1 / 21

Juniper Carrier AAA roadmap May 2008

Juniper Carrier AAA roadmap May 2008. Bart Brinckman bbrinckman@jnpr.net. The Current Identity and Policy Management portfolio. OPEN INTERFACES. OPEN INTERFACES. The Identity and Policy portfolio. IPTV Home VoIP Internet Video Telephony. Mobile VoIP Video Roaming FMC Push to Talk.

noreen
Télécharger la présentation

Juniper Carrier AAA roadmap May 2008

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Juniper Carrier AAA roadmapMay 2008 Bart Brinckman bbrinckman@jnpr.net

  2. The Current Identity and Policy Management portfolio

  3. OPEN INTERFACES OPEN INTERFACES The Identity and Policy portfolio IPTV Home VoIP Internet Video Telephony Mobile VoIP Video Roaming FMC Push to Talk FR VPN ATM VPN PSTN Provider Unique Services Service Signaling Specific Security Policy Wireless Access Network Wireless Access Data Center Edge Core CPE Routing and Security Portfolio Industry-leading packet handling and security solutions for thousands of customers worldwide

  4. UMA Femtocell CDMA 1XRTT/EvDO GPRS/ UMTS Public Wi-Fi xDSL SBR/HA SBR/SPE SBR/SLM SBR/SIM IMS AAA SBR/MIM AAA functions today: different products aimed solving different problems Network Attachment Access Network Resource Assignment Network Mobility Policy Service Delivery Network Identity WiMAX (simple IP & proprietary) Charging & Billing

  5. Core Acces Policy Engine: Any Service - On Demand Application Initiated Subscriber Initiated – Self Service Walled Garden + Over the Top (Web 2.0) IMS Service Complex • Portal Server with SRC-PE portal API • Turbo • Tiered Internet • VoD • Games • Streaming Media • Video Conferencing • VoIP • Video Telephony • Multi-media DIAMETER SOAP SRC Service Profile Initiated • Activate on Login • ToD Activated • Volume/Time Controlled Network Detection Initiated • DPI or IDP Platforms • P2P Controls • Threat Mitigation

  6. Carrier AAA Roadmap

  7. Legal statement This product roadmap sets forth Juniper Networks’ current intention and is subject to change at any time without notice. No purchases are contingent upon Juniper Networks delivering any feature or functionality depicted on this roadmap.

  8. SBR/SPE SBR/SIM SBR/MIM SBR/SPE SBR/HA SBR/HA SBR/Carrier AAA Evolution to FMC and WiMAX Wireline GSM/UMTS WiMAX WiFi/UMA CDMA

  9. A centralized AAA Architecture that supports all access technologies and user credentials is an important element of the NGN network A benefit of centralizing AAA is that it allows for the centralization of subscriber session information on the networks Enhancement to service delivery and new services can be delivered by leveraging this active subscriber database. Applications/ Services LDAP PKI Sessions UMA DSL CDMA GPRS/UMTS WiMAX One AAA to Manage All Access

  10. Step 1:SBR Carrier v 7.0(target August 08) • Modular AAA for Wireless and Wireline carriers • Standalone AAA server • combining all previously existing Juniper AAA carrier functionality into 1 modular product • Adding a mobile WiMAX module SNMP LDAP GUI CLI OSS Interfaces Optional modules SQL Scripting RADIUS LDAP Mobility modules Authentication modules WiMAX Mobility CDMAMobility SIM auth SMS auth Back-Ends HLR Gateways Front-Ends SBR Carrier Core Proxy RADIUS *CDMA mobility and SMS auth EFT only in v7.0

  11. SBR Carrier Core SBR Carrier Core • Built on Industry-proven SBR SPE technology! • Open and flexible AAA functionality regardless of end user access technology (through RADIUS, EAP, Http-digest), integrated into 1 platform • Supports SQL or LDAP based user repository, regardless of DB schema • Advanced service delivery features • Carrier grade proxy engine and filtering features • Virtualization support • Network integration features + • All 3GPP support built into SBR Carrier Core • Comes with all EAP methods enabled out of the box (except SIM/AKA): MD5, LEAP, GTC, POTP, PEAP, TLS,TTLS, FAST • Supports unlimited virtualization (directed realms) • Multiple additional optional features available

  12. SBR Carrier 7.0 core new features • Location based profiles • Enables policy granularity on location basis • Access technology based policy • Available in 2 flavors: • Location based profiles for users • Location based profiles for groups SBR Carrier 7.0 • Improved Management • Web delivered Administration UI • Downloadable to any station • No permanent UI install • A browser is sufficient • UI managed EAP configuration • UI based filter management • Administration audit logs ensuring administration accountability • Enhanced scripting features • Enabling precise implementation of custom service and business logic • Providing unparalleled flexibility in implementing and growing service and business logic • JavaScript realm selection and JavaScript filter selection can: • Query and modify any AVP • Query LDAP or SQL databases • Flexible sub-TLV support • Support for sub-TLV’s in the core AAA engine • allow any sub-TLV requirement to be configured in the AAA core

  13. SBR Carrier: Authentication Modules, Mobility Modules and Optional Modules SIM authentication methods for PWLAN and UMA • SIM authentication and authorization (against HLR over SS7 or SIGTRAN) • Kineto INC S1 interface (UMA & Femtocell) SIM auth SMS auth SMS OTP provisioning and authentication methods CDMA Mobility module • CDMA mobility, resource assignment and prepaid features • CDMA RevA QoS support CDMAMIM JavaScripting module • LDAP JavaScripting • JavaScripted Filters • Core routing JavaScripting Scrip ting

  14. WiMAX WiMAX in SBR Carrier 7.0 • Modular approach, SBR Carrier Core + • WiMAX Module for wireline integration (EAP-TLS, EAP-TTLS) • WiMAX module + SIM authentication module for GSM/UMTS integration (EAP-AKA) • WiMAX Module + CDMA mobility module for CDMA integration • WiMAX mobility management: • Mobile IP v4 support • ASN and CSN authentication authorization • ASN and CSN key management • WiMAX resource management • Home Agent Management • Home Address (IP-address) Management • WiMAX QoS support • Charging • Roaming: H-AAA and V-AAA • Standards: WiMAX Forum NWG Stage 3 rev. 1.0, 1.1 and 1.2 compliant

  15. DB DB • Modular Carrier Grade AAA • Available standalone or with HA cluster • combining all previously existing carrier functionality into 1 product • Adding central address allocation, concurrency and Session Control modules Step 2:SBR Carrier v 7.2 (target Q1 09) Xml/ https** SNMP LDAP GUI CLI SQL* OSS Interfaces Optional modules SQL Address Allocation Session Control Concur rency Scripting RADIUS LDAP Mobility modules Authentication modules WiMAX Mobility CDMAMobility SIM auth SMS auth Back-Ends HLR Gateways Front-Ends SBR Carrier Core Proxy RADIUS HA Cluster Session DB * Only in combination with Session control module

  16. SQL/LDAP/CLI/Https RADIUS/RADIUS CoA SBR Carrier Non-Stop AAA and Service Delivery IPTV Home VoIP Internet Video Telephony Mobile VoIP Video Roaming FMC Push to Talk FR VPN ATM VPN PSTN Provider Unique Services Service Applications SBR Session DB cluster Policy & Control Wireless Access Network Wireless Access Data Center Edge Core CPE

  17. SBR Carrier 7.2: New Optional Modules In-session service changes • RADIUS CoA based • XMLoverHttps and CLI (scripting) based interfaces • Applications: In session Hotlining, Legal Intercept, Disconnect, Prepaid, Tiered Services Session Control User/ Group based concurrency • Requires HA Cluster session DB for enforcement across the network • Concurrency limitations on a per-user basis • Concurrency limitations on a configurable attribute • Concurrency limitations on a group basis (wholesale) Concur rency Centralized IP-address allocation • Requires HA Cluster session DB for central ip-address pool management • All SBR Carrier Frontend AAA nodes use the same address pools • Splitting of address pools per AAA no longer required Address Allocation

  18. SBR Carrier 7.2: Other features • Session database query support: • SQL • LDAP (limited scalability: 150 attributes/sec) • https (requires session control module) • CLI • GUI • Extendable session database both in HA mode and Standalone mode: • Service providers now have the ability to extend their session database with any attribute (available in HA and standalone mode) • EAP-TTLS secondary authentication support: • It is now possible to perform a secondary authentication on a the content of a client certificate used during EAP-TTLS authentication as already supported in SBR Carrier 7.0 EAP-TLS implementation • Proxy enhancements: • Exclude-unknown in filters: The ability to filter out attributes that proxy server is not able to interpret when proxying a message. • Disable strobe when target goes in fastfail: Allow the server not to use the strobe mechanism to detect if a server is up, but solely rely on the timer mechanism • SNMP proxy alarming improvements: • SNMP trap when proxy target goes out of service • SNMP trap when proxy realm (all targets) goes out of service • Logging enhancements: • Time based SBR Log rollover: Next to already supported volume based log rollover, now a time based rollover will also be supported • Session identifier in log files: allows easy correlation of messages belonging to the same session

  19. Node 3A Node 3B Node 3A Node 3B Asynchronous replication Node Group 3 Node Group 3 Node 2A Node 2B Node 2A Node 2B DC1 Node Group 2 Node Group 2 DC2 Node 1A Node 1B Node 1A Node 1B Node Group 1 Node Group 1 Stateless Front-end AAA Stateless Front-end AAA Stateless Front-end AAA Stateless Front-end AAA SBR Carrier 7.x: Feature Candidates • Charging Module: • Accounting reconciliation, combination, pacing • CDR generation • LDAP: • Scalable and performant LDAP interface to the session database • Extended wholesale features (Group based concurrency) • Hard and Soft limits with notification • Time of day • Region support • Asynchronous Inter-cluster replication: • IMS-AAA session cluster integration • SRC-PE Session Cluster integration • Juniper Hardware (appliance) based solution

  20. SBR Carrier 7.x: Feature candidate: NASS Services & Applications AF AF Policy & Control E2 Gq’ CSCF CLF SBR Carrier 7.x CLF gateway E2 (diameter) E4 (diameter) Rq SPDF A-RACF UAAF/NACF SBR Carrier 7.x RADIUS node UAAF/NACF SBR Carrier 7.x RADIUS node SRC-PE SRC-NASS Ra A3 (RADIUS) A1 (RADIUS) Ia Re RCEF RCEF AMF Transport Ds Di L2T Point Border Node A1 (DHCP) IP Edge

  21. 21

More Related