Presentation is loading. Please wait.

Presentation is loading. Please wait.

Multi-hop PANA IETF 62. 2 Currently: –“For simplicity, it is assumed that the PAA is attached to the same link as the device (i.e., no intermediary IP.

Similar presentations


Presentation on theme: "Multi-hop PANA IETF 62. 2 Currently: –“For simplicity, it is assumed that the PAA is attached to the same link as the device (i.e., no intermediary IP."— Presentation transcript:

1 Multi-hop PANA IETF 62

2 2 Currently: –“For simplicity, it is assumed that the PAA is attached to the same link as the device (i.e., no intermediary IP routers).” Objective of this presentation: –Discuss removal of this constraint Benefit: Flexible deployments Cost: see slides…

3 3 mhop EAP Bar Bof Need mhop EAP lower-layer for AAA of: –network access service Pre-authentication Ad-hoc networks Simple –MIP6 –SNMP –“any” service Scope of mhop PANA is “network access AAA” –mhop PANA may help some of the network access scenarios

4 4 Considerations PAA discovery IP addressing EP location NAT traversal TTL check

5 5 PAA Discovery If the PAA is not on-link, how does the PAA discovery work? –Option 1: Define a new DHCP option –Option 2: “Traffic driven discovery” EP detects PDI, RS, DHCP, etc.; triggers PAA via PANA- SNMP –Option 3: Preconfigured – No changes on the PANA spec. If there are multiple PAAs? –Same issue applies to 1-hop PANA as well –Current spec: PaC picks any

6 6 IP Addressing A link-local PRPA is not suitable for mhop PANA deployments. Include a “deployment consideration” text in the PANA framework I-D: –“If PAA is multiple hops away from the PaC, the access network must allow non-link-local PRPA configuration.”

7 7 EP Location No changes are proposed on the location of EP –L2 access device (e.g., IEEE 802.11 AP) –Access router PAA must know the location of EP(s) –Same as before.

8 8 NAT traversal (1/2) What happens if there is a NAT between EP and PAA? –IP-Address and DI AVPs checked against IP header DI AVP: Bind DI to PANA session –PaC DI is the IP address when IPsec is used. –PAA delivers DI to EP. IP-Address AVP: –Bind PAA IP address to PANA session –If PaC IP address changes (e.g., run DHCP after PANA), PaC notifies PAA Did we really need the integrity checks? –IP address theft/spoofing – IP address ownership issue PaCEP/ARNATPAA

9 9 NAT traversal (2/2) UDP destination port in request messages set to PANA_port. –PAA requests sent to PaC -- port mapping issue Proposal: –Option 1: Remove the integrity checks, handle port issue –Option 2: Include a deployment considerations text: “NAT between PaC and PAA is not supported”.

10 10 TTL Drop the TTL check on both PaC and PAA

11 11 Any other issues? Re-charter? –“For simplicity, it is assumed that the PAA is attached to the same link as the device (i.e., no intermediary IP routers).”


Download ppt "Multi-hop PANA IETF 62. 2 Currently: –“For simplicity, it is assumed that the PAA is attached to the same link as the device (i.e., no intermediary IP."

Similar presentations


Ads by Google