IETF Logo Mail Archive

Re: [Mip6] mip6-aaa frameworks

Julien Bournelle <julien.bournelle@int-evry.fr> Wed, 16 February 2005 12:43 UTC

Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA03560 for <mip6-web-archive@ietf.org>; Wed, 16 Feb 2005 07:43:51 -0500 (EST)
Received: from megatron.ietf.org ([132.151.6.71]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1D1OsI-0002hI-Ll for mip6-web-archive@ietf.org; Wed, 16 Feb 2005 08:05:50 -0500
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1D1OUS-0002MA-65; Wed, 16 Feb 2005 07:41:12 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1D1OPY-0001Yu-6X for mip6@megatron.ietf.org; Wed, 16 Feb 2005 07:36:08 -0500
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA02607 for <mip6@ietf.org>; Wed, 16 Feb 2005 07:36:06 -0500 (EST)
Received: from smtp2.int-evry.fr ([157.159.10.45]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1D1Okk-0002JQ-Gl for mip6@ietf.org; Wed, 16 Feb 2005 07:58:05 -0500
Received: from ipv6-3.int-evry.fr (ipv6-3.int-evry.fr [157.159.100.76]) by smtp2.int-evry.fr (Postfix) with ESMTP id C6DEA8273; Wed, 16 Feb 2005 13:35:27 +0100 (CET)
Received: from jb by ipv6-3.int-evry.fr with local (Exim 4.34) id 1D1OOO-0003At-MR; Wed, 16 Feb 2005 13:34:56 +0100
Date: Wed, 16 Feb 2005 13:34:56 +0100
From: Julien Bournelle <julien.bournelle@int-evry.fr>
To: Alper Yegin <alper.yegin@samsung.com>
Subject: Re: [Mip6] mip6-aaa frameworks
Message-ID: <20050216123456.GJ11112@ipv6-3.int-evry.fr>
References: <01cd01c512e3$c4f4a250$016115ac@dcml.docomolabsusa.com> <11d201c51329$c83d61e0$291d9069@sisa.samsung.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <11d201c51329$c83d61e0$291d9069@sisa.samsung.com>
User-Agent: Mutt/1.5.6+20040907i
X-INT-MailScanner-Information: Please contact the ISP for more information
X-INT-MailScanner: Found to be clean
X-MailScanner-From: jb@int-evry.fr
X-Spam-Score: 0.0 (/)
X-Scan-Signature: bdc523f9a54890b8a30dd6fd53d5d024
Cc: mip6@ietf.org
X-BeenThere: mip6@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: mip6.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/mip6>, <mailto:mip6-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:mip6@ietf.org>
List-Help: <mailto:mip6-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/mip6>, <mailto:mip6-request@ietf.org?subject=subscribe>
Sender: mip6-bounces@ietf.org
Errors-To: mip6-bounces@ietf.org
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 3002fc2e661cd7f114cb6bae92fe88f1

Hi all,

 more comments concerning framework 1 and 2 inline:

On Mon, Feb 14, 2005 at 10:44:19PM -0800, Alper Yegin wrote:
> 
> Framework 1:
> ------------
> Using network access AAA to deliver MIP6 configuration parameters from
> the AAA server to the MN. 
> 
> MIP6 configuration is directly delivered from the AAA server to the MN
> during network access AAA, in-band with the authentication (e.g.,
> transported by EAP or EAP methods).
> 
> Related I-Ds:
> 
> draft-giaretta-mip6-authorization-eap-01
> draft-le-aaa-mipv6-requirements-03
> draft-ohnishi-mip6-aaa-problem-statement-00
> 
> Discussion:
> 
> The end2end transport between the AAA and the MN is the key. Use of EAP
> for this somewhat network access unrelated "configuration" is not
> recommended as far as I understand. One can design his own EAP method to
> do that, yet that would have limited applicability.

Concerning this framework, it appears that we have 2 possibilities:

 - define a new EAP method, the EAP server will be in charge of
   selecting the right method based on NAI for example. The problem is
   that we could have a user having the mip6 stack but who didn't want
   to use it. With this approach, it appears that we always configure
   the mip6 service.

 - use EAP-TLVs (draft-giaretta-mip6-authorization), the problem here is
   that EAP hasn't been designed for configuration.

> Framework 2:
> ------------
> Using network access AAA to deliver MIP6 configuration parameters from
> the AAA server to the NAS. It is assumed that parameters will be
> delivered from the NAS to the MN via another protocol (e.g., DHCP, PANA,
> etc.)
> 
> Related I-Ds:
> 
> draft-chowdhury-mip6-bootstrap-radius-00
> draft-jang-dhc-haopt-00
> 
> Discussion:
> 
> This is similar to NAS learning the IP address for the connected host
> via RADIUS, and delivering it to the host via DHCP.
> 
> James had a comment regarding not having to support intra-operator
> interoperability. I think regardless of the deployment, interoperability
> between vendors is the important. Also, I was not sure on the complexity
> argument.
> 
> 3GPP2 has already chosen this scheme. Some other SDO(s) may follow the
> suit.

Concerning this framework, I also see 2 possibilities:

 - add mip6 functionalities to exisiting applications: basically add some
   AVPs and mechanisms to RADIUS EAP/ Diameter EAP (if EAP is in use).
   This also imply some modifications to 802.1X/PANA/...

 - define a specific AAA application for mip6.  In this case, we'll have
   at least two AAA applications used in the access network. The reason
   is that I guess we won't have only mip6 terminal. Thus the
   authentication agent will need a way to select the right application.
  The protocol used between the MN and the authentication agent will
  also need some modifications to handle this.


-- 
julien.bournelle@int-evry.fr

_______________________________________________
Mip6 mailing list
Mip6@ietf.org
https://www1.ietf.org/mailman/listinfo/mip6

v2.23.0 | Report a Bug | By Email