Upload
agatha-daniel
View
213
Download
0
Embed Size (px)
DESCRIPTION
Nov 10, Problem Statement EAP-based clients need information on which home network / Mediating Networks affiliated to Access Network EAP-based clients need ability to influence the selection of Mediating Network used for AAA EAP based clients “routing expression” need to work with existing AAA routing paradigms
Citation preview
Nov 10, 2003 1
EAP-based Mediating Network Discovery and Selection
Copyright © 2003, The Internet Society
Farid AdrangiFarid AdrangiIntel CorporationIntel Corporation
( [email protected] )( [email protected] )
ACKNOWLEDGEMENTS: ACKNOWLEDGEMENTS:
JOE SALOWEY MARK GRAYSON – Cisco JOE SALOWEY MARK GRAYSON – Cisco VICTOR LORTZ, JOSE PUTHENKULAM, - INTEL CORPORATION VICTOR LORTZ, JOSE PUTHENKULAM, - INTEL CORPORATION
MARK WATSON – Nortel, PASI ERONEN – NOKIA, FAROOQ BARI – AT&T WirelessMARK WATSON – Nortel, PASI ERONEN – NOKIA, FAROOQ BARI – AT&T WirelessJOHANNA WILD – MOTOROLA, BLAIR BULLOCK – iPass, ADRIAN BUCKLEY - RimJOHANNA WILD – MOTOROLA, BLAIR BULLOCK – iPass, ADRIAN BUCKLEY - Rim
JARI ARKKO – ERICSSON, BERNARD ABOBA - MicrosoftJARI ARKKO – ERICSSON, BERNARD ABOBA - Microsoft
draft-adrangi-eap-network-discovery-and-selection-00.txt
Nov 10, 2003 2
Tmobile Hotspot
iPass
GRICAT&T Wireless
Sprint Hotspot
Mediating Networks (MN)
Home Service Networks (HSN)
- Sprint has a direct roaming relationship with AT&T HSN
-Tmobile AN has an indirect roaming relationship with AT&T HSN via iPass or GRIC MNs
Public Wireless LAN (PWLAN)Access Networks (AN)
AT&T Subscriber
AT&T Subscriber
- AT&T Subscriber has a preferred MN
Scenarios for AAA Traffic
Assumption: the subscriber has already selected the AP
Nov 10, 2003 3
Problem Statement
• EAP-based clients need information on which home network / Mediating Networks affiliated to Access Network
• EAP-based clients need ability to influence the selection of Mediating Network used for AAA
• EAP based clients “routing expression” need to work with existing AAA routing paradigms
Nov 10, 2003 4
Solution Properties
• Complies with RFC 2284bis• It may not require any changes to Access
Points (AP) already deployed in Access Networks (AN)
Nov 10, 2003 5
Solution Concepts
• Uses the EAP-Identity Request to deliver Network Information
• Uses Decorated NAI in EAP-Identity Response to influence the selection of the Mediating Network
Nov 10, 2003 6
EAP-Identity Request
• There are three possible options of delivering Network Information using an EAP- Identity Request :– Use the initial EAP-Identity Request issued by
the PWLAN AP– Use the initial EAP-Identity Request issued by
PWLAN RADIUS proxy– Use a subsequent EAP-Identity Request
issued by the PWLAN RADIUS proxy
Nov 10, 2003 7
Initial EAP-Identity Request issued by the PWLAN AP
Subscriber AP PWLAN RADIUS Proxy
MN RADIUS Proxy
HSN RADIUS Server
EAP-Identity Req (Network Info)
EAP-Identity Resp (Decorated NAI )
Access-Req(EAP-Identity Resp+ Decorated NAI)
Access-Req(EAP-Identity Resp+ Decorated NAI)
Access-Req(EAP-Identity Resp+ Normal NAI)
More EAP Over RADIUS ExchangesAccess-AcceptAccess-AcceptAccess-AcceptEAP-Success
Nov 10, 2003 8
Subscriber AP PWLAN RADIUS Proxy
MN RADIUS Proxy
HSN RADIUS Server
EAP-Identity Req
EAP-Identity Resp (Normal NAI)
Access-Req(EAP-Identity Resp+ Normal NAI)
Access-Challenge(EAP-Identity Req+ Network Info)EAP-Identity Req
(Network Info)EAP-Identity Resp(Decorated NAI)
Access-Req(EAP-Identity Resp+ Decorated NAI)
Access-Req(EAP-Identity Resp+ Decorated NAI)
Access-Req(EAP-Identity Resp+ Normal NAI)
More EAP Over RADIUS ExchangesAccess-AcceptAccess-AcceptAccess-AcceptEAP-Success
Subsequent EAP-Identity Request issued by the PWLAN RADIUS Proxy
Nov 10, 2003 9
Subscriber AP PWLAN RADIUS Proxy
MN RADIUS Proxy
HSN RADIUS Server
Association Access-Req (EAP-Start)
Access-Challenge(EAP-Identity Req+ Network Info)EAP-Identity Req
(Network Info)
EAP-Identity Resp(Decorated NAI)
Access-Req(EAP-Identity Resp+ Decorated NAI)
Access-Req(EAP-Identity Resp+ Decorated NAI)
Access-Req(EAP-Identity Resp+ Normal NAI)
More EAP Over RADIUS ExchangesAccess-AcceptAccess-AcceptAccess-AcceptEAP-Success
Initial EAP-Identity Request issued by the PWLAN RADIUS Proxy
Nov 10, 2003 10
Data Model
• Structured as a set of comma-separated attribute names and values
Attribute=value, …Attribute=value
Nov 10, 2003 11
“Realms” Attribute
• The draft defines an attribute for specifying a list of realms corresponding to home or Mediating Networks that are recognized by the PWLAN AN. Example:
Realms=gric.com;mnc123.mcc334.3gppnetwork.org
Nov 10, 2003 12
NAI Decoration Format/Syntax• Selection Criteria
– MUST be compliant with RFC 2486 & RFC 2706
– SHOULD be compliant with majority of the current RADIUS proxies deployed in networks today
• Alternatives
– Prefix-based Syntax; Example:
• Intermediary/[email protected]
• Intermediary1/intermediary2/[email protected]
– Suffix-based Syntax; Example:
• homerealm!username@intermediary
• Intermediary2!homerealm!username@intermediary1
• Username\@homerealm@intermediary
Nov 10, 2003 13
Next Steps
• How should we proceed with this draft?– Which WG does this belong to?– Should this be submitted as an individual
RFC?• Which NAI format and syntax should be
used?• Resolve upcoming issues