Presentation is loading. Please wait.

Presentation is loading. Please wait.

SNMP for the PAA-2-EP protocol PANA wg - IETF 59 Seoul -> Yacine El Mghazli (Alcatel) <- Yoshihiro Ohba (Toshiba) Julien Bournelle (GET/INT)

Published byDarcy Porter Modified over 9 years ago

Similar presentations

Presentation on theme: "SNMP for the PAA-2-EP protocol PANA wg - IETF 59 Seoul -> Yacine El Mghazli (Alcatel) <- Yoshihiro Ohba (Toshiba) Julien Bournelle (GET/INT)"— Presentation transcript:

1 SNMP for the PAA-2-EP protocol PANA wg - IETF 59 Seoul -> Yacine El Mghazli (Alcatel) <- Yoshihiro Ohba (Toshiba) Julien Bournelle (GET/INT) http://yacine.free.fr/ietf59/pana/draft-yacine-pana-snmp-02.txt

2 Yacine El Mghazli — 2 All rights reserved © 2004, Alcatel Presentation Overview  Introduction PAA-2-EP basic principle PAA-2-EP within the PANA wg Back on the SNMP choice  SNMPv3 applicability against PAA-2-EP protocol reqs  SNMP usage for the PAA-2-EP Re-usable existing MIB modules additional PANA-specific MIB objects  Next Steps

3 Yacine El Mghazli — 3 All rights reserved © 2004, Alcatel Introduction PAA-2-EP functional basic principle PAA AAA backend EP PaCAR PANA auth AAA auth PAA-2-EP Install filter # PaC traffic One single IP subnet

4 Yacine El Mghazli — 4 All rights reserved © 2004, Alcatel Introduction PAA-2-EP within the PANA wg  PANA charter: The PANA working group must mandate one protocol The PANA wg will not design a new protocol design, it may involve the definition of extensions of an existing one  History: IETF55: PAA-2-EP topic introduction – draft-ietf-pana-requirements-0x.txt IETF57: PAA-2-EP protocol considerations – draft-yacine-pana-paa-ep-reqs-00.txt IETF58: PAA-2-EP protocols evaluation – draft-yacine-pana-paa2ep-eval-00.txt  Already a fair amount of discussions on the ML

5 Yacine El Mghazli — 5 All rights reserved © 2004, Alcatel Introduction Why SNMP ?  Consensus regarding the PAA-2-EP protocol within PANA wg: An existing protocol (no new protocol design) Basic configuration needs (no ‘disqualifying‘requirement), but – No disruptive choice – No immature solutions – Follow the IAB recommendations  SNMPv3 fully satisfies the above conditions v3 satisfies the security conditions widely spread for monitoring (« get » messages) « Set » messages allow simple configuration Lots of MIBs available  SNMP provides a simple solution with a high-level of re-use

6 Yacine El Mghazli — 6 All rights reserved © 2004, Alcatel PAA-2-EP protocol SNMPv3 applicability  One-to-many relation 1 SNMP manager (PAA) can relate simultaneously to several Agents (EPs)  Secure communication User-based Security Model (USM) provides authentication, confidentiality, integrity, replay attacks prevention, time windows for the validity of messages.  Notification of PaC presence SNMP can provide this feature using the SMIv2 traps  Accounting The PAA can poll its EPs and the counters considered good enough.

7 Yacine El Mghazli — 7 All rights reserved © 2004, Alcatel PAA-2-EP protocol SNMPv3 applicability (cont’d)  Peer liveness SNMP periodic polling sufficient for inactive EP detection  Rebooted Peer detection snmpEngineBoots MIB to detect rebooted EP  Authorization ACLs and keying material Re-use existing objects

8 Yacine El Mghazli — 8 All rights reserved © 2004, Alcatel SNMP for PAA-2-EP Re-use of existing IPSec configuration MIBs  IPSec configartion MIB recently splitted into 3 separate modules  IPSec SPD configuration MIB module (IPSP wg) Rule/Filter/Action Policy structure Various IP filters, including IP header filter Notification Variables re-usable for the PaC presence trap  IPSec IKE configuration MIB module (IPSP wg) For IP-based access control (draft-ietf-pana-ipsec-02) Pre-shared key configuration (PSK) – Derived at the PAA level ID_KEY_ID configuration (aggressive mode) – PANA session_id

9 Yacine El Mghazli — 9 All rights reserved © 2004, Alcatel SNMP for PAA-2-EP Additional PANA-specific MIB objects  PANA-specific objects extends the SPD-MIB Link-layer Filters PaC presence trap Keying material for L2 protection  Current version -02: IEEE 802 filters New PaC Notification  Browse the whole current MIB set at the following URL: http://yacine.free.fr/ietf59/pana/dev

10 Yacine El Mghazli — 10 All rights reserved © 2004, Alcatel Next Steps  PANA context usage examples (section 6 TBD)  More Link-layer filters Might re-use existing e.g. ADSL ports open/close  Some additonal objects design might be needed L2 protection attributes: e.g. 802.11i keys…  More ?  Gauge room consensus to accept this document as a PANA WG item

11 Yacine El Mghazli — 11 All rights reserved © 2004, Alcatel THANKS

12 Yacine El Mghazli — 12 All rights reserved © 2004, Alcatel PAA-2-EP protocol Requirements Summary  One-to-many PAA-EP relation: required. a given EP relate to multiple PAAs  Secure Communication: required. authentication, confidentiality, and integrity.  New PaC Notification: required. EP to notify unauthorized PaC presence to the PAA. optional (PANA can do that).  Inactive EP detection: not required. satisfied by other means. the architecture can take it into account with e.g. a request-response mechanism.

13 Yacine El Mghazli — 13 All rights reserved © 2004, Alcatel PAA-2-EP protocol Requirements Summary (cont’d)  Stateful approach: not required. the PAA does not maintain any EP state. the whole solution does (at application level). needed some implementation guidance.  Accounting/Feedback from the EPs: required. polling sufficient for the PANA needs  EP Configuration information: The PAA-2-EP protocol must push DI-based filters and keying material down to the EP.

Download ppt "SNMP for the PAA-2-EP protocol PANA wg - IETF 59 Seoul -> Yacine El Mghazli (Alcatel) <- Yoshihiro Ohba (Toshiba) Julien Bournelle (GET/INT)"

Similar presentations

Washinton D.C., November 2004 IETF 61 st – mip6 WG Goals for AAA-HA interface (draft-giaretta-mip6-aaa-ha-goals-00) Gerardo Giaretta Ivano Guardini Elena.

Washinton D.C., November 2004 IETF 61 st – mip6 WG Goals for AAA-HA interface (draft-giaretta-mip6-aaa-ha-goals-00) Gerardo Giaretta Ivano Guardini Elena.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.
PANA Requirements and Terminology - IETF54 -. PANA WG, IETF 54, Requirements and Terminology draft-ietf-pana-requirements-02.txt Changes Comments/questions.

PANA Requirements and Terminology - IETF54 -. PANA WG, IETF 54, Requirements and Terminology draft-ietf-pana-requirements-02.txt Changes Comments/questions.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
May 12, 2015IEEE Network Management Symposium Page-1 Requirements for Configuration Management of IP-based Networks Luis A. Sanchez Chief Technology Officer,

May 12, 2015IEEE Network Management Symposium Page-1 Requirements for Configuration Management of IP-based Networks Luis A. Sanchez Chief Technology Officer,
NS-H0503-02/11041 SNMP. NS-H0503-02/11042 Outline Basic Concepts of SNMP SNMPv1 Community Facility SNMPv3 Recommended Reading and WEB Sites.

NS-H /11041 SNMP. NS-H /11042 Outline Basic Concepts of SNMP SNMPv1 Community Facility SNMPv3 Recommended Reading and WEB Sites.
1 Network Management and SNMP  What is Network Management?  ISO Network Management Model (FCAPS)  Network Management Architecture  SNMPv1 and SNMPv2.

1 Network Management and SNMP  What is Network Management?  ISO Network Management Model (FCAPS)  Network Management Architecture  SNMPv1 and SNMPv2.
SNMP for the PAA-EP protocol PANA wg - IETF 61 Washington DC Yacine El Mghazli (Alcatel) Yoshihiro Ohba (Toshiba) Julien Bournelle (GET/INT) draft-ietf-pana-snmp-02.txt.

SNMP for the PAA-EP protocol PANA wg - IETF 61 Washington DC Yacine El Mghazli (Alcatel) Yoshihiro Ohba (Toshiba) Julien Bournelle (GET/INT) draft-ietf-pana-snmp-02.txt.
Network Protocols UNIT IV – NETWORK MANAGEMENT FUNDAMENTALS.

Network Protocols UNIT IV – NETWORK MANAGEMENT FUNDAMENTALS.
Issues to Consider w.r.t Protocol Solution - IETF54 -

Issues to Consider w.r.t Protocol Solution - IETF54 -
7/14/2003IETF57 PANA enabling IPsec based Access control draft-mohanp-pana-ipsec-00.txt Mohan Parthasarathy Tahoe Networks - Presented by Hannes Tschofenig.

7/14/2003IETF57 PANA enabling IPsec based Access control draft-mohanp-pana-ipsec-00.txt Mohan Parthasarathy Tahoe Networks - Presented by Hannes Tschofenig.
IETF54 Charter Issues Dealt with since IETF53 PANA WG Meeting Basavaraj Patil.

IETF54 Charter Issues Dealt with since IETF53 PANA WG Meeting Basavaraj Patil.
August 1, 2005IETF63 PANA WG Pre-authentication Support for PANA (draft-ohba-pana-preauth-00.txt) Yoshihiro Ohba

August 1, 2005IETF63 PANA WG Pre-authentication Support for PANA (draft-ohba-pana-preauth-00.txt) Yoshihiro Ohba
1 Network Management: SNMP The roots of education are bitter, but the fruit is sweet. - Aristotle.

1 Network Management: SNMP The roots of education are bitter, but the fruit is sweet. - Aristotle.
Network Management Security

Network Management Security
IETF-71, Philadelphia PANA in DSL networks draft-morand-pana-panaoverdsl-01.txt Lionel Morand France Telecom Alper Yegin Samsung Yoshihiro Ohba Toshiba.

IETF-71, Philadelphia PANA in DSL networks draft-morand-pana-panaoverdsl-01.txt Lionel Morand France Telecom Alper Yegin Samsung Yoshihiro Ohba Toshiba.
Real-time Flow Management 2 BOF: Remote Packet Capture Extensions Jürgen Quittek NEC Europe Ltd, Heidelberg, Germany Georg Carle GMD.

Real-time Flow Management 2 BOF: Remote Packet Capture Extensions Jürgen Quittek NEC Europe Ltd, Heidelberg, Germany Georg Carle GMD.
SNMP for the PAA-EP protocol PANA wg - IETF 60 San Diego -> Yacine El Mghazli (Alcatel)

SNMP for the PAA-EP protocol PANA wg - IETF 60 San Diego -> Yacine El Mghazli (Alcatel)
IPsec. 18.1 Introduction 18.2 Security associations 18.3 Internet Security Association and Key Management Protocol (ISAKMP) 18.4 Internet Key Exchange.

IPsec Introduction 18.2 Security associations 18.3 Internet Security Association and Key Management Protocol (ISAKMP) 18.4 Internet Key Exchange.
SNMPv3 1.DESIGN REQUIREMENTS 2.BIRTH & FEATURES of SNMPv3 3.ARCHITECTURE 4.SECURE COMMUNICATION - USER SECURITY MODEL (USM) 5. ACCESS CONTROL - VIEW BASED.

SNMPv3 1.DESIGN REQUIREMENTS 2.BIRTH & FEATURES of SNMPv3 3.ARCHITECTURE 4.SECURE COMMUNICATION - USER SECURITY MODEL (USM) 5. ACCESS CONTROL - VIEW BASED.

Similar presentations

Ads by Google