1 / 5

AAAv6

AAAv6. Charles E. Perkins Patrik Flykt Thomas Eklund. Conformance to IPv4 model. Basic DIAMETER doesn’t need changes AAA servers in home and local domain Attendant at local point of attachment Node desiring authorization supplies identification and credentials to attendant. AAAL. AAAH.

niles
Télécharger la présentation

AAAv6

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. AAAv6 Charles E. Perkins Patrik Flykt Thomas Eklund

  2. Conformance to IPv4 model • Basic DIAMETER doesn’t need changes • AAA servers in home and local domain • Attendant at local point of attachment • Node desiring authorization supplies identification and credentials to attendant

  3. AAAL AAAH Local Attendant Home Agent charliep@nokia.com AAA & Mobile IP protocol overview • Advertisement from local attendant (e.g., router) • Connectivity request from Mobile Node • Local Attendant asks AAAL for help • AAAL parses ID (MN-NAI’s realm) to contact AAAH • AAAH authenticates & authorizes, starts accounting • AAAH, optionally, allocates a home address • AAAH contacts & initializes Home Agent

  4. General AAAv6 protocol overview Router subsystem Challenge ID,CR,RPI,Ch ACR • Default router/access router has uncontrolled and controlled “parts” (UCP and CP) ACR ACA ACA update config Status,RPI,Key AAAL AAAH MN UCP CP

  5. Using AAAv6 • CP can be realized by controlling insertion of new entries into the Neighbor Cache • Is the attendant function located in the default router? • Can IPv6 address eliminate need for NAI? • Should DHCPv6 attendant be the DHCPv6 relay? • ICMP, UDP, or Dest. Opt. to/from the attendant? • Challenge value Request/Response (e.g., for EAP) • Additional info (e.g., port #) before authorization?

More Related