Client RADIUS EAP enables –end2end authentication between MN and AAA server –SA establishment between MN and HA (AAA-Key) Note: IKE/IPsec-less implementations of this framework is possible (draft-ietf-mip6-auth-protocol- 00).

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.