1 / 7

Charter Issues Dealt with since IETF53

Charter Issues Dealt with since IETF53. PANA WG Meeting Basavaraj Patil. Issues Discussed and Closed. Separation or colocation of PAA and EP Separation of the PAA and EP would require that there be yet another protocol between the PAA and EP

aysel
Download Presentation

Charter Issues Dealt with since IETF53

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Charter Issues Dealt with since IETF53 PANA WG Meeting Basavaraj Patil

  2. Issues Discussed and Closed • Separation or colocation of PAA and EP • Separation of the PAA and EP would require that there be yet another protocol between the PAA and EP • Discussion in the WG and the need for simplicity has concluded that the PAA and EP should be colocated • Location of PAA • Can the PAA be located beyond the first hop router or point of network attachment • Conclusion of discussion is that the PAA is located on the same IP subnet/link as the PaC (i.e generally the first hop router or even at the AP if the AP is IP enabled) • “For simplicity, it is assumed that the PAA is attached to the same link as the device (i.e., no intermediary IP routers).“

  3. The PAA is not the enforcement entity for access control • The PAA is only an interface to the backend AAA infrastructure for authenticating a host • PAA can communicate with the EP which may be the access router or node (AP) to provide ACLs, Policies or filters • The actual mechanism for delivering these rules to the EP is outside the scope of this WG • IP Address assignment • Does a host require that it have an IP address before PANA messaging occurs? • Conclusion: The node MUST have an IP address before PANA messaging can be initiated

  4. Is PANA required when 802.1x or PPP are available • .1x is applicable to 802 networks • PPP is suboptimal in L2s that resort to the use of PPP for simply authentication reasons • Conclusion: PANA does not compete or aim to replace 802.1x or PPP (dependent on scenarios). It simply provides another (Non L2 specific) way of accomplishing access authentication

  5. Open Issues • Security implications of doing access authentication above L2 • To be discussed as part of the problems to be addressed in the solution discussion

  6. Charter Outcome of discussion: • A revised charter which has a much more narrow focus and clear goal of what is to be defined in this WG • Charter posted to ML and available at URL • ADs have reviewed the charter. Awaiting IESG approval

  7. Questions???

More Related