Presentation is loading. Please wait.

Presentation is loading. Please wait.

Generic AAA based provisioning Of Network Elements Status update EVL 9/10/03 Leon Gommans University of Amsterdam.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Generic AAA based provisioning Of Network Elements Status update EVL 9/10/03 Leon Gommans University of Amsterdam."— Presentation transcript:

1 Generic AAA based provisioning Of Network Elements Status update EVL 9/10/03 Leon Gommans University of Amsterdam

2  Generic AAA quick overview  Generic AAA server status & features  Testbed options  Example policy and request message  Discussion on request message format. 9 Oct 2003Update meeting EVL Leon Gommans Update

3  AAA server may not be a good name. As it does:  Receive a request message that may contain authorization information + other attributes  Fetch a driving policy and evaluate information contained within the request and take an authorization decision  Take one or more policy actions based on the outcome of the policy decision.  Evaluation of policy may involve other AAA servers. 9 Oct 2003Update meeting EVL Leon Gommans Main functions AAA server

4 9 Oct 2003Update meeting EVL Leon Gommans AuthZ sequences * Service AAA User Service AAA User Service AAA User Pull sequence NAS (remote access) RSVP (network QoS) Agent sequence Agents, Brokers, Proxy’s. Push sequence. Tokens, Tickets, AC’s etc. 1 1 1 22 2 3 33 4 4 4 * Source RFC 2904

5 9 Oct 2003Update meeting EVL Leon Gommans Example of AAA server combinations: Roaming using agent & pull sequence Service AAA User 1 2 5 6 AAA 3 4 User Home Organization Service Providers

6 9 Oct 2003Update meeting EVL Leon Gommans Generic AAA Architecture RFC2903 Policy Decision Point Policy Enforcement Point Fundamental idea’s inspired by work of the IETF RAP WG that in RFC 2753 describes a framework for Policy-based Admission Control. Foundation for COPS The point where policy decisions are made. The point where the policy decisions are actually enforced. Request Decision Policy Repository Basic Goal Generic AAA: Allow policy decisions to be made by multiple PDP’s belonging to different administrative domains.

7 9 Oct 2003Update meeting EVL Leon Gommans Generic AAA Architecture Application Specific Module Policy Enforcement Point Archieve goal by by separating the logical decision process from the application specific parts within the PDP. Request Decision Rule Based Engine Policy Repository PDP

8 9 Oct 2003Update meeting EVL Leon Gommans Generic AAA Architecture Application Specific Module Policy Enforcement Point AAA Request Decision Rule Based Engine Policy Repository PDP Application Specific Module Rule Based Engine Policy Repository PDP User Rights Service Service Request

9  First implementation RBE and ASM’s was build as servlet on an Apache / Axis webserver environment. Demo’d at iGrid2002.  Converted RBE and ASM to run within a J2EE EJB container (J2EE V1.4 beta2 reference edition)  Needed Java Connector Architecture which became available in 1.4 to communicate to the outside world to talk CLI/TL-1 or SNMP.  Using JCA was major effort (no/bad documentation - non running example code etc.)  J2EE gives us WS features.  Integrated simple OGSA service as test. 9 Oct 2003Update meeting EVL Leon Gommans Generic AAA server Implementation at UvA

10  simple JanJansen #f034d 192.168.1.5 192.168.1.6 1000 now 20 9 Oct 2003Update meeting EVL Leon Gommans Example XML request message

11 if ( ASM::RM.CheckConnection( Request::BodData.Source, Request::BodData.Destination ) && ( Request::BodData.Bandwidth <= 1000 ) ) then ( ASM::RM.RequestConnection( Request::BodData.Source, Request::BodData.Destination, Request::BodData.Bandwidth, Request::BodData.StartTime, Request::BodData.Duration ) ; Reply::Answer.Message = "Request successful" ) else ( Reply::Error.Message = "Request failed" 9 Oct 2003Update meeting EVL Leon Gommans Example part of a Driving Policy

12 J2EE implementation, AAA Toolkit RBE Policy repository Calient Resrc Adp Calient GARA Resrc Adp GARA portBeans Slot_table Beans XML EIS JCA1.5 Logical ASM VOMS (EIS = Enterprise Information System) 9 Oct 2003Update meeting EVL Leon Gommans

13 Calient DiamondWave API RBE PXC  layer1 optical cross connect  Calient TL1 interface; developed TL1 mngr API  persistence data: [ port, cross_port ]  TL1mngr API: cross(), break(), portState() and connection methods to the Calient ASM AAA TL1 i j 9 Oct 2003Update meeting EVL Leon Gommans

14 802.1Q VLAN Switch AAA 802.1Q VLAN Switch Single - domain 802.1Q VLAN setup Demo iGrid 2002 1000SX 9 Oct 2003Update meeting EVL Leon Gommans SNMP Dot 1Q Bridge MIB SNMP Dot 1Q Bridge MIB AAA Request Message (XML/SOAP)

15 AAA Single - domain Calient setup Available Calient PXC 1000LX TL-1 9 Oct 2003Update meeting EVL Leon Gommans AAA Request Message (XML/SOAP)

16 802.1Q VLAN Switch AAA 802.1Q VLAN Switch Multi - domain setup Awaiting hardware Calient PXC 1000LX 9 Oct 2003Update meeting EVL Leon Gommans AAA Request Message (XML/SOAP) TL-1 SNMP Dot 1Q Bridge MIB SNMP Dot 1Q Bridge MIB

17 AAA Multi-domain Calient setup SC2003 opt 1 1000LX TL-1 9 Oct 2003Update meeting EVL Leon Gommans AAA Request Message (XML/SOAP) Calient PXC 15454 US Domain PIN Calient PXC Request message ?

18 AAA Multi-domain Calient setup SC2003 opt 2 1000LX TL-1 9 Oct 2003Update meeting EVL Leon Gommans AAA Request Message (XML/SOAP) Calient PXC 15454 US Domain PIN Calient PXC Request message ? AAA TL-1

19 802.1Q VLAN Switch AAA Netherlight US Domain Multi - domain setup future option Calient PXC 1000LX PIN Calient PXC 15454 9 Oct 2003Update meeting EVL Leon Gommans AAA Request Message (XML/SOAP) 802.1Q VLAN Switch

20 Thank you ! Research funded by EU DataTAG project and SURFnet Leon Gommans lgommans@science.uva.nl

Download ppt "Generic AAA based provisioning Of Network Elements Status update EVL 9/10/03 Leon Gommans University of Amsterdam."

Similar presentations

Authentication Authorization Accounting and Auditing

Authentication Authorization Accounting and Auditing
LCS Server Programmability John Lamb Consultant Microsoft UK.

LCS Server Programmability John Lamb Consultant Microsoft UK.
Photonic TeraStream and ODIN By Jeremy Weinberger The iCAIR iGRID2002 Demonstration Shows How Global Applications Can Use Intelligent Signaling to Provision.

Photonic TeraStream and ODIN By Jeremy Weinberger The iCAIR iGRID2002 Demonstration Shows How Global Applications Can Use Intelligent Signaling to Provision.
Generic AAA* based Bandwidth on Demand EVL at UIC meeting Leon Gommans

Generic AAA* based Bandwidth on Demand EVL at UIC meeting Leon Gommans
GT 4 Security Goals & Plans Sam Meder

GT 4 Security Goals & Plans Sam Meder
SNMP (Simple Network Management Protocol) Overview Draft Version.

SNMP (Simple Network Management Protocol) Overview Draft Version.
8/10/2001GGF - 3 / Leon Gommans - UvA1 Observations on the CAS architecture made from the Generic AAA perspective. 3rd Global Gridforum Oct. 7-10th 2001.

8/10/2001GGF - 3 / Leon Gommans - UvA1 Observations on the CAS architecture made from the Generic AAA perspective. 3rd Global Gridforum Oct. 7-10th 2001.
Multi-Domain Lightpath Authorization Architecture using Tokens By: Leon Gommans, Paola Grosso, Fred Wan, Cees de Laat, Marten Hoekstra, Yuri Demchenko,

Multi-Domain Lightpath Authorization Architecture using Tokens By: Leon Gommans, Paola Grosso, Fred Wan, Cees de Laat, Marten Hoekstra, Yuri Demchenko,
Token Based Authorization of GMPLS Networks By: Leon Gommans, Paola Grosso, Fred Wan, Cees de Laat, Marten Hoekstra, Li Xu University of Amsterdam By:

Token Based Authorization of GMPLS Networks By: Leon Gommans, Paola Grosso, Fred Wan, Cees de Laat, Marten Hoekstra, Li Xu University of Amsterdam By:
Approaches to EJB Replication. Overview J2EE architecture –EJB, components, services Replication –Clustering, container, application Conclusions –Advantages.

Approaches to EJB Replication. Overview J2EE architecture –EJB, components, services Replication –Clustering, container, application Conclusions –Advantages.
Authorization of a QoS path based on Generic AAA SC2002 Baltimore NOV 16-22 Bas van Oudenaarde Advanced Internet Research Group University of Amsterdam.

Authorization of a QoS path based on Generic AAA SC2002 Baltimore NOV Bas van Oudenaarde Advanced Internet Research Group University of Amsterdam.
Generic AAA model in Grids IRTF - AAAARCH meeting IETF 52 – Dec 14 th Salt Lake City Leon Gommans Advanced Internet Research Group.

Generic AAA model in Grids IRTF - AAAARCH meeting IETF 52 – Dec 14 th Salt Lake City Leon Gommans Advanced Internet Research Group.
Optical networking research in Amsterdam Paola Grosso UvA - AIR group.

Optical networking research in Amsterdam Paola Grosso UvA - AIR group.
2 Object-Oriented Analysis and Design with the Unified Process Objectives  Explain how statecharts can be used to describe system behaviors  Use statecharts.

2 Object-Oriented Analysis and Design with the Unified Process Objectives  Explain how statecharts can be used to describe system behaviors  Use statecharts.
Policy-based Accounting Draft Sebastian Zander, Tanja Zseby GMD FOKUS - German National Research Institute for Information Technology Competence Center.

Policy-based Accounting Draft Sebastian Zander, Tanja Zseby GMD FOKUS - German National Research Institute for Information Technology Competence Center.
AAA-ARCH IRTF-RG Authentication Authorisation and Accounting ARCHitecture Research Group chairs: C. de Laat J. Vollbrecht Content of this talk has contributions.

AAA-ARCH IRTF-RG Authentication Authorisation and Accounting ARCHitecture Research Group chairs: C. de Laat J. Vollbrecht Content of this talk has contributions.
A Heterogeneous Network Access Service based on PERMIS and SAML Gabriel López Millán University of Murcia EuroPKI Workshop 2005.

A Heterogeneous Network Access Service based on PERMIS and SAML Gabriel López Millán University of Murcia EuroPKI Workshop 2005.
IRTF - AAAARCH - RG Authentication Authorisation Accounting ARCHitecture RG chairs: C. de Laat and J. Vollbrecht www.phys.uu.nl/~wwwfi/aaaarch RFC 2903,

IRTF - AAAARCH - RG Authentication Authorisation Accounting ARCHitecture RG chairs: C. de Laat and J. Vollbrecht RFC 2903,
12-1 © Prentice Hall, 2004 Chapter 12: Design Elements Object-Oriented Systems Analysis and Design Joey F. George, Dinesh Batra, Joseph S. Valacich, Jeffrey.

12-1 © Prentice Hall, 2004 Chapter 12: Design Elements Object-Oriented Systems Analysis and Design Joey F. George, Dinesh Batra, Joseph S. Valacich, Jeffrey.
1 July 2005© 2005 University of Kent1 Seamless Integration of PERMIS and Shibboleth – Development of a Flexible PERMIS Authorisation Module for Shibboleth.

1 July 2005© 2005 University of Kent1 Seamless Integration of PERMIS and Shibboleth – Development of a Flexible PERMIS Authorisation Module for Shibboleth.

Similar presentations

Ads by Google