AAA Research Problems Bernard Aboba IETF 53 Minneapolis, MN March 19, 2002
Outline • Metropolitan Area Networks • Security issues
Link Aggregation • IEEE 802. 1 supports link aggregation • Allows peer to use more than one IEEE 802 link and aggregate them – Example: Want to send 2 Gbps of traffic on a switch with 1 Gbps ports • IEEE 802 Link aggregation model – Authentication (IEEE 802. 1 X occurs before aggregation) • Question: How is link aggregation authorized? – Not as simple as old Ascend Port-Limit attribute • Contact: Paul_Congdon@hp. com, IEEE 802. 11 aa PAR
Provisioning the Ether. NAS • The old way – – – – Order a 56 Kbps link and wait… Install and debug the 56 Kbps link. Outgrow it Order a T 1 and wait…. Install and debug the T 1 link. Outgrow it Order a DS 3 and wait… • The new way: Ethernet ISPs – Growing in popularity: Telseon, Yipes, etc. • Promises dramatic increases in speed, decrease in cost, wait • Install big pipe to customer premises – 1 Gbps or 10 Gbps Ethernet • Allow customers to provision their own bandwidth via a web page • Change takes effect in seconds instead of weeks • Contact: Andrew Smith
Provisioning the Ether. NAS Heterogeneous Servers MAN (optional) Tape Library l, VLAN, MPLS Tags Ether. NAS 1+ Gbps switch with DWDM support 1 Gb. E link Array Controller with Disks Customer site
Ether. NAS Provisioning • Draft-congdon-8021 x-radius-17. txt describes VLAN provisioning – All packets on the port tagged with VLANID • We’re only scratching the surface – Bandwidth limits – More sophisticated VLANs (application VLANs) – Lambda grooming – MPLS tagging
Security Issues • Understanding the security implications of AAA keying • Security analysis of current AAA keying techniques – Example: Diameter NASREQ, MIP keying • Understanding the role of 3 -way secure key agreement protocols such as Bellare. Rogaway • Recommended contact: Bill Arbaugh
Скачать презентацию AAA Research Problems Bernard Aboba IETF 53 Minneapolis
7d0680ecd1edf8b79b32f9de6d5a6931.ppt