RE: [Pana] and network selection
Avi Lior <avi@bridgewatersystems.com> Tue, 09 November 2004 16:53 UTC
Received: from megatron.ietf.org (megatron.ietf.org [132.151.6.71]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA19303 for <pana-archive@lists.ietf.org>; Tue, 9 Nov 2004 11:53:11 -0500 (EST)
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CRZB7-00051r-TM; Tue, 09 Nov 2004 11:49:09 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CRZ35-000328-JN for pana@megatron.ietf.org; Tue, 09 Nov 2004 11:40:52 -0500
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA17573 for <pana@ietf.org>; Tue, 9 Nov 2004 11:40:48 -0500 (EST)
Received: from bws14.bridgewatersystems.com ([216.113.7.14]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1CRZ3r-0008SQ-Tg for pana@ietf.org; Tue, 09 Nov 2004 11:41:40 -0500
Received: by exch01.bridgewatersys.com with Internet Mail Service (5.5.2657.72) id <VTH7CZLK>; Tue, 9 Nov 2004 11:40:20 -0500
Message-ID: <F17FB067A86B2D488382C923C532EAA7024A4D8B@exch01.bridgewatersys.com>
From: Avi Lior <avi@bridgewatersystems.com>
To: 'Alper Yegin' <alper.yegin@samsung.com>, jari.arkko@piuha.net
Subject: RE: [Pana] and network selection
Date: Tue, 09 Nov 2004 11:40:19 -0500
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2657.72)
Content-Type: text/plain
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 6ffdee8af20de249c24731d8414917d3
Cc: pana@ietf.org, 'Yoshihiro Ohba' <yohba@tai.toshiba.com>, Avi Lior <avi@bridgewatersystems.com>
X-BeenThere: pana@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Protocol for carrying Authentication for Network Access <pana.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/pana>, <mailto:pana-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:pana@ietf.org>
List-Help: <mailto:pana-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/pana>, <mailto:pana-request@ietf.org?subject=subscribe>
Sender: pana-bounces@ietf.org
Errors-To: pana-bounces@ietf.org
Hi Alper,
I personally agree that PANA should do network selection and that the EAP
based network selection is only a stop gap. That is why I really started
this discussion.
But if PANA is the way we ought to do network selection I think it is
missing somethings.
-Its not enough to select the next hop;
PaC---PAA/NAS---VAAA----B1AAA-----B2AAA----HAAA
| |
+-------B3AAA------+
As the diagram shows, the user my prefer to go through B3AAA and not B2AAA.
-It should present possible options by knowing the PaC. Perhaps the PaC
should send the identity in the Start-Request. Then the PAA can respond
with the appropriate ISP Information.
In other words, why not duplicate the EAP network selection capability?
> -----Original Message-----
> From: Alper Yegin [mailto:alper.yegin@samsung.com]
> Sent: Tuesday, November 09, 2004 11:06 AM
> To: jari.arkko@piuha.net
> Cc: 'Avi Lior'; 'Yoshihiro Ohba'; pana@ietf.org
> Subject: RE: [Pana] and network selection
>
>
> Jari,
>
> > Yes. Two things remain, however:
> >
> > (1) Does someone have an answer as to how all this can be
> > accomplished in the current AAA protocols while
> > still allowing the local access provider to have
> > a proxy AND roaming? I'm not quite sure how the
> > destination realm value is set in the case of
> > Diameter EAP, for instance.
>
> I think Yoshi has responded to that issue.
>
> >
> > (2) We need to consider this in light of Avi's question,
> > which was what additional value the PANA ISP selection
> > provides over things that already exist in EAP. I
> > personally do not believe you absolutely need to
> > have additional value, but of course it would be
> > useful if you could demonstrate, for instance, that
> > your "L2" network selection scheme is better than
> > what exists in 802.1X.
>
> I think ND&S belongs to layers below EAP (EAP lower-layer, or
> even below that). Doing that in EAP can only be workaround in
> case lower-layers don't already handle that. Maybe not all
> EAP lower-layers can handle that, but since we are designing
> PANA from scratch, we could. So, imho we are doing the "right
> thing" ;-)
>
> So, imo, the right question is not why we need this
> functionality in PANA when we can do it with EAP, but the
> other way around. I hope someone can answer that too.
>
> Meanwhile, let me discuss what happens when you do ND&S in
> EAP. I presume you are referring to
> "draft-adrangi-eap-network-discovery-05".
> My comments are based on that.
>
> EAP is for "authentication". I think the authentication
> end-points should be chosen before the authentication is
> engaged. If not, then we end up having to require changes to
> EAP behavior, as the I-D suggests. On the peer,
> authenticator, and the authentication server.
>
> The ISP ND&S issue can be solved within client-NAS. There
> shouldn't be a need to involve the AS, but the I-D suggests
> that. And I didn't understand which AS fails the client ID
> when the NAI is not supported...
>
> Performance is another issue. ND&S is best done before EAP is
> engaged. The proposed scheme in the worst case involves an
> extra round trip to a AS to do ND&S.
>
> The scheme suggests adding information after the NUL in id
> request. "workaround" is the nicest word that comes to my
> mind to characterize such a solution. And, of course it may
> conflicts with other people's "workarounds" ;-)
>
> And the MTU limitation...
>
> Overall, I can see this scheme being needed when the
> lower-layers don't help at all. When using PANA, ISP
> selection can be handled by PANA-specific mechanism.
>
>
> Going back to 802.1X... Is there a ND&S facility in 1X? Or,
> are you referring to the EAP-scheme I discussed above?
>
> >
> > Speaking of multicast packets, how does a PANA client
> > know that it needs to initiate a PANA exchange?
>
> It either knows the PAA in advance, or dynamically discovers
> (solicited and unsolicited PANA-Start) it.
>
> > What
> > if you added a new PANA multicast message that told
> > the client about this and carries the ISP/ASP info
> > within it?
>
> Hmm... We don't have that. But the cost of ISP/ASP discovery
> is one mcast sent by the PaC in the worst case. So, I'm not
> sure if the benefit overweighs the cost of adding one more
> message/mechanism to the spec... Comments?
>
> Alper
>
>
>
>
> >
> > --Jari
>
_______________________________________________
Pana mailing list
Pana@ietf.org
https://www1.ietf.org/mailman/listinfo/pana
- [Pana] and network selection Avi Lior
- Re: [Pana] and network selection Yoshihiro Ohba
- RE: [Pana] and network selection Avi Lior
- Re: [Pana] and network selection Yoshihiro Ohba
- Re: [Pana] and network selection Jari Arkko
- Re: [Pana] and network selection Yoshihiro Ohba
- Re: [Pana] and network selection Jari Arkko
- RE: [Pana] and network selection Avi Lior
- Re: [Pana] and network selection Jari Arkko
- RE: [Pana] and network selection Alper Yegin
- RE: [Pana] and network selection Alper Yegin
- Re: [Pana] and network selection Jari Arkko
- RE: [Pana] and network selection Avi Lior
- RE: [Pana] and network selection Avi Lior
- Re: [Pana] and network selection Yoshihiro Ohba
- Re: [Pana] and network selection Yoshihiro Ohba
- RE: [Pana] and network selection Alper Yegin
- RE: [Pana] and network selection Avi Lior
- RE: [Pana] and network selection Mohan Parthasarathy
- Re: [Pana] and network selection Jari Arkko
- Re: [Pana] and network selection Jari Arkko
- Re: [Pana] and network selection Yoshihiro Ohba
- Re: [Pana] and network selection Jari Arkko
- Re: [Pana] and network selection Yoshihiro Ohba
- RE: [Pana] and network selection Alper Yegin
- RE: [Pana] and network selection Alper Yegin