Moby Dick Consolidated System Integration Plan
Moby Dick Consolidated System Integration Plan
Moby Dick Consolidated System Integration Plan
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
D0103v1.doc Version 1 6.7.2003<br />
The URP is triggered by the MTNM to send a Mobile Node Authentication Request (MNARq) when one<br />
or more then one of the following events are detected:<br />
• the current AAA state was lost due to: (re)booting, crashing, etc.<br />
• expiration of authorization lifetime<br />
• the AAA domain is changed because of an hand-over (inter domain HO)<br />
At the time of registration the URP sends the Mobile Node Authentication Request message (MNARq) to<br />
the attendant on the access router. The information contained in an MNARq is local/internal i.e. residing<br />
in an configuration file on the MN e.g. NAI.<br />
Other information that is used by URP is some external information e.g. the challenge taken from a<br />
Router (Attendant) Advertisement. This information is added into the MNARq to avoid reply attacks.<br />
The attendant responds to MNARq with MNARp<br />
The MN carries out the following actions upon receiving an MNARp:<br />
• check that < AAAC.h-MAC > is correct using the SK[MN-AAAC.h]; if not drop the whole<br />
message<br />
• process the AAA Result-Code, HA-Result-Code<br />
• set up timers for being able to tell when the session identified by the Session-Id is over<br />
• set up SA the MN-Attendant SA (using key material in Att-DH-PV)<br />
In case of errors (transport-mechanism-related, AAA-related, mobile-IPv6-related) an exponential backoff<br />
approach for resending packets is used. As this method does not use too much resources (bandwidth)<br />
for sending requests.<br />
The information about the internal states / info related to MNARq / MNARp signalling must be made<br />
available; especially to be able to generate the SAs.<br />
The AVPs exchanged between the AAAC.h and the MN are always authenticated by computing an<br />
HMAC-MD5 over them using SK[MN-AAAC.h]<br />
4.5.2.2 Attendant<br />
Attendant is a diameter specific module in the access router. The Attendant comprises a module of<br />
software that implements the AAA signalling and a set of routing policies; some of these policies are set<br />
up as a consequence of the AAA signalling.<br />
Registration<br />
protocoll<br />
handler<br />
ATTENDANT<br />
AAAC protocol<br />
handler<br />
AAAC<br />
Server<br />
Mapper, Mediator, Event gen.<br />
AAAC client<br />
Attendant<br />
log<br />
Session<br />
Status<br />
Trigger,<br />
remove<br />
S.A.<br />
Configure,<br />
Meter data<br />
Security<br />
Manager<br />
Metering<br />
Figure 82: The attendant<br />
D0103v1.doc 111 / 168