aaav6 n. asokan/nokia research thomas eklund/switchcore patrik flykt/nokia research charles e....
TRANSCRIPT
AAAv6
N. Asokan/Nokia Research
Thomas Eklund/Switchcore
Patrik Flykt/Nokia Research
Charles E. Perkins/Nokia Research
IETF 47
draft-ietf-perkins-aaav6-00.txt
Authorized Network Access v6
• Where is control exercised?
• How does node know what to do?
• What happened to the foreign agent/attendant?
Where to exercise control
• Default router already provides access to Internet
• Incoming packets directed by router’s Neighbor Cache
• Outgoing packets may be controlled by router’s Ingress Filtering
How does node know how to act?
• Advertisements from router• Configured with MN-NAI• Stateless vs. Stateful action, as usual• Is router the attendant?
– in this case, additional relay functionality
• Or, does router advertise the attendant’s address?– in this case, additional filtering rules needed
Stateless operation
• New node sends a Router Solicitation with credentials and MN-NAI
• Router returns a Router Advertisement with the results
• Of course, AAA is not stateless
AAAF AAAH
Default Router
Operation with DHCPv6
• Node supplies MN-NAI and credentials as part of DHCP Request
• Node gets authorization indication in the status field of the DHCP Reply
Packet types
• MN-NAI extension to Router Solicitation
• AAA Credential extension to Router Solicitation
• AAA Reply to Router Advertisement
• MN-NAI and AAA Credential extensions to DHCP Request
• AAA Reply extension to DHCP Reply
Issues
• Key distribution?• Generalized Key extensions a la MIER?• Unmediated interaction with AAAL?• Advertise the need for AAA as is done for
managed links now?• Relationship between address lifetime, key
lifetime, and renewal of authorization?• Relationship with aaa-hooks?• Relationship with DHCPv4 + AAA?