| TOC |
|
By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as “work in progress.”
The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html.
This Internet-Draft will expire on August 3, 2008.
The PANA Base protocol defines a method for carrying EAP message exchanges over UDP/IP. This means that the PANA Client (PaC) is required to know the IP address of the PANA Authentication Agent (PAA). In many cases, this is not convinient or practical. This document proposes a simple PAA discovery scheme that allows the PaC to determine the PAA IP address without any modification to the base protocol messages or exchange sequence.
1.
Introduction
2.
Terminology
3.
PAA Discovery Details
4.
Message Formats
4.1.
PANA-Agent-Discover-Request
4.2.
PANA-Agent-Discover-Answer
5.
IANA Considerations
6.
Security Considerations
7.
Acknowledgments
§
Author's Address
§
Intellectual Property and Copyright Statements
| TOC |
The PANA Base protocol specifies that all messages are carried over unicast UDP/IP packet. This means that the PANA Client (PaC) needs to know the PANA Authentication Agent (PAA) IP address before initiating a PANA conversation. Like many other protocols, it is not practical nor convinient to configure client devices (PaC) with PAA IP address before using it. In general, statically configuring parameters on every device for their currently attached subnet or network does not scale as the number of devices grow.
This document proposes a simple method of dynamically discovering the PAA. A simple and independent discovery protocol can be installed on the PaC and PAA devices that will allow PaC to pro-actively discover the PAA by sending a link local multicast message, PANA-Agent-Discover-Request (PDR). In this case, the PAA listening on that multicast address, can issue a corresponding answer sent unicast to the PaC. The PaC determines the PAA IP address from the source IP of the answer to the PDR message.
| TOC |
This document reuses the terminology used in PANA.
| TOC |
A PaC device wishing to actively discover a PAA can immediately send a PDR message. The PDR is sent as a PANA message with a source IP address set to the PaC IP address and the destination IP address set to a well known multicast address 224.0.0.[TBD]. The PDR MUST be sent to the well known PANA port [TBD] and the PaC device MUST be prepared to accept message on the source port it sets in the PDRs UDP header.
A PAA device which supports the PAA discovery protocol MUST be prepared to accept messages at the well known PANA port and multicast address. If a PDR message is received, the PAA device MUST issue a unicast PANA-Agent-Discover-Answer (PDA) message with the source IP address set to the PAA IP address and destination IP address set to the PaC IP address learned from the PDR message. It MUST also set the destination port of the PDA to the source port of the PDR. A PAA device which reponds to a PDR MAY initiate the PANA session since it has knowledge of the PaC IP address, See Section 4.1 of PANA.
When a PaC device receives a PDA, it SHOULD use the source IP address as the IP address of the PAA in the subsequent PANA exchanges. If the PaC device receives multiple PDA from different PAAs, it can make a local policy decision on which PAA IP address to use.
| TOC |
All message formats are taken from Sec 6 and 7 of the PANA base protocol document. Message types are allocated using rules in Sec 10.2.1 of the PANA base protocol document. As of this writing, there are no AVPs associated with any of the discovery protocol messages. All messages MUST set both the session identifier and the sequence numbers in the PANA header to zero(0).
| TOC |
The PANA-Agent-Discover-Request (PDR) message is sent by the PaC device.
The message MUST have the 'R' (Request) bit set in the PANA message header.
Message Format
PANA-Agent-Discover-Request ::= < PANA-Header: 5,REQ >
*[ AVP ]
| Figure 1: PANA-Agent-Discover-Request |
| TOC |
The PANA-Agent-Discover-Answer (PDA) message is sent by the PAA device
in response to a PANA-Agent-Discover-Request. The message MUST NOT have
the 'R' (Request) bit set in the PANA message header.
Message Format
PANA-Agent-Discover-Answer ::= < PANA-Header: 5 >
* [ AVP ]
| Figure 2: PANA-Agent-Discover-Answer |
| TOC |
This document does not require actions by IANA.
| TOC |
This document does describes a companion protocol to PANA for discovery PAA IP addresses. It does not define nor address security related protocols or schemes.
| TOC |
[TBD].
| TOC |
| Victor Fajardo (editor) | |
| Toshiba America Research Inc. | |
| One Telcordia Drive, #1S222 | |
| Piscataway, NJ 08854 | |
| USA | |
| Email: | vfajardo@tari.toshiba.com |
| TOC |
Copyright © The IETF Trust (2008).
This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights.
This document and the information contained herein are provided on an “AS IS” basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org.