SNMP for the PAA-EP protocol PANA wg - IETF 62 Minneapolis Yacine El Mghazli (Alcatel) Yoshihiro Ohba (Toshiba) Julien Bournelle (GET/INT) draft-ietf-pana-snmp-03.txt.

Slides:

Advertisements

Similar presentations

1 PANA-IETF70 PANA WG Work Items March 12-13, 2008 IETF 71.

Advertisements

Washinton D.C., November 2004 IETF 61 st – mip6 WG Goals for AAA-HA interface (draft-giaretta-mip6-aaa-ha-goals-00) Gerardo Giaretta Ivano Guardini Elena.

PANA Requirements and Terminology - IETF54 -. PANA WG, IETF 54, Requirements and Terminology draft-ietf-pana-requirements-02.txt Changes Comments/questions.

December 10, Policy Terminology - 01 Report for 49th IETF Preview for AAA Arch RG John Schnizlein.

NS-H /11041 SNMP. NS-H /11042 Outline Basic Concepts of SNMP SNMPv1 Community Facility SNMPv3 Recommended Reading and WEB Sites.

Internet Protocol Security (IPSec)

SNMP for the PAA-EP protocol PANA wg - IETF 61 Washington DC Yacine El Mghazli (Alcatel) Yoshihiro Ohba (Toshiba) Julien Bournelle (GET/INT) draft-ietf-pana-snmp-02.txt.

SNMPv3 Yen-Cheng Chen Department of Information Management National Chi Nan University

Session-based Security Model for SNMPv3 (SNMPv3/SBSM) David T. Perkins Wes Hardaker IETF November 12, 2003.

12/05/2007IETF70 PANA WG1 PANA Network Selection draft-ohba-pana-netsel-00.txt Yoshihiro Ohba.

July 15, 2002IETF54 PANA WG1 PANA Usage Scenarios Updates (draft-ietf-pana-usage-scenarios-02.txt) Yoshihiro Ohba Subir Das

March 20, 2006IETF65 PANA WG PANA Specification Updates (draft-ietf-pana-pana-11.txt) Yoshihiro Ohba

December 13, Policy Terminology - 01 Report for 49th IETF Andrea Westerinen.

Issues to Consider w.r.t Protocol Solution - IETF54 -

7/14/2003IETF57 PANA enabling IPsec based Access control draft-mohanp-pana-ipsec-00.txt Mohan Parthasarathy Tahoe Networks - Presented by Hannes Tschofenig.

1 EAP Usage Issues Feb 05 Jari Arkko. 2 Typical EAP Usage PPP authentication Wireless LAN authentication –802.1x and i IKEv2 EAP authentication.

IETF54 Charter Issues Dealt with since IETF53 PANA WG Meeting Basavaraj Patil.

August 1, 2005IETF63 PANA WG Pre-authentication Support for PANA (draft-ohba-pana-preauth-00.txt) Yoshihiro Ohba

1 Course Number Presentation_ID © 2001, Cisco Systems, Inc. All rights reserved. External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt.

Slide 1 SNMPv3, SSH & Cisco Matthew G. Marsh Chief Scientist of the NEbraskaCERT.

Network Management Security

IETF-71, Philadelphia PANA in DSL networks draft-morand-pana-panaoverdsl-01.txt Lionel Morand France Telecom Alper Yegin Samsung Yoshihiro Ohba Toshiba.

Why not EAP over PANA? Qualcomm, Inc. Vidya Narayanan, Dondeti, Lakshminath, Jun Wang, Pete Barany Notice: QUALCOMM Incorporated grants a free, irrevocable.

Real-time Flow Management 2 BOF: Remote Packet Capture Extensions Jürgen Quittek NEC Europe Ltd, Heidelberg, Germany Georg Carle GMD.

SNMP for the PAA-EP protocol PANA wg - IETF 60 San Diego -> Yacine El Mghazli (Alcatel)

Draft-ietf-dime-ikev2-psk-diameter-0draft-ietf-dime-ikev2-psk-diameter-08 draft-ietf-dime-ikev2-psk-diameter-09 in progress Diameter IKEv2 PSK: Pre-Shared.

PANA Implementation in Open Diameter Victor Fajardo.

Management Attributes RADEXT WG November 8, 2005 Dave Nelson Greg Weber IETF-64, Vancouver.

IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: IETF Liaison Report Date Submitted: November 15, 2007 Presented.

3/20/2007IETF68 PANA WG1 PANA Issues and Resolutions Yoshihiro Ohba Alper Yegin.

PANA Framework Prakash Jayaraman, Rafa Marin Lopez, Yoshihiro Ohba, Mohan Parthasarathy, Alper Yegin IETF 59.

SNMP for the PAA-2-EP protocol PANA wg - IETF 59 Seoul -> Yacine El Mghazli (Alcatel)

Multi-hop PANA IETF Currently: –“For simplicity, it is assumed that the PAA is attached to the same link as the device (i.e., no intermediary IP.

Mar 20, 2005IETF65 PANA WG Requirements for PANA support of location based services draft-anjum-pana-location-requirements-00.txt F. Anjum D. Famolari.

IETF 57 PANA WG PANA Discussion and Open Issues (draft-ietf-pana-pana-01.txt) Dan Forsberg, Yoshihiro Ohba, Basavaraj Patil, Hannes Tschofenig, Alper Yegin.

ISMS IETF72 David Harrington. Status IETF72 Transport Subsystem for the Simple Network Management Protocol (SNMP) –IETF69: draft-ietf-isms-tmsm-09.txt.

SSHSM Issues David Harrington IETF64 ISMS WG Vancouver, BC.

Washinton D.C., November 2004 IETF 61 st – mip6 WG MIPv6 authorization and configuration based on EAP (draft-giaretta-mip6-authorization-eap-02) Gerardo.

Softwire Security Requirement Update draft-ietf-softwire-security-requirements-02.txt IETF Meeting, Prague March 19, 2007 Shu Yamamoto Carl Williams Florent.

Nov. 9, 2004IETF61 PANA WG PANA Specification Last Call Issues Yoshihiro Ohba, Alper Yegin, Basavaraj Patil, D. Forsberg, Hannes Tschofenig.

Presentation at ISMS WG Meeting1 ISMS – March 2005 IETF David T. Perkins.

1 Mobility for IPv6 [MIP6] November 12 th, 2004 IETF61.

IPSec – IP Security Protocol By Archis Raje. What is IPSec IP Security – set of extensions developed by IETF to provide privacy and authentication to.

San Diego, August 2004 IETF 60 th – mip6 WG MIPv6 authorization and configuration based on EAP (draft-giaretta-mip6-authorization-eap-01) Gerardo Giaretta.

Minneapolis, March 2005 IETF 62 nd – mip6 WG Goals for AAA-HA interface (draft-giaretta-mip6-aaa-ha-goals-00) Gerardo Giaretta Ivano Guardini Elena Demaria.

Paris, August 2005 IETF 63 rd – mip6 WG Mobile IPv6 bootstrapping in split scenario (draft-ietf-mip6-bootstrapping-split-00) mip6-boot-sol DT Gerardo Giaretta,

RADIUS Extended Attributes for Management Authorization David B. Nelson IETF 62, RADEXT WG March 9, 2005.

1 IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: EAP Pre-authentication Problem Statement in IETF HOKEY WG Date Submitted: September,

DHCPv4 option for PANA Authentication Agents draft-suraj-dhcpv4-paa-option-00.txt DHC/PANA WG IETF-63 France, Paris.

PANA in DSL networks draft-morand-pana-panaoverdsl-00.txt Lionel Morand Roberta Maglione John Kaippallimalil Alper Yegin IETF-67, San Diego.

7/24/2007IETF69 PANA WG1 PANA Issues and Resolutions draft-ietf-pana-pana-17.txt draft-ietf-pana-framework-09.txt Yoshihiro Ohba Alper Yegin.

San Diego, November 2006 IETF 67 th – mip6 WG Goals for AAA-HA interface (draft-ietf-mip6-aaa-ha-goals-03) Gerardo Giaretta Ivano Guardini Elena Demaria.

Topic 11 Network Management. SNMPv1 This information is specific to SNMPv1. When using SNMPv1, the snmpd agent uses a simple authentication scheme to.

<draft-ohba-pana-framework-00.txt>

Open issues with PANA Protocol

PANA in DSL networks draft-morand-pana-panaoverdsl-01.txt

PANA Discussion and Open Issues (draft-ietf-pana-pana-01.txt)

PANA Issues and Resolutions

SNMP usage for PAA-EP PANA wg - IETF 63 Paris

PANA Discussion in DSL Forum Warsaw Meeting

PAA-EP protocol considerations PANA wg - IETF 57 Vienna

Thomas Nadeau Yacine El Mghazli Kwok Ho Chan

Protocol for Carrying Authentication for Network Access - PANA -

PANA Implementation in Open Diameter

802.11i Bootstrapping Using PANA

Protocol for Carrying Authentication for Network Access - PANA -

PAA-2-EP protocol PANA wg - IETF 58 Minneapolis

OSPF WG Supporting Authentication Trailer for OSPFv3

Network Management Security

Presentation transcript:

SNMP for the PAA-EP protocol PANA wg - IETF 62 Minneapolis Yacine El Mghazli (Alcatel) Yoshihiro Ohba (Toshiba) Julien Bournelle (GET/INT) draft-ietf-pana-snmp-03.txt

Yacine El Mghazli — 2 All rights reserved © 2004, Alcatel Changes since -02 > Section on MIB usage examples in the PANA context Changes based on review by IPSP wg (Robert Story) A filter example for allowing DHCP traffic to pass through EP > Security section Addings based on review by PANA MIB doctor (David Perkins) – Use of cryptographic protection is RECOMMENED – Passphrase management issues for USM – Caution for MIB objectes for which SET operation is allowed – USM or VACM MUST be used for panaL2FilterTable > Support for reliable notification of PaC presence in section 5.3: “If reliability needs to be guaranteed for the notifications (panaNewPacIPNotification and panaNewPacL2Notification), hence inform notification, which is acknowledged, MUST be used. Then the PAA needs to have engine-id to be the authoritative of SNMP clock between EP and PAA (for inform operation the responder becomes the authoritative).”

Yacine El Mghazli — 3 All rights reserved © 2004, Alcatel Next steps & open issues for -04 > Link-layer protection PANA separate document for L2 protection provisioning – i, etc. > SNMPv3 usage Is the security section recommendations enough ? Some additonal objects design might be needed > One more iteration before WGLC

Yacine El Mghazli — 4 All rights reserved © 2004, Alcatel THANKS

Yacine El Mghazli — 5 All rights reserved © 2004, Alcatel Functional basic principle PAA AAA backend EP PaCAR PANA auth AAA auth SNMP Install filter # PaC traffic One single IP subnet

Yacine El Mghazli — 6 All rights reserved © 2004, Alcatel PANA MIB objects for L2 access control & Notifications > PANA-specific objects extends the IPSP SPD-MIB with: Generic L2 Filters – Very simple (only the DI) – Not linked with the whole IPSP structure New PaC presence Notification triggered by: – L2 or IP unauthorized traffic L2 protection (keying material) – Not treated > IP-level access control re-uses the SPD module

Yacine El Mghazli — 7 All rights reserved © 2004, Alcatel Re-use of existing IPSec configuration MIBs for IP level access control > IPSec configuration MIB splitted into 3 separate modules > IPSec SPD configuration MIB module (IPSP wg) Rule/Filter/Action Policy structure Various IP filters, including IP header filter Notification Variables re-usable for the PaC presence notif > IPSec IKE configuration MIB module (IPSP wg) For IP-based access control (draft-ietf-pana-ipsec) Pre-shared key configuration (PSK) – Derived at the PAA level ID_KEY_ID configuration (aggressive mode) – PANA_Session_id|PANA_Key_Id