Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 © 2004 Cisco Systems, Inc. All rights reserved. L2VPN RADIUS - IETF 62 L2VPN RADIUS Auto-discovery and provisioning draft-ietf-l2vpn-radius-pe-discovery-01.

Published byCharles Ferguson Modified over 9 years ago

Similar presentations

Presentation on theme: "1 © 2004 Cisco Systems, Inc. All rights reserved. L2VPN RADIUS - IETF 62 L2VPN RADIUS Auto-discovery and provisioning draft-ietf-l2vpn-radius-pe-discovery-01."— Presentation transcript:

1 1 © 2004 Cisco Systems, Inc. All rights reserved. L2VPN RADIUS - IETF 62 L2VPN RADIUS Auto-discovery and provisioning draft-ietf-l2vpn-radius-pe-discovery-01 Mark Townsley, Greg Weber, Wei Luo, Skip Booth (Juha Heinanen) IETF 62

2 222 © 2004 Cisco Systems, Inc. All rights reserved. L2VPN RADIUS – IETF 62 draft-ietf-l2vpn-radius-pe-discovery-01 -00 presented at IETF-61 Protocol-independent information model corresponding to multi-layered authorization Different layers may map to different protocol- specific solutions based on deployments RADIUS-specific mappings defined Collapsible layers

3 333 © 2004 Cisco Systems, Inc. All rights reserved. L2VPN RADIUS – IETF 62 L2VPN Authorization Steps 1. CE/AC Authorization – Attachment Circuit to VPN ID 2. VPN Authorization – VPN ID to PE Membership 3. PW Authorization – PE Membership to PW signaling CE PE Each step is independent and may be performed by any combination of local configuration, RADIUS, BGP, etc.

4 444 © 2004 Cisco Systems, Inc. All rights reserved. L2VPN RADIUS – IETF 62 L2VPN Authorization Steps 1. CE/AC Authorization – Attachment Circuit to VPN ID 2. VPN Authorization – VPN ID to PE Membership 3. PW Authorization – PE Membership to PW signaling CE PE Each step is independent and may be performed by any combination of local configuration, RADIUS, BGP, etc. VPN-ID=“101:14”

5 555 © 2004 Cisco Systems, Inc. All rights reserved. L2VPN RADIUS – IETF 62 L2VPN Authorization Steps 1. CE/AC Authorization – Attachment Circuit to VPN ID 2. VPN Authorization – VPN ID to PE Membership CE PE Each step is independent and may be performed by any combination of local configuration, RADIUS, BGP, etc. VPN-ID=“101:14” PE-A PE-B 3. PW Authorization – PE Membership to PW signaling

6 666 © 2004 Cisco Systems, Inc. All rights reserved. L2VPN RADIUS – IETF 62 1. CE/AC Authorization – Attachment Circuit to VPN ID 2. VPN Authorization – VPN ID to PE Membership 3. PW Authorization – PE Membership to PW signaling L2VPN Authorization Steps CE PE Each step is independent and may be performed by any combination of local configuration, RADIUS, BGP, etc. PE-A PE-B

7 777 © 2004 Cisco Systems, Inc. All rights reserved. L2VPN RADIUS – IETF 62 Changes in the -01 version draft-ietf-l2vpn-radius-pe-discovery Updated terminology Generalized from VPLS to VPLS/VPWS/etc. Reduce L2VPN-specific requirements on RADIUS servers: e.g. make servers less stateful. Defined RADIUS attributes to support the above

8 888 © 2004 Cisco Systems, Inc. All rights reserved. L2VPN RADIUS – IETF 62 AII: Attachment Individual Identifier AC: Attachment Circuit AGI: Attachment Group Identifier AS: Autonomous System CE: Customer Equipment L2VPN: Layer 2 Provider Provisioned Virtual Private Network NAI Network Access Identifier NAS: Network Access Server PE: Provider Equipment SAI: Source Attachment Identifier SAII: Source Attachment Individual Identifier RADIUS: Remote Authentication Dial In User Service TAI: Target Attachment Identifier TAII: Target Attachment Individual Identifier VPLS: Virtual Private LAN Service VPN: Virtual Private Network VPWS: Virtual Private Wire Service Updated Terminology Latest terminology from: draft-ietf-l2vpn-l2-framework-05 draft-ietf-l2vpn-signaling-03

9 999 © 2004 Cisco Systems, Inc. All rights reserved. L2VPN RADIUS – IETF 62 RADIUS Attributes VPN-ID RFC 2685, “Virtual Private Networks Identifier” Router-Distinguisher draft-ietf-l3vpn-rfc2547bis-03, “BGP/MPLS IP VPNs” Attachment-Individual-ID draft-ietf-l2vpn-signaling-03, “Provisioning Models and Endpoint Identifiers in L2VPN Signaling” Per-Hop-Behavior RFC 3140, “Per Hop Behavior Identification Codes” PE-Router-ID draft-ietf-l2vpn-signaling-03, “Provisioning Models and Endpoint Identifiers in L2VPN Signaling” PE-Address IP address of PE PE-Record PE-Router-ID + AII [+PW attributes/value pairs]

10 10 © 2004 Cisco Systems, Inc. All rights reserved. L2VPN RADIUS – IETF 62 RADIUS Transactions Access-RequestAccess-Response CE/AC Authorization User-Name = NAI or AC name NAS-IP-Address VPN-ID or Router-Distinguisher VSAs for circuit specific parameters VPN Authorization User-Name = VPN-ID or Router-Distinguisher NAS-IP-Address PE-Router-ID PE-Address Attachment-Individual-Identifier or Multiple PE-Records like: “PE-Router-ID:AII” Pseudowire Authorization User-Name = PE-Router-ID NAS-IP-Address VPN-ID or Router-Distinguisher Attachment-Individual-Identifier Per-Hop-Behavior Possibly DSCP setting Collapsed Transaction User-Name = NAI or AC name NAS-IP-Address Multiple PE-Records like: “PE-Router-ID:AII:PHB= ”

11 11 © 2004 Cisco Systems, Inc. All rights reserved. L2VPN RADIUS – IETF 62 RADIUS Examples CE/AC Authorization Request User-Name = "providerX/atlanta@vpnY.domainZ.net" (CE NAI) NAS-IP-Address = "1.1.1.1" Response VPN-ID = "100:14" Request User-Name = "ATM14.0.1" (AC Name) NAS-IP-Address = "1.1.1.1" Response Router-Distinguisher = "1:1.2.3.4:10001"

12 12 © 2004 Cisco Systems, Inc. All rights reserved. L2VPN RADIUS – IETF 62 RADIUS Examples VPN Authorization Request User-Name = "100:14" (VPN-ID) NAS-IP-Address = "1.1.1.1" Response PE-Record = "2.2.2.2:14" (PE-Router-ID:AII) PE-Record = "2.2.2.2:15" PE-Record = "3.3.3.3:24" PE-Record = "3.3.3.3:25" Request User-Name = "100:14" (VPN-ID) NAS-IP-Address = "1.1.1.1" Response PE-Record = "2.2.2.2:14:PHB=256"

13 13 © 2004 Cisco Systems, Inc. All rights reserved. L2VPN RADIUS – IETF 62 RADIUS Examples Pseudowire Authorization Request User-Name = "2.2.2.2" (PE-Router-ID) NAS-IP-Address = "1.1.1.1" Attachment-Individual-ID = "14" VPN-ID = "100:14" Response Per-Hop-Behavior = "256"

14 14 © 2004 Cisco Systems, Inc. All rights reserved. L2VPN RADIUS – IETF 62 To do… Address accounting Steps #1 & #3 most interesting Address dynamic authorization changes (via RFC 3576) Input from RADEXT WG (this week) Security, IANA Scalability Considerations for IPv6? How do CE credentials get to the PE for authenticated “zero-touch” provisioning?

Download ppt "1 © 2004 Cisco Systems, Inc. All rights reserved. L2VPN RADIUS - IETF 62 L2VPN RADIUS Auto-discovery and provisioning draft-ietf-l2vpn-radius-pe-discovery-01."

Similar presentations

Virtual Links: VLANs and Tunneling

Virtual Links: VLANs and Tunneling
Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 BGP based Virtual Private Multicast Service Auto-Discovery and Signaling.

Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 BGP based Virtual Private Multicast Service Auto-Discovery and Signaling.
Juniper Networks, Inc. Copyright © 2000 1 L2 MPLS VPNs Hector Avalos Technical Director-Southern Europe

Juniper Networks, Inc. Copyright © L2 MPLS VPNs Hector Avalos Technical Director-Southern Europe
Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Point-to-Multipoint Pseudowire Signaling and Auto-Discovery in Layer.

Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Point-to-Multipoint Pseudowire Signaling and Auto-Discovery in Layer.
Classical Ethernet Services, Evolution to VPLS (an L2VPN), VPLS Operation Vishal Sharma, Ph.D. Metanoia, Inc. Web:

Classical Ethernet Services, Evolution to VPLS (an L2VPN), VPLS Operation Vishal Sharma, Ph.D. Metanoia, Inc. Web:
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-1 MPLS VPN Technology Introducing VPNs.

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-1 MPLS VPN Technology Introducing VPNs.
Layer 2 Tunneling Protocol (L2TP)

Layer 2 Tunneling Protocol (L2TP)
IPv6 Address Provisioning In IPv6 world there are three provisioning aspects wich are independent of whether the IPv6 node is a Host or CE router: IPv6.

IPv6 Address Provisioning In IPv6 world there are three provisioning aspects wich are independent of whether the IPv6 node is a Host or CE router: IPv6.
CS 672 1 Summer 2003 Lecture 13. CS 672 2 Summer 2003 MP_REACH_NLRI Attribute The MP_REACH_NLRI attribute is encoded as shown below: +---------------------------------------------------------+

CS Summer 2003 Lecture 13. CS Summer 2003 MP_REACH_NLRI Attribute The MP_REACH_NLRI attribute is encoded as shown below:
IETF 59, March 2004Mustapha AïssaouiSlide 1 OAM Procedures for VPWS Interworking draft-aissaoui-l2vpn-vpws-iw-oam-00 Mustapha Aïssaoui, Matthew Bocci,

IETF 59, March 2004Mustapha AïssaouiSlide 1 OAM Procedures for VPWS Interworking draft-aissaoui-l2vpn-vpws-iw-oam-00 Mustapha Aïssaoui, Matthew Bocci,
Draft-li-l2vpn-ccvpn-arch-00IETF 88 L2VPN1 An Architecture of Central Controlled Layer 2 Virtual Private Network (L2VPN) draft-li-l2vpn-ccvpn-arch-00 Zhenbin.

Draft-li-l2vpn-ccvpn-arch-00IETF 88 L2VPN1 An Architecture of Central Controlled Layer 2 Virtual Private Network (L2VPN) draft-li-l2vpn-ccvpn-arch-00 Zhenbin.
© 2009 Cisco Systems, Inc. All rights reserved.ROUTE v1.0—6-1 Connecting an Enterprise Network to an ISP Network Planning the Enterprise-to-ISP Connection.

© 2009 Cisco Systems, Inc. All rights reserved.ROUTE v1.0—6-1 Connecting an Enterprise Network to an ISP Network Planning the Enterprise-to-ISP Connection.
Requirements for MEF E-Tree Support in VPLS draft-key-l2vpn-vpls-etree-reqt-00 Presenter: Frederic Jounay IETF78, July 2010 Authors: Raymond Key Simon.

Requirements for MEF E-Tree Support in VPLS draft-key-l2vpn-vpls-etree-reqt-00 Presenter: Frederic Jounay IETF78, July 2010 Authors: Raymond Key Simon.
SMUCSE 8344 MPLS Virtual Private Networks (VPNs).

SMUCSE 8344 MPLS Virtual Private Networks (VPNs).
Network-based IP VPNs using Virtual Routers Tim Hubbard.

Network-based IP VPNs using Virtual Routers Tim Hubbard.
Network based IP VPN Architecture using Virtual Routers Jessica Yu CoSine Communications, Inc. Feb. 19 th, 2001.

Network based IP VPN Architecture using Virtual Routers Jessica Yu CoSine Communications, Inc. Feb. 19 th, 2001.
Ietf-65 draft-kulmala-l3vpn-interas-option-d-02.txt ASBR VRF Context for BGP/MPLS IP VPN IETF-65 draft-kulmala-l3vpn-interas-option-d-02.txt Marko Kulmala.

Ietf-65 draft-kulmala-l3vpn-interas-option-d-02.txt ASBR VRF Context for BGP/MPLS IP VPN IETF-65 draft-kulmala-l3vpn-interas-option-d-02.txt Marko Kulmala.
Www.huawei.com Virtual Subnet : A L3VPN-based Subnet Extension Solution draft-xu-virtual-subnet-10 Xiaohu Xu (Huawei) Susan Hares (Huawei) Yongbing Fan.

Virtual Subnet : A L3VPN-based Subnet Extension Solution draft-xu-virtual-subnet-10 Xiaohu Xu (Huawei) Susan Hares (Huawei) Yongbing Fan.
© 2009 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 IETF 84 – Vancouver August 2012 LSP Ping Support for P2MP PWs (draft-jain-pwe3-p2mp-pw-lsp-ping-00.txt)

© 2009 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 IETF 84 – Vancouver August 2012 LSP Ping Support for P2MP PWs (draft-jain-pwe3-p2mp-pw-lsp-ping-00.txt)
Draft-boutros-bess-evpn-vpws-service-edge-gateway-00 Sami Boutros Ali Sajassi Patrice Brissette [Cisco Systems] Daniel Voyer [Bell Canada] IETF 92,

Draft-boutros-bess-evpn-vpws-service-edge-gateway-00 Sami Boutros Ali Sajassi Patrice Brissette [Cisco Systems] Daniel Voyer [Bell Canada] IETF 92,

Similar presentations

Ads by Google