July 15, 2002 IETF54 PANA WG 1

PANA Usage Scenarios Updates(draft-ietf-pana-usage-scenarios-02.txt)

Yoshihiro Ohba (yohba@tari.toshiba.com)

Subir Das (subir@research.telcordia.com)

Basavaraj Patil (basavaraj.patil@nokia.com)

Hesham Soliman (hesham.soliman@era.ericsson.se)

July 15, 2002 IETF54 PANA WG 2

Objective

• Illustrate examples/scenarios where PANA can be applied

July 15, 2002 IETF54 PANA WG 3

Contents

• A set of usage scenarios to which PANA could be applied

– Mobile IPv6– CDMA2000– DSL/Cable modem– Limited scope access network

July 15, 2002 IETF54 PANA WG 4

PANA for Mobile IPv6

• Mobile IPv6 does not have the equivalent of an FA

• Access network needs to authenticate the user before the MN can send BUs to the HA or CN

• Access authentication can be accomplished via PANA

July 15, 2002 IETF54 PANA WG 5

HA

ASP

PANA

Binding Update

PaC PAA

AAA

July 15, 2002 IETF54 PANA WG 6

Packet Data Network Authentication in CDMA2000 using PANA

• Authentication in CDMA2000 for packet data access is based on multi-layer authentication– Cellular systems’ authentication for device authenticati

on– In addition, higher layer authentication is performed for

user authentication (via PPP and Mobile IP)

• PANA can be used for authentication in the case of Simple IP service in lieu of PPP – Becomes even more compelling if PPP is substituted by

some other protocol for carrying IP

July 15, 2002 IETF54 PANA WG 7

PDSN

RAN

PANA

Cellular systems’ authentication

BSC

MSC/HLR

PaC PAA

July 15, 2002 IETF54 PANA WG 8

Authentication in Broadband Networks (DSL/Cable Modem) using PANA

• PANA could be used for DSL/cable modem instead of PPPoE– More efficient than PPPoE– Since PANA is supposed to be L2-agnostic, it

would transparently work with any intermediary L2 devices (hubs or switches) between PaC and PAA

July 15, 2002 IETF54 PANA WG 9

DSLAMDSLmodem

Home DSL provider

PANA

PAAPaC

July 15, 2002 IETF54 PANA WG 10

Limited scope access networks using PANA

• Limited scope access is unrestricted

• Access to Internet initiates PANA exchange for authentication

July 15, 2002 IETF54 PANA WG 11

WLAN AP

PANA

Edgesubnet

Free access

Local web server

Campus map/ flight schedule,

etc.

Charged access

PaC

PaC

PAA

July 15, 2002 IETF54 PANA WG 12

Thank you!

July 15, 2002 IETF54 PANA WG 13

Why PANA?• Need for network access authentication at higher layer whe

n L2 that does not have authentication mechanism– Not all L2 technologies support carrying EAP (not all IEEE 802 d

evices implement 802.1X)– Assuming every L2 to carry EAP is not realistic– Using PPP authentication for shared media is inefficient

• Need for higher layer authentication on top of L2 authentication– Multi-layer authentication is widely used and common higher laye

r authentication carrier protocol needs to be standardized– Web-based authentication that is widely used in hot-spot network

access is known to be proprietary hack

July 15, 2002 IETF54 PANA WG 14

DSLAMhub/switch

WLAN AP DSLmodem

Home DSL provider

PANA

802.1X with dynamic key di

stribution PANA

July 15, 2002 IETF54 PANA WG 15

DSLAMRouterWLAN AP DSLmodem

Home DSL provider

PANA

802.1X with dynamic key di

stribution