RADIUS issues in IPv6 deployments draft-hu-v6ops-radius-issues-ipv6-01 J. Hu, YL. Ouyang, Q. Wang, J. Qin,

Slides:

Advertisements

Similar presentations

SAVI Requirements and Solutions for ISP IPv6 Access Network ISP-access-01.txt.

Advertisements

EAP Channel Bindings Charles Clancy Katrin Hoeper IETF 76 Hiroshima, Japan November 08-13, 2009.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

Labcourse “Routerlab”

AAA Mobile IPv6 Application Framework draft-yegin-mip6-aaa-fwk-00.txt Alper Yegin IETF 61 – 12 Nov 2004.

Security Threats and Security Requirements for the Access Node Control Protocol (ANCP) IETF 67 - ANCP WG November 5-10, 2006 draft-moustafa-ancp-security-threats-00.txt.

IPv6 Address Provisioning In IPv6 world there are three provisioning aspects wich are independent of whether the IPv6 node is a Host or CE router: IPv6.

DSL Access Architectures and Protocols. xDSL Architecture.

Chapter 16 AAA. AAA Components  AAA server –Authenticates users accessing a device or network –Authorizes user to perform specific activities –Performs.

Remote User Authentication. Module Objectives By the end of this module participants will be able to: Describe the methods available for authenticating.

Carrying Location Objects in RADIUS Hannes Tschofenig, Farid Adrangi, Avi Lior, Mark Jones.

AAA-Mobile IPv6 Frameworks Alper Yegin IETF Objective Identify various frameworks where AAA is used for the Mobile IPv6 service Agree on one (or.

IETF 79 th Considerations for Stateless Translation (IVI/dIVI) in Large SP draft-sunq-v6ops-ivi-sp-01 Qiong Sun( China Telecom) Heyu Wang( China Telecom)

Chapter 18 RADIUS. RADIUS  Remote Authentication Dial-In User Service  Protocol used for communication between NAS and AAA server  Supports authentication,

SP Wi-Fi Services over Residential Architectures (draft-gundavelli-v6ops-community-wifi-svcs) IETF 84 - August, 2012 Authors: Sri Gundavelli(Cisco) Mark.

Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 20 RADIUS and Internet Authentication Service.

1 IPv6 in CableLabs DOCSIS 3.0 IETF v6ops wg meeting IETF#65 Ralph Droms Alain Durand

24/10/ Point6 Pôle de compétences IPv6 en Bretagne Avec le soutien de : Softwires interim meeting L2TP tunnels Laurent Toutain

Guoliang YANG Problem Statement of China Telecom.

1 CDMA/GPRS Roaming Proposals Raymond Hsu, Jack Nasielski Feb

Virtual Private Networks (Tunnels). When Are VPN Tunnels Used? VPN with PPTP tunnel Used if: All routers support VPN tunnels You are using MS-CHAP or.

Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.

Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.

Configuring Routing and Remote Access(RRAS) and Wireless Networking

IPv6 Testing for End Users Experience, Results, Outlook,… Primož Dražumerič.

IPv6 RADIUS attributes for IPv6 access networks draft-lourdelet-radext-ipv6-access-01 Glen Zorn, Benoit Lourdelet Wojciech Dec, Behcet Sarikaya Radext/dhc.

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 1 ver.2 Module 5 City College.

Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.

70-411: Administering Windows Server 2012

Dean Cheng Jouni Korhonen Mehamed Boucadair

Course ILT Internet/intranet support Unit objectives Use the Internet Information Services snap-in to manage IIS, Web sites, virtual directories, and WebDAV.

1 © 2004 Cisco Systems, Inc. All rights reserved. L2VPN RADIUS - IETF 62 L2VPN RADIUS Auto-discovery and provisioning draft-ietf-l2vpn-radius-pe-discovery-01.

TURN-Lite: A Lightweight TURN Architecture and Specification (draft-wang-tram-turnlite-01)draft-wang-tram-turnlite-01 Aijun Wang (China Telecom) Bing Liu.

IPv6 Rapid Deployment in Taiwan Academic Network (TANet) Authors: Po-Kang Chen Chia-Wen Lu Quincy Wu 1.

A SAVI Solution for DHCP Draf-ietf-savi-dhcp-06 J. Bi, J. Wu, G. Yao, F. Baker IETF79, Beijing Nov. 9, 2010.

3Com Confidential Proprietary 3G CDMA AAA Function Yingchun Xu 3COM.

© 1998 R. Gemmell IETF WG Presentation1 Robert Gemmell ROAMOPS Working Group.

Cisco’s Secure Access Control Server (ACS)

Jun Li DHCP Option for Access Network Information draft-lijun-dhc-clf-nass-option-01.

70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Internet Authentication Service.

Dean Cheng Jouni Korhonen Mehamed Boucadair

AAA and Mobile IPv6 Franck Le AAA WG - IETF55. Why Diameter support for Mobile IPv6? Mobile IPv6 is a routing protocol and does not deal with issues related.

03/20/10Plug-and-Play Deployment of Network Devices Tina TSOU Juergen Schoenwaelder

RADIUS 2-Aug-2007.

PANA Framework Prakash Jayaraman, Rafa Marin Lopez, Yoshihiro Ohba, Mohan Parthasarathy, Alper Yegin IETF 59.

Chapter 9: Implementing the Cisco Adaptive Security Appliance

1 HRPD Roamer Authentication Zhibi Wang, Sarvar Patel, Simon Mizikovsky, Nancy Lee.

Configuring AAA Kamyar Miremadi Laila Sherif Summer 2005.

Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.

IETF 81 th Multicast Extensions to DS-Lite Technique in Broadband Deployments draft-qin-softwire-dslite-multicast-04 Wang, Q., Qin, J., Boucadair, M.,

TOPIC: AUTHENTICITY CREATED BY SWAPNIL SAHOO AuthenticityAuthorisation Access Control Basic Authentication Apache BASIC AUTHENTICATIONDIGEST ACCESS AUTHENTICATIONDHCP.

1 VLANs Relates to Lab 6. Short module on basics of VLAN switching.

Security Threats and Security Requirements for the Access Node Control Protocol (ANCP) IETF 68 - ANCP WG March 18-23, 2007 draft-ietf-ancp-security-threats-00.txt.

IPv6 Transition Guide For A Large-scale Broadband Network Guo Liang Yang (Editor) Le Ming Hu Jin Yan Lin China Telecom Sept. 21 st, 2010 draft-yang-v4v6tran-ipv6-transition-guide-00.

Dean Cheng 81 st IETF Quebec City RADIUS Extensions for CGN Configurations draft-cheng-behave-cgn-cfg-radius-ext

IETF 77 RADEXT WG RADIUS Accounting extensions for IPv6 draft-maglione-radext-ipv6-acct-extensions-01 R. Maglione – Telecom Italia B. Varga - Magyar Telekom.

Diameter NAT Control Application (draft-brockners-diameter-nat-control-00.txt) IETF 74, March 2009 Presenter: Wojciech Dec

Lect 8 Tahani al jehain. Types of attack Remote code execution: occurs when an attacker exploits a software and runs a program that the user does not.

Applicability of Proxy Mobile IPv6 for Service Provider Wi-Fi Deployments Byju Pularikkal Rajeev Koodli Sri Gundavelli.

IETF 78 RADIUS extensions for DS-Lite draft-maglione-softwire-dslite-radius-ext-00 R. Maglione – Telecom Italia A. Durand – Juniper Networks.

Page 1 Inter Working Between Trusted and Non-Trusted Models LBS Roaming Meeting, Macau March 22, 2007 Inter Working Between Trusted and Non-Trusted Models.

RADIUS By: Nicole Cappella. Overview  Central Authentication Services  Definition of RADIUS  “AAA Transaction”  Roaming  Security Issues and How.

Deploying Dual-Stack Lite in IPv6 Network draft-boucadair-dslite-interco-v4v6-04 Mohamed Boucadair

Mobility With IP, implicit assumption that there is no mobility. Addresses -- network part, host part -- so routers determine how to get to correct network.

Hokey Architecture Deployment and Implementation

Pass4itsure Cisco Dumps

Wireless Communication CDMA EVDO Systems

Chapter 10: Advanced Cisco Adaptive Security Appliance

Dayong GUO Sheng JIANG (Speaker) Remi Despres

Presentation transcript:

RADIUS issues in IPv6 deployments draft-hu-v6ops-radius-issues-ipv6-01 J. Hu, YL. Ouyang, Q. Wang, J. Qin,

Issues encountered Issue #1: Identifying users of different protocols – If RADIUS is only used for authentication but not configurations assignment by centralized AAA, the NAS got troubles to verify whether the user is authorized to be assigned an IPv4, IPv6 address or both, for example. Issue #2: Network or Host on Customer Premises? – There are two models of IPv6 service delivery, “framed service to a single host”, or “home network through CPE”. – The situation is similar to #1. Issue #3: Protocol Specific Accounting – The current semantics of accounting is for all traffic over the given Access Service

Possible solutions Vendor-Specific Attributes – Work for all; – Suffer from interoperation problems. Special implementations of NAS – Work for issue #1, #2; – Set several domains on NAS accordingly, like “v4, v6 or dual-stack”, with “Framed Host, or Home Network ” – Require the users to attach additional information like when sending request, for BNG to verify the category of users locally without AAA procedure. Define new Attributes – Work for all; – For issue #3, would propose to define Attributes for “Framed” services like, Acct-Framed-IPv4-input/output-* Acct-Framed-IPv6-input/output-*

Next step Adopt it as an informational document? Then, what’s the right direction of the approaches?