Download presentation
Presentation is loading. Please wait.
Published byMilton Richard Modified over 9 years ago
1
Issues to Consider w.r.t Protocol Solution - IETF54 -
2
PANA WG, IETF 54, Solution Issues Goal Identify issues early enough to provide feedback to requirements Kick-start solution discussions Not to design the solution now!
3
PANA WG, IETF 54, Solution Issues UDP/ICMP/IP? What would be PANA based on to encapsulate EAP? –UDP –ICMP –IP –?
4
PANA WG, IETF 54, Solution Issues Session Hijacking How do we prevent session hijacking? –Per-packet authentication by IPsec –Per-packet authentication by L2 where available –Frequent re-authentication of PaC
5
PANA WG, IETF 54, Solution Issues PAA Discovery How does the PaC discover PAA? –Sending multicast packet to a well-known address –Anycast –SLP –Piggybacking on router discovery, dhcp –PAA can contact PaC (i.e., PaC discovery, supplemental)
6
PANA WG, IETF 54, Solution Issues Heartbeat What would be the heartbeat mechanism of PANA? –PANA Hello/Bye messages –Ping (icmp echo request/reply) –Local re-authentication –Full re-authentication
7
PANA WG, IETF 54, Solution Issues Limited Free Access How will PANA be triggered when PaC attempts to access beyond “free zone”? –PAA (router) sends an ICMP error message to PaC –PAA sends PANA Start message to PaC –Can PaC know on its own to send PANA Start?
8
PANA WG, IETF 54, Solution Issues Unlimited Access After a successful PANA authentication, how does the PaC gain unlimited access? –EP updates its filters to let any packet from the PaC go through
9
PANA WG, IETF 54, Solution Issues New IP Address after PANA Reasons to get new IP address: –Another IP address with greater scope (e.g., global scope) –Obtain service provider specific IP address If a new IP address needs to be assigned to PaC, how is this done? –PaC’s decision (policy) –PANA Success message can inform PaC –Router (co-located with PAA) can take an action
10
PANA WG, IETF 54, Solution Issues Secure Medium Assumption EAP’s secure medium assumption is no longer valid. How can we ensure protection against eavesdropping and spoofing on PANA? –PANA can recommend use of specific EAP methods when the underlying medium is not secure (e.g., EAP-TTLS, PEAP) –PANA develops its own protection (e.g., ISAKMP, TLS based)
11
PANA WG, IETF 54, Solution Issues Multi-PAA Case If there are multiple first-hop routers, how does PANA work? –Each router has a PAA and responds to discovery, and PaC does PANA with all –Each router has a PAA, each PAA responds to discovery, and PaC does PANA with one –Only one router has PAA
12
PANA WG, IETF 54, Solution Issues Any other?
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.