Moby Dick Consolidated System Integration Plan

More documents

Recommendations

Info

D0103v1.doc Version 1 6.7.2003 Foreign AAA (AAAF) Home AAA (AAAH) ƒAA-Mobile-Node- Request „AA-Mobile-Node- Answer ‚AA-Mobile-Node- Request …AA-Mobile-Node-Answer Attendant on AR MNAReq † MNARsp Mobile Node (MN) MN = Mobile Node Figure 80: AAAC in <strong>Moby</strong> <strong>Dick</strong> – Global Operation 4.5.2.1 User registration with a MN The User Registration Protocol (URP) module on the MN is responsible for initiating a communication between the MN and the AAAC attendant, which is located on the access router. This is a user space application residing on the MN, which communicates with the MTNM module and the attendant. The main functions of URP module are: • Setting up an AAA session after being triggered by MTNM module • Setting up an Security Association with the Attendant • Passing the result of registration to NTNM module Mobile Terminal Access Router User Space URP Module 4. SendRegResp 2. 3. User Space AAA Att. 1. Trigger StartIntDomHO NTNM Module Kernel Kernel Figure 81: URP and MTNM interaction D0103v1.doc 110 / 168
D0103v1.doc Version 1 6.7.2003 The URP is triggered by the MTNM to send a Mobile Node Authentication Request (MNARq) when one or more then one of the following events are detected: • the current AAA state was lost due to: (re)booting, crashing, etc. • expiration of authorization lifetime • the AAA domain is changed because of an hand-over (inter domain HO) At the time of registration the URP sends the Mobile Node Authentication Request message (MNARq) to the attendant on the access router. The information contained in an MNARq is local/internal i.e. residing in an configuration file on the MN e.g. NAI. Other information that is used by URP is some external information e.g. the challenge taken from a Router (Attendant) Advertisement. This information is added into the MNARq to avoid reply attacks. The attendant responds to MNARq with MNARp The MN carries out the following actions upon receiving an MNARp: • check that < AAAC.h-MAC > is correct using the SK[MN-AAAC.h]; if not drop the whole message • process the AAA Result-Code, HA-Result-Code • set up timers for being able to tell when the session identified by the Session-Id is over • set up SA the MN-Attendant SA (using key material in Att-DH-PV) In case of errors (transport-mechanism-related, AAA-related, mobile-IPv6-related) an exponential backoff approach for resending packets is used. As this method does not use too much resources (bandwidth) for sending requests. The information about the internal states / info related to MNARq / MNARp signalling must be made available; especially to be able to generate the SAs. The AVPs exchanged between the AAAC.h and the MN are always authenticated by computing an HMAC-MD5 over them using SK[MN-AAAC.h] 4.5.2.2 Attendant Attendant is a diameter specific module in the access router. The Attendant comprises a module of software that implements the AAA signalling and a set of routing policies; some of these policies are set up as a consequence of the AAA signalling. Registration protocoll handler ATTENDANT AAAC protocol handler AAAC Server Mapper, Mediator, Event gen. AAAC client Attendant log Session Status Trigger, remove S.A. Configure, Meter data Security Manager Metering Figure 82: The attendant D0103v1.doc 111 / 168
Page 1 and 2:
IST-2000-25394 Moby Dick D0103 Moby
Page 3 and 4:
D0103v1.doc Version 1 6.7.2003 4.2.
Page 5 and 6:
D0103v1.doc Version 1 6.7.2003 5.1.
Page 7 and 8:
D0103v1.doc Version 1 6.7.2003 Abbr
Page 9 and 10:
D0103v1.doc Version 1 6.7.2003 1 In
Page 11 and 12:
D0103v1.doc Version 1 6.7.2003 3 Mo
Page 13 and 14:
D0103v1.doc Version 1 6.7.2003 Doma
Page 15 and 16:
D0103v1.doc Version 1 6.7.2003 NCP
Page 17 and 18:
D0103v1.doc Version 1 6.7.2003 It w
Page 19 and 20:
D0103v1.doc Version 1 6.7.2003 curr
Page 21 and 22:
D0103v1.doc Version 1 6.7.2003 •
Page 23 and 24:
D0103v1.doc Version 1 6.7.2003 No A
Page 25 and 26:
D0103v1.doc Version 1 6.7.2003 o Fo
Page 27 and 28:
D0103v1.doc Version 1 6.7.2003 NCP
Page 29 and 30:
D0103v1.doc Version 1 6.7.2003 4.1.
Page 31 and 32:
D0103v1.doc Version 1 6.7.2003 4.1.
Page 33 and 34:
D0103v1.doc Version 1 6.7.2003 asso
Page 35 and 36:
D0103v1.doc Version 1 6.7.2003 Mobi
Page 37 and 38:
D0103v1.doc Version 1 6.7.2003 WP4
Page 39 and 40:
D0103v1.doc Version 1 6.7.2003 Para
Page 41 and 42:
D0103v1.doc Version 1 6.7.2003 Ackn
Page 43 and 44:
D0103v1.doc Version 1 6.7.2003 inst
Page 45 and 46:
D0103v1.doc Version 1 6.7.2003 MT P
Page 47 and 48:
D0103v1.doc Version 1 6.7.2003 The
Page 49 and 50:
D0103v1.doc Version 1 6.7.2003 RtSo
Page 51 and 52:
D0103v1.doc Version 1 6.7.2003 auth
Page 53 and 54:
D0103v1.doc Version 1 6.7.2003 In a
Page 55 and 56:
D0103v1.doc Version 1 6.7.2003 AR s
Page 57 and 58:
D0103v1.doc Version 1 6.7.2003 4.2.
Page 59 and 60: D0103v1.doc Version 1 6.7.2003 Even
Page 61 and 62: D0103v1.doc Version 1 6.7.2003 4.2.
Page 63 and 64: D0103v1.doc Version 1 6.7.2003 Filt
Page 67 and 68: D0103v1.doc Version 1 6.7.2003 •
Page 69 and 70: D0103v1.doc Version 1 6.7.2003 The
Page 71 and 72: D0103v1.doc Version 1 6.7.2003 is t
Page 73 and 74: D0103v1.doc Version 1 6.7.2003 4.3
Page 77 and 78: D0103v1.doc Version 1 6.7.2003 This
Page 85 and 86: D0103v1.doc Version 1 6.7.2003 The
Page 89 and 90: D0103v1.doc Version 1 6.7.2003 be u
Page 91 and 92: D0103v1.doc Version 1 6.7.2003 o Ma
Page 93 and 94: D0103v1.doc Version 1 6.7.2003 Gene
Page 95 and 96: D0103v1.doc Version 1 6.7.2003 Upli
Page 97 and 98: D0103v1.doc Version 1 6.7.2003 Now
Page 99 and 100: D0103v1.doc Version 1 6.7.2003 3. D
Page 101 and 102: D0103v1.doc Version 1 6.7.2003 User
Page 103 and 104: D0103v1.doc Version 1 6.7.2003 Inte
Page 105 and 106: D0103v1.doc Version 1 6.7.2003 User
Page 107 and 108: D0103v1.doc Version 1 6.7.2003 Serv
Page 109: D0103v1.doc Version 1 6.7.2003 S1 E
Page 113 and 114: D0103v1.doc Version 1 6.7.2003 Old
Page 117 and 118: D0103v1.doc Version 1 6.7.2003 Leng
Page 121 and 122: D0103v1.doc Version 1 6.7.2003 MN M
Page 125 and 126: D0103v1.doc Version 1 6.7.2003 Afte
Page 127 and 128: D0103v1.doc Version 1 6.7.2003 Pack
Page 131 and 132: D0103v1.doc Version 1 6.7.2003 miss
Page 133 and 134: D0103v1.doc Version 1 6.7.2003 Conn
Page 137 and 138: D0103v1.doc Version 1 6.7.2003 Acce
Page 139 and 140: D0103v1.doc Version 1 6.7.2003 Logg
Page 141 and 142: D0103v1.doc Version 1 6.7.2003 repr
Page 143 and 144: D0103v1.doc Version 1 6.7.2003 Type
Page 145 and 146: D0103v1.doc Version 1 6.7.2003 o DM
Page 147 and 148: D0103v1.doc Version 1 6.7.2003 5 Mo
Page 149 and 150: D0103v1.doc Version 1 6.7.2003 MN A
Page 151 and 152: D0103v1.doc Version 1 6.7.2003 3 AA
Page 153 and 154: D0103v1.doc Version 1 6.7.2003 give
Page 155 and 156: D0103v1.doc Version 1 6.7.2003 9 Ha
Page 157 and 158: D0103v1.doc Version 1 6.7.2003 MN 1
Page 161 and 162:
D0103v1.doc Version 1 6.7.2003 No.
Page 163 and 164:
D0103v1.doc Version 1 6.7.2003 The
Page 165 and 166:
D0103v1.doc Version 1 6.7.2003 MN R
Page 167 and 168:
D0103v1.doc Version 1 6.7.2003 for
show all

Moby Dick Consolidated System Integration Plan

Create successful ePaper yourself

Delete template?

Save as template?