1 RADIUS Mobile IPv6 Support draft-ietf-mip6-radius-01.txt Kuntal Chowdhury Avi Lior Hannes Tschofenig.

Slides:



Advertisements
Similar presentations
Benoit Lourdelet Wojciech Dec Behcet Sarikaya Glen Zorn July 2009 IPv6 RADIUS attributes for IPv6 access networks IETF-75
Advertisements

Washinton D.C., November 2004 IETF 61 st – mip6 WG Goals for AAA-HA interface (draft-giaretta-mip6-aaa-ha-goals-00) Gerardo Giaretta Ivano Guardini Elena.
External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.
1Nokia Siemens Networks Presentation / Author / Date University of Twente On the Security of the Mobile IP Protocol Family Ulrike Meyer and Hannes Tschofenig.
Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made.
AAA Mobile IPv6 Application Framework draft-yegin-mip6-aaa-fwk-00.txt Alper Yegin IETF 61 – 12 Nov 2004.
Overview of the Mobile IPv6 Bootstrapping Problem James Kempf DoCoMo Labs USA Thursday March 10, 2005.
Mobile IPv6 - NSIS Interaction for Firewall traversal draft-thiruvengadam-nsis-mip6-fw-04 S. Thiruvengadam Hannes Tschofenig Franck Le Niklas Steinleitner.
1 © NOKIA NSIS MIPv6 FW/ November 8 th 2004 Mobile IPv6 - NSIS Interaction for Firewall traversal draft-thiruvengadam-nsis-mip6-fw-01 S. Thiruvengadam.
Bootstrapping MIP6 Using DNS and IKEv2 (BMIP) James Kempf Samita Chakrarabarti Erik Nordmark draft-chakrabarti-mip6-bmip-01.txt Monday March 7, 2005.
Carrying Location Objects in RADIUS Hannes Tschofenig, Farid Adrangi, Avi Lior, Mark Jones.
AAA-Mobile IPv6 Frameworks Alper Yegin IETF Objective Identify various frameworks where AAA is used for the Mobile IPv6 service Agree on one (or.
Chapter 18 RADIUS. RADIUS  Remote Authentication Dial-In User Service  Protocol used for communication between NAS and AAA server  Supports authentication,
ERP for IKEv2 draft-nir-ipsecme-erx-01. Why ERP for IKEv2? RFC 5296 and the bis document define a quick re- authentication protocol for EAP. ERP requires.
Dean Cheng Jouni Korhonen Mehamed Boucadair
November st IETF MIP6 WG Mobile IPv6 Bootstrapping Architecture using DHCP draft-ohba-mip6-boot-arch-dhcp-00 Yoshihiro Ohba, Rafael Marin Lopez,
7/14/2003IETF57 PANA enabling IPsec based Access control draft-mohanp-pana-ipsec-00.txt Mohan Parthasarathy Tahoe Networks - Presented by Hannes Tschofenig.
DIME Rechartering Hannes Tschofenig & Dave Frascone.
Subject: Scenarios Designed for the Verification of Mobile IPv6 Enabling Technologies
3Com Confidential Proprietary 3G CDMA AAA Function Yingchun Xu 3COM.
1 Course Number Presentation_ID © 2001, Cisco Systems, Inc. All rights reserved. External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt.
QUALCOMM Incorporated 1 Protocol Options for BSN- BSMCS Controller Interface Jun Wang, Kirti Gupta 05/16/2005 Notice: Contributors grant a free, irrevocable.
July 16, Diameter EAP Application (draft-ietf-aaa-eap-02.txt) on behalf of...
March 15, 2005 IETF #62 Minneapolis1 EAP Discovery draft-adrangi-eap-network-discovery-10.txt Farid Adrangi ( )
IETF70 DIME WG1 ; ; Diameter Routing Extensions (draft-tsou-dime-base-routing-ext.
IETF65 DIME WG V. Fajardo, A. McNamee, J. Bournelle and H. Tschofenig Diameter Inter Operability Test Suites (draft-fajardo-dime-interop-test-suite-00.txt)
AAA and Mobile IPv6 Franck Le AAA WG - IETF55. Why Diameter support for Mobile IPv6? Mobile IPv6 is a routing protocol and does not deal with issues related.
1 RADIUS Attribute Harmonization and Informational guidelines for PWLAN Farid Adrangi Intel Corporation ( )
Carrying Location Objects in RADIUS Hannes Tschofenig, Farid Adrangi, Avi Lior, Mark Jones.
Draft-ietf-dime-ikev2-psk-diameter-0draft-ietf-dime-ikev2-psk-diameter-08 draft-ietf-dime-ikev2-psk-diameter-09 in progress Diameter IKEv2 PSK: Pre-Shared.
August 2, 2005draft-vidya-mipshop-fast-handover-aaa-00 Handover Keys using AAA (draft-vidya-mipshop-fast-handover-aaa-00.txt) Vidya Narayanan Narayanan.
1 NetLMM Vidya Narayanan Jonne Soininen
EAP Extensions for EAP Re- authentication Protocol (ERP) draft-wu-hokey-rfc5296bis-01 Glen Zorn Qin Wu Zhen Cao.
+ Solution Overview (LR procedure) The whole sequence for localized routing Local routing capability detection Local routing Initiation LR scope or LR.
1 HRPD Roamer Authentication Zhibi Wang, Sarvar Patel, Simon Mizikovsky, Nancy Lee.
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.
Mobile IPv6 with IKEv2 and revised IPsec architecture IETF 61
Carrying Location Objects in RADIUS Presentation written by: Hannes Tschofenig, Allison Mankin Draft Authors: Hannes Tschofenig, F. Adrangi, A. Lior, M.
Emu wg, IETF 70 Steve Hanna, EAP-TTLS draft-funk-eap-ttls-v0-02.txt draft-hanna-eap-ttls-agility-00.txt emu wg, IETF 70 Steve Hanna,
Draft-ietf-aaa-diameter-mip-15.txt Tom Hiller et al Presented by Pete McCann.
Revising RFC 3775 MEXT WG, IETF 70 Vijay Devarapalli
Washinton D.C., November 2004 IETF 61 st – mip6 WG MIPv6 authorization and configuration based on EAP (draft-giaretta-mip6-authorization-eap-02) Gerardo.
Nov. 9, 2004IETF61 PANA WG PANA Specification Last Call Issues Yoshihiro Ohba, Alper Yegin, Basavaraj Patil, D. Forsberg, Hannes Tschofenig.
Quality of Service Authorization Diameter QoS Application F. Alfano, P. McCann, H. Tschofenig, T. Tsenov RADIUS QoS Support H. Tschofenig, A. Mankin,T.
1 Mobility for IPv6 [MIP6] November 12 th, 2004 IETF61.
San Diego, August 2004 IETF 60 th – mip6 WG MIPv6 authorization and configuration based on EAP (draft-giaretta-mip6-authorization-eap-01) Gerardo Giaretta.
Minneapolis, March 2005 IETF 62 nd – mip6 WG Goals for AAA-HA interface (draft-giaretta-mip6-aaa-ha-goals-00) Gerardo Giaretta Ivano Guardini Elena Demaria.
Diameter Mobile IPv6: HA-to-AAAH support draft-ietf-dime-mip6-split-01.txt Julien Bournelle (Ed.) Gerardo Giaretta Hannes Tschofenig Madjid Nakhjiri.
NSIS NAT/Firewall Signaling NSIS Interim Meeting Romsey/UK, June 2004 Martin Stiemerling, Hannes Tschofenig, Cedric Aoun.
1 cellhost-ipv6-52.ppt/ December 13, 2001 / John A. Loughney Minimum IPv6 Functionality for a Cellular Host John Loughney, Pertti Suomela, Juha Wiljakka,
Paris, August 2005 IETF 63 rd – mip6 WG Mobile IPv6 bootstrapping in split scenario (draft-ietf-mip6-bootstrapping-split-00) mip6-boot-sol DT Gerardo Giaretta,
MIP6 RADIUS IETF-72 Update draft-ietf-mip6-radius-05.txt A. LiorBridgewater Systems K. ChowdhuryStarent Networks H. Tschofenig Nokia Siemens Networks.
IETF68 DIME WG Diameter Applications Design Guidelines Document (draft-fajardo-dime-app-design-guide-00.txt)
San Diego, November 2006 IETF 67 th – mip6 WG Goals for AAA-HA interface (draft-ietf-mip6-aaa-ha-goals-03) Gerardo Giaretta Ivano Guardini Elena Demaria.
DIME Virtual Interim Meeting 19th February, 8PM PST Dave Frascone Hannes Tschofenig.
Secure Access and Mobility Jason Kunst, Technical Marketing Engineer March 2016 Location Based Services with Mobility Services Engine ISE Location Services.
Doc.: IEEE /2179r0 Submission July 2007 Steve Emeott, MotorolaSlide 1 Summary of Updates to MSA Overview and MKD Functionality Text Date:
Thoughts on Bootstrapping Mobility Securely Chairs, with help from James Kempf, Jari Arkko MIP6 WG/BOF 57 th IETF Vienna Wed. July 16, 2003.
Pre-authentication Problem Statement (draft-ohba-hokeyp-preauth-ps-00
Mobility for IPv6 (mip6) IETF64 November 10, 05
Booting up on the Home Link
PANA Discussion and Open Issues (draft-ietf-pana-pana-01.txt)
draft-ietf-dime-erp-02
Handover Keys using AAA (draft-vidya-mipshop-fast-handover-aaa-01.txt)
Carrying Location Objects in RADIUS
for IP Mobility Protocols
Report about the Design Team on "Diameter Routing" ietf
IETF67 B. Patil, Gopal D., S. Gundavelli, K. Chowdhury
draft-ipdvb-sec-01.txt ULE Security Requirements
Qin Wu Zhen Cao Yang Shi Baohong He
Presentation transcript:

1 RADIUS Mobile IPv6 Support draft-ietf-mip6-radius-01.txt Kuntal Chowdhury Avi Lior Hannes Tschofenig

2 Changes Editorial changes Added text to attributes regarding its occurrences Updated “Table of Attributes” section with regard to accounting Added “Diameter Considerations” section

3 Next Step Meet RADEXT standards with regard to attribute formatting. Define what to put in Service-Type and/or NAS-Port-Type attributes. Make sure that the Diameter Mobility work in DIME is inline with this document.

4 Backup Slides

5 Overview RADIUS based AAA infrastructure can be used in conjunction with MIPv6 The essential information set for bootstrapping a MIPv6 MN can be sent to the AR or the HA via RADIUS attributes The 01 version of the I-D covers bootstrapping scenarios for the following: –Split Scenario –Integrated Scenario

6 Split Scenario MSA != MSP RADIUS interaction triggered by protocol (MIP6/IKEv2 ) transaction at the HA The HA acts a RADIUS Client. At the end of the RADIUS transaction the HA should have relevant MIPv6 specific parameters The RADIUS server may also instruct the HA to perform DNS update for the MN

7 Integrated Scenario ASA != MSA At the time of access auth/authz, the RADIUS server in the ASA (/MSA) may download the relevant MIPv6 parameters to the NAS/AR The NAS/AR acts as the RADIUS Client The HA aslo acts as the RADIUS Client

8 RADIUS Attributes The Following attributes are identified at present: –Home Agent Address –Home Agent FQDN –Home Link Prefix –Home Address –DNS Update Mobility Option

9 Additional Enhancements The necessary support for the following are planned to be included in the next revision –MIP6 Auth protocol (RFC 4285) and –The associated bootstrapping I-D: draft- devarapalli-mip6-authprotocol-bootstrap

10 AAA-Goals: Compliance G1.1 – G1.4: –These are standard requirements for a AAA protocol mutual authentication, integrity, replay protection, confidentiality. –IPsec can be used to achieve the goals G1.5 Inactive Peer Detection –needs further investigation, since heartbeat messages do not exist in RADIUS. –However, there are robust RADIUS failover mechanisms deployed today for this purpose

11 AAA-Goals: Compliance G2.1: Use of NAI over HA-AAA –Username Attribute can be used for this G2.2: Query for MIPv6 authz –HA can send Access-Request to authz the user G2.3: Enforce operational limitations –RADIUS based NAS-filter-rule, QoS, prepaid…work in progress in IETF

12 AAA-Goals: Compliance G2.4 – G2.6: MIPv6 session limit, disconnect, re-authz etc. –RADIUS attributes likes session-timeout, Change-of-Authorization, Disconnect Message, prepaid extensions can be leveraged to meet these goals. G3.1: Accounting HA-AAA interface –Existing accounting messages can be used –Do we need AR/NAS-AAA accounting?

13 AAA-Goals: Compliance G4.1: HA-AAA intf, pass through EAP auth with HA as the EAP authenticator –In general, RADIUS meets this goal. –Details can be worked out for relevant scenarios. G5.1: DNS update –Already defined the DNS Update Mobility Option Attribute

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.