View
213
Download
0
Category
Preview:
Citation preview
July 15, 2002 IETF54 PANA WG 1
PANA Usage Scenarios Updates(draft-ietf-pana-usage-scenarios-02.txt)
Yoshihiro Ohba (yohba@tari.toshiba.com)
Subir Das (subir@research.telcordia.com)
Basavaraj Patil (basavaraj.patil@nokia.com)
Hesham Soliman (hesham.soliman@era.ericsson.se)
July 15, 2002 IETF54 PANA WG 2
Objective
• Illustrate examples/scenarios where PANA can be applied
July 15, 2002 IETF54 PANA WG 3
Contents
• A set of usage scenarios to which PANA could be applied
– Mobile IPv6– CDMA2000– DSL/Cable modem– Limited scope access network
July 15, 2002 IETF54 PANA WG 4
PANA for Mobile IPv6
• Mobile IPv6 does not have the equivalent of an FA
• Access network needs to authenticate the user before the MN can send BUs to the HA or CN
• Access authentication can be accomplished via PANA
July 15, 2002 IETF54 PANA WG 5
HA
ASP
PANA
Binding Update
PaC PAA
AAA
July 15, 2002 IETF54 PANA WG 6
Packet Data Network Authentication in CDMA2000 using PANA
• Authentication in CDMA2000 for packet data access is based on multi-layer authentication– Cellular systems’ authentication for device authenticati
on– In addition, higher layer authentication is performed for
user authentication (via PPP and Mobile IP)
• PANA can be used for authentication in the case of Simple IP service in lieu of PPP – Becomes even more compelling if PPP is substituted by
some other protocol for carrying IP
July 15, 2002 IETF54 PANA WG 7
PDSN
RAN
PANA
Cellular systems’ authentication
BSC
MSC/HLR
PaC PAA
July 15, 2002 IETF54 PANA WG 8
Authentication in Broadband Networks (DSL/Cable Modem) using PANA
• PANA could be used for DSL/cable modem instead of PPPoE– More efficient than PPPoE– Since PANA is supposed to be L2-agnostic, it
would transparently work with any intermediary L2 devices (hubs or switches) between PaC and PAA
July 15, 2002 IETF54 PANA WG 9
DSLAMDSLmodem
Home DSL provider
PANA
PAAPaC
July 15, 2002 IETF54 PANA WG 10
Limited scope access networks using PANA
• Limited scope access is unrestricted
• Access to Internet initiates PANA exchange for authentication
July 15, 2002 IETF54 PANA WG 11
WLAN AP
PANA
Edgesubnet
Free access
Local web server
Campus map/ flight schedule,
etc.
Charged access
PaC
PaC
PAA
July 15, 2002 IETF54 PANA WG 12
Thank you!
July 15, 2002 IETF54 PANA WG 13
Why PANA?• Need for network access authentication at higher layer whe
n L2 that does not have authentication mechanism– Not all L2 technologies support carrying EAP (not all IEEE 802 d
evices implement 802.1X)– Assuming every L2 to carry EAP is not realistic– Using PPP authentication for shared media is inefficient
• Need for higher layer authentication on top of L2 authentication– Multi-layer authentication is widely used and common higher laye
r authentication carrier protocol needs to be standardized– Web-based authentication that is widely used in hot-spot network
access is known to be proprietary hack
July 15, 2002 IETF54 PANA WG 14
DSLAMhub/switch
WLAN AP DSLmodem
Home DSL provider
PANA
802.1X with dynamic key di
stribution PANA
July 15, 2002 IETF54 PANA WG 15
DSLAMRouterWLAN AP DSLmodem
Home DSL provider
PANA
802.1X with dynamic key di
stribution
Recommended