RE: [Pana] and network selection
Avi Lior <avi@bridgewatersystems.com> Tue, 09 November 2004 16:53 UTC
Received: from megatron.ietf.org (megatron.ietf.org [132.151.6.71]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA19303 for <pana-archive@lists.ietf.org>; Tue, 9 Nov 2004 11:53:11 -0500 (EST)
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CRZB7-00051r-TM; Tue, 09 Nov 2004 11:49:09 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CRZ35-000328-JN for pana@megatron.ietf.org; Tue, 09 Nov 2004 11:40:52 -0500
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA17573 for <pana@ietf.org>; Tue, 9 Nov 2004 11:40:48 -0500 (EST)
Received: from bws14.bridgewatersystems.com ([216.113.7.14]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1CRZ3r-0008SQ-Tg for pana@ietf.org; Tue, 09 Nov 2004 11:41:40 -0500
Received: by exch01.bridgewatersys.com with Internet Mail Service (5.5.2657.72) id <VTH7CZLK>; Tue, 9 Nov 2004 11:40:20 -0500
Message-ID: <F17FB067A86B2D488382C923C532EAA7024A4D8B@exch01.bridgewatersys.com>
From: Avi Lior <avi@bridgewatersystems.com>
To: 'Alper Yegin' <alper.yegin@samsung.com>, jari.arkko@piuha.net
Subject: RE: [Pana] and network selection
Date: Tue, 09 Nov 2004 11:40:19 -0500
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2657.72)
Content-Type: text/plain
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 6ffdee8af20de249c24731d8414917d3
Cc: pana@ietf.org, 'Yoshihiro Ohba' <yohba@tai.toshiba.com>, Avi Lior <avi@bridgewatersystems.com>
X-BeenThere: pana@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Protocol for carrying Authentication for Network Access <pana.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/pana>, <mailto:pana-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:pana@ietf.org>
List-Help: <mailto:pana-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/pana>, <mailto:pana-request@ietf.org?subject=subscribe>
Sender: pana-bounces@ietf.org
Errors-To: pana-bounces@ietf.org
Hi Alper, I personally agree that PANA should do network selection and that the EAP based network selection is only a stop gap. That is why I really started this discussion. But if PANA is the way we ought to do network selection I think it is missing somethings. -Its not enough to select the next hop; PaC---PAA/NAS---VAAA----B1AAA-----B2AAA----HAAA | | +-------B3AAA------+ As the diagram shows, the user my prefer to go through B3AAA and not B2AAA. -It should present possible options by knowing the PaC. Perhaps the PaC should send the identity in the Start-Request. Then the PAA can respond with the appropriate ISP Information. In other words, why not duplicate the EAP network selection capability? > -----Original Message----- > From: Alper Yegin [mailto:alper.yegin@samsung.com] > Sent: Tuesday, November 09, 2004 11:06 AM > To: jari.arkko@piuha.net > Cc: 'Avi Lior'; 'Yoshihiro Ohba'; pana@ietf.org > Subject: RE: [Pana] and network selection > > > Jari, > > > Yes. Two things remain, however: > > > > (1) Does someone have an answer as to how all this can be > > accomplished in the current AAA protocols while > > still allowing the local access provider to have > > a proxy AND roaming? I'm not quite sure how the > > destination realm value is set in the case of > > Diameter EAP, for instance. > > I think Yoshi has responded to that issue. > > > > > (2) We need to consider this in light of Avi's question, > > which was what additional value the PANA ISP selection > > provides over things that already exist in EAP. I > > personally do not believe you absolutely need to > > have additional value, but of course it would be > > useful if you could demonstrate, for instance, that > > your "L2" network selection scheme is better than > > what exists in 802.1X. > > I think ND&S belongs to layers below EAP (EAP lower-layer, or > even below that). Doing that in EAP can only be workaround in > case lower-layers don't already handle that. Maybe not all > EAP lower-layers can handle that, but since we are designing > PANA from scratch, we could. So, imho we are doing the "right > thing" ;-) > > So, imo, the right question is not why we need this > functionality in PANA when we can do it with EAP, but the > other way around. I hope someone can answer that too. > > Meanwhile, let me discuss what happens when you do ND&S in > EAP. I presume you are referring to > "draft-adrangi-eap-network-discovery-05". > My comments are based on that. > > EAP is for "authentication". I think the authentication > end-points should be chosen before the authentication is > engaged. If not, then we end up having to require changes to > EAP behavior, as the I-D suggests. On the peer, > authenticator, and the authentication server. > > The ISP ND&S issue can be solved within client-NAS. There > shouldn't be a need to involve the AS, but the I-D suggests > that. And I didn't understand which AS fails the client ID > when the NAI is not supported... > > Performance is another issue. ND&S is best done before EAP is > engaged. The proposed scheme in the worst case involves an > extra round trip to a AS to do ND&S. > > The scheme suggests adding information after the NUL in id > request. "workaround" is the nicest word that comes to my > mind to characterize such a solution. And, of course it may > conflicts with other people's "workarounds" ;-) > > And the MTU limitation... > > Overall, I can see this scheme being needed when the > lower-layers don't help at all. When using PANA, ISP > selection can be handled by PANA-specific mechanism. > > > Going back to 802.1X... Is there a ND&S facility in 1X? Or, > are you referring to the EAP-scheme I discussed above? > > > > > Speaking of multicast packets, how does a PANA client > > know that it needs to initiate a PANA exchange? > > It either knows the PAA in advance, or dynamically discovers > (solicited and unsolicited PANA-Start) it. > > > What > > if you added a new PANA multicast message that told > > the client about this and carries the ISP/ASP info > > within it? > > Hmm... We don't have that. But the cost of ISP/ASP discovery > is one mcast sent by the PaC in the worst case. So, I'm not > sure if the benefit overweighs the cost of adding one more > message/mechanism to the spec... Comments? > > Alper > > > > > > > > --Jari > _______________________________________________ Pana mailing list Pana@ietf.org https://www1.ietf.org/mailman/listinfo/pana
- [Pana] and network selection Avi Lior
- Re: [Pana] and network selection Yoshihiro Ohba
- RE: [Pana] and network selection Avi Lior
- Re: [Pana] and network selection Yoshihiro Ohba
- Re: [Pana] and network selection Jari Arkko
- Re: [Pana] and network selection Yoshihiro Ohba
- Re: [Pana] and network selection Jari Arkko
- RE: [Pana] and network selection Avi Lior
- Re: [Pana] and network selection Jari Arkko
- RE: [Pana] and network selection Alper Yegin
- RE: [Pana] and network selection Alper Yegin
- Re: [Pana] and network selection Jari Arkko
- RE: [Pana] and network selection Avi Lior
- RE: [Pana] and network selection Avi Lior
- Re: [Pana] and network selection Yoshihiro Ohba
- Re: [Pana] and network selection Yoshihiro Ohba
- RE: [Pana] and network selection Alper Yegin
- RE: [Pana] and network selection Avi Lior
- RE: [Pana] and network selection Mohan Parthasarathy
- Re: [Pana] and network selection Jari Arkko
- Re: [Pana] and network selection Jari Arkko
- Re: [Pana] and network selection Yoshihiro Ohba
- Re: [Pana] and network selection Jari Arkko
- Re: [Pana] and network selection Yoshihiro Ohba
- RE: [Pana] and network selection Alper Yegin
- RE: [Pana] and network selection Alper Yegin