1 / 7

PANA Working Group: Charter Topics Summary. Findings & Next Steps. Simplifying PAA and EP Functions.

The Issues Dealt with since IETF53 PANA WG Meeting by Basavaraj Patil include discussions and decisions made regarding the separation or co-location of PAA and EP functions. The location of PAA in relation to the network attachment point, its role as an interface to AAA infrastructure, and the necessity of IP address assignment before PANA messaging are also clarified. Issues concerning the use of PANA alongside 802.1x or PPP protocols, security implications, and the revised charter focus and goals are highlighted. The outcome of the discussion is a more focused and defined approach within the WG. For further details, refer to the posted charter available online pending IESG approval.

aysel
Download Presentation

PANA Working Group: Charter Topics Summary. Findings & Next Steps. Simplifying PAA and EP Functions.

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Charter Issues Dealt with since IETF53 PANA WG Meeting Basavaraj Patil

  2. Issues Discussed and Closed • Separation or colocation of PAA and EP • Separation of the PAA and EP would require that there be yet another protocol between the PAA and EP • Discussion in the WG and the need for simplicity has concluded that the PAA and EP should be colocated • Location of PAA • Can the PAA be located beyond the first hop router or point of network attachment • Conclusion of discussion is that the PAA is located on the same IP subnet/link as the PaC (i.e generally the first hop router or even at the AP if the AP is IP enabled) • “For simplicity, it is assumed that the PAA is attached to the same link as the device (i.e., no intermediary IP routers).“

  3. The PAA is not the enforcement entity for access control • The PAA is only an interface to the backend AAA infrastructure for authenticating a host • PAA can communicate with the EP which may be the access router or node (AP) to provide ACLs, Policies or filters • The actual mechanism for delivering these rules to the EP is outside the scope of this WG • IP Address assignment • Does a host require that it have an IP address before PANA messaging occurs? • Conclusion: The node MUST have an IP address before PANA messaging can be initiated

  4. Is PANA required when 802.1x or PPP are available • .1x is applicable to 802 networks • PPP is suboptimal in L2s that resort to the use of PPP for simply authentication reasons • Conclusion: PANA does not compete or aim to replace 802.1x or PPP (dependent on scenarios). It simply provides another (Non L2 specific) way of accomplishing access authentication

  5. Open Issues • Security implications of doing access authentication above L2 • To be discussed as part of the problems to be addressed in the solution discussion

  6. Charter Outcome of discussion: • A revised charter which has a much more narrow focus and clear goal of what is to be defined in this WG • Charter posted to ML and available at URL • ADs have reviewed the charter. Awaiting IESG approval

  7. Questions???

More Related