Transcript PANA Usage Scenarios

PANA Usage Scenarios Updates
(draft-ietf-pana-usage-scenarios-02.txt)
Yoshihiro Ohba ([email protected])
Subir Das ([email protected])
Basavaraj Patil ([email protected])
Hesham Soliman ([email protected])
July 15, 2002
IETF54 PANA WG
1
Objective
• Illustrate examples/scenarios where PANA
can be applied
July 15, 2002
IETF54 PANA WG
2
Contents
•
A set of usage scenarios to which PANA
could be applied
–
–
–
–
July 15, 2002
Mobile IPv6
CDMA2000
DSL/Cable modem
Limited scope access network
IETF54 PANA WG
3
PANA for Mobile IPv6
• Mobile IPv6 does not have the equivalent of
an FA
• Access network needs to authenticate the
user before the MN can send BUs to the HA
or CN
• Access authentication can be accomplished
via PANA
July 15, 2002
IETF54 PANA WG
4
AAA
HA
PANA
PaC
PAA
Binding
Update
ASP
July 15, 2002
IETF54 PANA WG
5
Packet Data Network Authentication in
CDMA2000 using PANA
• Authentication in CDMA2000 for packet data
access is based on multi-layer authentication
– Cellular systems’ authentication for device
authentication
– In addition, higher layer authentication is performed for
user authentication (via PPP and Mobile IP)
• PANA can be used for authentication in the case of
Simple IP service in lieu of PPP
– Becomes even more compelling if PPP is substituted by
some other protocol for carrying IP
July 15, 2002
IETF54 PANA WG
6
Cellular systems’
authentication
MSC/HLR
BSC
PaC
PDSN
PAA
RAN
PANA
July 15, 2002
IETF54 PANA WG
7
Authentication in Broadband Networks
(DSL/Cable Modem) using PANA
• PANA could be used for DSL/cable modem
instead of PPPoE
– More efficient than PPPoE
– Since PANA is supposed to be L2-agnostic, it
would transparently work with any
intermediary L2 devices (hubs or switches)
between PaC and PAA
July 15, 2002
IETF54 PANA WG
8
PANA
PaC
DSL
modem
Home
July 15, 2002
DSLAM
PAA
DSL provider
IETF54 PANA WG
9
Limited scope access networks using PANA
• Limited scope access is unrestricted
• Access to Internet initiates PANA exchange
for authentication
July 15, 2002
IETF54 PANA WG
10
PANA
PaC
WLAN AP
Campus map/
flight schedule,
etc.
Edge
subnet
PAA
Local web server
PaC
Free access
July 15, 2002
IETF54 PANA WG
Charged access
11
Thank you!
July 15, 2002
IETF54 PANA WG
12
Why PANA?
• Need for network access authentication at higher layer
when L2 that does not have authentication mechanism
– Not all L2 technologies support carrying EAP (not all IEEE 802
devices implement 802.1X)
– Assuming every L2 to carry EAP is not realistic
– Using PPP authentication for shared media is inefficient
• Need for higher layer authentication on top of L2
authentication
– Multi-layer authentication is widely used and common higher layer
authentication carrier protocol needs to be standardized
– Web-based authentication that is widely used in hot-spot network
access is known to be proprietary hack
July 15, 2002
IETF54 PANA WG
13
802.1X with
dynamic key
distribution
PANA
PANA
WLAN AP
hub/
switch
DSL
modem
Home
July 15, 2002
DSLAM
DSL provider
IETF54 PANA WG
14
802.1X with
dynamic key
distribution
PANA
WLAN AP Router
DSL
modem
Home
July 15, 2002
DSLAM
DSL provider
IETF54 PANA WG
15