Diameter NAT Control Application (draft-brockners-diameter-nat-control-00.txt) IETF 74, March 2009 Presenter: Wojciech Dec

Slides:

Advertisements

Similar presentations

Protocol carrying Authentication for Network Access (PANA) Subir Das/Basavaraj Patil Telcordia Technologies Inc./Nokia 12/14/2001.

Advertisements

Benoit Lourdelet Wojciech Dec Behcet Sarikaya Glen Zorn July 2009 IPv6 RADIUS attributes for IPv6 access networks IETF-75

External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.

Gateway Initiated Dual-Stack lite (draft-gundavelli-softwire-gateway-init-ds-lite-01) Authors Frank Brockners Sri Gundavelli

SIP Traversal over NAT Problems and Solutions Mr. Ting-Yun Chi May 2,2006 (Taiwan,NICI IPv6 R&D Division)

Omniran GPP Trusted WLAN Access to EPC Use Case Analysis Date: Authors: NameAffiliationPhone Max RiegelNSN

AAA Mobile IPv6 Application Framework draft-yegin-mip6-aaa-fwk-00.txt Alper Yegin IETF 61 – 12 Nov 2004.

1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.

Rev A8/8/021 ABC Networks

Chapter 16 AAA. AAA Components  AAA server –Authenticates users accessing a device or network –Authorizes user to perform specific activities –Performs.

DHCPv6 class based prefix (draft-bhandari-dhc-class-based-prefix-00) IETF 82, November 2011 Authors: Shwetha Bhandari (Cisco) Sri Gundavelli(Cisco) Gaurav.

24/10/ Point6 Pôle de compétences IPv6 en Bretagne Avec le soutien de : Softwires interim meeting L2TP tunnels Laurent Toutain

IEEE Emergency Services DCN: Title: call flow for Layer 2 support for unauthenticated requests Date.

Guoliang YANG Problem Statement of China Telecom.

1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 4 v3.0 Module 1 Scaling IP Addresses.

PART 2: Product Line. Tenor Switches & Gateways Tenor AX Series Solution For Medium to Large Enterprises  Available in 8, 16, 24 and 48 port Available.

IPv6 RADIUS attributes for IPv6 access networks draft-lourdelet-radext-ipv6-access-01 Glen Zorn, Benoit Lourdelet Wojciech Dec, Behcet Sarikaya Radext/dhc.

Mobile IP, PMIP, FMC, and a little bit more

1. WiMAX_NWG_Stage2 & Stage3. WiMAX Forum The WiMAX Forum is a nonprofit organization formed in 2001 to enhance the compatibility and interoperability.

11 KDDI Trial Hub & Spoke Shu Yamamoto Carl Williams Hidetoshi Yokota KDDI R&D Labs.

Support Services & IP Multimedia Subsystem (IMS)

Dean Cheng Jouni Korhonen Mehamed Boucadair

Application Level Control of Ports in a Service Provider NAT environment Dave Thaler Dan Wing Alain Durand 1.

November st IETF MIP6 WG Mobile IPv6 Bootstrapping Architecture using DHCP draft-ohba-mip6-boot-arch-dhcp-00 Yoshihiro Ohba, Rafael Marin Lopez,

DHCPv6 Route Option (draft-dec-dhcpv6-route-option-03.txt) IETF 77, March 2010 : Wojciech Dec Richard Johnson

Network Layer4-1 Chapter 4: Network Layer r 4. 1 Introduction r 4.2 Virtual circuit and datagram networks r 4.3 What’s inside a router r 4.4 IP: Internet.

Prefix Delegation Protocol Selection T.J. Kniveton MEXT Working Group IETF 70 - December ’07 - Vancouver.

1 Course Number Presentation_ID © 2001, Cisco Systems, Inc. All rights reserved. External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt.

1 Motorola PMIPv4 Call Flows: Bearer Setup with Dual Anchoring Parviz YeganiVojislav VuceticAlmon Tang (408) (732) (847)

Jun Li DHCP Option for Access Network Information draft-lijun-dhc-clf-nass-option-01.

ISP Edge NAT 10/8 “Home” Network Upstreams and Peers /32

Dean Cheng Jouni Korhonen Mehamed Boucadair

IANA Reserved IPv4 Prefix for IPv6 Transition draft-weil-opsawg-provider-address-space-00 IETF 78 July

RADIUS issues in IPv6 deployments draft-hu-v6ops-radius-issues-ipv6-01 J. Hu, YL. Ouyang, Q. Wang, J. Qin,

IPv6/IPv4 XLATE Trial Service for sharing IPv4 address Japan Internet Exchange Co., Ltd. Masataka MAWATARI.

AAA and Mobile IPv6 Franck Le AAA WG - IETF55. Why Diameter support for Mobile IPv6? Mobile IPv6 is a routing protocol and does not deal with issues related.

1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 4 v3.0 Module 1 Scaling IP Addresses.

1 Integrating security in a quality aware multimedia delivery platform Paul Koster 21 november 2001.

Company Confidential 1 ICMPv6 Echo Replies for Teredo Clients draft-denis-icmpv6-generation-for-teredo-00 behave, IETF#75 Stockholm Teemu Savolainen.

Half-Duplex Multicast Distribution Trees (draft-brockners-ldp-half-duplex-mp2mp-00.txt) IETF 68, March 2007 Frank Brockners

IETF67 DIME WG Towards the specification of a Diameter Resource Control Application Dong Sun IETF 67, San Diego, Nov 2006 draft-sun-dime-diameter-resource-control-requirements-00.txt.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 11: Network Address Translation for IPv4 Routing And Switching.

Santhosh Rajathayalan ( ) Senthil Kumar Sevugan ( )

Diameter NAPT Control Application: Discussion on naming of involved entities Frank Brockners.

NAT64-CPE Mode Operation for Opening Residential Service Gang Chen Hui

Public 4over6: WGLC feedback Peng Wu IETF84. Feedback from WGLC Relationship with stateless 4-over-6 solutions? Different primary targets and application.

Diameter NAPT Control Application – Status Update (draft-ietf-dime-nat-control-05) Authors Frank Brockners Shwetha Bhandari

Dean Cheng 81 st IETF Quebec City RADIUS Extensions for CGN Configurations draft-cheng-behave-cgn-cfg-radius-ext

DSLF Subscriber Auth Requirements and IETF PANA Protocol PANA WG Chairs IETF 70 Dec 7, 2007 – Vancouver, Canada.

Washinton D.C., November 2004 IETF 61 st – mip6 WG MIPv6 authorization and configuration based on EAP (draft-giaretta-mip6-authorization-eap-02) Gerardo.

IETF #65 Network Discovery and Selection Problem draft-ietf-eap-netsel-problem-04 Farooq Bari Jouni Korhonen.

Multicast Considerations for Gateway Initiated Dual-Stack lite (draft-brockners-softwire-mcast-gi-ds-lite-00) Authors: Frank Brockners

San Diego, August 2004 IETF 60 th – mip6 WG MIPv6 authorization and configuration based on EAP (draft-giaretta-mip6-authorization-eap-01) Gerardo Giaretta.

Minneapolis, March 2005 IETF 62 nd – mip6 WG Goals for AAA-HA interface (draft-giaretta-mip6-aaa-ha-goals-00) Gerardo Giaretta Ivano Guardini Elena Demaria.

Paris, August 2005 IETF 63 rd – mip6 WG Mobile IPv6 bootstrapping in split scenario (draft-ietf-mip6-bootstrapping-split-00) mip6-boot-sol DT Gerardo Giaretta,

PANA in DSL networks draft-morand-pana-panaoverdsl-00.txt Lionel Morand Roberta Maglione John Kaippallimalil Alper Yegin IETF-67, San Diego.

IETF 78 RADIUS extensions for DS-Lite draft-maglione-softwire-dslite-radius-ext-00 R. Maglione – Telecom Italia A. Durand – Juniper Networks.

Diameter NAPT Control Application – Status Update (draft-ietf-dime-nat-control-15) Authors Frank Brockners Shwetha Bhandari

WholeSale Model 10. WholeSale Model This feature enables the Nomadix device to act as an L2TP Access Concentrator (LAC) and initiate single or multiple.

IPv6 Deployment: Business Cases and Development Options

IEEE 802 OmniRAN Study Group: SDN Use Case

Instructor Materials Chapter 9: NAT for IPv4

Routing and Switching Essentials v6.0

Introducing To Networking

Instructor Materials Chapter 9: NAT for IPv4

Chapter 11: Network Address Translation for IPv4

3GPP and SIP-AAA requirements

PMIP6 extensions for inter-access handovers and flow mobility

Session 4: MULTIMEDIA issues

Presentation transcript:

Diameter NAT Control Application (draft-brockners-diameter-nat-control-00.txt) IETF 74, March 2009 Presenter: Wojciech Dec Authors: Frank Brockners Vaneeta Singh Shwetha Bhandari

Diameter NAT Control Application (DNCA) Problem Statement/Motivation Completion of global IPv4 address space –SP introduce Large Scale NAT (LSN) devices as one response Per-subscriber service portfolio impacted by LSN –Customization: Define/control/parameterize NAT on a per subscriber basis (expand per-subscriber parameters / authorization data) –Operations: Integrate with existing AAA environment –Regulatory: Subscriber tracability – provide global IP-address/port used by a subscriber at any given point in time NASLSN AAA IPv4 Internet private IPv4 addresspublic IPv4 address

Diameter NAT Control Application (DNCA) Solution Characteristics Support 2-types of NAT Control –Per flow NAT-Binding Control: At least portions of the binding (e.g. internal/external address) are not controlled by the device performing NAT, but another entity (e.g. SIP-server, AAA-server, etc.) –Per endpoint NAT-Parameter Control: Define the parameters that control the operation of a NAT-gateway on a per-subscriber/per-endpoint basis (e.g. maximum number of NAT-bindings allowed for an endpoint, address-pools NAT-addresses get assigned from) Per-subscriber/per-endpoint accounting of NAT-bindings, integrated with existing accounting infrastructure (i.e. internal and external address(es) mappings become part of the accounting records) Diameter based protocol to ensure seamless integration with existing Authentication, Authorization, Accounting and Control infrastructure Operation within the SP-trust domain (i.e. no direct protocol interaction with the user) A B C D A1 A2

Diameter NAT Control Application (DNCA) Example for A2: Per-Endpoint NAT-Parameter Control NAS LSN AAA IPv4 Internet Subscriber A NAT-related portion of Subscriber A profile 1. Subscriber A attaches to network 2. Configure LSN for Subscriber A 3. LSN allocates NAT bindings for new flows (following parameters of profile) & sends accounting information for subscriber A Profile: Subscriber A Bandwidth: 1Mbps upstream, 16Mbps downstream Monthly quota: 8 Gbyte Maximum number of NAT-bindings: 100 External NAT-address pool: Residential-Users (= /16) Fixed NAT-bindings: – Accounting: Include NAT-binding information

Why create a new Diameter Application for NAT Control? Some existing protcols with NAT control capabilitiesA1A2BCD MIDCOM (RFC 5189) †, SIMCO (RFC 4540) ETSI Ia (ETSI ES ) ‡ ETSI Gq’ (ETSI TS ) ‡ ITU Rs ‡ (ITU-T Q.3321) ITU Rw ‡ (ITU-T Q , RFC 5431) UPnP IGD, Bonjour NAT-PMP, NAT-PMP relay*, NSLP** Diameter NAT Control Application (DNCA) * draft-woodyatt-spnatpmp-appl ** draft-ietf-nsis-nslp-natfw ‡ NAT Control only a subset of interface capabilities † On MIDCOM see also: RFC 4097 (MIDCOM protocol eval.): “A general assessment might be that Diameter meets and exceeds MIDCOM architectural requirements

Diameter NAT Control Application (DNCA): Deployment Example NASLSN AAA Server Internet DNCA Manager DNCA Agent Session Setup (1) Endpoint attaches to the network (2) Request to AAA-Server to retrieve authorization data for endpoint (3) Reply from AAA-Server with authorization data, including parameters for LSN, e.g. Maximum number of bindings allowed for endpoint Address-pool to be used Fixed bindings to be pre-established for endpoint (4) Session establishment from DNCA-Manager to DNCA-Agent, incl. NAT configuration data for session (5)/(6) Session setup completes Operation: Endpoint accesses Internet, LSN allocates bindings (a) Accounting information on allocated bindings (b) NAS combines accounting information received from DNCA client with local accounting information for endpoint and reports to AAA server Endpoint NASLSN AAA Server Internet DNCA Manager DNCA Agent Endpoint (1) (2)(3) (4) (5)(6) (a) (b) (I): Session Setup (II): Operation

Next Steps Authors appreciate feedback from the WG Add NAT Control to new DIME WG charter?