SNMP for the PAA-EP protocol PANA wg - IETF 60 San Diego -> Yacine El Mghazli (Alcatel) <- Yoshihiro Ohba (Toshiba) Julien Bournelle (GET/INT) draft-ietf-pana-snmp-01.txt.

Slides:



Advertisements
Similar presentations
1 PANA-IETF70 PANA WG Work Items March 12-13, 2008 IETF 71.
Advertisements

Washinton D.C., November 2004 IETF 61 st – mip6 WG Goals for AAA-HA interface (draft-giaretta-mip6-aaa-ha-goals-00) Gerardo Giaretta Ivano Guardini Elena.
PANA Requirements and Terminology - IETF54 -. PANA WG, IETF 54, Requirements and Terminology draft-ietf-pana-requirements-02.txt Changes Comments/questions.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
May 12, 2015IEEE Network Management Symposium Page-1 Requirements for Configuration Management of IP-based Networks Luis A. Sanchez Chief Technology Officer,
© 2004 SafeNet, Inc. All rights reserved. Mobike Protocol Design draft-kivinen-mobike-design-00.txt Tero Kivinen
NS-H /11041 SNMP. NS-H /11042 Outline Basic Concepts of SNMP SNMPv1 Community Facility SNMPv3 Recommended Reading and WEB Sites.
SNMP for the PAA-EP protocol PANA wg - IETF 61 Washington DC Yacine El Mghazli (Alcatel) Yoshihiro Ohba (Toshiba) Julien Bournelle (GET/INT) draft-ietf-pana-snmp-02.txt.
Network Protocols UNIT IV – NETWORK MANAGEMENT FUNDAMENTALS.
December 13, Policy Terminology - 01 Report for 49th IETF Andrea Westerinen.
Issues to Consider w.r.t Protocol Solution - IETF54 -
Softwire Security Requirement draft-ietf-softwire-security-requirements-03.txt Softwires WG IETF#69, Chicago 25 th July 2007 Shu Yamamoto Carl Williams.
7/14/2003IETF57 PANA enabling IPsec based Access control draft-mohanp-pana-ipsec-00.txt Mohan Parthasarathy Tahoe Networks - Presented by Hannes Tschofenig.
1 IPFIX Protocol Specifications IPFIX IETF-59 March 3, 2004 Benoit Claise Mark Fullmer Reinaldo Penno Paul Calato Stewart Bryant Ganesh Sadasivan.
IETF54 Charter Issues Dealt with since IETF53 PANA WG Meeting Basavaraj Patil.
August 1, 2005IETF63 PANA WG Pre-authentication Support for PANA (draft-ohba-pana-preauth-00.txt) Yoshihiro Ohba
Yang Shi, Chris Elliott, Yong Zhang IETF 73 rd 18 Nov 2008, Minneapolis CAPWAP WG MIB Drafts Report.
Network Management Security
IETF-71, Philadelphia PANA in DSL networks draft-morand-pana-panaoverdsl-01.txt Lionel Morand France Telecom Alper Yegin Samsung Yoshihiro Ohba Toshiba.
21-07-xxxx IEEE MEDIA INDEPENDENT HANDOVER DCN: xxxx Title: IETF Liaison Report Date Submitted: July 19, 2007 Presented at.
Why not EAP over PANA? Qualcomm, Inc. Vidya Narayanan, Dondeti, Lakshminath, Jun Wang, Pete Barany Notice: QUALCOMM Incorporated grants a free, irrevocable.
Real-time Flow Management 2 BOF: Remote Packet Capture Extensions Jürgen Quittek NEC Europe Ltd, Heidelberg, Germany Georg Carle GMD.
IPsec Introduction 18.2 Security associations 18.3 Internet Security Association and Key Management Protocol (ISAKMP) 18.4 Internet Key Exchange.
SHIM6 Protocol Drafts Overview Geoff Huston, Marcelo Bagnulo, Erik Nordmark.
1 Virtual Router Redundancy Protocol (VRRP) San Francisco IETF VRRP Working Group March 2003 San Francisco IETF Mukesh Gupta / Nokia Chair.
PANA Implementation in Open Diameter Victor Fajardo.
Management Attributes RADEXT WG November 8, 2005 Dave Nelson Greg Weber IETF-64, Vancouver.
IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: IETF Liaison Report Date Submitted: November 15, 2007 Presented.
PANA Framework Prakash Jayaraman, Rafa Marin Lopez, Yoshihiro Ohba, Mohan Parthasarathy, Alper Yegin IETF 59.
SNMP for the PAA-2-EP protocol PANA wg - IETF 59 Seoul -> Yacine El Mghazli (Alcatel)
Multi-hop PANA IETF Currently: –“For simplicity, it is assumed that the PAA is attached to the same link as the device (i.e., no intermediary IP.
SNMP for the PAA-EP protocol PANA wg - IETF 62 Minneapolis Yacine El Mghazli (Alcatel) Yoshihiro Ohba (Toshiba) Julien Bournelle (GET/INT) draft-ietf-pana-snmp-03.txt.
Mobile IPv6 with IKEv2 and revised IPsec architecture IETF 61
IETF 57 PANA WG PANA Discussion and Open Issues (draft-ietf-pana-pana-01.txt) Dan Forsberg, Yoshihiro Ohba, Basavaraj Patil, Hannes Tschofenig, Alper Yegin.
ISMS IETF72 David Harrington. Status IETF72 Transport Subsystem for the Simple Network Management Protocol (SNMP) –IETF69: draft-ietf-isms-tmsm-09.txt.
Security Threats and Security Requirements for the Access Node Control Protocol (ANCP) IETF 68 - ANCP WG March 18-23, 2007 draft-ietf-ancp-security-threats-00.txt.
DSLF Subscriber Auth Requirements and IETF PANA Protocol PANA WG Chairs IETF 70 Dec 7, 2007 – Vancouver, Canada.
Washinton D.C., November 2004 IETF 61 st – mip6 WG MIPv6 authorization and configuration based on EAP (draft-giaretta-mip6-authorization-eap-02) Gerardo.
Softwire Security Requirement Update draft-ietf-softwire-security-requirements-02.txt IETF Meeting, Prague March 19, 2007 Shu Yamamoto Carl Williams Florent.
Design Guidelines Thursday July 26, 2007 Bernard Aboba IETF 69 Chicago, IL.
Nov. 9, 2004IETF61 PANA WG PANA Specification Last Call Issues Yoshihiro Ohba, Alper Yegin, Basavaraj Patil, D. Forsberg, Hannes Tschofenig.
Slide 1 2/22/2016 Policy-Based Management With SNMP SNMPCONF Working Group - Interim Meeting May 2000 Jon Saperia.
IPSec – IP Security Protocol By Archis Raje. What is IPSec IP Security – set of extensions developed by IETF to provide privacy and authentication to.
San Diego, August 2004 IETF 60 th – mip6 WG MIPv6 authorization and configuration based on EAP (draft-giaretta-mip6-authorization-eap-01) Gerardo Giaretta.
Minneapolis, March 2005 IETF 62 nd – mip6 WG Goals for AAA-HA interface (draft-giaretta-mip6-aaa-ha-goals-00) Gerardo Giaretta Ivano Guardini Elena Demaria.
Paris, August 2005 IETF 63 rd – mip6 WG Mobile IPv6 bootstrapping in split scenario (draft-ietf-mip6-bootstrapping-split-00) mip6-boot-sol DT Gerardo Giaretta,
Draft-ietf-v6ops-ipsec-tunnels-03 Using IPsec to Secure IPv6-in-IPv4 Tunnels draft-ietf-v6ops-ipsec-tunnels-03 Richard Graveman Mohan Parthasarathy Pekka.
1 IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: EAP Pre-authentication Problem Statement in IETF HOKEY WG Date Submitted: September,
PANA in DSL networks draft-morand-pana-panaoverdsl-00.txt Lionel Morand Roberta Maglione John Kaippallimalil Alper Yegin IETF-67, San Diego.
7/24/2007IETF69 PANA WG1 PANA Issues and Resolutions draft-ietf-pana-pana-17.txt draft-ietf-pana-framework-09.txt Yoshihiro Ohba Alper Yegin.
San Diego, November 2006 IETF 67 th – mip6 WG Goals for AAA-HA interface (draft-ietf-mip6-aaa-ha-goals-03) Gerardo Giaretta Ivano Guardini Elena Demaria.
EAP WG EAP Key Management Framework Draft-ietf-eap-keying-05.txt Bernard Aboba Microsoft IETF 62, Minneapolis, MN.
Thoughts on the LMAP protocol(s) LMAP Interim meeting, Dublin, 15 th September 2014 Philip Eardley Al Morton Jason Weil 1.
Convergence of Network Management Protocols
<draft-ohba-pana-framework-00.txt>
Open issues with PANA Protocol
PANA in DSL networks draft-morand-pana-panaoverdsl-01.txt
PANA Discussion and Open Issues (draft-ietf-pana-pana-01.txt)
PANA Issues and Resolutions
SNMP usage for PAA-EP PANA wg - IETF 63 Paris
PANA Discussion in DSL Forum Warsaw Meeting
PAA-EP protocol considerations PANA wg - IETF 57 Vienna
Thomas Nadeau Yacine El Mghazli Kwok Ho Chan
Protocol for Carrying Authentication for Network Access - PANA -
PANA Implementation in Open Diameter
draft-ipdvb-sec-01.txt ULE Security Requirements
802.11i Bootstrapping Using PANA
Protocol for Carrying Authentication for Network Access - PANA -
PAA-2-EP protocol PANA wg - IETF 58 Minneapolis
Presentation transcript:

SNMP for the PAA-EP protocol PANA wg - IETF 60 San Diego -> Yacine El Mghazli (Alcatel) <- Yoshihiro Ohba (Toshiba) Julien Bournelle (GET/INT) draft-ietf-pana-snmp-01.txt

Yacine El Mghazli — 2 All rights reserved © 2004, Alcatel PAA-EP History > PANA charter: The PANA working group mandates SNMP for PAA-EP The PANA wg will not design a new protocol design, it may involve the definition of extensions of an existing one > History: IETF55: PAA-EP interface requirements – draft-ietf-pana-reqs-0x.txt IETF56/57/58: PAA-EP protocol evaluation – draft-yacine-pana-paa2ep-prot-eval-00.txt IETF59: SNMP draft accepted as a PANA work item – draft-yacine-pana-snmp-01.txt IETF60: SNMP draft updated – draft-ietf-pana-snmp-01.txt

Yacine El Mghazli — 3 All rights reserved © 2004, Alcatel Re-use of existing IPSec configuration MIBs IP level access control > IPSec configuration MIB splitted into 3 separate modules > IPSec SPD configuration MIB module (IPSP wg) Rule/Filter/Action Policy structure Various IP filters, including IP header filter Notification Variables re-usable for the PaC presence notif > IPSec IKE configuration MIB module (IPSP wg) For IP-based access control (draft-ietf-pana-ipsec) Pre-shared key configuration (PSK) – Derived at the PAA level ID_KEY_ID configuration (aggressive mode) – PANA_Session_id|PANA_Key_Id

Yacine El Mghazli — 4 All rights reserved © 2004, Alcatel Additional PANA MIB objects L2 access control + Specific Notifs > Currently PANA-specific objects extends the SPD-MIB L2 Filters L2 protection (keying material) PaC presence Notification > Current version -01: Temptative IEEE 802 filters New PaC Notification

Yacine El Mghazli — 5 All rights reserved © 2004, Alcatel Changes since -00 > Edits Terminology section updated PAA/EP separation context section re-writed > New section on MIB usage examples in the PANA context To be reviewed by IPSP wg

Yacine El Mghazli — 6 All rights reserved © 2004, Alcatel Feedback on –01(ML) > General Edits… Fixed at next version > On SNMPv3: A MIB doctor to act as a technical advisor for the PANA WG ? Careful use of SNMP terminology > On PANA frwk: New PaC Notification could lead to DoS attacks on the PAA

Yacine El Mghazli — 7 All rights reserved © 2004, Alcatel Next steps and open issues for -02 > PANA-specific object design still immature Link-layer filters – Do we support everything ? (guess no…) – Might re-use existing L2 protection – Some additonal objects design might be needed – Might re-use existing > Security section TBD Details the use of SNMPv3 security Depends on the MIB objects definition

Yacine El Mghazli — 8 All rights reserved © 2004, Alcatel THANKS

Yacine El Mghazli — 9 All rights reserved © 2004, Alcatel PAA-EP Requirements Summary > One-to-many PAA-EP relation: required. a given EP relate to multiple PAAs > Secure Communication: required. authentication, confidentiality, and integrity. > New PaC Notification: required. EP to notify unauthorized PaC presence to the PAA. optional (PANA can do that). > Inactive EP detection: not required. satisfied by other means. the architecture can take it into account with e.g. a request-response mechanism.

Yacine El Mghazli — 10 All rights reserved © 2004, Alcatel PAA-EP Requirements Summary (cont’d) > Stateful approach: not required. the PAA does not maintain any EP state. the whole solution does (at application level). needed some implementation guidance. > Accounting/Feedback from the EPs: required. polling sufficient for the PANA needs > EP Configuration information: The PAA-EP protocol must push DI-based filters and keying material down to the EP.

Yacine El Mghazli — 11 All rights reserved © 2004, Alcatel Why SNMP ? > Consensus regarding the PAA-EP protocol within PANA wg: No new protocol design Basic configuration needs (No ‘disqualifying‘requirement), but: – No disruptive choice – No immature solutions – Follow the IAB recommendations > SNMPv3 fully satisfies the above conditions v3 satisfies the security conditions widely spread for monitoring (« get » messages) « Set » messages allow simple configuration Lots of MIBs available > SNMP provides a simple solution with a high-level of re-use

Yacine El Mghazli — 12 All rights reserved © 2004, Alcatel Functional basic principle PAA AAA backend EP PaCAR PANA auth AAA auth SNMP Install filter # PaC traffic One single IP subnet

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.