Data Model for Network Access

1
Data Model for Network Access

• 49th IETF
• AAA Working Group
• David Spence
• Interlink Networks

2
draft-spence-aaa-nas-data-model-00.txtData Model
for Network Accesshttp//www.interlinknetworks.c
om/otherdocs/nasmodel.html
John Vollbrecht
David Spence David Durham
Bob Kopacz Walter Weiss David Harrington Amol Kulkarni
Interlink Networks Ellacoya Networks Enterasys Networks Intel Corporation
3
Introduction

• Data modeling input was requested by the Chair.
• Modeling allows consistent information to be
  shared across protocols.
• This presentation describes a data model for a
  RADIUS NAS that is compatible with SMIng and can
  be used with DIAMETER, COPS, and SNMP protocols.
• The model complements the SMIng to DIAMETER
  mapping proposed in draft-schoenw-sming-diameter-0
  0.txt.

4
Standardization
NASes Data
Information
MIB
Cisco 010101 110110
B
C
A
D
UML ABCDE
Intel 1010101 1110101
PIB
B
Enterasys 1100101 1010001
C
A
E
5
Whats in the Draft

• UML Model (Information)
• Modeled a NAS
• Started with the RADIUS attribute set
• Grouped the RADIUS attributes into classes by
  service
• PIB Model (Data)
• Used the model to create a Policy Information
  Block (PIB)
• The PIB is a concrete instantiation of the model
  using SPPI.
• Issues Raised
• Modeling issues
• RADIUS issues

6
UML Data Model for Network Access
7
UML Data Model for Network Access Access Request
Messages
8
UML Data Model for Network Access Access Accept
Messages
9
UML Data Model for Network Access Access Reject
Messages
10
UML Data Model for Network Access Accounting
Request Messages
11
The RADIUS PIB

• The PIB provides a formal notation.
• requested by draft-ietf-aaa-issues-04.txt
• When implemented, various tools share a
  consistent view of the data.
• Real-time monitoring sees same data as AAA server
  log
• Diameter for auth/auth with SNMP for accounting
• Facilitates adding new services in the future

12
Some Issues Raised by the Study

• The Place of Accounting
• Overloading of RADIUS Attributes
• The Place of Multilink
• The Relation Between Sessions and Supersessions
• Management of the Multilink Service
• More issues discussed in section 3 of the draft

13
Application to Diameter

• Option A SMIng to Diameter mapping
• Use the SMIng to Diameter protocol mapping
  proposed by Juergen Schoenwaelder in
  draft-schoenw-sming-diameter-00.txt.
• Option B UML to Grouped AVPs
• Using the UML model as a reference, define a set
  of Grouped type AVPs to carry the objects
  identified. The grouped AVPs contain sets of
  simple AVPs as currently defined. The PIB serves
  as the formal notation. It MAY be implemented in
  the NAS (but need not).
• Option C PRC AVP
• Define a PRC AVP in Diameter. Each PRC AVP
  would contain a single PRC object, SPPI (or
  SMIng) encoded, identified by PRID. A Diameter
  message would consist of a set of one or more PRC
  AVPs plus perhaps other AVPs such as Timestamp,
  Nonce, Integrity-Check-Value.

14
Future work

• Refine the model.
• Some classes should be subdivided.
• The authentication classes should be broken down
  by message type.
• Idealize the model (get away from RADIUS
  constraints).
• Multipoint
• Accounting
• Convert the PIB into an SMIng MIB

15
Where to Find the Model

• Both the draft
• draft-spence-aaa-nas-data-model-00.txt
• Data Model for Network Access
• and the graphical UML model can be downloaded
  from
• http//www.interlinknetworks.com/otherdocs/nasmode
  l.html