diff options
author | Thomas Voss <mail@thomasvoss.com> | 2024-11-27 20:54:24 +0100 |
---|---|---|
committer | Thomas Voss <mail@thomasvoss.com> | 2024-11-27 20:54:24 +0100 |
commit | 4bfd864f10b68b71482b35c818559068ef8d5797 (patch) | |
tree | e3989f47a7994642eb325063d46e8f08ffa681dc /doc/rfc/rfc2194.txt | |
parent | ea76e11061bda059ae9f9ad130a9895cc85607db (diff) |
doc: Add RFC documents
Diffstat (limited to 'doc/rfc/rfc2194.txt')
-rw-r--r-- | doc/rfc/rfc2194.txt | 1963 |
1 files changed, 1963 insertions, 0 deletions
diff --git a/doc/rfc/rfc2194.txt b/doc/rfc/rfc2194.txt new file mode 100644 index 0000000..90592c8 --- /dev/null +++ b/doc/rfc/rfc2194.txt @@ -0,0 +1,1963 @@ + + + + + + +Network Working Group B. Aboba +Request for Comments: 2194 Microsoft +Category: Informational J. Lu + AimQuest Corp. + J. Alsop + i-Pass Alliance + J. Ding + Asiainfo + W. Wang + Merit Network, Inc. + September 1997 + + + Review of Roaming Implementations + +1. Status of this Memo + + This memo provides information for the Internet community. This memo + does not specify an Internet standard of any kind. Distribution of + this memo is unlimited. + +2. Abstract + + This document reviews the design and functionality of existing + roaming implementations. "Roaming capability" may be loosely defined + as the ability to use any one of multiple Internet service providers + (ISPs), while maintaining a formal, customer-vendor relationship with + only one. Examples of cases where roaming capability might be + required include ISP "confederations" and ISP-provided corporate + network access support. + +3. Introduction + + Considerable interest has arisen recently in a set of features that + fit within the general category of "roaming capability" for Internet + users. Interested parties have included: + + Regional Internet Service Providers (ISPs) operating within a + particular state or province, looking to combine their efforts + with those of other regional providers to offer service over a + wider area. + + National ISPs wishing to combine their operations with those of + one or more ISPs in another nation to offer more comprehensive + service in a group of countries or on a continent. + + Businesses desiring to offer their employees a comprehensive + package of access services on a global basis. Those services may + + + +Aboba, et. al. Informational [Page 1] + +RFC 2194 Review of Roaming Implementations September 1997 + + + include Internet access as well as secure access to corporate + intranets via a Virtual Private Network (VPN), enabled by + tunneling protocols such as PPTP, L2F, or L2TP. + + What is required to provide roaming capability? The following list + is a first cut at defining the requirements for successful roaming + among an arbitrary set of ISPs: + + Phone number presentation + Phone number exchange + Phone book compilation + Phone book update + Connection management + Authentication + NAS Configuration/Authorization + Address assignment and routing + Security + Accounting + + In this document we review existing roaming implementations, + describing their functionality within this framework. In addition to + full fledged roaming implementations, we will also review + implementations that, while not meeting the strict definition of + roaming, address several of these problem elements. These + implementations typically fall into the category of shared use + networks or non-IP dialup networks. + +3.1. Terminology + + This document frequently uses the following terms: + + + home ISP This is the Internet service provider with whom the user + maintains an account relationship. + + + local ISP This is the Internet service provider whom the user calls + in order to get access. Where roaming is implemented the local + ISP may be different from the home ISP. + + + phone book + This is a database or document containing data pertaining to + dialup access, including phone numbers and any associated + attributes. + + + + + + +Aboba, et. al. Informational [Page 2] + +RFC 2194 Review of Roaming Implementations September 1997 + + + shared use network + This is an IP dialup network whose use is shared by two or + more organizations. Shared use networks typically implement + distributed authentication and accounting in order to + facilitate the relationship among the sharing parties. Since + these facilities are also required for implementation of + roaming, implementation of shared use is frequently a first + step toward development of roaming capabilities. In fact, one + of the ways by which a provider may offer roaming service is + to conclude shared use agreements with multiple networks. + However, to date the ability to accomplish this has been + hampered by lack of interoperability among shared use + implementations. + + non-IP dialup network + This is a dialup network providing user access to the member + systems via protocols other than IP. These networks may + implement phone book synchronization facilities, in order to + provide systems, administrators and users with a current list + of participating systems. Examples of non-IP dialup networks + supporting phone book synchronization include FidoNet and + WWIVnet. + +4. Global Reach Internet Consortium (GRIC) + + Led by a US-based Internet technology developer, AimQuest + Corporation, ten Internet Service Providers (ISPs) from the USA, + Australia, China, Japan, Hong Kong, Malaysia, Singapore, Taiwan, and + Thailand formed the Global Reach Internet Connection (GRIC) in May, + 1996. The goals of GRIC were to facilitate the implementation of a + global roaming service and to coordinate billing and settlement among + the membership. Commercial operation began in December of 1996, and + GRIC has grown to over 100 major ISPs and Telcos from all over the + world, including NETCOM, USA; KDD and Mitsubishi, Japan; iStar, + Canada; Easynet, UK; Connect.com, Australia; Iprolink, Switzerland; + Singapore Telecom; Chunghwa Telecom, Taiwan; and Telekom Malaysia. + Information on GRIC is available from http://www.gric.net/. + + In implementing their roaming service, GRIC members have chosen + software developed by AimQuest. AimQuest Corporation's roaming + implementation comprises the following major components: the + AimTraveler Authentication Server (AAS), the AimTraveler Routing + Server (ARS), and the AimQuest Internet Management System (AIMS), + software designed to facilitate the billing process. Information on + the AimQuest roaming implementation is available from + http://www.aimquest.com/. + + + + + +Aboba, et. al. Informational [Page 3] + +RFC 2194 Review of Roaming Implementations September 1997 + + + The AimTraveler Authentication Server (AAS) runs at each member ISP + location, and handles incoming authentication requests from NAS + devices and other AASes. The AimTraveler Routing Server (ARS) can run + anywhere. A single routing server can be used where centralized + routing is desired, or multiple routing servers can be run in order + to increase speed and reliability or to gateway to networks of + particularly large partners. + + The first version of the AimTraveler software, deployed by AimQuest + in May, 1996, supported direct authentication between members of the + roaming consortium, but as GRIC grew, management of the relationships + between the authentication servers became a problem. In August. 1996, + AimQuest began development of the AimTraveler Routing Server (ARS) in + order to improve scalability. + + The routing server is comprised of two elements: The Central + Accounting Server and the Central Routing Server. The Central + Accounting Server collects all the roaming accounting data for + settlement. The Central Routing Server manages and maintains + information on the authentication servers in the roaming consortium. + Adding, deleting, or updating ISP authentication server information + (e.g. adding a new member ISP) may be accomplished by editing of a + configuration file on the Central Routing Server. The configuration + files of the AimTraveler Authentication Servers do not need to be + modified. + + The AimTraveler Authentication and Routing Servers are available for + various UNIX platforms. Versions for Windows NT are under + development. The AimTraveler Authentication Server supports both the + UNIX password file and Kerberos. + + The AimQuest Internet Management System (AIMS) is designed for large + ISPs who need a centralized management system for all ISP operations, + including sales, trouble-ticketing, service, and billing. AIMS + produces usage and transaction statement reports, and includes a + settlement module to produce settlement/billing reports for the + roaming consortium members. Based on these reports, the providers + charge their ISP/roaming customers, and pay/settle the roaming + balance among the providers. AIMS currently runs on + Sun/Solaris/Oracle. A version for Windows NT and SQL Server is + expected to become available in Q4 1996. + +4.1. Phone number presentation + + Currently there are two principal methods by which GRIC users can + discover available phone numbers: a Web-based directory provided by + the GRIC secretariat, and a GRIC phone book client on the user PC + with dialing capability. + + + +Aboba, et. al. Informational [Page 4] + +RFC 2194 Review of Roaming Implementations September 1997 + + +4.1.1. Web based directory + + A directory of GRIC phone numbers is available on the GRIC home page, + http://www.gric.com/. The list of numbers is arranged by country and + provider. For each provider within a country, this directory, + provided in the form of a table, offers the following information: + + Provider address, voice phone and fax + Customer support phone number + Provider domain name + Primary Domain Name Server + Secondary Domain Name Server + Dial-up IP Address + News server + Web page + POP phone numbers (i.e. 1-408-366-9000) + POP locations (i.e. Berkeley) + Proxy addresses + Dialer configuration + + In order to discover phone numbers using the Web-based directory, it + is expected that users will be online, and will navigate to the + appropriate country and provider. They then look up the number and + insert it into the AimQuest Ranger dialer. + +4.1.2. GRIC phone book client + + The GRIC phone book client software provides for phone book + presentation as well as automated updating of phone numbers. The + GRIC phone book includes a list of countries, states, cities and + area/city codes, as well as detailed provider information, including + the cutomer support phone number, and Internet server configuration + info. The Phone book, developed with Java, is available for download + from the AimQuest Web site: + + http://www.aimquest.com/dialer.html + +4.2. Phone number exchange + + GRIC members submit information both about themselves and their POPs + to the GRIC secretariat, which is run by AimQuest. The GRIC + secretariat then compiles a new phone book and provides updates on + the GRIC FTP and Web servers. + + GRIC users then download the phone numbers either in Windows .ini + file format or in HTML. + + + + + +Aboba, et. al. Informational [Page 5] + +RFC 2194 Review of Roaming Implementations September 1997 + + +4.3. Phone book compilation + + GRIC phone books are compiled manually, and represent a concatenation + of available numbers from all the members of the roaming consortium, + with no policy application. As new POPs come online, the numbers are + forwarded to GRIC, which adds them to the phone book servers. + +4.4. Phone book update + + Phone numbers in the GRIC phone book client are updated automatically + upon connection. The AimTraveler server includes an address book + which contains the phone numbers of all the roaming consortium + members. + +4.5. Connection management + + The AimTraveler software supports SLIP and PPP, as well as PAP and + CHAP authentication. + +4.6. Authentication + + GRIC implements distributed authentication, utilizing the user's e- + mail address as the userID (i.e. "liu@Aimnet.com") presented to the + remote NAS device. + + After the initial PPP authentication exchange, the userID, domain, + and pasword information (or in the case of CHAP, the challenge and + the response) are then passed by the NAS to the AimTraveler + Authentication Server which supports both TACACS+ and RADIUS. + + If the authentication request comes from a regular customer login, + normal user id and password authentication is performed. If the user + requesting authentication is a "roamer," (has a userID with an @ and + domain name), the authentication server sends an query to the closest + routing server. When AimTraveler Routing Server receives the + authentication request, it first authenticates the AAS sending the + request, and if this is successful, it checks its authentication + server table. If it is able to match the domain of the user to that + of a "Home ISP", then the Home ISP authentication server's routing + information are sent back to the local ISP's authentication server. + Based on the information received from the routing server, the AAS + makes an authentication request to the user's Home ISP AAS for user + id and password verification. + + If the user is a valid user, the Home ISP authentication server sends + a "permission granted" message back to the Local ISP authentication + server. The Local ISP authentication server then requests the NAS to + grant the user a dynamic IP address from its address pool. If the + + + +Aboba, et. al. Informational [Page 6] + +RFC 2194 Review of Roaming Implementations September 1997 + + + username or password is incorrect, the Home ISP AAS will send a + rejection message to the Local ISP AAS, and the user will be dropped + by the NAS. + + If multiple routing servers are installed, and the query to the first + routing server does not result in a match, the query is forwarded to + the next routing server. The server queries are cached on the routing + servers, improving speed for repeated queries. The cache is sustained + until a routing server table entry is updated or deleted. Updating + or deleting results in a message to all neighbor routing servers to + delete their caches. + + The local authentication server also receives the accounting data + from the NAS. If the data is for a regular customer login, the data + is written to the Local ISP AAS log file. If the data is for a + "roamer," the data is written to three places: the Local ISP AAS log + file, the Home ISP AAS log file, and the ARS log file. + + If the local ISP authentication server has caching turned on, then it + will cache information on Home ISP authentication server + configurations sent by the routing server. This means that if the + same domain is queried again, the local authentication server does + not need to query the routing server again. The local cache is + cleared when the local authentication server receives an update + message from the routing server or system manager. + +4.7. NAS Configuration/Authorization + + AimTraveler is comprised of two components, a Client(AAS) and a + Server(ARS). + + The AimTraveler Client acts as the PPP dial-up authentication server. + When it detects an '@' sign in the userID field, it queries the + AimTraverler Server for routing information, then forwards the + authentication request to user's home authentication server. The + AimTraveler Server, a centralized routing server, contains the + authorized ISP's domain name, authentication servers and other + information. + + The AimTraveler currently supports RADIUS and TACACS+, and could be + extended to support other authentication protocols. It also receives + all the accounting records, which are subsequently used as input data + for billing. + + Since ISPs' NAS devices may be configured differently, the attributes + returned by the home ISP AAS are discarded. + + + + + +Aboba, et. al. Informational [Page 7] + +RFC 2194 Review of Roaming Implementations September 1997 + + +4.8. Address assignment and routing + + All addresses in GRIC are assigned dynamically from within the + address pool of the local ISP. Static addresses and routed LAN + connections will be considered in the future, when GRIC offers + corporate roaming service, with the implementation of tunneling + protocols + +4.9. Security + + The user's password is hashed with MD5 before being sent from the + Local ISP AAS to the Home ISP AAS. An encryption key is shared + between the AAS and ARS. The current version of AimTraveler AAS does + not support token cards or tunneling protocols. + +4.10. Accounting + + The AimTraveler Authentication Server (AAS) software can act as + either a RADIUS or TACACS+ accounting server. When accounting + information is received from the NAS, the local AimTraveler + Authentication Server (AAS) sends accounting data (user name, domain + name, login time) to both the Central Accounting Server (part of the + ARS) and the user's Home ISP AimTraveler authentication server. In + the case of GRIC, the Central Accounting Server is run by AimQuest. + + The data sent to the central accounting server and home ISP are + identical except for the form of user id and time stamp. For a + traveler whose home ISP is in the US, but who is traveling in Japan, + the Local (Japanese) ISP AimTraveler authentication server will + receive an accounting record timestamped with Japan time while the + Home (US) ISP AimTraveler authentication server will receive an + accounting record timestamped with the appropriate US timezone. + + The accounting data includes 2 new attributes for settlement + reporting: + + Attribute Number Type + --------- ------ ---- + + Roaming-Server-ID 101 string + Isp-ID 102 string + + The Roaming-Server-ID attribute identifies the AAS sending the + authentication request. The Isp-ID attribute identifies the local + ISP. Using this information the home ISP can track the roaming + activities of its users (where their users are logging in). + + + + + +Aboba, et. al. Informational [Page 8] + +RFC 2194 Review of Roaming Implementations September 1997 + + + The AimTraveler Server running at AimQuest keeps a record of all + roaming transactions, which are used as input to the settlement and + billing process. At the end of each month, AimQuest provides a + roaming transaction summary to GRIC members using AIMS. The AIMS + software is configurable so that it takes into account the settlement + rules agreed to by GRIC members. + +5. i-Pass implementation + +5.1. Overview + + i-Pass Alliance Inc., based in Mountain View, California, has + developed and operates a commercial authentication and settlement + clearinghouse service which provides global roaming between Internet + service providers. The service is fully operational. + + i-Pass Alliance Inc. has additional offices in Toronto, Singapore, + and London. More information on i-Pass can be obtained from + http://www.ipass.com. + + The i-Pass network consists of a number of servers that provide + real-time authentication services to partner ISPs. Authentication + requests and accounting records for roaming users are encrypted and + sent to an i-Pass serverwhere they are logged, and then forwarded to + a home ISP for authentication and/or logging. + + Periodically, i-Pass reconciles all accounting records, generates + billing statements, and acts as a single point for collecting and + remitting payments. + + i-Pass provides its service only to ISPs and channel partners. It + does not attempt to establish a business relationship with + individual-user customers of an ISP. + +5.2. Access Point Database (APD) + + i-Pass maintains a list of roaming access points in an Oracle + database. This list is searchable by geographical region using a Web + browser, and may be downloaded in its entirety using FTP. The + information stored for each access point includes: + + Name of service provider + Country + State or Province + City or Region + Telephone number + Technical support phone number + Service types available + + + +Aboba, et. al. Informational [Page 9] + +RFC 2194 Review of Roaming Implementations September 1997 + + + Technical information (help file) + Service pricing information + + The Access Point Database is maintained by i-Pass staff, based on + input from i-Pass partners. + +5.3. Phone number presentation + + ni-Pass has developed a Windows application wth a simple point and + click interface called the "i-Pass Dial Wizard", which assists end- + users in selecting and connecting to a local Internet access point. + + The Dial Wizard allows users to first select the country in which + they are roaming. A list of states, provinces, or other regions in + the selected country is then presented. Finally a list of access + points within the state or province is presented. The Dial Wizard + displays the city name, modem phone number, and price information for + each access point within the state or region. + + When the user selects the desired access point, a Windows 95 "DialUp + Networking" icon is created for that access point. If there is a + login script associated with the access point, the DialUp Scripting + tool is automatically configured. This means that end-users never + have to configure any login scripting requirements. + + The Dial Wizard has a built-in phonebook containing all the i-Pass + access points. The phonebook may be automatically refreshed from a + master copy located onISPs web site. + + The Dial Wizard is provided free of charge to i-Pass partners. i- + Pass also provides the i-Pass Dial Wizard Customization Kit which + allows ISP partners to generate customized versions of the Dial + Wizard with their own logo, etc. + +5.4. Authentication + + There are three entities involved in servicing an authentication + request: + + + Local ISP At the local ISP, the authentication server is modified to + recognize user IDs of the form username@auth_domain as being + remote authentication requests. These requests are forwarded + to an i-Pass server. + + + + + + + +Aboba, et. al. Informational [Page 10] + +RFC 2194 Review of Roaming Implementations September 1997 + + + i-Pass Server + The i-Pass server receives the authentication request, logs + it, and forwards it to the home ISP identified by the + auth_domain portion of the user ID. + + Home ISP The home ISP receives the authentication request, performs + authentication using its normal authentication method, and + returns a YES/NO response to the i-Pass server, which in turn + forwards the reply to the originating ISP. + + i-Pass provides software components which run on the authentication + servers of the local and home ISPs. Each member ISP must integrate + these components with the native authentication method being used by + the ISP. To simplify this task, i-Pass has developed "drop-in" + interfaces for the most commonly used authentication methods. At the + date of writing, the following interfaces are supported: + + Livingston RADIUS + Ascend RADIUS + Merit RADIUS + TACACS+ + Xylogics erpcd (Versions 10 and 11) + + A generic interface is also provided which authenticates based on the + standard UNIX password file. This is intended as a starting point + for ISPs using authentication methods other than those listed above. + + The software integration effort for a typical ISP is on the order of + 2-5 man-days including testing. Platforms currently supported + include: + + Solaris 2.5 (Sparc).LI + Solaris 2.5 (Intel) + BSDI + Digital Unix + Linux + FreeBSD + HP/UX + + ISPs may chooe to provide authentication for their end-users roaming + elsewhere, but not to provide access points to the i-Pass network. + In this case the software integration effort is greatly reduced and + can be as little as 1/2 a man-day. + +5.5. Accounting + + Accounting transactions are handled in the same way as authentication + requests. In addition to being logged at the i-Pass servers, + + + +Aboba, et. al. Informational [Page 11] + +RFC 2194 Review of Roaming Implementations September 1997 + + + accounting transactions are sent in real-time to the home ISP. This + is intended to allow ISPs to update users' credit limit information + on a real-time basis (to the extent that this capability is supported + by their billing and accounting systems). + + Settlement is performed monthly. The settlement process involves + calculating the costs associated with each individual session, and + aggregating them for each ISP. A net amount is then calculated which + is either due from i-Pass to the ISP, or from the ISP to i-Pass, + depending on the actual usage pattern. + + The following reports are supplied to member ISPs: + + A Monthly Statement showing summaries of usage, service provided, + and any adjustments along with the net amount owing. + + A Call Detail Report showing roaming usage by the ISP's customers. + + A Service Provided report showing detailed usage of the ISP's + facilities by remote users. + + The above reports are generated as ASCII documents and are + distributed to i-Pass partners electronically, either by e-mail or + from a secure area on the i-Pass web site. Hard-copy output is + available on request. + + The Call Detail Report is also generated as a comma-delimited ASCII + file suitable for import into the ISP's billing database. The Call + Detail Report will normally be used by the ISP to generate end-user + billing for roaming usage. + +5.6. Security + + All transactions between ISPs and the i-Pass servers are + encrypted using the SSL protocol. Public key certificates are + verified at both the client and server. i-Pass issues these + certificates and acts as the Cetificate Authority. + + Transactions are also verified based on a number of other criteria + such as source IP address. + +5.7. Operations + + i-Pass operates several authentication server sites. Each site + consists of two redundant server systems located in secure facilities + and "close" to the Internet backbone. The authentication server + sites are geographically distributed to minimize the possibility of + failure due to natural disasters etc. + + + +Aboba, et. al. Informational [Page 12] + +RFC 2194 Review of Roaming Implementations September 1997 + + + i-Pass maintains a Network Operations Center in Mountain View which + is staffed on a 7x24 basis. Its functions include monitoring the i- + Pass authentication servers, monitoring authentication servers + located at partner facilities, and dealing with problem reports. + +6. ChinaNet implementation + + ChinaNet, owned by China Telecom, is China's largest Internet + backbone. Constructed by Asiainfo, a Dallas based system integration + company, it has 31 backbone nodes in 31 Chinese provincial capital + cities. Each province is building its own provincial network, has + its own dialup servers, and administers its own user base. + + In order to allow hinaNet users to be able to access nodes outside + their province while traveling, a nationwide roaming system has been + implemented. The roaming system was developed by AsiaInfo, and is + based on the RADIUS protocol. + +6.1. Phone number presentation + + Since China Telecom uses one phone number (163) for nationwide + Internet access, most cities have the same Internet access number. + Therefore a phone book is not currently required for the ChinaNet + implementation. A web-based phone book will be added in a future + software release in order to support nationwide ISP/CSP telephone + numbers and HTTP server addresses. + +6.2. Connection management + + The current roaming client and server supports both PPP and SLIP. + + +6.3. Address assignment and routing + + ChinaNet only supports dynamic IP address assignment for roaming + users. In addition, static addresses are supported for users + authenticating within their home province. + +6.4. Authentication + + When user accesses a local NAS, it provides its userID either as + "username" or "username@realm". The NAS will pass the userID and + password to the RADIUS proxy/server. If the "username" notation is + used, the Radius proxy/server will assume that the user is a local + user and will handle local authentication accordingly. If "user- + name@realm" is used, the RADIUS proxy/server will process it as a + roaming request. + + + + +Aboba, et. al. Informational [Page 13] + +RFC 2194 Review of Roaming Implementations September 1997 + + + When the RADIUS proxy/server handles a request from a roaming user, + it will first check the cache to see if the user information is + already stored there. If there is a cache hit, the RADIUS + proxy/server do the local authentication accordingly. If it does not + find user information in its cache, it will act as a proxy, + forwarding the authentication request to the home RADIUS server. + When the home RADIUS server responds, the local server will forward + the response to the NAS. If the user is authenticated by the home + server, the local RADIUS proxy will cache the user information for a + period of time (3 days by default). + + Caching is used to avoid frequent proxying of requests and responses + between the local RADIUS proxy and the home RADIUS server. When the + home RADIUS server sends back a valid authentication response, the + local RADIUS proxy/server will cache the user information for a + period of time (3 days by default). When the user next authenticates + directly against the home RADIUS server, the home RADIUS server will + send a request to the local server or servers to clear the user's + information from the cache. + +6.4.1. Extended hierarchy + + In some provinces, the local telecommunications administration + Provincial ISP) further delegates control to county access nodes, + creating another level of hierarchy. This is done to improve + scalability and to avoid having the provincial ISP databases grow too + large. In the current implementation, each provincial ISP maintains + its own central RADIUS server, including information on all users in + the province, while county nodes maintain distributed RADIUS servers. + For intra-province roaming requests the local RADIUS proxy/server + will directly forward the request to the home RADIUS server. + + However, for inter-province roaming requests, the local RADIUS server + does not forward the request directly to the home RADIUS server. + Instead, the request is forwarded to the central provincial RADIUS + server for the home province. This implementation is suitable only + when county level ISPs do not mind combining and sharing their user + information. In this instance, this is acceptable, since all county + level ISPs are part of China Telecom. In a future release, this + multi-layer hierarchy will be implemented using multi-layer proxy + RADIUS, in a manner more resembling DNS. + +6.5. Security + + Encryption is used between the local RADIUS proxy/server and the home + RADIUS server. Public/Private key encryption will be supported in the + next release. IP tunneling and token card support is under + consideration. + + + +Aboba, et. al. Informational [Page 14] + +RFC 2194 Review of Roaming Implementations September 1997 + + +6.6. Accounting + + Accounting information is transferred between the local RADIUS + accounting proxy/server and home RADIUS accounting server. Every day + each node sends a summary accounting information record to a central + server in order to support nationwide settlement. The central server + is run by the central Data Communication Bureau of China Telecom. + Every month the central server sends the settlement bill to the + provincial ISPs. + +6.7. Inter-ISP/CSP roaming + + ChinaNet supports both ISP and CSP (Content Service Provider) roaming + on its system. For example, Shanghai Online, a Web-based commercial + content service, uses RADIUS for authentication of ChinaNet users who + do not have a Shanghai Online account. In order to support this, the + Shanghai Online servers function as a RADIUS client authenticating + against the home RADIUS server. When users access a protected + document on the HTTP server, they are prompted to send a + username/password for authentication. The user then responds with + their userID in "user-name@realm" notation. + + A CGI script on the HTTP server then acts as a RADIUS authentication + client, sending the request to the home RADIUS server. After the home + RADIUS server responds, the CGI script passes the information to the + local authentication agent. From this point forward, everything is + taken care of by the local Web authentication mechanism. + +7. Microsoft implementation + + Microsoft's roaming implementation was originally developed in order + to support the Microsoft Network (MSN), which now offers Internet + access in seven countries: US, Canada, France, Germany, UK, Japan, + and Australia. In each of these countries, service is offered in + cooperation with access partners. Since users are able to connect to + the access partner networks while maintaining a customer-vendor + relationship with MSN, this implementation fits within the definition + of roaming as used in this document. + +7.1. Implementation overview + + The first version of the Microsoft roaming software was deployed by + the MSN partners in April, 1996. This version included a Phone Book + manager tool running under Windows 95, as well as a RADIUS + server/proxy implementation running under Windows NT; TACACS+ is + + + + + + +Aboba, et. al. Informational [Page 15] + +RFC 2194 Review of Roaming Implementations September 1997 + + + currently not supported. Additional components now under development + include a Connection Manager client for Windows 95 as well as an + HTTP-based phone book server for Windows NT. The Phone Book manager + tool is also being upgraded to provide for more automated phone book + compilation. + + +7.2. Phone number presentation + + The Connection Manager is responsible for the presentation and + updating of phone numbers, as well as for dialing and making + connections. In order to select phone numbers, users are asked to + select the desired country and region/state. Phone numbers are then + presented in the area selected. The primary numbers are those from + the users service provider which match the service type (Analog, + ISDN, Analog & IDN), country and region/state selected. The other + numbers (selected clicking on the More button) are those for other + service providers that have a roaming agreement with the users + service provider. + +7.2.1. Cost data + + Cost data is not presented to users along with the phone numbers. + However, such information may be made available by other means, such + as via a Web page. + +7.2.2. Default phone book format + + The Connection Manager supports the ability to customize the phone + book format, and it is expected that many ISPs will make use of this + capability. However, for those who wish to use it "off the shelf" a + default phone book format is provided. The default phone book is + comprised of several files, including: + + Service profile + Phone Book + Region file + + The service profile provides information on a given service, which + may be an isolated Internet Service Provider, or may represent a + roaming consortium. The service profile, which is in .ini file + format, is comprised of the following information: + + The name of the service + The filename of the service's big icon + The filename of the service's little icon + A description of the service + The service phone book filename + + + +Aboba, et. al. Informational [Page 16] + +RFC 2194 Review of Roaming Implementations September 1997 + + + The service phone book version number + The service regions file + The URL of the service phone book server + The prefix used by the service (i.e. "MSN/aboba") + The suffix or domain used by the service (i.e. "aboba@msn.com") + Whether the user name is optional for the service + Whether the password is optional for the service + Maximum length of the user name for the service + Maximum length of the password for the service + Information on service password handling (lowercase, mixed case, etc.) + Number of redials for this service + Delay between redials for this service + References to other service providers that have roaming agreements + The service profile filenames for each of the references + Mask and match phone book filters for each of the references + (these are 32 bit numbers that are applied against the capability + flags in the phone book) + The dial-up connection properties configuration + (this is the DUN connectoid name) + + The phone book file is a comma delimited ASCII file containing the + following data: + + Unique number identifying a particular record (Index) + Country ID + A zero-base index into the region file + City + Area code + Local phone number + Minimum Speed + Maximum speed + Capability Flags: + Bit 0: 0=Toll, 1=Toll free + Bit 1: 0=X25, 1=IP + Bit 2: 0=Analog, 1=No analog support + Bit 3: 0=no ISDN support, 1=ISDN + Bit 4: 0 + Bit 5: 0 + Bit 6: 0=No Internet access, 1=Internet access + Bit 7: 0=No signup access, 1=Signup access + Bit 8-31: reserved + The filename of the dialup network file + (typically refers to a script associated with the number) + + + + + + + + +Aboba, et. al. Informational [Page 17] + +RFC 2194 Review of Roaming Implementations September 1997 + + + A sample phone book file is shown below: + + 65031,1,1,Aniston,205,5551212,2400,2400,1,0,myfile + 200255,1,1,Auburn/Opelika,334,5551212,9600,28800,0,10, + 200133,1,1,Birmingham,205,5551212,9600,28800,0,10, + 130,1,1,Birmingham,205,3275411,9600,14400,9,0,yourfile + 65034,1,1,Birmingham,205,3285719,9600,14400,1,0,myfile + +7.2.3. Additional attributes + + As described previously, it is likely that some ISPs will require + additional phone number attributes or provider information beyond + that supported in the default phone book format. Attributes of + interest may vary between providers, or may arise as a result of the + introduction of new technologies. As a result, the set of phone + number attributes is likely to evolve over time, and extensibility in + the phone book format is highly desirable. + + For example, in addition to the attributes provided in the default + phone book, the following additional attributes have been requested + by customers: + + Multicast support flag + External/internal flag (to differentiate display between the + "internal" or "other" list box) + Priority (for control of presentation order) + Modem protocol capabilities (V.34, V.32bis, etc.) + ISDN protocol capabilities (V.110, V.120, etc.) + No password flag (for numbers using telephone-based billing) + Provider name + +7.2.4. Addition of information on providers + + The default phone book does not provide a mechanism for display of + information on the individual ISPs within the roaming consortium, + only for the consortium as a whole. For example, the provider icons + (big and little) are included in the service profile. The service + description information is expected to contain the customer support + number. However, this information cannot be provided on an + individual basis for each of the members of a roaming consortium. + Additional information useful on a per-provider basis would include: + + Provider voice phone number + Provider icon + Provider fax phone number + Provider customer support phone number + + + + + +Aboba, et. al. Informational [Page 18] + +RFC 2194 Review of Roaming Implementations September 1997 + + +7.3. Phone number exchange + + Currently phone number exchange is not supported by the phone book + server. As a result, in the MSN implementation, phone number exchange + is handled manually. As new POPs come online, the numbers are + forwarded to MSN, which tests the numbers and approves them for + addition to the phone book server. Updated phone books are produced + and loaded on the phone book server on a weekly basis. + +7.4. Phone book compilation + + The Phone Book Manager tool was created in order to make it easier + for the access partners to create and update their phone books. It + supports addition, removal, and editing of phone numbers, generating + both a new phone book, as well as associated difference files. + + With version 1 of the Phone Book Administration tool, phone books are + compiled manually, and represent a concatenation of available numbers + from all partners, with no policy application. With version 1, the + updates are prepared by the partners and forwarded to MSN, which + tests the numbers and approves them for addition to the phone book. + The updates are then concatenated together to form the global update + file. + + The new version of the Phone Book Administration tool automates much + of the phone book compilation process, making it possible for phone + book compilation to be decentralized with each partner running their + own phone book server. Partners can then maintain and test their + individual phone books and post them on their own Phone Book Server. + +7.5. Phone book update + + There is a mechanism to download phone book deltas, as well as to + download arbitrary executables which can perform more complex update + processing. Digital signatures are only used on the downloading of + executables, since only these represent a security threat - the + Connection Manager client does not check for digital signatures on + deltas because bogus deltas can't really cause any harm. + + + The Connection Manager updates the phone book each time the user logs + on. This is accomplished via an HTTP GET request to the phone book + server. When the server is examining the request, it can take into + account things like the OS version on the client, the language on the + client, the version of Connection Manager on the client, and the + version of the phone book on the client, in order to determine what + it wants to send back. + + + + +Aboba, et. al. Informational [Page 19] + +RFC 2194 Review of Roaming Implementations September 1997 + + + In the GET response, the phone book server responds with the + difference files necessary to update the client's phone book to the + latest version. The client then builds the new phone book by + successively applying these difference files. This process results + in the update of the entire phone book, and is simple enough to allow + it to be easily implemented on a variety of HTTP servers, either as a + CGI script or (on NT) as an ISAPI DLL. + + The difference files used in the default phone book consist of a + list of phone book entries, each uniquely identified by their index + number. Additions consist of phone book entries with all the + information filed in; deletions are signified by entries with all + entries zeroed out. A sample difference file is shown below: + + 65031,1,1,Aniston,205,5551212,2400,2400,1,0,myfile + 200255,1,1,Auburn/Opelika,334,5551212,9600,28800,0,10, + 200133,0,0,0,0,0,0,0,0,0 + 130,1,1,Birmingham,205,5551211,9600,14400,9,0,yourfile + 65034,1,1,Birmingham,205,5551210,9600,14400,1,0,myfile + + +7.6. Connection management + + The Connection Manager can support any protocol which can be + configured via use of Windows Dialup Networking, including PPP and + SLIP running over IP. The default setting is for the IP address as + well as the DNS server IP address to be assigned by the NAS. The DNS + server assignment capability is described in [1]. + +7.7. Authentication + + The Connection Manager client and RADIUS proxy/server both support + suffix style notation (i.e. "aboba@msn.com"), as well as a prefix + notation ("MSN/aboba"). + + The prefix notation was developed for use with NAS devices with small + maximum userID lengths. For these devices the compactness of the + prefix notation significantly increases the number of characters + available for the userID field. However, as an increasing number of + NAS devices are now supporting 253 octet userIDs (the maximum + supported by RADIUS) the need for prefix notation is declining. + + After receiving the userID from the Connection Manager client, the + NAS device passes the userID/domain and password information (or in + the case of CHAP, the challenge and the response) to the RADIUS + + + + + + +Aboba, et. al. Informational [Page 20] + +RFC 2194 Review of Roaming Implementations September 1997 + + + proxy. The RADIUS proxy then checks if the domain is authorized for + roaming by examining a static configuration file. If the domain is + authorized, the RADIUS proxy then forwards the request to the + appropriate RADIUS server. The domain to server mapping is also made + via a static configuration file. + + While static configuration files work well for small roaming + consortia, for larger consortia static configuration will become + tedious. Potentially more scalable solutions include use of DNS SRV + records for the domain to RADIUS server mapping. + + +7.8. NAS configuration/authorization + + Although the attributes returned by the home RADIUS server may make + sense to home NAS devices, the local NAS may be configured + differently, or may be from a different vendor. As a result, it may + be necessary for the RADIUS proxy to edit the attribute set returned + by the home RADIUS server, in order to provide the local NAS with the + appropriate configuration information. The editing occurs via + attribute discard and insertion of attributes by the proxy. + + Alternatively, the home RADIUS server may be configured not to return + any network-specific attributes, and to allow these to be inserted by + the local RADIUS proxy. + + Attributes most likely to cause conflicts include: + + Framed-IP-Address Framed-IP-Netmask Framed-Routing Framed-Route + Filter-Id Vendor-Specific Session-Timeout Idle-Timeout + Termination-Action + + Conflicts relating to IP address assignment and routing are very + common. Where dynamic address assignment is used, an IP address pool + appropriate for the local NAS can be substituted for the IP address + pool designated by the home RADIUS server. + + However, not all address conflicts can be resolved by editing. In + some cases, (i.e., assignment of a static network address for a LAN) + it may not be possible for the local NAS to accept the home RADIUS + server's address assignment, yet the roaming hosts may not be able to + accept an alternative assignment. + + Filter IDs also pose a problem. It is possible that the local NAS may + not implement a filter corresponding to that designated by the home + RADIUS server. Even if an equivalent filter is implemented, in order + to guarantee correct operation, the proxy's configuration must track + changes in the filter configurations of each of the members of the + + + +Aboba, et. al. Informational [Page 21] + +RFC 2194 Review of Roaming Implementations September 1997 + + + roaming consortium. In practice this is likely to be unworkable. + Direct upload of filter configuration is not a solution either, + because of the wide variation in filter languages supported in + today's NAS devices. + + Since by definition vendor specific attributes have meaning only to + devices created by that vendor, use of these attributes is + problematic within a heterogeneous roaming consortium. While it is + possible to edit these attributes, or even to discard them or allow + them to be ignored, this may not always be acceptable. In cases where + vendor specific attributes relate to security, it may not be + acceptable for the proxy to modify or discard these attributes; the + only acceptable action may be for the local NAS to drop the user. + Unfortunately, RADIUS does not distinguish between mandatory and + optional attributes, so that there is no way for the proxy to take + guidance from the server. + + Conflicts over session or idle timeouts may result if since both the + local and home ISP feel the need to adjust these parameters. While + the home ISP may wish to adjust the parameter to match the user's + software, the local ISP may wish to adjust it to match its own + service policy. As long as the desired parameters do not differ too + greatly, a compromise is often possible. + +7.9. Address assignment and routing + + While the Connection Manager software supports both static and + dynamic address assignment, in the MSN implementation, all addresses + are dynamically assigned. + + However, selected partners also offer LAN connectivity to their + customers, usually via static address assignment. However, these + accounts do not have roaming privileges since no mechanism has been + put in place for allowing these static routes to move between + providers. + + Users looking to do LAN roaming between providers are encouraged to + select a router supporting Network Address Translation (NAT). NAT + versions implemented in several low-end routers are compatible with + the dynamic addressing used on MSN, as well as supporting DHCP on the + LAN side. + +7.10. Security + + The RADIUS proxy/server implementation does not support token cards + or tunneling protocols. + + + + + +Aboba, et. al. Informational [Page 22] + +RFC 2194 Review of Roaming Implementations September 1997 + + +7.11. Accounting + + In the MSN roaming implementation, the accounting data exchange + process is specified in terms of an accounting record format, and a + method by which the records are transferred from the partners to MSN, + which acts as the settlement agent. Defining the interaction in + terms of record formats and transfer protocols implies that the + partners do not communicate with the settlement agent using NAS + accounting protocols. As a result, accounting protocol + interoperability is not be required. + + However, for this advantage to be fully realized, it is necessary for + the accounting record format to be extensible. This makes it more + likely that the format can be adapted for use with the wide variety + of accounting protocols in current use (such as SNMP, syslog, RADIUS, + and TACACS+), as well as future protocols. After all, if the record + format cannot express the metrics provided by a particular partner's + accounting protocol, then the record format will not be of much + usefor a heterogeneous roaming consortium. + +7.11.1. Accounting record format + + The Microsoft RADIUS proxy/server supports the ability to customize + the accounting record format, and it is expected that some ISPs will + make use of this capability. However for those who want to use it + "off the shelf" a default accounting record format is provided. The + accounting record includes information provided by RADIUS: + + User Name (String; the user's ID, including prefix or suffix) + NAS IP address (Integer; the IP address of the user's NAS) + NAS Port (Integer; identifies the physical port on the NAS) + Service Type (Integer; identifies the service provided to the user) + NAS Identifier (Integer; unique identifier for the NAS) + Status Type (Integer; indicates session start and stop, + as well as accounting on and off) + Delay Time (Integer; time client has been trying to send) + Input Octets (Integer; in stop record, octets received from port) + Output Octets (Integer; in stop record, octets sent to port) + Session ID (Integer; unique ID linking start and stop records) + Authentication (Integer; indicates how user was authenticated) + Session Time (Integer; in stop record, seconds of received service) + Input Packets (Integer; in stop record, packets received from port) + Output Packets (Integer; in stop record, packets sent to port) + Termination Cause (Integer; in stop record, indicates termination cause) + Multi-Session ID (String; for linking of multiple related sessions) + Link Count (Integer; number of links up when record was generated) + NAS Port Type (Integer; indicates async vs. sync ISDN, V.120, etc.) + + + + +Aboba, et. al. Informational [Page 23] + +RFC 2194 Review of Roaming Implementations September 1997 + + + However, since this default format is not extensible, it cannot + easily be adapted to protocols other than RADIUS, services other than + dialup (i.e. dedicated connections) or rated events (i.e. file + downloads). This is a serious limitation, and as a result, customers + have requested a more general accounting record format. + +7.11.2. Transfer mechanism + + Prior to being transferred, the accounting records are compressed so + as to save bandwidth. The transfer of accounting records is handled + via FTP, with the transfer being initiated by the receiving party, + rather than by the sending party. A duplicate set of records is kept + by the local ISP for verification purposes. + +8. Merit Network Implementation + +8.1. Overview + + MichNet is a regional IP backbone network operated within the state + of Michigan by Merit Network, Inc., a nonprofit corporation based in + Ann Arbor, Michigan. Started in 1966, MichNet currently provides + backbone level Internet connectivity and dial-in IP services to its + member and affiliate universities, colleges, K-12 schools, libraries, + government institutions, other nonprofit organizations, and + commercial business entities. + + As of May 1, 1997, MichNet had 11 members and 405 affiliates. Its + shared dial-in service operated 133 sites in Michigan and one in + Washington, D.C, with 4774 dial-in lines. Additional dial-in lines + and sites are being installed daily. + + MichNet also provides national and international dial-in services to + its members and affiliates through an 800 number and other external + services contracting with national and global service providers. + + The phone numbers of all MichNet shared dial-in sites are published + both on the Merit web site and in the MichNet newsletters. Merit also + provides links to information about the national and international + service sites through their respective providers' web sites. Such + information can be found at http://www.merit.edu/mich- + net/shared.dialin/. + +8.1.1. MichNet State-Wide Shared Dial-In Services + + Each MichNet shared dial-in service site is owned and maintained by + either Merit or by a member or affiliate organization. All sites must + support PPP and Telnet connections. + + + + +Aboba, et. al. Informational [Page 24] + +RFC 2194 Review of Roaming Implementations September 1997 + + + Each organization participating in the shared dial-in service is + assigned a realm-name. Typically the realm-name resembles a fully + qualified domain name. Users accessing the shared dial-in service + identify themselves by using a MichNet AccessID which consists of + their local id concatenated with "@" followed by the realm-name - + e.g. user@realm + + Merit operates a set of Authentication, Authorization and Accounting + (AAA) servers supporting the RADIUS protocol which are called core + servers. The core servers support all the dial-in service sites and + act as proxy servers to other AAA servers running at the + participating organizations. For security reasons, Merit staff run + all core servers; in particular, the user password is in the clear + when the proxy core server decodes an incoming request and then re- + encodes it and forwards it out again, + + The core servers also enforce a common policy among all dial-in + servers. The most important policy is that each provider of access + must make dial-in ports available to others when the provider's own + users do not have a need for them. To implement this policy, the + proxy server distinguishes between realms that are owners and realms + that are guests. + + One piece of the policy determining whether the provider's + organization has need of the port, is implemented by having the proxy + core server track the realms associated with each of the sessions + connected at a particular huntgroup. If there are few ports available + (where few is determined by a formula) then guests are denied access. + Guests are also assigned a time limit and their sessions are + terminated after some amount of time (currently one hour during prime + time, two hours during non-prime time). + + The other part of the policy is to limit the number of guests that + are allowed to connect. This is done by limiting the number of + simultaneous guest sessions for realms. Each realm is allocated a + number of "simultaneous access tokens" - SATs. When a guest session + is authorized the end server for the realm decrements the count of + available SATs, and when the session is terminated the count of SATs + is incremented. A Merit specific attribute is added to the request + by the core if the session will be a "guest" and will require a SAT. + The end server must include a reply with an attribute containing the + name of the "token pool" from which the token for this session is + taken. The effect of this is to limit the number of guests connected + to the network to the total number of tokens allocated to all realms. + + + + + + + +Aboba, et. al. Informational [Page 25] + +RFC 2194 Review of Roaming Implementations September 1997 + + + Each realm is authenticated and authorized by its own AAA server. The + proxy core servers forward requests to the appropriate server based + on a configuration file showing where each realm is to be + authenticated. Requests from realms not in the configuration are + dropped. + + The Merit AAA server software supports this policy. Merit provides + this software to member and affiliate organizations. The software is + designed to work with many existing authentication servers, such as + Kerberos IV, UNIX password, TACACS, TACACS+, and RADIUS. This + enables most institutions to utilize the authentication mechanism + they have in place. + +8.1.2. MichNet National and International Dial-In Services + + In addition to the MichNet shared dial-in service, Merit also + provides access from locations outside of Michigan by interconnecting + with other dial-in services. These services are typically billed by + connect time. Merit acts as the accounting agent between its member + and affiliate organizations and the outside service provider. + + The services currently supported are a national 800 number and + service via the ADP/Autonet dial-in network. Connection with + IBM/Advantis is being tested, and several other service interconnects + are being investigated. + + Calls placed by a Merit member/affiliate user to these external + dial-in services are authenticated by having each of those services + forward RADIUS authentication requests and accounting messages to a + Merit proxy core server. The core forwards the requests to the + member/affiliate server for approval. Session records are logged at + the Merit core server and at the member/affiliate erver. Merit bills + members/affiliates monthly, based on processing of the accounting + logs. The members and affiliates are responsible for rebilling their + users. + + The Merit AAA software supports the ability to request positive + confirmation of acceptance of charges, and provides tools for + accumulating and reporting on use by realm and by user. + +8.2. Authentication and Authorization + + Authentication of a Telnet session is supported using the traditional + id and password method, with the id being a MichNet AccessID of the + form user@realm, while a PPP session may be authenticated either + using an AccessID and password within a script, or using PAP. + Support for challenge/response authentication mechanisms using EAP is + under development. + + + +Aboba, et. al. Informational [Page 26] + +RFC 2194 Review of Roaming Implementations September 1997 + + + When a user dials into a MichNet shared dial-in port, the NAS sends + an Access-Request to a core AAA server using the RADIUS protocol. + First the core server applies any appropriate huntgroup access + policies to the request. If the Request fails the policy check, an + Access-Reject is returned to the NAS. Otherwise, the core server + forwards it to the user's home authentication server according to the + user's realm. The home authentication server authenticates and + authorizes the access request. An Access-Accept or Access-Reject is + sent back to the core server. If an Access-Accept is sent, the home + server will create a dial-in session identifier which is unique to + this session and insert it in a Class attribute in the Access-Accept. + The core server looks at the request and the response from the home + server again and decides either to accept or reject the request. + Finally, the core server sends either an Access-Accept or Access- + Reject to the NAS. + + When a user dials into a contracted ISP's huntgrup (MichNet National + and International Service), the ISP sends a RADIUS access request to + a Merit core server. The rest of the authentication and authorization + path is the same as in the shared dial-in service, except that no + huntgroup access policy is applied but a Huntgroup-Service attribute + is sent to the home authentication server with its value being the + name of the service, and a copy of the attribute must be returned by + the home server with a flag appended to the original value to + indicate a positive authorization of user access to the specified + service. + + The MichNet shared dial-in service typically requires authorization + of some sort, for example, a user dialing into a huntgroup as a guest + must be authorized with a token from the user's realm. Participating + institutions have control in defining authorization rules. Currently + authorization may be done using any combination of the user's group + status and user's account status. A set of programming interfaces is + also provided for incorporating new authorization policies. + +8.3. Accounting + + In the Merit AAA server, a session is defined as starting from the + moment the user connects to the NAS, and ending at the point when the + user disconnects. During the course of a session, both the core + server and the home server maintain status information about the + session. This allows the AAA servers to apply policies based on the + current status, e.g. limit guest access by realm to number of + + + + + + + + +Aboba, et. al. Informational [Page 27] + +RFC 2194 Review of Roaming Implementations September 1997 + + + available tokens, or to limit number of simultaneous sessions for a + given AccessID. Information such as whether the session is for a + guest, whether it used a token, and other information is included + with the accounting stop information when it is logged. Merit has + made enhancements to the RADIUS protocol, that are local to the AAA + server, to support maintenance of session status information. + + When a user session is successfully authenticated, the NAS sends out + a RADIUS accounting start request to the core server. The core server + forwards that request to the user's home server. The home server + updates the status of the session and then responds to the core. The + core server in turn responds to the NAS. In the accounting Start + request, a NAS conforming to the RADIUS specification must return the + Class attribute and value it received in the Access-Accept for the + session, thus sending back the dial-in session identifier created by + the session's home server. + + When a user ends a session, an accounting stop request is sent + through the same path. the same path. The dial-in session + identifier is again returned by the NAS, providing a means of + uniquely identifying a session. By configuring the finite state + machine in each of the AAA servers, any accounting requests may be + logged by any of the servers where the accounting requests are + received. + + Because the same session logs are available on every server in the + path of a session's authorization and accounting message, problems + with reconciliation of specific sessions may be resolved easily. For + the shared dial-in service, there are no usage charges. Merit has + tools to verify that organizations do not authorize more guest + sessions than the number of SATs allocated to the organization. For + surcharged sessions, Merit sends each organization a summary bill + each month. Files with detail session records are available for + problem resolution. Each organization is responsible for billing its + own users, and should have the same session records as are collected + by Merit. + + Merit receives a monthly invoice from other dial-in service providers + and pays them directly, after first verifying that the charges + correspond to the session records logged by Merit. + +8.4. Software and Development + + Merit has developed the AAA server software which supports the above + capabilities initially by modifying the RADIUS server provided by + Livingston, and later by doing a nearly total rewrite of the software + to make enhancement and extension of capabilites easier. Merit makes + a basic version of its server freely available for noncommercial use. + + + +Aboba, et. al. Informational [Page 28] + +RFC 2194 Review of Roaming Implementations September 1997 + + + Merit has started the Merit AAA Server Consortium which consists of + Merit and a number of NAS vedors, ISPs and server software vendors. + The consortium supports ongoing development of the Merit AAA server. + The goal is to build a server that supports proxy as well as end + server capabilities, that is feature rich, and that interoperates + with major vendors' NAS products. + + The building block of the Merit AAA server, the + Authentication/Authorization Transfer Vector (AATV), is a very + powerful concept that enables the ultimate modularity and flexibility + of the AAA server. The structure and methods of the AATV model are + published with all versions of the AAA server. + + Objects for extending the authorization server are also available in + the enhanced version of the AAA server. Merit is also looking at ways + to provide a method of extending the AAA server in its executable + form, to improve the server efficiency and scalability, and to + provide better monitoring, instrumentation and administration of the + server. + +9. FidoNet implementation + + Since its birth in 1984, FidoNet has supported phone book + synchronization among its member nodes, which now number + approximately 35,000. As a non-IP dialup network, FidoNet does not + provide IP services to members, and does not utilize IP-based + authentication technology. Instead member nodes offer bulletin-board + services, including access to mail and conferences known as echoes. + + In order to be able to communicate with each other, FidoNet member + systems require a sychronized phone book, known as the Nodelist. The + purpose of the Nodelist is to enable resolution of FidoNet addresses + (expressed in the form zone:network/node, or 1:161/445) to phone + numbers. As a dialup network, FidoNet requires phone numbers in + order to be deliver mail and conference traffic. + + In order to minimize the effort required in regularly synchronizing a + phone book of 35,000 entries, the weekly Nodelist updates are + transmitted as difference files. These difference files, known as + the Nodediff, produce the Nodelist for the current week when applied + to the previous week's Nodelist. In order to minimize transfer time, + Nodediffs are compressed prior to transfer. + + Information on FidoNet, as well as FidoNet Technical Standards (FTS) + documents (including the Nodelist specification) and standards + proposals are available from the FidoNet archive at + http://www.fidonet.org/. + + + + +Aboba, et. al. Informational [Page 29] + +RFC 2194 Review of Roaming Implementations September 1997 + + +9.1. Scaling issues + + With a Nodelist of 35,000 entries, the FidoNet Nodelist is now 3.1 MB + in size, and the weekly Nodediffs are 175 KB. In compressed form, the + Nodelist is approximately 1 MB, and the weekly Nodediff is 90 KB. As + a result, the transfer of the Nodediff takes approximately 45 seconds + using a 28,800 bps modem. + + In order to improve scalability, the implementation of a domain name + service approach is examined in [8]. The proposal evisages use of a + capability analagous to the DNS ISDN record in order to map names to + phone numbers, coupled with an additional record to provide the + attributes associated with a given name. + +9.2. Phone number presentation + + While FidoNet member systems perform hone book synchronization, users + need only know the FidoNet address of the systems they wish to + contact. As a result users do not need to maintain copies of the + Nodelist on their own systems. This is similar to the Internet, where + the DNS takes care of the domain name to IP address mapping, so that + users do not have to remember IP addresses. + + Nevertheless, FidoNet systems often find it useful to be able to + present lists of nodes, and as a result, FidoNet Nodelist compilers + typically produce a representation of the Nodelist that can be + searched or displayed online, as well as one that is used by the + system dialer. + +9.2.1. FidoNet Nodelist format + + The FidoNet Nodelist format is documented in detail in [3]. The + Nodelist file consists of lines of data as well as comment lines, + which begin with a semi-colon. The first line of the Nodelist is a + general interest comment line that includes the date and the day + number, as well as a 16-bit CRC. The CRC is included so as to allow + the system assembling the new Nodelist to verify its integrity. + + Each Nodelist data line contains eight comma separated fields: + + Keyword + Zone/Region/Net/Node number + Node name + Location + Sysop name + Phone number + Maximum Baud rate + Flags (optional) + + + +Aboba, et. al. Informational [Page 30] + +RFC 2194 Review of Roaming Implementations September 1997 + + + FidoNet Nodelists are arranged geographically, with systems in the + same zone, region, and network being grouped together. As a result, + FidoNet Nodelists do not require a separate regions file. Among other + things, the keyword field can be used to indicate that a system is + temporarily out of service. + + Reference [3] discusses Nodelist flags in considerable detail. Among + other things, the flags include information on supported modem + modulation and error correction protocols. Reference [4] also + proposes a series of ISDN capability flags, and [5] proposes flags to + indicate times of system availability. + + +9.3. Phone number exchange + + FidoNet coordinators are responsible for maintaining up to date + information on their networks, regions, and zones. Every week network + coordinators submit to their regional coordinators updated versions + of their portions of the Nodelist. The regional coordinators then + compile the submissions from their network coordinators, and submit + them to the zone coordinator. The zone coordinators then exchange + their submissions to produce the new Nodelist. As a result, it is + possible that the view from different zones may differ at any given + time. + +9.3.1. The Nodediff + + The format of the Nodediff is discussed in detail in [3]. In + preparing the Nodediffs, network coordinators may transmit only their + difference updates, which can be collated to produce the Nodediff + directly. + + One weakness in the current approach is that there is no security + applied to the coordinator submissions. This leaves oen the + possibility of propagation of fraudulent updates. In order to address + this, [6] proposes addition of a shared secret to the update files. + + +9.3.2. Addition of nodes + + In order to apply for allocation of a FidoNet address and membership + in the Nodelist, systems must demonstrate that they are functioning + by sending mail to the local network coordinator. Once the local + network coordinator receives the application, they then allocate a + new FidoNet address, and add a Nodelist entry. + + + + + + +Aboba, et. al. Informational [Page 31] + +RFC 2194 Review of Roaming Implementations September 1997 + + +9.3.3. Deletion of nodes + + Since FidoNet nodes are required to be functioning during the zone + mail hour in order to receive mail, and since nodes receive the + weekly Nodelist from their local network coordinators on a weekly + basis, there is a built-in mechanism for discovery of non-functional + nodes. + + Nodes found to be down are reported to the local network coordinator + and subsequently marked as down within the Nodelist. Nodes remaining + down for more than two weeks may be removed from the Nodelist, at the + discretion of the network coordinator. + +9.4. Phone book update + + The Nodelist contains the phone numbers and associated attributes of + each participating system. New Nodelists become available on Fridays, + and are made available to participating systems by their local + network coordinators, who in turn receive them from the regional and + zone coordinators. + + While it is standard practice for participating systems to get their + Nodelists from their local network coordinators, should the local + network coordinator not be available for some reason, either the + updates or the complete Nodelist may be picked up from other network, + or regional coordinators. Please note that since the view from + different zones may differ, nodes wishing to update their Nodelists + should not contact systems from outside their zone. + +9.5. Phone book compilation + + Once FidoNet systems have received the Nodediff, the apply it to the + previous week's Nodelist in order to prepare a new Nodelist. In + order to receive Nodediffs and compile the Nodelist, the following + software is required: + + A FidoNet-compatible mailer implementation, used to transfer files + A Nodelist compiler + + One of the purposes of the Nodelist compiler is to apply Nodediffs to + the previous Nodelist in order to produce an updated Nodelist. The + other purpose is to compile the updated Nodelist into the format + required by the particular mailer implementation used by the member + system. It is important to note that while the Nodelist and Nodediff + formats are standardized (FTS-0005), as is the file transfer protocol + (FTS-0001), the compiled format used by each mailer is implementation + dependent. + + + + +Aboba, et. al. Informational [Page 32] + +RFC 2194 Review of Roaming Implementations September 1997 + + + One reason that compiled formats to differ is the addition of out of + band information to the Nodelist during the compilation process. + Added information includes phone call costs as well as shared + secrets. + +9.5.1. Cost data + + Although cost information is not part of the Nodelist, in compiling + the Nodelist into the format used by the mailer, Nodelist compilers + support the addition of cost information. This information is then + subsequently used to guide mailer behavior. + + Since phone call costs depend on the rates charged by the local phone + company, this information is local in nature and is typically entered + into the Nodelist compiler's configuration file by the system + administrator. + +9.5.2. Shared secrets + + In FidoNet, shared secrets are used for authenticated sessions + between systems. Such authenticated sessions are particularly + important between the local, regional and zone coordinators who + handle preparation and transmission of the Nodediffs. A single shared + secret is used per system. + +9.6. Accounting + + Within FidoNet, the need for accounting arises primarily from the + need of local, regional and zone coordinators to be reimbursed for + their expenses. In order to support this, utilities have been + developed to account for network usage at the system level according + to various metrics. However, the accounting techniques are not + applied at the user level. Distributed authentication and acounting + are not implemented and therefore users may not roam between systems. + +10. Acknowledgements + + Thanks to Glen Zorn of Microsoft and Lynn Liu and Tao Wang of + AimQuest for useful discussions of this problem space. + +Security Considerations + + Security issues are discussed in sections 5.6 and 6.5. + + + + + + + + +Aboba, et. al. Informational [Page 33] + +RFC 2194 Review of Roaming Implementations September 1997 + + +11. References + + [1] Cobb, S., "PPP Internet Protocol Control Protocol Extensions for + Name Server Addresses", RFC 1877, Microsoft, December 1995. + + [2] Fielding, R., et al., "Hypertext Transfer Protocol - HTTP/1.1.", + RFC 2068, UC Irvine, January, 1997. + + [3] Baker, B., R. Moore, D. Nugent. "The Distribution + Nodelist." FTS-0005, February, 1996. + + [4] Lentz, A. "ISDN Nodelist flags." FSC-0091, June, 1996. + + [5] Thomas, D. J. "A Proposed Nodelist flag indicating Online Times + of a Node." FSC-0062, April, 1996. + + [6] Kolin, L. "Security Passwords in Nodelist Update Files." + FSC-0055, March, 1991. + + [7] Gwinn, R., D. Dodell. "Nodelist Flag Changes Draft Document." + FSC-0009, November, 1987. + + [8] Heller, R. "A Proposal for A FidoNet Domain Name + Service." FSC-0069, December, 1992. + + [9] Rigney, C., Rubens, A., Simpson, W., and S. Willens, "Remote + Authentication Dial In User Service (RADIUS)", RFC 2058, Livingston, + Merit, Daydreamer, January 1997. + + [10] Rigney, C., "RADIUS Accounting", RFC 2059, Livingston, January + 1997. + + + + + + + + + + + + + + + + + + + + +Aboba, et. al. Informational [Page 34] + +RFC 2194 Review of Roaming Implementations September 1997 + + +12. Authors' Addresses + + Bernard Aboba + Microsoft Corporation + One Microsoft Way + Redmond, WA 98052 + + Phone: 206-936-6605 + EMail: bernarda@microsoft.com + + Juan Lu + AimQuest Corporation + 1381 McCarthy Blvd. + Milpitas, California 95035 + + Phone: 408-273-2730 ext. 2762 + EMail: juanlu@aimnet.net + + + John Alsop + i-Pass Alliance Inc. + 650 Castro St., Suite 280 + Mountain View, CA 94041 + + Phone: 415-968-2200 + Fax: 415-968-2266 + EMail: jalsop@ipass.com + + James Ding + Asiainfo + One Galleria Tower + 13355 Noel Road, #1340 + Dallas, TX 75240 + + Phone: 214-788-4141 + Fax: 214-788-0729 + EMail: ding@bjai.asiainfo.com + + Wei Wang + Merit Network, Inc. + 4251 Plymouth Rd., Suite C + Ann Arbor, MI 48105-2785 + + Phone: 313-764-2874 + EMail: weiwang@merit.edu + + + + + + +Aboba, et. al. Informational [Page 35] + |