Diameter NASreq (RFC 4005) and RADIUS Compatibility

Slides:

Advertisements

Similar presentations

1 Internet Protocol Version 6 (IPv6) What the caterpillar calls the end of the world, nature calls a butterfly. - Anonymous.

Advertisements

Doc.: IEEE /275 Submission September 2000 David Halasz, Cisco Systems, Inc.Slide 1 IEEE 802.1X for IEEE David Halasz, Stuart Norman, Glen.

Page 1 Building Reliable Component-based Systems Chapter 7 - Role-Based Component Engineering Chapter 7 Role-Based Component Engineering.

IPv4-Embedded IPv6 Multicast Address draft-ietf-mboned-64-multicast-address-format IETF 84 Vancouver 1.

CS 6401 IPv6 Outline Background Structure Deployment.

Session Policy Framework using EAP draft-mccann-session-policy-framework-using-eap-00.doc IETF 76 – Hiroshima Stephen McCann, Mike Montemurro.

Aug 3, 2004AAA WG, IETF 60 San Diego1 Diameter NASReq Application Status David Mitton, Document Editor.

12-July-2006IETF 66, Montreal1 Implementation Experience with a New Wireless EAP Method David Mitton RSA Security, Inc.

July 16, Diameter EAP Application (draft-ietf-aaa-eap-02.txt) on behalf of...

Draft-vandevelde-v6ops-addcon-00.txt IPv6 Unicast Address Assignment Considerations Gunter Van de Velde (editor) Tim Chown Ciprian Popoviciu IETF 65, March.

MISMO Trimester Meeting June 4 - 7, 2012 Santa Ana, CA XML, Xpath and XSLT Greg Alvord Senior Data Architect, RealEC David Krause AVP, Radian Guaranty.

EAP Extensions for EAP Re- authentication Protocol (ERP) draft-wu-hokey-rfc5296bis-01 Yang Shi Qin Wu Zhen Cao

March 2006IETF 65, Dallas1 Diameter NASreq (RFC 4005) and RADIUS Compatibility David Mitton RSA Security Inc. draft-mitton-diameter-radius-vsas-01.txt.

Considerations for Civic Addresses in PIDF-LO draft-wolf-civicaddresses-austria-01 IETF 71, Mar 2008, Philadelphia, PA, USA Karl Heinz Wolf Alexander Mayrhofer.

RADEXT WG RADIUS Attribute Guidelines Greg Weber March 21 st, 2006 IETF-65, Dallas v1 draft-weber-radius-attr-guidelines-02.txt draft-wolff-radext-ext-attribute-00.txt.

March 19, 2003AAA WG, IETF 561 AAA WG Meeting IETF 56 San Francisco, CA March 19, 2003.

Design Guidelines Thursday July 26, 2007 Bernard Aboba IETF 69 Chicago, IL.

RADEXT WG RADIUS Attribute Guidelines Greg Weber IETF-63, Paris.

RADEXT WG draft-ietf-radext-ieee802ext-09 Bernard Aboba November 4, 2013 IETF 88 Please join the Jabber room:

IETF68 DIME WG Diameter Applications Design Guidelines Document (draft-fajardo-dime-app-design-guide-00.txt)

11/20/2002IETF 55 - AAA WG, NASREQ-101 Diameter-Nasreq-10 Dave Mitton, Most recent Document Editor With Contributions from David Spence & Glen Zorn.

CAPWAP Threat Analysis

BGP extensions for Path Computation Element (PCE) Discovery in a BGP/MPLS IP-VPN draft-kumaki-pce-bgp-disco-attribute-03.txt Kenji Kumaki KDDI R&D Labs,

Jonathan Rosenberg dynamicsoft

draft-ietf-pim-join-attributes-01 draft-ietf-pim-rpf-vector-02

draft-jounay-pwe3-dynamic-pw-update-00.txt IETF 70 PWE3 Working Group

Advertising Generic Information in IS-IS

Informing AAA about what lower layer protocol is carrying EAP

Update on Advertising L2 Bundle Member Link Attributes in IS-IS

Open issues with PANA Protocol

RADEXT WG RADIUS Attributes for WLAN Draft-aboba-radext-wlan-00.txt

RADEXT WG RADIUS Attribute Guidelines

August 2004 at IETF-60 Thoughts on RADIUS Data Model Issues and Some Possible New Approaches -- Including Diameter Compatibility.

AAA and AAAS URI Miguel A. Garcia draft-garcia-dime-aaa-uri-00.txt

Optional FCS Retention for Ethernet, Frame Relay, and HDLC/PPP Port Mode Current specifications leave payloads vulnerable to undetected accidental or deliberate.

Advanced QlikView Performance Tuning Techniques

Host of Troubles : Multiple Host Ambiguities in HTTP Implementations

NDN Messages and NDN Packets

IETF80, Prague Diameter Maintenance and Extensions (DIME) WG

Diameter NASReq Application Status

ERP extension for EAP Early-authentication Protocol (EEP)

Extending Option Space Discussion Overview and its requirements

GMPLS Signaling Extensions for the Evolving G.709 OTN Control

RADEXT WG RADIUS Attribute Guidelines draft-weber-radius-attr-guidelines-01.txt Greg Weber November 8th, 2005 v1 IETF-64, Vancouver.

DetNet Data Plane Discussion

iSIP: iTIP over SIP and Using iCalendar with SIP

TCP Extended Option Space in the Payload of a Supplementary Segment

Export BGP community information in IPFIX draft-ietf-opsawg-ipfix-bgp-community-02.txt Zhenqiang Li Rong Gu China Mobile Jie Dong Huawei Technologies.

FILS Handling of Large Objects

draft-ppsenak-ospf-te-link-attr-reuse-02

Migration-Issues-xx Where it’s been and might be going

draft-ipdvb-sec-01.txt ULE Security Requirements

FILS Handling of Large Objects

ELECTRONIC MAIL SECURITY

draft-ppsenak-ospf-te-link-attr-reuse-05

EAP State Machines IETF 56 - March 19, 2003

Robert Moskowitz, Verizon

Robert Moskowitz, Verizon

An Update on BGP Support for 4-byte ASN

RIPE October 2005 Geoff Huston APNIC

IEEE MEDIA INDEPENDENT HANDOVER DCN:

PW security measures PWE3 – 65th IETF 21 March 2005 Yaakov (J) Stein.

draft-ietf-dtn-bpsec-06

draft-ietf-bier-ipv6-requirements-01

Data plane round-table Feedback

TRILL Header Extension Improvements

Sam hartman Painless Security IETF 80

Diameter ABFAB Application

Chapter 13: I/O Systems “The two main jobs of a computer are I/O and [CPU] processing. In many cases, the main job is I/O, and the [CPU] processing is.

Presentation transcript:

Diameter NASreq (RFC 4005) and RADIUS Compatibility draft-mitton-diameter-radius-vsas-01.txt David Mitton RSA Security Inc. March 2006 IETF 65, Dallas

Overview Diameter designed to be upwards compatible with RADIUS There will be encodings in Diameter that are not expressible in RADIUS Most RADIUS attributes are supported in RFC 4005, exceptions are noted in Section 9. Difficulty arises with Vendor Specific Attributes (VSAs) March 2006 IETF 65, Dallas

Problems RADIUS VSA typical practice involves unknown formats for sub-types and lengths. Gateway must know format to translate RFC 4005 Section 9.6 only works for some RADIUS VSAs Imposes limitations on Vendor type space Diameter VS AVPs must be restrained to fit into RADIUS Diameter AVP type space larger than RADIUS suggested format Diameter AVP data can be longer Diameter AVPs have flags March 2006 IETF 65, Dallas

RADIUS VSAs vs Diameter Vendor Specific AVPs RADIUS VSA format Suggested format Length: 8 != 24 Type: 8 != 32 Diameter Vendor AVP format First block show suggested RADIUS VSA format, but many do not follow the Type and Data Length suggestions Cause Issues mapping into Diameter March 2006 IETF 65, Dallas

Goals Provide a mapping that allows bidirectional communication through a translating gateway system or bilingual server Minimize special cases and vendor specific knowledge in gateways Allow mix of Diameter and RADIUS speaking equipment and servers that don’t use different AVPs for same information no point in devising schemes for encoding data in ways March 2006 IETF 65, Dallas

Proposal draft-mitton-diameter-radius-vsas-01.txt Translate RADIUS VSAs as Diameter AVP #26. This is NOT as described in RFC 4005 Sect 9.6 Translate Diameter VS AVPs to a new RADIUS attribute. March 2006 IETF 65, Dallas

RADIUS VSAs as Diameter AVP 26 No transformation of attribute data – Avoids vendor specific knowledge which allows transparent pass-through Only end clients & servers need to know inner format No additional encoding overhead Length must be constrained to RADIUS limits. March 2006 IETF 65, Dallas

Proposed RADIUS VSA to Diameter AVP 26 mapping March 2006 IETF 65, Dallas

Diameter Vendor Specific AVPs in a RADIUS attribute Add a new RADIUS attribute Provide fields of the proper length Define fragmentation and aggregation Similar to EAP message attribute Add segment number for concatenation Suppress redundant VID and VType on non-first segment March 2006 IETF 65, Dallas

Proposed RADIUS Diameter VS Attribute Diameter Vendor Attribute RADIUS Diameter VSA March 2006 IETF 65, Dallas

Affects Documents: Changing Diameter Vendor Encapsulation Affects Diameter Base RFC 3588, and Diameter NAS Application RFC 4005 Specify RADIUS format of Diameter TLVs Affects RADIUS document ??? Need to make one ! March 2006 IETF 65, Dallas

Generic Diameter AVP to RADIUS Attribute While we’re at it, why not define a way to map Diameter AVPs (Type > 255) to RADIUS and vice versa. Use same format as VS mapping without Vendor stuff March 2006 IETF 65, Dallas

Proposed RADIUS Diameter AVP Attribute Diameter Vendor Attribute RADIUS Diameter VSA March 2006 IETF 65, Dallas

Conclusion If we get rid of the RADIUS VSAs transformation in RFC 4005 Section 9 and add AVP #26 can transit Diameter with no transformational knowledge or loss of data Add a RADIUS attribute to hold Diameter VS and regular AVPs The two vendor spaces end up independent, but can be used by either. Add for RADIUS group – generic Diameter to RADIUS format? – format suggested in email to list/Weber March 2006 IETF 65, Dallas