Diameter NASreq (RFC 4005) and RADIUS Compatibility - PowerPoint PPT Presentation

About This Presentation
Title:

Diameter NASreq (RFC 4005) and RADIUS Compatibility

Description:

Diameter NASreq (RFC 4005) and RADIUS Compatibility draft-mitton-diameter-radius-vsas-01.txt David Mitton RSA Security Inc. Overview Diameter designed to be upwards ... – PowerPoint PPT presentation

Number of Views:85
Avg rating:3.0/5.0
Slides: 15
Provided by: dmi125
Learn more at: https://www.ietf.org
Category:

less

Transcript and Presenter's Notes

Title: Diameter NASreq (RFC 4005) and RADIUS Compatibility


1
Diameter NASreq (RFC 4005) and RADIUS
Compatibility
draft-mitton-diameter-radius-vsas-01.txt
  • David MittonRSA Security Inc.

2
Overview
  • Diameter designed to be upwards compatible with
    RADIUS
  • There will be encodings in Diameter that are not
    expressible in RADIUS
  • Most RADIUS attributes are supported in RFC 4005,
    exceptions are noted in Section 9.
  • Difficulty arises with Vendor Specific Attributes
    (VSAs)

3
Problems
  • RADIUS VSA typical practice involves unknown
    formats for sub-types and lengths. Gateway must
    know format to translate
  • RFC 4005 Section 9.6 only works for some RADIUS
    VSAs
  • Imposes limitations on Vendor type space
  • Diameter VS AVPs must be restrained to fit into
    RADIUS
  • Diameter AVP type space larger than RADIUS
    suggested format
  • Diameter AVP data can be longer
  • Diameter AVPs have flags

4
RADIUS VSAs vs Diameter Vendor Specific AVPs
RADIUS VSA format
Suggested format
Length8 ! 24
Type 8 ! 32
Diameter Vendor AVP format
5
Goals
  • Provide a mapping that allows bidirectional
    communication through a translating gateway
    system or bilingual server
  • Minimize special cases and vendor specific
    knowledge in gateways
  • Allow mix of Diameter and RADIUS speaking
    equipment and servers that dont use different
    AVPs for same information

6
Proposal
  • draft-mitton-diameter-radius-vsas-01.txt
  • Translate RADIUS VSAs as Diameter AVP 26. This
    is NOT as described in RFC 4005 Sect 9.6
  • Translate Diameter VS AVPs to a new RADIUS
    attribute.

7
RADIUS VSAs as Diameter AVP 26
  • No transformation of attribute data Avoids
    vendor specific knowledge which allows
    transparent pass-through
  • Only end clients servers need to know inner
    format
  • No additional encoding overhead
  • Length must be constrained to RADIUS limits.

8
Proposed RADIUS VSA to Diameter AVP 26 mapping
RADIUS VSA
Diameter AVP 26
9
Diameter Vendor Specific AVPsin a RADIUS
attribute
  • Add a new RADIUS attribute
  • Provide fields of the proper length
  • Define fragmentation and aggregation
  • Similar to EAP message attribute
  • Add segment number for concatenation
  • Suppress redundant VID and VType on non-first
    segment

10
Proposed RADIUS Diameter VS Attribute
Diameter Vendor Attribute
RADIUSDiameter VSA
11
Affects Documents
  • Changing Diameter Vendor EncapsulationAffects
    Diameter Base RFC 3588, and Diameter NAS
    Application RFC 4005
  • Specify RADIUS format of Diameter TLVsAffects
    RADIUS document ???Need to make one !

12
Generic Diameter AVP to RADIUS Attribute
  • While were at it, why not define a way to map
    Diameter AVPs (Type gt 255) to RADIUS and vice
    versa.
  • Use same format as VS mapping without Vendor stuff

13
Proposed RADIUS Diameter AVP Attribute
Diameter Vendor Attribute
RADIUSDiameter VSA
14
Conclusion
  • If we get rid of the RADIUS VSAs transformation
    in RFC 4005 Section 9 and add AVP 26 can transit
    Diameter with no transformational knowledge or
    loss of data
  • Add a RADIUS attribute to hold Diameter VS and
    regular AVPs
  • The two vendor spaces end up independent, but can
    be used by either.
Write a Comment
User Comments (0)
About PowerShow.com