tf-mobility meeting

TF-Mobility meeting

6 June 2004

AgendaTF-Mobility Meeting, June 6 2004

• Welcome and Update on TF-Mobility to date • Discussion on the draft Deliverable H• Discussion on the draft Deliverable I • Discussion on the draft Deliverable L• Taskforce closure - items to be completed

– Remaining deliverables – End of taskforce Report– New Taskforce charter

• Update on NREN national roaming developments - contributions from group– UK Location Independent Networking Update - James Sankar– SURFnet Update - Klaas ?– DFN Update - Juergen ?– others

TF-Mobility Meeting

Deliverable H discussion and approval

– Draft version online in June 2004– Is the content written generally agreed by all? – Please confirm approval.

TF-Mobility Meeting

Deliverable I

– Draft version should be online shortly– Is the policy document generally agreed by all? – Please provide comments and confirm approval

by the mailing list

TF-Mobility Meeting

Deliverable L

– Draft version being written.– Please provide comments by the mailing list.

New TF-Mobility charter

Terms of Reference for TF-Mobility (v2).

• “to continue existing TF-Mobility work to develop roaming services for mobile devices using network access technologies already

deployed (or planned) in the national research and education networks (NRENs) involved in the task force in close cooperation with the

Géant2 joint research activity JRA5 (Ubiquity (Mobility) and Roaming Access to Services).”

Work will be undertaken to review work produced to date and to give consideration for new work areas as follows

(1) To extend roaming service access beyond NRENs to other networks;(2) To develop securer, more flexible and more accountable roaming

services by investigating and testing system integration with other Authentication, Authorisation and Accounting solutions.

New TF-Mobility charter• The Task Force will be open to any individual or representative of an organisation that

can offer appropriate expertise, manpower, equipment or services. Participation will be on a voluntary basis.

• The Task Force will operate with a 2 year mandate, starting 1 July 2004 . A report on

the progress of the Task Force and the results achieved will be made at the TERENA Networking Conference 2005.

• The mandate of the Task Force may be renewed by the TERENA Technical Committee (TTC). If the mandate is not renewed, the Task Force will be dissolved. The Task Force may also be dissolved if the TTC considers that it is making insufficient progress or that its activities are no longer useful or relevant, or if the Task Force co-chairs resign and no replacement can be found.

• The Task Force will meet approximately four times per year (although this may be via

telephone or videoconference). Physical meetings will be held at the TERENA Secretariat offices in Amsterdam or at other locations, taking care to reduce overall costs to participants.


Focus • To gather input from the community at large on developing and scaling inter-NREN

roaming services to be fed into JRA5.• To disseminate JRA5 results with respect to inter-NREN roaming services to the

community at large.• To investigate and pilot new technologies for mobility that are (currently) beyond the

realm of JRA5.

Aims

• 2.1. ESTABLISH A FORUM:– Provide a forum for exchanging experiences and knowledge;– Make the results of the work of the Task Force and JRA5 available to the research networking

community;– Promote the benefits of the technology and assist in the roll out of national roaming

infrastructures.


Aims (continued)

• 2.2 DEVELOP A TECHNICAL KNOWLEDGE BASE ON ROAMING:

– Continue the work of the TF-Mobility group to provide details of Wireless Access Points and Wireless Client performance and interoperability issues and consider other network access devices (e.g. PDAs) and wired network access;

– Use the mailing list as a means of keeping up to date on roaming technology developments, new standards, new issues;

– Gather information from two above items to produce an approved source of information on the market, products, standards and issues similar to a market/technology appraisal.


Aims (continued)

• CONTINUE WORK ON THE CURRENT INTER-NREN ROAMING:

– Continue testing and scaling the current and emerging inter-NREN roaming architectures (RADIUS hierarchy & CASG);

– Review and update the current and emerging national roaming solutions (e.g. Web-based, RADIUS+802.1x, VPN) taking place in NRENs across Europe both in and outside JRA5 and elsewhere;

– Revise and update the elements for an inter-NREN WLAN architecture based on current national roaming solutions and emerging roaming developments (2.3.2);

– Amend and test (as necessary) on the existing inter-NREN test bed architecture amongst the participant NRENs, consider technical support services and changes to existing policies.

• CONSIDER THE IMPACT OF FUTURE DEVELOPMENTS ON ROAMING

– Identify the determine impact of new and emerging standards such as MobileIP, IPv6 and QoS on roaming;

– Consider the impact of QoS and new applications on roaming services;– Investigate and survey the needs of roaming users and participating NRENs and their

institutions on future roaming needs;– Undertake a risk analysis of the impact of future developments on roaming.


Deliverables

– D1. An knowledge base of information that relates to network access, roaming and security issues. A summary report of discussions should be produced every six months listed issues raised, those resolved and those outstanding and reasons why it is so.

– D2. Scale and where necessary upgrade / integrate the current roaming infrastructures with reports on progress.

– D3. Create a service support area for the current roaming services that contains the following

• D3.1 - Current Roaming policies.• D3.2 - Current best practice• D3.3 - An online map of participating NRENs and their institutions with

details of each institution's campuses that support roaming with details of their network access methods, SSID, Local AUP (ideally each NREN should be responsible for their own area).


Deliverables

– D4 - Create an online form for roaming users to provide feedback on their experiences of roaming at other institutions so that this information can be automatically passed on to the relevant NREN and institution.

– D5 - Details of how to get access to technical support at each NREN for institutions and at TERENA / SURFNET for NRENs.

– D6 - Produce a forward look document that outlines a way forward to develop roaming over the next 1-2 years, this will include the updated requirements coming from JRA5, lessons learnt from the current development work, a SWOT analysis and a risk analysis based on current and future needs and advances in new technologies, protocols and standards.

– New deliverables may be added as the Taskforce sees fit.

TF-Mobility End of taskforce report

• Draft version in progress• Welcome contributions from NRENs on national

roaming developments• Initial review by TERENA and Co-chairs• Circulation to mailing list• Final version submitted to TERENA

Update on roaming in the UK

The Location Independent Networking

infrastructure

Recommended Technical Solution:

National Proxy RADIUS Hierarchy

To support a wired and wireless (web, 802.1X, Roamnode) network access solutions

JANET Co-location

JANET Co location

Organisational RADIUS Server

B


B


A


A


D


D


C


C

National RADIUS

Proxy Server

National RADIUS

Proxy Server

National RADIUS

Proxy Server

National RADIUS

Proxy ServerLogical Connections

Technical information• Top Tier (Provided by UKERNA)

– Two RADIUS servers for resilience at JANET co-locations.– These national servers will be connected to the European RADIUS servers for “inter-

NREN” roaming prior to the trial.– RADIATOR RADIUS server software has been chosen.– Each National RADIUS server and organisational RADIUS server to be connected with a

separate shared secret.

• Lower Tier (Provided by JANET organisations)

– Each participating organisation requires a RADIUS server but is no mandated to use specific hardware or software.

– Case studies and sample RADIUS configurations will be made available to trial participants.

– Participants will use either wired, or wireless (web, 802.1X, Roamnode) network access methods.

– RADIUS user Credentials based on “username@realm” and a password.

Organisational RADIUS ServerOrganisational RADIUS Server

Top-level RADIUS

Proxy Server

Top-level RADIUS

Proxy Server





National RADIUS

Proxy Server

National RADIUS

Proxy Server

National RADIUS

Proxy Server

National RADIUS

Proxy Server

University of Southampton

Currently hosted at SURFnet

Currently linked to FCCN, Portugal

Currently linked to CARNET, Croatia

BackupTop-level RADIUS

Proxy Server


Proxy Server

etlr1.radius.terena.nl (192.87.36.6)

etlr2.radius.terena.nl (195.169.131.2)Organisational RADIUS ServerOrganisational RADIUS Server

National RADIUS

Proxy Server

National RADIUS

Proxy Server


Currently linked to SURFnet, Netherlands

National RADIUS

Proxy Server

National RADIUS

Proxy Server



Currently linked to FUNET, Finland

RADIUS proxy hierarchy established to date

National RADIUS

Proxy Server

National RADIUS

Proxy Server


FOKUS (Berlin)

National RADIUS

Proxy Server

National RADIUS

Proxy Server

Currently linked to DFN, Germany

1 site

199 sites

20 sites

1 site

Sites currently connected

Organisational RADIUS Servers


Top-level RADIUS

Proxy Server

Top-level RADIUS

Proxy Server





National RADIUS

Proxy Server

National RADIUS

Proxy Server

National RADIUS

Proxy Server

National RADIUS

Proxy Server





Proxy Server


Proxy Server


etlr2.radius.terena.nl (195.169.131.2)Organisational RADIUS ServerOrganisational RADIUS Server

National RADIUS

Proxy Server

National RADIUS

Proxy Server



National RADIUS

Proxy Server

National RADIUS

Proxy Server




RADIUS proxy hierarchy once the LIN trial is established…

National RADIUS

Proxy Server

National RADIUS

Proxy Server


FOKUS (Berlin)

National RADIUS

Proxy Server

National RADIUS

Proxy Server

National RADIUS

Proxy Server

National RADIUS

Proxy Server













Top-level RADIUS

Proxy Server

Top-level RADIUS

Proxy Server





National RADIUS

Proxy Server

National RADIUS

Proxy Server

National RADIUS

Proxy Server

National RADIUS

Proxy Server





Proxy Server


Proxy Server


National RADIUS

Proxy Server

National RADIUS

Proxy Server



National RADIUS

Proxy Server

National RADIUS

Proxy Server



National RADIUS

Proxy Server

National RADIUS

Proxy Server


FOKUS (Berlin)

National RADIUS

Proxy Server

National RADIUS

Proxy Server

National RADIUS

Proxy Server

National RADIUS

Proxy Server







RADIUS proxy hierarchy once the LIN trial is established…


LIN Policies

Policy• Policy is essential to establish a “network of trust”• Policy is being drafted for the trial, key items agreed include

– The guest user must abide by their home organisation AUP and respect the visited organisation AUP.

– The home organisation is responsible for educating its users on the LIN trial service (e.g. process for acquiring technical support) and their own users actions at visited organisations.

– The visited organisation must advertise services that support LIN and the level of security supported and ideally details of the local AUP.

– The visited organisation can enforce their own local site policies.– The “technical support” organisation will act as a single point of contact to

manage operational issues such as queries, faults, security issues etc.

• European Policy is currently being drafted for participation to the European RADIUS hierarchy, national policy is being drafted to comply with this.

Project Progress Update

Technical Support services

• Dedicated website– Info about the trial– Password area for

participants• Status of national

servers• Sample RADIUS

configurations• Case studies from proof

of concept triallists• Technical support info• (tel. email etc.)

• Dedicated telephone support– In operation during

normal business hours.– Answer phone for out

of hours.

• Email– Email address– Restricted mailing list

for participants

Handling queries from site contacts, not end users.

Project Milestones

Milestones Status

Finalise LIN Architecture document

(includes LIN infrastructure & policy)

June 2004

Agree contracts and distribute funds June 2004

Procure equipment and build RADIUS servers June/July 2004

Complete proof of concept tests September 2004

Issue Call for participation September 2004

Select participants and distribute funds Oct 2004

National Trial - Go Live Jan 2005

tf-mobility meeting

Documents

tfmobility meeting6

tfmobility v2

new tfmobility charterfocus

existing tfmobility

agendatfmobility meeting

roaming access

task force cochairs

accountable roaming