1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065
2066
2067
2068
2069
2070
2071
2072
2073
2074
2075
2076
2077
2078
2079
2080
2081
2082
2083
2084
2085
2086
2087
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101
2102
2103
2104
2105
2106
2107
2108
2109
2110
2111
2112
2113
2114
2115
2116
2117
2118
2119
2120
2121
2122
2123
2124
2125
2126
2127
2128
2129
2130
2131
2132
2133
2134
2135
2136
2137
2138
2139
2140
2141
2142
2143
2144
2145
2146
2147
2148
2149
2150
2151
2152
2153
2154
2155
2156
2157
2158
2159
2160
2161
2162
2163
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175
2176
2177
2178
2179
2180
2181
|
<pre>Network Working Group J. Arkko
Request for Comments: 5113 Ericsson
Category: Informational B. Aboba
Microsoft
J. Korhonen, Ed.
TeliaSonera
F. Bari
AT&T
January 2008
<span class="h1">Network Discovery and Selection Problem</span>
Status of This Memo
This memo provides information for the Internet community. It does
not specify an Internet standard of any kind. Distribution of this
memo is unlimited.
Abstract
When multiple access networks are available, users may have
difficulty in selecting which network to connect to and how to
authenticate with that network. This document defines the network
discovery and selection problem, dividing it into multiple sub-
problems. Some constraints on potential solutions are outlined, and
the limitations of several solutions (including existing ones) are
discussed.
<span class="grey">Arkko, et al. Informational [Page 1]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-2" ></span>
<span class="grey"><a href="./rfc5113">RFC 5113</a> Network Discovery and SP January 2008</span>
Table of Contents
<a href="#section-1">1</a>. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . <a href="#page-3">3</a>
<a href="#section-1.1">1.1</a>. Terminology Used in This Document . . . . . . . . . . . . <a href="#page-4">4</a>
<a href="#section-2">2</a>. Problem Definition . . . . . . . . . . . . . . . . . . . . . . <a href="#page-7">7</a>
<a href="#section-2.1">2.1</a>. Discovery of Points of Attachment . . . . . . . . . . . . <a href="#page-8">8</a>
<a href="#section-2.2">2.2</a>. Identity Selection . . . . . . . . . . . . . . . . . . . . <a href="#page-9">9</a>
<a href="#section-2.3">2.3</a>. AAA Routing . . . . . . . . . . . . . . . . . . . . . . . <a href="#page-11">11</a>
<a href="#section-2.3.1">2.3.1</a>. The Default Free Zone . . . . . . . . . . . . . . . . <a href="#page-13">13</a>
<a href="#section-2.3.2">2.3.2</a>. Route Selection and Policy . . . . . . . . . . . . . . <a href="#page-14">14</a>
<a href="#section-2.3.3">2.3.3</a>. Source Routing . . . . . . . . . . . . . . . . . . . . <a href="#page-15">15</a>
<a href="#section-2.4">2.4</a>. Network Capabilities Discovery . . . . . . . . . . . . . . <a href="#page-17">17</a>
<a href="#section-3">3</a>. Design Issues . . . . . . . . . . . . . . . . . . . . . . . . <a href="#page-18">18</a>
<a href="#section-3.1">3.1</a>. AAA Routing . . . . . . . . . . . . . . . . . . . . . . . <a href="#page-18">18</a>
<a href="#section-3.2">3.2</a>. Backward Compatibility . . . . . . . . . . . . . . . . . . <a href="#page-18">18</a>
<a href="#section-3.3">3.3</a>. Efficiency Constraints . . . . . . . . . . . . . . . . . . <a href="#page-19">19</a>
<a href="#section-3.4">3.4</a>. Scalability . . . . . . . . . . . . . . . . . . . . . . . <a href="#page-19">19</a>
<a href="#section-3.5">3.5</a>. Static Versus Dynamic Discovery . . . . . . . . . . . . . <a href="#page-21">21</a>
<a href="#section-3.6">3.6</a>. Security . . . . . . . . . . . . . . . . . . . . . . . . . <a href="#page-21">21</a>
<a href="#section-3.7">3.7</a>. Management . . . . . . . . . . . . . . . . . . . . . . . . <a href="#page-22">22</a>
<a href="#section-4">4</a>. Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . <a href="#page-23">23</a>
<a href="#section-5">5</a>. Security Considerations . . . . . . . . . . . . . . . . . . . <a href="#page-25">25</a>
<a href="#section-6">6</a>. Informative References . . . . . . . . . . . . . . . . . . . . <a href="#page-26">26</a>
<a href="#appendix-A">Appendix A</a>. Existing Work . . . . . . . . . . . . . . . . . . . . <a href="#page-32">32</a>
<a href="#appendix-A.1">A.1</a>. IETF . . . . . . . . . . . . . . . . . . . . . . . . . . . <a href="#page-32">32</a>
<a href="#appendix-A.2">A.2</a>. IEEE 802 . . . . . . . . . . . . . . . . . . . . . . . . . <a href="#page-33">33</a>
<a href="#appendix-A.3">A.3</a>. 3GPP . . . . . . . . . . . . . . . . . . . . . . . . . . . <a href="#page-35">35</a>
<a href="#appendix-A.4">A.4</a>. Other . . . . . . . . . . . . . . . . . . . . . . . . . . <a href="#page-36">36</a>
<a href="#appendix-B">Appendix B</a>. Acknowledgements . . . . . . . . . . . . . . . . . . <a href="#page-37">37</a>
<span class="grey">Arkko, et al. Informational [Page 2]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-3" ></span>
<span class="grey"><a href="./rfc5113">RFC 5113</a> Network Discovery and SP January 2008</span>
<span class="h2"><a class="selflink" id="section-1" href="#section-1">1</a>. Introduction</span>
Today, network access clients are typically pre-configured with a
list of access networks and corresponding identities and credentials.
However, as network access mechanisms and operators have
proliferated, it has become increasingly likely that users will
encounter networks for which no pre-configured settings are
available, yet which offer desired services and the ability to
successfully authenticate with the user's home realm. It is also
possible that pre-configured settings will not be adequate in some
situations. In such a situation, users can have difficulty in
determining which network to connect to, and how to authenticate to
that network.
The problem arises when any of the following conditions are true:
o Within a single network, more than one network attachment point is
available, and the attachment points differ in their roaming
arrangements, or access to services. While the link layer
capabilities of a point of attachment may be advertised, higher-
layer capabilities, such as roaming arrangements, end-to-end
quality of service, or Internet access restrictions, may not be.
As a result, a user may have difficulty determining which services
are available at each network attachment point, and which
attachment points it can successfully authenticate to. For
example, it is possible that a roaming agreement will only enable
a user to authenticate to the home realm from some points of
attachment, but not others. Similarly, it is possible that access
to the Internet may be restricted at some points of attachment,
but not others, or that end-to-end quality of service may not be
available in all locations. In these situations, the network
access client cannot assume that all points of attachment within a
network offer identical capabilities.
o Multiple networks are available for which the user has no
corresponding pre-configuration. The user may not have pre-
configured an identity and associated credentials for use with a
network, yet it is possible that the user's home realm is
reachable from that network, enabling the user to successfully
authenticate. However, unless the roaming arrangements are
advertised, the network access client cannot determine a priori
whether successful authentication is likely. In this situation,
it is possible that the user will need to try multiple networks in
order to find one to which it can successfully authenticate, or it
is possible that the user will not be able to obtain access at
all, even though successful authentication is feasible.
<span class="grey">Arkko, et al. Informational [Page 3]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-4" ></span>
<span class="grey"><a href="./rfc5113">RFC 5113</a> Network Discovery and SP January 2008</span>
o The user has multiple sets of credentials. Where no pre-
configuration exists, it is possible that the user will not be
able to determine which credentials to use with which attachment
point, or even whether any credentials it possesses will allow it
to authenticate successfully. An identity and associated
credentials can be usable for authentication with multiple
networks, and not all of these networks will be pre-configured.
For example, the user could have one set of credentials from a
public service provider and another set from an employer, and a
network might enable authentication with one or more of these
credentials. Yet, without pre-configuration, multiple
unsuccessful authentication attempts could be needed for each
attachment point in order to determine what credentials are
usable, wasting valuable time and resulting in user frustration.
In order to choose between multiple attachment points, it can be
helpful to provide additional information to enable the correct
credentials to be determined.
o There are multiple potential roaming paths between the visited
realm and the user's home realm, and service parameters or pricing
differs between them. In this situation, there could be multiple
ways for the user to successfully authenticate using the same
identity and credentials, yet the cost of each approach might
differ. In this case, the access network may not be able to
determine the roaming path that best matches the user's
preferences. This can lead to the user being charged more than
necessary, or not obtaining the desired services. For example,
the visited access realm could have both a direct relationship
with the home realm and an indirect relationship through a roaming
consortium. Current Authentication, Authorization, and Accounting
(AAA) protocols may not be able to route the access request to the
home AAA sever purely based on the realm within the Network Access
Identifier (NAI) [<a href="./rfc4282" title=""The Network Access Identifier"">RFC4282</a>]. In addition, payload packets can be
routed or tunneled differently, based on the roaming relationship
path. This may have an impact on the available services or their
pricing.
In <a href="#section-2">Section 2</a>, the network discovery and selection problem is defined
and divided into sub-problems. Some solution constraints are
outlined in <a href="#section-3">Section 3</a>. <a href="#section-4">Section 4</a> provides conclusions and
suggestions for future work. <a href="#appendix-A">Appendix A</a> discusses existing solutions
to portions of the problem.
<span class="h3"><a class="selflink" id="section-1.1" href="#section-1.1">1.1</a>. Terminology Used in This Document</span>
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [<a href="./rfc2119" title=""Key words for use in RFCs to Indicate Requirement Levels"">RFC2119</a>].
<span class="grey">Arkko, et al. Informational [Page 4]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-5" ></span>
<span class="grey"><a href="./rfc5113">RFC 5113</a> Network Discovery and SP January 2008</span>
Authentication, Authorization, and Accounting (AAA)
AAA protocols with EAP support include Remote Authentication
Dial-In User Service (RADIUS) [<a href="./rfc3579" title=""RADIUS (Remote Authentication Dial In User Service) Support For Extensible Authentication Protocol (EAP)"">RFC3579</a>] and Diameter [<a href="./rfc4072" title=""Diameter Extensible Authentication Protocol (EAP) Application"">RFC4072</a>].
Access Point (AP)
An entity that has station functionality and provides access to
distribution services via the wireless medium (WM) for associated
stations.
Access Technology Selection
This refers to the selection between access technologies, e.g.,
802.11, Universal Mobile Telecommunications System (UMTS), WiMAX.
The selection will be dependent upon the access technologies
supported by the device and the availability of networks
supporting those technologies.
Bearer Selection
For some access technologies (e.g., UMTS), there can be a
possibility for delivery of a service (e.g., voice) by using
either a circuit-switched or packet-switched bearer. Bearer
selection refers to selecting one of the bearer types for service
delivery. The decision can be based on support of the bearer type
by the device and the network as well as user subscription and
operator preferences.
Basic Service Set (BSS)
A set of stations controlled by a single coordination function.
Decorated NAI
A NAI specifying a source route. See <a href="./rfc4282#section-2.7">Section 2.7 of RFC 4282</a>
[<a href="./rfc4282" title=""The Network Access Identifier"">RFC4282</a>] for more information.
Extended Service Set (ESS)
A set of one or more interconnected basic service sets (BSSs) with
the same Service Set Identifier (SSID) and integrated local area
networks (LANs), which appears as a single BSS to the logical link
control layer at any station associated with one of those BSSs.
This refers to a mechanism that a node uses to discover the
networks that are reachable from a given access network.
<span class="grey">Arkko, et al. Informational [Page 5]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-6" ></span>
<span class="grey"><a href="./rfc5113">RFC 5113</a> Network Discovery and SP January 2008</span>
Network Access Identifier (NAI)
The Network Access Identifier (NAI) [<a href="./rfc4282" title=""The Network Access Identifier"">RFC4282</a>] is the user identity
submitted by the client during network access authentication. In
roaming, the purpose of the NAI is to identify the user as well as
to assist in the routing of the authentication request. Please
note that the NAI may not necessarily be the same as the user's
e-mail address or the user identity submitted in an application
layer authentication.
Network Access Server (NAS)
The device that peers connect to in order to obtain access to the
network. In Point-to-Point Tunneling Protocol (PPTP) terminology,
this is referred to as the PPTP Access Concentrator (PAC), and in
Layer 2 Tunneling Protocol (L2TP) terminology, it is referred to
as the L2TP Access Concentrator (LAC). In IEEE 802.11, it is
referred to as an Access Point (AP).
Network Discovery
The mechanism used to discover available networks. The discovery
mechanism may be passive or active, and depends on the access
technology. In passive network discovery, the node listens for
network announcements; in active network discovery, the node
solicits network announcements. It is possible for an access
technology to utilize both passive and active network discovery
mechanisms.
Network Selection
Selection of an operator/ISP for network access. Network
selection occurs prior to network access authentication.
Realm
The realm portion of an NAI [<a href="./rfc4282" title=""The Network Access Identifier"">RFC4282</a>].
Realm Selection
The selection of the realm (and corresponding NAI) used to access
the network. A realm can be reachable from more than one access
network type, and selection of a realm may not enable network
capabilities.
<span class="grey">Arkko, et al. Informational [Page 6]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-7" ></span>
<span class="grey"><a href="./rfc5113">RFC 5113</a> Network Discovery and SP January 2008</span>
Roaming Capability
Roaming capability can be loosely defined as the ability to use
any one of multiple Internet Service Providers (ISPs), while
maintaining a formal, customer-vendor relationship with only one.
Examples of cases where roaming capability might be required
include ISP "confederations" and ISP-provided corporate network
access support.
Station (STA)
A device that contains an IEEE 802.11 conformant medium access
control (MAC) and physical layer (PHY) interface to the wireless
medium (WM).
<span class="h2"><a class="selflink" id="section-2" href="#section-2">2</a>. Problem Definition</span>
The network discovery and selection problem can be broken down into
multiple sub-problems. These include:
o Discovery of points of attachment. This involves the discovery of
points of attachment in the vicinity, as well as their
capabilities.
o Identifier selection. This involves selection of the NAI (and
credentials) used to authenticate to the selected point of
attachment.
o AAA routing. This involves routing of the AAA conversation back
to the home AAA server, based on the realm of the selected NAI.
o Payload routing. This involves the routing of data packets, in
the situation where mechanisms more advanced than destination-
based routing are required. While this problem is interesting, it
is not discussed further in this document.
o Network capability discovery. This involves discovering the
capabilities of an access network, such as whether certain
services are reachable through the access network and the charging
policy.
Alternatively, the problem can be divided into discovery, decision,
and selection components. The AAA routing problem, for instance,
involves all components: discovery (which mediating networks are
available), decision (choosing the "best" one), and selection
(selecting which mediating network to use) components.
<span class="grey">Arkko, et al. Informational [Page 7]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-8" ></span>
<span class="grey"><a href="./rfc5113">RFC 5113</a> Network Discovery and SP January 2008</span>
<span class="h3"><a class="selflink" id="section-2.1" href="#section-2.1">2.1</a>. Discovery of Points of Attachment</span>
Traditionally, the discovery of points of attachment has been handled
by out-of-band mechanisms or link or network layer advertisements.
<a href="./rfc2194">RFC 2194</a> [<a href="./rfc2194" title=""Review of Roaming Implementations"">RFC2194</a>] describes the pre-provisioning of dial-up roaming
clients, which typically included a list of potential phone numbers
updated by the provider(s) with which the client had a contractual
relationship. <a href="./rfc3017">RFC 3017</a> [<a href="./rfc3017" title=""XML DTD for Roaming Access Phone Book"">RFC3017</a>] describes the IETF Proposed
Standard for the Roaming Access eXtensible Markup Language (XML)
Document Type Definition (DTD). This covers not only the attributes
of the Points of Presence (PoP) and Internet Service Providers
(ISPs), but also hints on the appropriate NAI to be used with a
particular PoP. The XML DTD supports dial-in and X.25 access, but
has extensible address and media type fields.
As access networks and the points of attachment have proliferated,
out-of-band pre-configuration has become increasingly difficult. For
networks with many points of attachment, keeping a complete and up-
to-date list of points of attachment can be difficult. As a result,
wireless network access clients typically only attempt to pre-
configure information relating to access networks, rather than
individual points of attachment.
In IEEE 802.11 Wireless Local Area Networks (WLAN), the Beacon and
Probe Request/Response mechanism provides a way for Stations to
discover Access Points (AP) and the capabilities of those APs. The
IEEE 802.11 specification [<a href="#ref-IEEE.802.11-2003">IEEE.802.11-2003</a>] provides support for
both passive (Beacon) and active (Probe Request/Response) discovery
mechanisms; [<a href="#ref-Fixingapsel">Fixingapsel</a>] studied the effectiveness of these
mechanisms.
Among the Information Elements (IE) included within the Beacon and
Probe Response is the Service Set Identifier (SSID), a non-unique
identifier of the network to which an AP is attached. The Beacon/
Probe facility therefore enables network discovery, as well as the
discovery of points of attachment and the capabilities of those
points of attachment.
The Global System for Mobile Communications (GSM) specifications also
provide for discovery of points of attachment, as does the Candidate
Access Router Discovery (CARD) [<a href="./rfc4066" title=""Candidate Access Router Discovery (CARD)"">RFC4066</a>] protocol developed by the
IETF SEAMOBY Working Group (WG).
Along with discovery of points of attachment, the capabilities of
access networks are also typically discovered. These may include:
<span class="grey">Arkko, et al. Informational [Page 8]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-9" ></span>
<span class="grey"><a href="./rfc5113">RFC 5113</a> Network Discovery and SP January 2008</span>
o Access network name (e.g., IEEE 802.11 SSID)
o Lower layer security mechanism (e.g., IEEE 802.11 Wired Equivalent
Privacy (WEP) vs. Wi-Fi Protected Access 2 (WPA2))
o Quality of service capabilities (e.g., IEEE 802.11e support)
o Bearer capabilities (e.g., circuit-switched, packet-switched, or
both)
Even though pre-configuration of access networks scales better than
pre-configuration of points of attachment, where many access networks
can be used to authenticate to a home realm, providing complete and
up-to-date information on each access network can be challenging.
In such a situation, network access client configuration can be
minimized by providing information relating to each home realm,
rather than each access network. One way to enable this is for an
access network to support "virtual Access Points" (virtual APs), and
for each point of attachment to support virtual APs corresponding to
each reachable home realm.
While a single IEEE 802.11 network may only utilize a single SSID, it
may cover a wide geographical area, and as a result, may be
segmented, utilizing multiple prefixes. It is possible that a single
SSID may be advertised on multiple channels, and may support multiple
access mechanisms (including Universal Access Method (UAM) and IEEE
802.1X [<a href="#ref-IEEE.8021X-2004">IEEE.8021X-2004</a>]) which may differ between points of
attachment. A single SSID may also support dynamic VLAN access as
described in [<a href="./rfc3580" title=""IEEE 802.1X Remote Authentication Dial In User Service (RADIUS) Usage Guidelines"">RFC3580</a>], or may support authentication to multiple
home AAA servers supporting different realms. As a result, users of
a single point of attachment, connecting to the same SSID, may not
have the same set of services available.
<span class="h3"><a class="selflink" id="section-2.2" href="#section-2.2">2.2</a>. Identity Selection</span>
As networks proliferate, it becomes more and more likely that a user
may have multiple identities and credential sets, available for use
in different situations. For example, the user may have an account
with one or more Public WLAN providers, a corporate WLAN, and one or
more wireless Wide Area Network (WAN) providers.
Typically, the user will choose an identity and corresponding
credential set based on the selected network, perhaps with additional
assistance provided by the chosen authentication mechanism. For
example, if Extensible Authentication Protocol - Transport Layer
Security (EAP-TLS) is the authentication mechanism used with a
particular network, then the user will select the appropriate EAP-TLS
<span class="grey">Arkko, et al. Informational [Page 9]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-10" ></span>
<span class="grey"><a href="./rfc5113">RFC 5113</a> Network Discovery and SP January 2008</span>
client certificate based, in part, on the list of trust anchors
provided by the EAP-TLS server.
However, in access networks where roaming is enabled, the mapping
between an access network and an identity/credential set may not be
one to one. For example, it is possible for multiple identities to
be usable on an access network, or for a given identity to be usable
on a single access network, which may or may not be available.
Figure 1 illustrates a situation where a user identity may not be
usable on a potential access network. In this case, access network 1
enables access to users within the realm "isp1.example.com", whereas
access network 3 enables access to users within the realm
"corp2.example.com"; access network 2 enables access to users within
both realms.
? ? +---------+ +------------------+
? | Access | | |
O_/ _-->| Network |------>|"isp1.example.com"|
/| / | 1 | _->| |
| | +---------+ / +------------------+
_/ \_ | /
| +---------+ /
User "subscriber@isp1. | | Access |/
example.com" -- ? -->| Network |
also known as | | 2 |\
"employee123@corp2. | +---------+ \
example.com" | \
| +---------+ \_ +-------------------+
\_ | Access | ->| |
-->| Network |------>|"corp2.example.com"|
| 3 | | |
+---------+ +-------------------+
Figure 1: Two credentials, three possible access networks
In this situation, a user only possessing an identity within the
"corp2.example.com" realm can only successfully authenticate to
access networks 2 or 3; a user possessing an identity within the
"isp1.example.com" realm can only successfully authenticate to access
networks 1 or 2; a user possessing identities within both realms can
connect to any of the access networks. The question is: how does the
user figure out which access networks it can successfully
authenticate to, preferably prior to choosing a point of attachment?
Traditionally, hints useful in identity selection have been provided
out-of-band. For example, the XML DTD, described in [<a href="./rfc3017" title=""XML DTD for Roaming Access Phone Book"">RFC3017</a>],
enables a client to select between potential points of attachment as
<span class="grey">Arkko, et al. Informational [Page 10]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-11" ></span>
<span class="grey"><a href="./rfc5113">RFC 5113</a> Network Discovery and SP January 2008</span>
well as to select the NAI and credentials to use in authenticating
with it.
Where all points of attachment within an access network enable
authentication utilizing a set of realms, selection of an access
network provides knowledge of the identities that a client can use to
successfully authenticate. For example, in an access network, the
set of supported realms corresponding to network name can be pre-
configured.
In some cases, it may not be possible to determine the available
access networks prior to authentication. For example,
[<a href="#ref-IEEE.8021X-2004">IEEE.8021X-2004</a>] does not support network discovery on IEEE 802
wired networks, so that the peer cannot determine which access
network it has connected to prior to the initiation of the EAP
exchange.
It is also possible for hints to be embedded within credentials. In
[<a href="./rfc4334" title=""Certificate Extensions and Attributes Supporting Authentication in Point-to-Point Protocol (PPP) and Wireless Local Area Networks (WLAN)"">RFC4334</a>], usage hints are provided within certificates used for
wireless authentication. This involves extending the client's
certificate to include the SSIDs with which the certificate can be
used.
However, there may be situations in which an access network may not
accept a static set of realms at every point of attachment. For
example, as part of a roaming agreement, only points of attachment
within a given region or country may be made available. In these
situations, mechanisms such as hints embedded within credentials or
pre-configuration of access network to realm mappings may not be
sufficient. Instead, it is necessary for the client to discover
usable identities dynamically.
This is the problem that <a href="./rfc4284">RFC 4284</a> [<a href="./rfc4284" title=""Identity Selection Hints for the Extensible Authentication Protocol (EAP)"">RFC4284</a>] attempts to solve, using
the EAP-Request/Identity to communicate a list of supported realms.
However, the problems inherent in this approach are many, as
discussed in <a href="#appendix-A.1">Appendix A.1</a>.
Note that identity selection also implies selection of different
credentials, and potentially, selection of different EAP
authentication methods. In some situations this may imply serious
security vulnerabilities. These are discussed in depth in <a href="#section-5">Section 5</a>.
<span class="h3"><a class="selflink" id="section-2.3" href="#section-2.3">2.3</a>. AAA Routing</span>
Once the identity has been selected, the AAA infrastructure needs to
route the access request back to the home AAA server. Typically, the
routing is based on the Network Access Identifier (NAI) defined in
[<a href="./rfc4282" title=""The Network Access Identifier"">RFC4282</a>].
<span class="grey">Arkko, et al. Informational [Page 11]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-12" ></span>
<span class="grey"><a href="./rfc5113">RFC 5113</a> Network Discovery and SP January 2008</span>
Where the NAI does not encode a source route, the routing of requests
is determined by the AAA infrastructure. As described in [<a href="./rfc2194" title=""Review of Roaming Implementations"">RFC2194</a>],
most roaming implementations are relatively simple, relying on a
static realm routing table that determines the next hop based on the
NAI realm included in the User-Name attribute within the Access-
Request. Within RADIUS, the IP address of the home AAA server is
typically determined based on static mappings of realms to IP
addresses maintained within RADIUS proxies.
Diameter [<a href="./rfc3588" title=""Diameter Base Protocol"">RFC3588</a>] supports mechanisms for intra- and inter-domain
service discovery, including support for DNS as well as service
discovery protocols such as Service Location Protocol version 2
(SLPv2) [<a href="./rfc2608" title=""Service Location Protocol, Version 2"">RFC2608</a>]. As a result, it may not be necessary to configure
static tables mapping realms to the IP addresses of Diameter agents.
However, while this simplifies maintenance of the AAA routing
infrastructure, it does not necessarily simplify roaming-relationship
path selection.
As noted in <a href="./rfc2607">RFC 2607</a> [<a href="./rfc2607" title=""Proxy Chaining and Policy Implementation in Roaming"">RFC2607</a>], RADIUS proxies are deployed not only
for routing purposes, but also to mask a number of inadequacies in
the RADIUS protocol design, such as the lack of standardized
retransmission behavior and the need for shared secret provisioning
between each AAA client and server.
Diameter [<a href="./rfc3588" title=""Diameter Base Protocol"">RFC3588</a>] supports certificate-based authentication (using
either TLS or IPsec) as well as Redirect functionality, enabling a
Diameter client to obtain a referral to the home server from a
Diameter redirect server, so that the client can contact the home
server directly. In situations in which a trust model can be
established, these Diameter capabilities can enable a reduction in
the length of the roaming relationship path.
However, in practice there are a number of pitfalls. In order for
certificate-based authentication to enable communication between a
Network Access Server (NAS) or local proxy and the home AAA server,
trust anchors need to be configured, and certificates need to be
selected. The AAA server certificate needs to chain to a trust
anchor configured on the AAA client, and the AAA client certificate
needs to chain to a trust anchor configured on the AAA server. Where
multiple potential roaming relationship paths are available, this
will reflect itself in multiple certificate choices, transforming the
path selection problem into a certificate selection problem.
Depending on the functionality supported within the certificate
selection implementation, this may not make the problem easier to
solve. For example, in order to provide the desired control over the
roaming path, it may be necessary to implement custom certificate
selection logic, which may be difficult to introduce within a
<span class="grey">Arkko, et al. Informational [Page 12]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-13" ></span>
<span class="grey"><a href="./rfc5113">RFC 5113</a> Network Discovery and SP January 2008</span>
certificate handling implementation designed for general-purpose
usage.
As noted in [<a href="./rfc4284" title=""Identity Selection Hints for the Extensible Authentication Protocol (EAP)"">RFC4284</a>], it is also possible to utilize an NAI for the
purposes of source routing. In this case, the client provides
guidance to the AAA infrastructure as to how it would like the access
request to be routed. An NAI including source-routing information is
said to be "decorated"; the decoration format is defined in
[<a href="./rfc4282" title=""The Network Access Identifier"">RFC4282</a>].
When decoration is utilized, the EAP peer provides the decorated NAI
within the EAP-Response/Identity, and as described in [<a href="./rfc3579" title=""RADIUS (Remote Authentication Dial In User Service) Support For Extensible Authentication Protocol (EAP)"">RFC3579</a>], the
NAS copies the decorated NAI included in the EAP-Response/Identity
into the User-Name attribute included within the access request. As
the access request transits the roaming relationship path, AAA
proxies determine the next hop based on the realm included within the
User-Name attribute, in the process, successively removing decoration
from the NAI included in the User-Name attribute. In contrast, the
decorated NAI included within the EAP-Response/Identity encapsulated
in the access request remains untouched. As a result, when the
access request arrives at the AAA home server, the decorated NAI
included in the EAP-Response/Identity may differ from the NAI
included in the User-Name attribute (which may have some or all of
the decoration removed). For the purpose of identity verification,
the EAP server utilizes the NAI in the User-Name attribute, rather
than the NAI in the EAP-Response/Identity.
Over the long term, it is expected that the need for NAI "decoration"
and source routing will disappear. This is somewhat analogous to the
evolution of email delivery. Prior to the widespread proliferation
of the Internet, it was necessary to gateway between SMTP-based mail
systems and alternative delivery technologies, such as Unix-to-Unix
CoPy Protocol (UUCP) and FidoNet. Prior to the implementation of
email gateways utilizing MX RR routing, email address-based source-
routing was used extensively. However, over time the need for email
source-routing disappeared.
<span class="h4"><a class="selflink" id="section-2.3.1" href="#section-2.3.1">2.3.1</a>. The Default Free Zone</span>
AAA clients on the edge of the network, such as NAS devices and local
AAA proxies, typically maintain a default realm route, providing a
default next hop for realms not otherwise taken into account within
the realm routing table. This permits devices with limited resources
to maintain a small realm routing table. Deeper within the AAA
infrastructure, AAA proxies may be maintained with a "default free"
realm table, listing next hops for all known realms, but not
providing a default realm route.
<span class="grey">Arkko, et al. Informational [Page 13]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-14" ></span>
<span class="grey"><a href="./rfc5113">RFC 5113</a> Network Discovery and SP January 2008</span>
While dynamic realm routing protocols are not in use within AAA
infrastructure today, even if such protocols were to be introduced,
it is likely that they would be deployed solely within the core AAA
infrastructure, but not on NAS devices, which are typically resource
constrained.
Since NAS devices do not maintain a full realm routing table, they do
not have knowledge of all the realms reachable from the local
network. The situation is analogous to that of Internet hosts or
edge routers that do not participate in the BGP mesh. In order for
an Internet host to determine whether it can reach a destination on
the Internet, it is necessary to send a packet to the destination.
Similarly, when a user provides an NAI to the NAS, the NAS does not
know a priori whether or not the realm encoded in the NAI is
reachable; it simply forwards the access request to the next hop on
the roaming relationship path. Eventually, the access request
reaches the "default free" zone, where a core AAA proxy determines
whether or not the realm is reachable. As described in [<a href="./rfc4284" title=""Identity Selection Hints for the Extensible Authentication Protocol (EAP)"">RFC4284</a>],
where EAP authentication is in use, the core AAA proxy can send an
Access-Reject, or it can send an Access-Challenge encapsulating an
EAP-Request/Identity containing "realm hints" based on the content of
the "default free" realm routing table.
There are a number of intrinsic problems with this approach. Where
the "default free" routing table is large, it may not fit within a
single EAP packet, and the core AAA proxy may not have a mechanism
for selecting the most promising entries to include. Even where the
"default free" realm routing table would fit within a single EAP-
Request/Identity packet, the core AAA router may not choose to
include all entries, since the list of realm routes could be
considered confidential information not appropriate for disclosure to
hosts seeking network access. Therefore, it cannot be assumed that
the list of "realm hints" included within the EAP-Request/Identity is
complete. Given this, a NAS or local AAA proxy snooping the EAP-
Request/Identity cannot rely on it to provide a complete list of
reachable realms. The "realm hint" mechanism described in [<a href="./rfc4284" title=""Identity Selection Hints for the Extensible Authentication Protocol (EAP)"">RFC4284</a>]
is not a dynamic routing protocol.
<span class="h4"><a class="selflink" id="section-2.3.2" href="#section-2.3.2">2.3.2</a>. Route Selection and Policy</span>
Along with lack of a dynamic AAA routing protocol, today's AAA
infrastructure lacks mechanisms for route selection and policy. As a
result, multiple routes may exist to a destination realm, without a
mechanism for the selection of a preferred route.
<span class="grey">Arkko, et al. Informational [Page 14]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-15" ></span>
<span class="grey"><a href="./rfc5113">RFC 5113</a> Network Discovery and SP January 2008</span>
In Figure 2, Roaming Groups 1 and 2 both include a route to the realm
"a.example.com". However, these realm routes are not disseminated to
the NAS along with associated metrics, and, as a result, there is no
mechanism for implementation of dynamic routing policies (such as
selection of realm routes by shortest path, or preference for routes
originating at a given proxy).
+---------+
| |----> "a.example.com"
| Roaming |
+---------+ | Group 1 |
| |----->| Proxy |----> "b.example.com"
user "joe@ | Access | +---------+
a.example.com"--->| Provider|
| NAS | +---------+
| |----->| |----> "a.example.com"
+---------+ | Roaming |
| Group 2 |
| Proxy |----> "c.example.com"
+---------+
Figure 2: Multiple routes to a destination realm
In the example in Figure 2, access through Roaming Group 1 may be
less expensive than access through Roaming Group 2, and as a result
it would be desirable to prefer Roaming Group 1 as a next hop for an
NAI with a realm of "a.example.com". However, the only way to obtain
this result would be to manually configure the NAS realm routing
table with the following entries:
Realm Next Hop
----- --------
b.example.com Roaming Group 1
c.example.com Roaming Group 2
Default Roaming Group 1
While manual configuration may be practical in situations where the
realm routing table is small and entries are static, where the list
of supported realms change frequently, or the preferences change
dynamically, manual configuration will not be manageable.
<span class="h4"><a class="selflink" id="section-2.3.3" href="#section-2.3.3">2.3.3</a>. Source Routing</span>
Due to the limitations of current AAA routing mechanisms, there are
situations in which NAI-based source routing is used to influence the
roaming relationship path. However, since the AAA proxies on the
roaming relationship path are constrained by existing relationships,
NAI-based source routing is not source routing in the classic sense;
<span class="grey">Arkko, et al. Informational [Page 15]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-16" ></span>
<span class="grey"><a href="./rfc5113">RFC 5113</a> Network Discovery and SP January 2008</span>
it merely suggests preferences that the AAA proxy can choose not to
accommodate.
Where realm routes are set up as the result of pre-configuration and
dynamic route establishment is not supported, if a realm route does
not exist, then NAI-based source routing cannot establish it. Even
where dynamic route establishment is possible, such as where the AAA
client and server support certificate-based authentication, and AAA
servers are discoverable (such as via the mechanisms described in
[<a href="./rfc3588" title=""Diameter Base Protocol"">RFC3588</a>]), an AAA proxy may choose not to establish a realm route by
initiating the discovery process based on a suggestion in an NAI-
based source route.
Where the realm route does exist, or the AAA proxy is capable of
establishing it dynamically, the AAA proxy may choose not to
authorize the client to use it.
While, in principle, source routing can provide users with better
control over AAA routing decisions, there are a number of practical
problems to be overcome. In order to enable the client to construct
optimal source routes, it is necessary for it to be provided with a
complete and up-to-date realm routing table. However, if a solution
to this problem were readily available, then it could be applied to
the AAA routing infrastructure, enabling the selection of routes
without the need for user intervention.
As noted in [<a href="#ref-Eronen04">Eronen04</a>], only a limited number of parameters can be
updated dynamically. For example, quality of service or pricing
information typically will be pre-provisioned or made available on
the web rather than being updated on a continuous basis. Where realm
names are communicated dynamically, the "default free" realm list is
unlikely to be provided in full since this table could be quite
large. Given the constraints on the availability of information, the
construction of source routes typically needs to occur in the face of
incomplete knowledge.
In addition, there are few mechanisms available to audit whether the
requested source route is honored by the AAA infrastructure. For
example, an access network could advertise a realm route to
"costsless.example.com", while instead routing the access-request
through "costsmore.example.com". While the decorated NAI would be
made available to the home AAA server in the EAP-Response/Identity,
the home AAA server might have a difficult time verifying that the
source route requested in the decorated NAI was actually honored by
the AAA infrastructure. Similarly, it could be difficult to
determine whether quality of service (QoS) or other routing requests
were actually provided as requested. To some extent, this problem
<span class="grey">Arkko, et al. Informational [Page 16]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-17" ></span>
<span class="grey"><a href="./rfc5113">RFC 5113</a> Network Discovery and SP January 2008</span>
may be addressed as part of the business arrangements between roaming
partners, which may provide minimum service-level guarantees.
Given the potential issues with source routing, conventional AAA
routing mechanisms are to be preferred wherever possible. Where an
error is encountered, such as an attempt to authenticate to an
unreachable realm, "realm hints" can be provided as described
[<a href="./rfc4284" title=""Identity Selection Hints for the Extensible Authentication Protocol (EAP)"">RFC4284</a>]. However, this approach has severe scalability
limitations, as outlined in <a href="#appendix-A.1">Appendix A.1</a>.
<span class="h3"><a class="selflink" id="section-2.4" href="#section-2.4">2.4</a>. Network Capabilities Discovery</span>
Network capability discovery focuses on discovery of the services
offered by networks, not just the capabilities of individual points
of attachment. By acquiring additional information on access network
characteristics, it is possible for users to make a more informed
access decision. These characteristics may include:
o Roaming relationships between the access network provider and
other network providers and associated costs. Where the network
access client is not pre-configured with an identity and
credentials corresponding to a local access network, it will need
to be able to determine whether one or more home realms are
reachable from an access network so that successful authentication
can be possible.
o EAP authentication methods. While the EAP authentication methods
supported by a home realm can only be determined by contacting the
home AAA server, it is possible that the local realm will also
support one or more EAP methods. For example, a user may be able
to utilize EAP-SIM (Extensible Authentication Protocol -
Subscriber Identity Module) to authenticate to the access network
directly, rather than having to authenticate to the home network.
o End-to-end quality of service capability. While local quality of
service capabilities are typically advertised by the access
network (e.g., support for Wi-Fi Multimedia (WMM)), the
availability of end-to-end QoS services may not be advertised.
o Service parameters, such as the existence of middleboxes or
firewalls. If the network access client is not made aware of the
Internet access that it will receive on connecting to a point of
attachment, it is possible that the user may not be able to access
the desired services.
Reference [<a href="#ref-IEEE.11-04-0624">IEEE.11-04-0624</a>] classifies the possible steps at which
IEEE 802.11 networks can acquire this information:
<span class="grey">Arkko, et al. Informational [Page 17]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-18" ></span>
<span class="grey"><a href="./rfc5113">RFC 5113</a> Network Discovery and SP January 2008</span>
o Pre-association
o Post-association (or pre-authentication)
o Post-authentication
In the interest of minimizing connectivity delays, all of the
information required for network selection (including both access
network capabilities and global characteristics) needs to be provided
prior to authentication.
By the time authentication occurs, the node has typically selected
the access network, the NAI to be used to authenticate, as well as
the point of attachment. Should it learn information during the
authentication process that would cause it to revise one or more of
those decisions, the node will need to select a new network, point of
attachment, and/or identity, and then go through the authentication
process all over again. Such a process is likely to be both time
consuming and unreliable.
<span class="h2"><a class="selflink" id="section-3" href="#section-3">3</a>. Design Issues</span>
The following factors should be taken into consideration while
evaluating solutions to the problem of network selection and
discovery.
<span class="h3"><a class="selflink" id="section-3.1" href="#section-3.1">3.1</a>. AAA Routing</span>
Solutions to the AAA routing issues discussed in <a href="#section-2.3">Section 2.3</a> need to
apply to a wide range of AAA messages, and should not restrict the
introduction of new AAA or access network functionality. For
example, AAA routing mechanisms should work for access requests and
responses as well as accounting requests and responses and server-
initiated messages. Solutions should not restrict the development of
new AAA attributes, access types, or performance optimizations (such
as fast handoff support).
<span class="h3"><a class="selflink" id="section-3.2" href="#section-3.2">3.2</a>. Backward Compatibility</span>
Solutions need to maintain backward compatibility. In particular:
o Selection-aware clients need to interoperate with legacy NAS
devices and AAA servers.
o Selection-aware AAA infrastructure needs to interoperate with
legacy clients and NAS devices.
<span class="grey">Arkko, et al. Informational [Page 18]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-19" ></span>
<span class="grey"><a href="./rfc5113">RFC 5113</a> Network Discovery and SP January 2008</span>
For example, selection-aware clients should not transmit packets
larger than legacy NAS devices or AAA servers can handle. Where
protocol extensions are required, changes should be required to as
few infrastructure elements as possible. For example, extensions
that require upgrades to existing NAS devices will be more difficult
to deploy than proposals that are incrementally deployable based on
phased upgrades of clients or AAA servers.
<span class="h3"><a class="selflink" id="section-3.3" href="#section-3.3">3.3</a>. Efficiency Constraints</span>
Solutions should be efficient as measured by channel utilization,
bandwidth consumption, handoff delay, and energy utilization.
Mechanisms that depend on multicast frames need to be designed with
care since multicast frames are often sent at the lowest supported
rate and therefore consume considerable channel time as well as
energy on the part of listening nodes. Depending on the deployment,
it is possible for bandwidth to be constrained both on the link, as
well as in the backend AAA infrastructure. As a result, chatty
mechanisms such as keepalives or periodic probe packets are to be
avoided. Given the volume handled by AAA servers, solutions should
also be conscious of adding to the load, particularly in cases where
this could enable denial-of-service attacks. For example, it would
be a bad idea for a NAS to attempt to obtain an updated realm routing
table by periodically sending probe EAP-Response/Identity packets to
the AAA infrastructure in order to obtain "realm hints" as described
in [<a href="./rfc4284" title=""Identity Selection Hints for the Extensible Authentication Protocol (EAP)"">RFC4284</a>]. Not only would this add significant load to the AAA
infrastructure (particularly in cases where the AAA server was
already overloaded, thereby dropping packets resulting in
retransmission by the NAS), but it would also not provide the NAS
with a complete realm routing table, for reasons described in
<a href="#section-2.3">Section 2.3</a>.
Battery consumption is a significant constraint for handheld devices.
Therefore, mechanisms that require significant increases in packets
transmitted, or the fraction of time during which the host needs to
listen (such as proposals that require continuous scanning), are to
be discouraged. In addition, the solution should not significantly
impact the time required to complete network attachment.
<span class="h3"><a class="selflink" id="section-3.4" href="#section-3.4">3.4</a>. Scalability</span>
Given limitations on frame sizes and channel utilization, it is
important that solutions scale less than linearly in terms of the
number of networks and realms supported. For example, solutions such
as [<a href="./rfc4284" title=""Identity Selection Hints for the Extensible Authentication Protocol (EAP)"">RFC4284</a>] increase the size of advertisements in proportion to the
number of entries in the realm routing table. This approach does not
scale to support a large number of networks and realms.
<span class="grey">Arkko, et al. Informational [Page 19]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-20" ></span>
<span class="grey"><a href="./rfc5113">RFC 5113</a> Network Discovery and SP January 2008</span>
Similarly, approaches that utilize separate Beacons for each "virtual
AP" introduce additional Beacons in proportion to the number of
networks being advertised. While such an approach may minimize the
pre-configuration required for network access clients, the
proliferation of "virtual APs" can result in high utilization of the
wireless medium. For example, the 802.11 Beacon is sent only at a
rate within the basic rate set, which typically consists of the
lowest supported rates, or perhaps only the lowest supported rate.
As a result, "virtual AP" mechanisms that require a separate Beacon
for each "virtual AP" do not scale well.
For example, with a Beacon interval of 100 Time Units (TUs) or 102.4
ms (9.8 Beacons/second), twenty 802.11b "virtual APs" each announcing
their own Beacon of 170 octets would result in a channel utilization
of 37.9 percent. The calculation can be verified as follows:
1. A single 170-octet Beacon sent at 1 Mbps will utilize the channel
for 1360 us (1360 bits @ 1 Mbps);
2. Adding 144 us for the Physical Layer Convergence Procedure (PLCP)
long preamble (144 bits @ 1 Mbps), 48 us for the PLCP header (48
bits @ 1 Mbps), 10 us for the Short Interframe Space (SIFS), 50 us
for the Distributed Interframe Space (DIFS), and 320 us for the
average minimum Contention Window without backoff (CWmin/2 *
aSlotTime = 32/2 * 20 us) implies that a single Beacon will
utilize an 802.11b channel for 1932 us;
3. Multiply the channel time per Beacon by 196 Beacons/second, and we
obtain a channel utilization of 378672 us/second = 37.9 percent.
In addition, since Beacon/Probe Response frames are sent by each AP
over the wireless medium, stations can only discover APs within
range, which implies substantial coverage overlap for roaming to
occur without interruption. Another issue with the Beacon and Probe
Request/Response mechanism is that it is either insecure or its
security can be assured only as part of authenticating to the network
(e.g., verifying the advertised capabilities within the 4-way
handshake).
A number of enhancements have been proposed to the Beacon/Probe
Response mechanism in order to improve scalability and performance in
roaming scenarios. These include allowing APs to announce
capabilities of neighbor APs as well as their own [<a href="#ref-IEEE.802.11k">IEEE.802.11k</a>].
More scalable mechanisms for support of "virtual APs" within IEEE
802.11 have also been proposed [<a href="#ref-IEEE.802.11v">IEEE.802.11v</a>]; generally these
proposals collapse multiple "virtual AP" advertisements into a single
advertisement.
<span class="grey">Arkko, et al. Informational [Page 20]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-21" ></span>
<span class="grey"><a href="./rfc5113">RFC 5113</a> Network Discovery and SP January 2008</span>
Higher-layer mechanisms can also be used to improve scalability
since, by running over IP, they can utilize facilities, such as
fragmentation, that may not be available at the link layer. For
example, in IEEE 802.11, Beacon frames cannot use fragmentation
because they are multicast frames.
<span class="h3"><a class="selflink" id="section-3.5" href="#section-3.5">3.5</a>. Static Versus Dynamic Discovery</span>
"Phone-book" based approaches such as [<a href="./rfc3017" title=""XML DTD for Roaming Access Phone Book"">RFC3017</a>] can provide
information for automatic selection decisions. While this approach
has been applied to wireless access, it typically can only be used
successfully within a single operator or limited roaming partner
deployment. For example, were a "Phone-Book" approach to attempt to
incorporate information from a large number of roaming partners, it
could become quite difficult to keep the information simultaneously
comprehensive and up to date. As noted in [<a href="#ref-Priest04">Priest04</a>] and [<a href="#ref-GROETING" title=""Network Selection Implementation Results"">GROETING</a>],
a large fraction of current WLAN access points operate on the default
SSID, which may make it difficult to distinguish roaming partner
networks by SSID. In any case, in wireless networks, dynamic
discovery is a practical requirement since a node needs to know which
APs are within range before it can connect.
<span class="h3"><a class="selflink" id="section-3.6" href="#section-3.6">3.6</a>. Security</span>
Network discovery and selection mechanisms may introduce new security
vulnerabilities. As noted in <a href="#section-2.3.1">Section 2.3.1</a>, network operators may
consider the AAA routing table to be confidential information, and
therefore may not wish to provide it to unauthenticated peers via the
mechanism described in <a href="./rfc4284">RFC 4284</a>. While the peer could provide a list
of the realms it supports, with the authenticator choosing one, this
approach raises privacy concerns. Since identity selection occurs
prior to authentication, the peer's supported realms would be sent in
cleartext, enabling an attacker to determine the realms for which a
potential victim has credentials. This risk can be mitigated by
restricting peer disclosure. For example, a peer may only disclose
additional realms in situations where an initially selected identity
has proved unusable.
Since network selection occurs prior to authentication, it is
typically not possible to secure mechanisms for network discovery or
identity selection, although it may be possible to provide for secure
confirmation after authentication is complete. As an example, some
parameters discovered during network discovery may be confirmable via
EAP Channel Bindings; others may be confirmed in a subsequent Secure
Association Protocol handshake.
<span class="grey">Arkko, et al. Informational [Page 21]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-22" ></span>
<span class="grey"><a href="./rfc5113">RFC 5113</a> Network Discovery and SP January 2008</span>
However, there are situations in which advertised parameters may not
be confirmable. This could lead to "bidding down" vulnerabilities.
<a href="./rfc3748#section-7.8">Section 7.8 of [RFC3748]</a> states:
Within or associated with each authenticator, it is not
anticipated that a particular named peer will support a choice of
methods. This would make the peer vulnerable to attacks that
negotiate the least secure method from among a set. Instead, for
each named peer, there SHOULD be an indication of exactly one
method used to authenticate that peer name. If a peer needs to
make use of different authentication methods under different
circumstances, then distinct identities SHOULD be employed, each
of which identifies exactly one authentication method.
In practice, where the authenticator operates in "pass-through" mode,
the EAP method negotiation will occur between the EAP peer and
server, and therefore the peer will need to associate a single EAP
method with a given EAP server. Where multiple EAP servers and
corresponding identities may be reachable from the same selected
network, the EAP peer may have difficulty determining which identity
(and corresponding EAP method) should be used. Unlike network
selection, which may be securely confirmed within a Secure
Association Protocol handshake, identity selection hints provided
within the EAP-Request/Identity are not secured.
As a result, where the identity selection mechanism described in <a href="./rfc4284">RFC</a>
<a href="./rfc4284">4284</a> is used, the "hints" provided could be used by an attacker to
convince the victim to select an identity corresponding to an EAP
method offering lesser security (e.g., EAP MD5-Challenge). One way
to mitigate this risk is for the peer to only utilize EAP methods
satisfying the [<a href="./rfc4017" title=""Extensible Authentication Protocol (EAP) Method Requirements for Wireless LANs"">RFC4017</a>] security requirements, and for the peer to
select the identity corresponding to the strongest authentication
method where a choice is available.
<span class="h3"><a class="selflink" id="section-3.7" href="#section-3.7">3.7</a>. Management</span>
From an operational point of view, a network device in control of
network advertisement and providing "realm hints" for guiding the
network discovery and selection, should at least offer a management
interface capable of providing status information for operators.
Status information, such as counters of each selected network and
used realm, and when <a href="./rfc4284">RFC 4284</a> is used, the count of delivered "realm
hints" might interest operators. Especially the information related
to realms that fall into the "default free zone" or the "AAA fails to
route" are of interest.
Larger deployments would benefit from a management interface that
allow full remote configuration capabilities, for example, of "realm
<span class="grey">Arkko, et al. Informational [Page 22]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-23" ></span>
<span class="grey"><a href="./rfc5113">RFC 5113</a> Network Discovery and SP January 2008</span>
hints" in case of <a href="./rfc4284">RFC 4284</a>-conforming network devices. While changes
to "realm hints" and realm routing information are not expected to be
frequent, centralized remote management tends to lower the frequency
of misconfigured devices.
<span class="h2"><a class="selflink" id="section-4" href="#section-4">4</a>. Conclusions</span>
This document describes the network selection and discovery problem.
In the opinion of the authors, the major findings are as follows:
o There is a need for additional work on access network discovery,
identifier selection, AAA routing, and payload routing.
o Credential selection and AAA routing are aspects of the same
problem, namely identity selection.
o When considering selection among a large number of potential
access networks and points of attachment, the issues described in
the document become much harder to solve in an automated way,
particularly if there are constraints on handoff latency.
o The proliferation of network discovery technologies within IEEE
802, IETF, and 3rd Generation Partnership Project (3GPP) has the
potential to become a significant problem going forward. Without
a unified approach, multiple non-interoperable solutions may be
deployed.
o New link-layer designs should include efficient distribution of
network and realm information as a design requirement.
o It may not be possible to solve all aspects of the problem for
legacy NAS devices on existing link layers. Therefore, a phased
approach may be more realistic. For example, a partial solution
could be made available for existing link layers, with a more
complete solution requiring support for link layer extensions.
With respect to specific mechanisms for access network discovery and
selection:
o Studies such as [<a href="#ref-MACScale">MACScale</a>] and [<a href="#ref-Velayos" title=""Techniques to Reduce IEEE 802.11b MAC Layer Handover Time"">Velayos</a>], as well as the
calculations described in <a href="#section-2.1">Section 2.1</a>, demonstrate that the IEEE
802.11 Beacon/Probe Response mechanism has substantial scaling
issues in situations where a new Beacon is used for each "virtual
AP". As a result, a single channel is, in practice, limited to
less than twenty Beacon announcements with IEEE 802.11b.
<span class="grey">Arkko, et al. Informational [Page 23]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-24" ></span>
<span class="grey"><a href="./rfc5113">RFC 5113</a> Network Discovery and SP January 2008</span>
The situation is improved substantially with successors, such as
IEEE 802.11a, that enable additional channels, thus potentially
increasing the number of potential virtual APs.
However, even with these enhancements, it is not feasible to
advertise more than 50 different networks, and probably less in
most circumstances.
As a result, there appears to be a need to enhance the scalability
of IEEE 802.11 network advertisements.
o Work is underway in IEEE 802.1, IEEE 802.21, and IEEE 802.11u
[<a href="#ref-IEEE.802.11u">IEEE.802.11u</a>] to provide enhanced discovery functionality.
Similarly, IEEE 802.1af [<a href="#ref-IEEE.802.1af">IEEE.802.1af</a>] has discussed the addition
of network discovery functionality to IEEE 802.1X
[<a href="#ref-IEEE.8021X-2004">IEEE.8021X-2004</a>]. However, neither IEEE 802.1AB [<a href="#ref-IEEE.802.1ab">IEEE.802.1ab</a>]
nor IEEE 802.1af is likely to support fragmentation of network
advertisement frames so that the amount of data that can be
transported will be limited.
o While IEEE 802.11k [<a href="#ref-IEEE.802.11k">IEEE.802.11k</a>] provides support for the
Neighbor Report, this only provides for gathering of information
on neighboring 802.11 APs, not points of attachment supporting
other link layers. Solution to this problem would appear to
require coordination across IEEE 802 as well as between standards
bodies.
o Given that EAP does not support fragmentation of EAP-Request/
Identity packets, the volume of "realm hints" that can be fit with
these packets is limited. In addition, within IEEE 802.11, EAP
packets can only be exchanged within State 3 (associated and
authenticated). As a result, use of EAP for realm discovery may
result in significant delays. The extension of the realm
advertisement mechanism defined in [<a href="./rfc4284" title=""Identity Selection Hints for the Extensible Authentication Protocol (EAP)"">RFC4284</a>] to handle
advertisement of realm capability information (such as QoS
provisioning) is not recommended due to semantic and packet size
limitations [<a href="#ref-GROETING" title=""Network Selection Implementation Results"">GROETING</a>]. As a result, we believe that extending
the mechanism described in [<a href="./rfc4284" title=""Identity Selection Hints for the Extensible Authentication Protocol (EAP)"">RFC4284</a>] for discovery of realm
capabilities is inappropriate. Instead, we believe it is more
appropriate for this functionality to be handled within the link
layer so that the information can be available early in the
handoff process.
o Where link-layer approaches are not available, higher-layer
approaches can be considered. A limitation of higher-layer
solutions is that they can only optimize the movement of already
connected hosts, but cannot address scenarios where network
discovery is required for successful attachment.
<span class="grey">Arkko, et al. Informational [Page 24]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-25" ></span>
<span class="grey"><a href="./rfc5113">RFC 5113</a> Network Discovery and SP January 2008</span>
Higher-layer alternatives worth considering include the SEAMOBY
CARD protocol [<a href="./rfc4066" title=""Candidate Access Router Discovery (CARD)"">RFC4066</a>], which enables advertisement of network
device capabilities over IP, and Device Discovery Protocol (DDP)
[<a href="#ref-MARQUES" title=""Device Discovery Protocol (DDP)"">MARQUES</a>], which provides functionality equivalent to IEEE 802.1AB
using ASN.1 encoded advertisements sent to a link-local scope
multicast address.
<span class="h2"><a class="selflink" id="section-5" href="#section-5">5</a>. Security Considerations</span>
All aspects of the network discovery and selection problem are
security related. The security issues and requirements have been
discussed in the previous sections.
The security requirements for network discovery depend on the type of
information being discovered. Some of the parameters may have a
security impact, such as the claimed name of the network to which the
user tries to attach. Unfortunately, current EAP methods do not
always make the verification of such parameters possible. EAP
methods, such as Protected EAP (PEAP) [<a href="#ref-JOSEFSSON">JOSEFSSON</a>] and EAP-IKEv2
[<a href="#ref-IKEV2" title=""EAP-IKEv2 Method"">IKEV2</a>], may make this possible, however. There is even an attempt
to provide a backward-compatible extension to older methods [<a href="#ref-ARKKO" title=""Authenticated Service Information for the Extensible Authentication Protocol (EAP)"">ARKKO</a>].
The security requirements for network selection depend on whether the
selection is considered a mandate or a hint. In general, treating
network advertisements as a hint is a more secure approach, since it
reduces access client vulnerability to forged network advertisements.
For example, "realm hints" may be ignored by an EAP peer if they are
incompatible with the security policy corresponding to a selected
access network.
Similarly, network access clients may refuse to connect to a point of
attachment if the advertised security capabilities do not match those
that have been pre-configured. For example, if an IEEE 802.11 access
client has been pre-configured to require WPA2 enterprise support
within an access network, it may refuse to connect to access points
advertising support for WEP.
Where the use of methods that do not satisfy the security
requirements of [<a href="./rfc4017" title=""Extensible Authentication Protocol (EAP) Method Requirements for Wireless LANs"">RFC4017</a>] is allowed, it may be possible for an
attacker to trick a peer into using an insecure EAP method, leading
to the compromise of long-term credentials. This can occur either
where a network is pre-configured to allow use of an insecure EAP
method, or where connection without pre-configuration is permitted
using such methods.
For example, an attacker can spoof a network advertisement, possibly
downgrading the advertised security capabilities. The rogue access
point would then attempt to negotiate an insecure EAP method. Such
<span class="grey">Arkko, et al. Informational [Page 25]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-26" ></span>
<span class="grey"><a href="./rfc5113">RFC 5113</a> Network Discovery and SP January 2008</span>
an attack can be prevented if the peer refuses to connect to access
points not meeting its security requirements, which would include
requiring use of EAP methods satisfying the [<a href="./rfc4017" title=""Extensible Authentication Protocol (EAP) Method Requirements for Wireless LANs"">RFC4017</a>] requirements.
Support for secure discovery could potentially protect against
spoofing of network advertisements, enabling verifiable information
to guide connection decisions. However, development of these
mechanisms requires solving several difficult engineering and
deployment problems.
Since discovery is a prerequisite for authentication, it is not
possible to protect initial discovery using dynamic keys derived in
the authentication process. On the other hand, integrity protection
of network advertisements utilizing symmetric keys or digital
signatures would require pre-configuration.
<span class="h2"><a class="selflink" id="section-6" href="#section-6">6</a>. Informative References</span>
[<a id="ref-RFC2119">RFC2119</a>] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", <a href="https://www.rfc-editor.org/bcp/bcp14">BCP 14</a>, <a href="./rfc2119">RFC 2119</a>, March 1997.
[<a id="ref-RFC1035">RFC1035</a>] Mockapetris, P., "Domain names - implementation and
specification", STD 13, <a href="./rfc1035">RFC 1035</a>, November 1987.
[<a id="ref-RFC3588">RFC3588</a>] Calhoun, P., Loughney, J., Guttman, E., Zorn, G., and J.
Arkko, "Diameter Base Protocol", <a href="./rfc3588">RFC 3588</a>, September 2003.
[<a id="ref-RFC3017">RFC3017</a>] Riegel, M. and G. Zorn, "XML DTD for Roaming Access Phone
Book", <a href="./rfc3017">RFC 3017</a>, December 2000.
[<a id="ref-RFC3748">RFC3748</a>] Aboba, B., Blunk, L., Vollbrecht, J., Carlson, J., and H.
Levkowetz, "Extensible Authentication Protocol (EAP)",
<a href="./rfc3748">RFC 3748</a>, June 2004.
[<a id="ref-RFC4334">RFC4334</a>] Housley, R. and T. Moore, "Certificate Extensions and
Attributes Supporting Authentication in Point-to-Point
Protocol (PPP) and Wireless Local Area Networks (WLAN)",
<a href="./rfc4334">RFC 4334</a>, February 2006.
[<a id="ref-RFC4282">RFC4282</a>] Aboba, B., Beadles, M., Arkko, J., and P. Eronen, "The
Network Access Identifier", <a href="./rfc4282">RFC 4282</a>, December 2005.
[<a id="ref-RFC3280">RFC3280</a>] Housley, R., Polk, W., Ford, W., and D. Solo, "Internet
X.509 Public Key Infrastructure Certificate and
Certificate Revocation List (CRL) Profile", <a href="./rfc3280">RFC 3280</a>,
April 2002.
<span class="grey">Arkko, et al. Informational [Page 26]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-27" ></span>
<span class="grey"><a href="./rfc5113">RFC 5113</a> Network Discovery and SP January 2008</span>
[<a id="ref-RFC4072">RFC4072</a>] Eronen, P., Hiller, T., and G. Zorn, "Diameter Extensible
Authentication Protocol (EAP) Application", <a href="./rfc4072">RFC 4072</a>,
August 2005.
[<a id="ref-RFC3579">RFC3579</a>] Aboba, B. and P. Calhoun, "RADIUS (Remote Authentication
Dial In User Service) Support For Extensible
Authentication Protocol (EAP)", <a href="./rfc3579">RFC 3579</a>, September 2003.
[<a id="ref-RFC2194">RFC2194</a>] Aboba, B., Lu, J., Alsop, J., Ding, J., and W. Wang,
"Review of Roaming Implementations", <a href="./rfc2194">RFC 2194</a>,
September 1997.
[<a id="ref-RFC2607">RFC2607</a>] Aboba, B. and J. Vollbrecht, "Proxy Chaining and Policy
Implementation in Roaming", <a href="./rfc2607">RFC 2607</a>, June 1999.
[<a id="ref-RFC2608">RFC2608</a>] Guttman, E., Perkins, C., Veizades, J., and M. Day,
"Service Location Protocol, Version 2", <a href="./rfc2608">RFC 2608</a>,
June 1999.
[<a id="ref-RFC3580">RFC3580</a>] Congdon, P., Aboba, B., Smith, A., Zorn, G., and J. Roese,
"IEEE 802.1X Remote Authentication Dial In User Service
(RADIUS) Usage Guidelines", <a href="./rfc3580">RFC 3580</a>, September 2003.
[<a id="ref-RFC4284">RFC4284</a>] Adrangi, F., Lortz, V., Bari, F., and P. Eronen, "Identity
Selection Hints for the Extensible Authentication Protocol
(EAP)", <a href="./rfc4284">RFC 4284</a>, January 2006.
[<a id="ref-RFC4017">RFC4017</a>] Stanley, D., Walker, J., and B. Aboba, "Extensible
Authentication Protocol (EAP) Method Requirements for
Wireless LANs", <a href="./rfc4017">RFC 4017</a>, March 2005.
[<a id="ref-RFC2486">RFC2486</a>] Aboba, B. and M. Beadles, "The Network Access Identifier",
<a href="./rfc2486">RFC 2486</a>, January 1999.
[<a id="ref-RFC4066">RFC4066</a>] Liebsch, M., Singh, A., Chaskar, H., Funato, D., and E.
Shim, "Candidate Access Router Discovery (CARD)",
<a href="./rfc4066">RFC 4066</a>, July 2005.
[<a id="ref-IKEV2">IKEV2</a>] Tschofenig, H., Kroeselberg, D., Pashalidis, A., Ohba, Y.,
and F. Bersani, "EAP-IKEv2 Method", Work in Progress,
September 2007.
[<a id="ref-ARKKO">ARKKO</a>] Arkko, J. and P. Eronen, "Authenticated Service
Information for the Extensible Authentication Protocol
(EAP)", Work in Progress, October 2005.
<span class="grey">Arkko, et al. Informational [Page 27]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-28" ></span>
<span class="grey"><a href="./rfc5113">RFC 5113</a> Network Discovery and SP January 2008</span>
[<a id="ref-GROETING">GROETING</a>] Groeting, W., Berg, S., Tschofenig, H., and M. Ness,
"Network Selection Implementation Results", Work
in Progress, July 2004.
[<a id="ref-JOSEFSSON">JOSEFSSON</a>]
Palekar, A., Simon, D., Salowey, J., Zhou, H., Zorn, G.,
and S. Josefsson, "Protected EAP Protocol (PEAP) Version
2", Work in Progress, October 2004.
[<a id="ref-MARQUES">MARQUES</a>] Enns, R., Marques, P., and D. Morrell, "Device Discovery
Protocol (DDP)", Work in Progress, May 2003.
[<a id="ref-OHBA">OHBA</a>] Taniuchi, K., Ohba, Y., and D. Subir, "IEEE 802.21 Basic
Schema", Work in Progress, October 2007.
[<a id="ref-IEEE.802.11-2003">IEEE.802.11-2003</a>]
IEEE, "Wireless LAN Medium Access Control (MAC) and
Physical Layer (PHY) Specifications", IEEE Standard
802.11, 2003.
[<a id="ref-Fixingapsel">Fixingapsel</a>]
Judd, G. and P. Steenkiste, "Fixing 802.11 Access Point
Selection", Sigcomm Poster Session 2002.
[<a id="ref-IEEE.802.11k">IEEE.802.11k</a>]
IEEE, "Draft Ammendment to Standard for Telecommunications
and Information Exchange Between Systems - LAN/MAN
Specific Requirements - Part 11: Wireless LAN Medium
Access Control (MAC) and Physical Layer (PHY)
Specifications: Radio Resource Management", IEEE 802.11k,
D7.0, January 2007.
[<a id="ref-IEEE.802.1ab">IEEE.802.1ab</a>]
IEEE, "Draft Standard for Local and Metropolitan Area
Networks - Station and Media Access Control Connectivity
Discovery", IEEE 802.1AB, D1.0, April 2007.
[<a id="ref-IEEE.802.1af">IEEE.802.1af</a>]
IEEE, "Draft Standard for Local and Metropolitan Area
Networks - Port-Based Network Access Control - Amendment
1: Authenticated Key Agreement for Media Access Control
(MAC) Security", IEEE 802.1af, D1.2, January 2007.
<span class="grey">Arkko, et al. Informational [Page 28]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-29" ></span>
<span class="grey"><a href="./rfc5113">RFC 5113</a> Network Discovery and SP January 2008</span>
[<a id="ref-IEEE.802.11v">IEEE.802.11v</a>]
IEEE, "Draft Amemdment to Standard for Information
Technology - Telecommunications and Information Exchange
Between Systems - LAN/MAN Specific Requirements - Part 11:
Wireless Medium Access Control (MAC) and physical layer
(PHY) specifications: Wireless Network Management",
IEEE 802.11v, D0.09, March 2007.
[<a id="ref-Eronen04">Eronen04</a>]
Eronen, P. and J. Arkko, "Role of authorization in
wireless network security", Extended abstract presented in
the DIMACS workshop, November 2004.
[<a id="ref-IEEE.11-04-0624">IEEE.11-04-0624</a>]
Berg, S., "Information to Support Network Selection", IEEE
Contribution 11-04-0624 2004.
[<a id="ref-Priest04">Priest04</a>]
Priest, J., "The State of Wireless London", July 2004.
[<a id="ref-MACScale">MACScale</a>]
Heusse, M., "Performance Anomaly of 802.11b", LSR-IMAG
Laboratory, Grenoble, France, IEEE Infocom 2003.
[<a id="ref-Velayos">Velayos</a>] Velayos, H. and G. Karlsson, "Techniques to Reduce IEEE
802.11b MAC Layer Handover Time", Laboratory for
Communication Networks, KTH, Royal Institute of
Technology, Stockholm, Sweden, TRITA-IMIT-LCN R 03:02,
April 2003.
[<a id="ref-IEEE.802.11u">IEEE.802.11u</a>]
IEEE, "Draft Amendment to STANDARD FOR Information
Technology - LAN/MAN Specific Requirements - Part 11:
Interworking with External Networks; Draft Amendment to
Standard; IEEE P802.11u/D0.04", IEEE 802.11u, D0.04,
April 2007.
[<a id="ref-IEEE-11-03-154r1">IEEE-11-03-154r1</a>]
Aboba, B., "Virtual Access Points", IEEE Contribution 11-
03-154r1, May 2003.
[<a id="ref-IEEE-11-03-0827">IEEE-11-03-0827</a>]
Hepworth, E., "Co-existence of Different Authentication
Models", IEEE Contribution 11-03-0827 2003.
<span class="grey">Arkko, et al. Informational [Page 29]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-30" ></span>
<span class="grey"><a href="./rfc5113">RFC 5113</a> Network Discovery and SP January 2008</span>
[<a id="ref-11-05-0822-03-000u-tgu-requirements">11-05-0822-03-000u-tgu-requirements</a>]
Moreton, M., "TGu Requirements", IEEE Contribution 11-05-
0822-03-000u-tgu-requirements, August 2005.
[<a id="ref-3GPPSA2WLANTS">3GPPSA2WLANTS</a>]
3GPP, "3GPP System to Wireless Local Area Network (WLAN)
interworking; System De scription; Release 6; Stage 2",
3GPP Technical Specification 23.234, September 2005.
[<a id="ref-3GPP-SA3-030736">3GPP-SA3-030736</a>]
Ericsson, "Security of EAP and SSID based network
advertisements", 3GPP Contribution S3-030736,
November 2003.
[<a id="ref-3GPP.23.122">3GPP.23.122</a>]
3GPP, "Non-Access-Stratum (NAS) functions related to
Mobile Station (MS) in idle mode", 3GPP TS 23.122 6.5.0,
October 2005.
[<a id="ref-WWRF-ANS">WWRF-ANS</a>]
Eijk, R., Brok, J., Bemmel, J., and B. Busropan, "Access
Network Selection in a 4G Environment and the Role of
Terminal and Service Platform", 10th WWRF, New York,
October 2003.
[<a id="ref-WLAN3G">WLAN3G</a>] Ahmavaara, K., Haverinen, H., and R. Pichna, "Interworking
Architecture between WLAN and 3G Systems", IEEE
Communications Magazine, November 2003.
[<a id="ref-INTELe2e">INTELe2e</a>]
Intel, "Wireless LAN (WLAN) End to End Guidelines for
Enterprises and Public Hotspot Service Providers",
November 2003.
[<a id="ref-Eronen03">Eronen03</a>]
Eronen, P., "Network Selection Issues", presentation to
EAP WG at IETF 58, November 2003.
[<a id="ref-3GPPSA3WLANTS">3GPPSA3WLANTS</a>]
3GPP, "3GPP Technical Specification Group Service and
System Aspects; 3G Security; Wireless Local Area Network
(WLAN) interworking security (Release 6); Stage 2",
3GPP Technical Specification 33.234 v 6.6.0, October 2005.
<span class="grey">Arkko, et al. Informational [Page 30]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-31" ></span>
<span class="grey"><a href="./rfc5113">RFC 5113</a> Network Discovery and SP January 2008</span>
[<a id="ref-3GPPCT1WLANTS">3GPPCT1WLANTS</a>]
3GPP, "3GPP System to Wireless Local Area Network (WLAN)
interworking; User Equipment (UE) to network protocols;
Stage 3 (Release 6)", 3GPP Technical Specification 24.234
v 6.4.0, October 2005.
[<a id="ref-IEEE.802.21">IEEE.802.21</a>]
IEEE, "Draft IEEE Standard for Local and Metropolitan Area
Networks: Media Independent Handover Services",
IEEE 802.21, D05.00, April 2007.
[<a id="ref-3GPPCT4WLANTS">3GPPCT4WLANTS</a>]
3GPP, "3GPP system to Wireless Local Area Network (WLAN)
interworking; Stage 3 (Release 6)", 3GPP Technical
Specification 29.234 v 6.4.0, October 2005.
[<a id="ref-IEEE.8021X-2004">IEEE.8021X-2004</a>]
IEEE, "Local and Metropolitan Area Networks: Port-Based
Network Access Control", IEEE Standard 802.1X, July 2004.
<span class="grey">Arkko, et al. Informational [Page 31]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-32" ></span>
<span class="grey"><a href="./rfc5113">RFC 5113</a> Network Discovery and SP January 2008</span>
<span class="h2"><a class="selflink" id="appendix-A" href="#appendix-A">Appendix A</a>. Existing Work</span>
<span class="h3"><a class="selflink" id="appendix-A.1" href="#appendix-A.1">A.1</a>. IETF</span>
Several IETF WGs have dealt with aspects of the network selection
problem, including the AAA, EAP, PPP, RADIUS, ROAMOPS, and RADEXT
WGs.
ROAMOPS WG developed the NAI, originally defined in [<a href="./rfc2486" title=""The Network Access Identifier"">RFC2486</a>], and
subsequently updated in [<a href="./rfc4282" title=""The Network Access Identifier"">RFC4282</a>]. Initial roaming implementations
are described in [<a href="./rfc2194" title=""Review of Roaming Implementations"">RFC2194</a>], and the use of proxies in roaming is
addressed in [<a href="./rfc2607" title=""Proxy Chaining and Policy Implementation in Roaming"">RFC2607</a>]. The SEAMOBY WG developed CARD [<a href="./rfc4066" title=""Candidate Access Router Discovery (CARD)"">RFC4066</a>],
which assists in discovery of suitable base stations. PKIX WG
produced [<a href="./rfc3280" title=""Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile"">RFC3280</a>], which addresses issues of certificate selection.
The AAA WG developed more sophisticated access routing,
authentication, and service discovery mechanisms within Diameter
[<a href="./rfc3588" title=""Diameter Base Protocol"">RFC3588</a>].
Adrangi et al. [<a href="./rfc4284" title=""Identity Selection Hints for the Extensible Authentication Protocol (EAP)"">RFC4284</a>] defines the use of the EAP-Request/Identity
to provide "realm hints" useful for identity selection. The NAI
syntax described in [<a href="./rfc4282" title=""The Network Access Identifier"">RFC4282</a>] enables the construction of source
routes. Together, these mechanisms enable the user to determine
whether it possesses an identity and corresponding credential
suitable for use with an EAP-capable NAS. This is particularly
useful in situations where the lower layer provides limited
information (such as in wired IEEE 802 networks where IEEE 802.1X
currently does not provide for advertisement of networks and their
capabilities).
However, advertisement mechanisms based on the use of the EAP-
Request/Identity have scalability problems. As noted in <a href="./rfc3748#section-3.1">[RFC3748]
Section 3.1</a>, the minimum EAP Maximum Transmission Unit (MTU) is 1020
octets, so that an EAP-Request/Identity is only guaranteed to be able
to include 1015 octets within the Type-Data field. Since <a href="./rfc1035">RFC 1035</a>
[<a href="./rfc1035" title=""Domain names - implementation and specification"">RFC1035</a>] enables Fully Qualified Domain Names (FQDN) to be up to 255
octets in length, this may not enable the announcement of many
realms. The use of network identifiers other than domain names is
also possible.
As noted in [<a href="#ref-Eronen03">Eronen03</a>], the use of the EAP-Request/Identity for realm
discovery has substantial negative impact on handoff latency, since
this may result in a station needing to initiate an EAP conversation
with each Access Point in order to receive an EAP-Request/Identity
describing which realms are supported. Since IEEE 802.11-2003 does
not support use of Class 1 data frames in State 1 (unauthenticated,
unassociated) within an Extended Service Set (ESS), this implies
either that the APs must support 802.1X pre-authentication (optional
in IEEE 802.11i-2004), or that the station must associate with each
<span class="grey">Arkko, et al. Informational [Page 32]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-33" ></span>
<span class="grey"><a href="./rfc5113">RFC 5113</a> Network Discovery and SP January 2008</span>
AP prior to sending an EAPOL-Start to initiate EAP (here, EAPOL
refers to EAP over LAN). This will dramatically increase handoff
latency.
Thus, rather than thinking of [<a href="./rfc4284" title=""Identity Selection Hints for the Extensible Authentication Protocol (EAP)"">RFC4284</a>] as an effective network
discovery mechanism, it is perhaps better to consider the use of
"realm hints" as an error recovery technique to be used to inform the
EAP peer that AAA routing has failed, and perhaps to enable selection
of an alternate identity that can enable successful authentication.
Where "realm hints" are only provided in event of a problem, rather
than as a staple network discovery technique, it is probably best to
enable "realm hints" to be sent by core AAA proxies in the "default
free" zone. This way, it will not be necessary for NASes to send
"realm hints", which would require them to maintain a complete and
up-to-date realm routing table, something that cannot be easily
accomplished given the existing state of AAA routing technology.
If realm routing tables are manually configured on the NAS, then
changes in the "default free" realm routing table will not
automatically be reflected in the realm list advertised by the NAS.
As a result, a realm advertised by the NAS might not, in fact, be
reachable, or the NAS might neglect to advertise one or more realms
that were reachable. This could result in multiple EAP-Identity
exchanges, with the initial set of "realm hints" supplied by the NAS
subsequently updated by "realm hints" provided by a core AAA proxy.
In general, originating "realm hints" on core AAA proxies appears to
be a more sound approach, since it provides for "fate sharing" --
generation of "realm hints" by the same entity (the core AAA proxy)
that will eventually need to route the request based on the hints.
This approach is also preferred from a management perspective, since
only core AAA proxies would need to be updated; no updates would be
required to NAS devices.
<span class="h3"><a class="selflink" id="appendix-A.2" href="#appendix-A.2">A.2</a>. IEEE 802</span>
There has been work in several IEEE 802 working groups relating to
network discovery:
o [<a href="#ref-IEEE.802.11-2003">IEEE.802.11-2003</a>] defines the Beacon and Probe Response
mechanisms within IEEE 802.11. Unfortunately, Beacons may be sent
only at a rate within the base rate set, which typically consists
of the lowest supported rate, or perhaps the next lowest rate.
Studies such as [<a href="#ref-MACScale">MACScale</a>] have identified MAC layer performance
problems, and [<a href="#ref-Velayos" title=""Techniques to Reduce IEEE 802.11b MAC Layer Handover Time"">Velayos</a>] has identified scaling issues from a
lowering of the Beacon interval.
o [<a href="#ref-IEEE-11-03-0827">IEEE-11-03-0827</a>] discusses the evolution of authentication models
in WLANs and the need for the network to migrate from existing
<span class="grey">Arkko, et al. Informational [Page 33]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-34" ></span>
<span class="grey"><a href="./rfc5113">RFC 5113</a> Network Discovery and SP January 2008</span>
models to new ones, based on either EAP layer indications or
through the use of SSIDs to represent more than the local network.
It notes the potential need for management or structuring of the
SSID space.
The paper also notes that virtual APs have scalability issues. It
does not compare these scalability issues to those of alternative
solutions, however.
o [<a href="#ref-IEEE-11-03-154r1">IEEE-11-03-154r1</a>] discusses mechanisms currently used to provide
"virtual AP" capabilities within a single physical access point.
A "virtual AP" appears at the MAC and IP layers to be a distinct
physical AP. As noted in the paper, full compatibility with
existing 802.11 station implementations can only be maintained if
each "virtual AP" uses a distinct MAC address (BSSID) for use in
Beacons and Probe Responses. This paper does not discuss scaling
issues in detail, but recommends that only a limited number of
"virtual APs" be supported by a single physical access point.
o IEEE 802.11u is working on realm discovery and network selection
[<a href="#ref-11-05-0822-03-000u-tgu-requirements">11-05-0822-03-000u-tgu-requirements</a>] [<a href="#ref-IEEE.802.11u">IEEE.802.11u</a>]. This
includes a mechanism for enabling a station to determine the
identities it can use to authenticate to an access network, prior
to associating with that network. As noted earlier, solving this
problem requires the AP to maintain an up-to-date, "default free"
realm routing table, which is not feasible without dynamic routing
support within the AAA infrastructure. Similarly, a priori
discovery of features supported within home realms (such as
enrollment) is also difficult to implement in a scalable way,
absent support for dynamic routing. Determination of network
capabilities (such as QoS support) is considerably simpler, since
these depend solely on the hardware and software contained within
the AP. However, 802.11u is working on Generic Advertisement
Service (GAS) mechanism, which can be used to carry 802.21
Information Service (IS) messages and, in that way, allow a more
sophisticated way of delivering information from the network side.
o IEEE 802.21 [<a href="#ref-IEEE.802.21">IEEE.802.21</a>] is developing standards to enable
handover between heterogeneous link layers, including both IEEE
802 and non-IEEE 802 networks. To enable this, a general
mechanism for capability advertisement is being developed, which
could conceivably benefit aspects of the network selection
problem, such as realm discovery. For example, IEEE 802.21 is
developing Information Elements (IEs) that may assist with network
selection, including information relevant to both layer 2 and
layer 3. Query mechanisms (including both XML and TLV support)
are also under development. IEEE 802.21 also defines a Resource
Description Framework (RDF) schema to allow use of a query
<span class="grey">Arkko, et al. Informational [Page 34]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-35" ></span>
<span class="grey"><a href="./rfc5113">RFC 5113</a> Network Discovery and SP January 2008</span>
language (i.e., SPARQL). The schema is a normative part of IEEE
802.21 and also defined in [<a href="#ref-OHBA" title=""IEEE 802.21 Basic Schema"">OHBA</a>].
<span class="h3"><a class="selflink" id="appendix-A.3" href="#appendix-A.3">A.3</a>. 3GPP</span>
The 3GPP stage 2 technical specification [<a href="#ref-3GPPSA2WLANTS">3GPPSA2WLANTS</a>] covers the
architecture of 3GPP Interworking WLAN (I-WLAN) with 2G and 3G
networks. This specification also discusses realm discovery and
network selection issues. The I-WLAN realm discovery procedure
borrows ideas from the cellular Public Land-based Mobile Network
(PLMN) selection principles, known as "PLMN Selection".
In 3GPP PLMN selection [<a href="#ref-3GPP.23.122">3GPP.23.122</a>], the mobile node monitors
surrounding cells and prioritizes them based on signal strength
before selecting a new potential target cell. Each cell broadcasts
its PLMN. A mobile node may automatically select cells that belong
to its Home PLMN, Registered PLMN, or an allowed set of Visited
PLMNs. The PLMN lists are prioritized and stored in the Subscriber
Identity Module (SIM). In the case of manual PLMN selection, the
mobile node lists the PLMNs it learns about from surrounding cells
and enables the user to choose the desired PLMN. After the PLMN has
been selected, cell prioritization takes place in order to select the
appropriate target cell.
[<a id="ref-WLAN3G">WLAN3G</a>] discusses the new realm (PLMN) selection requirements
introduced by I-WLAN roaming, which support automatic PLMN selection,
not just manual selection. Multiple network levels may be present,
and the hotspot owner may have a contract with a provider who, in
turn, has a contract with a 3G network, which may have a roaming
agreement with other networks.
The I-WLAN specification requires that network discovery be performed
as specified in the relevant WLAN link layer standards. In addition
to network discovery, it is necessary to select intermediary realms
to enable construction of source routes. In 3GPP, the intermediary
networks are PLMNs, and it is assumed that an access network may have
a roaming agreement with more than one PLMN. The PLMN may be a Home
PLMN (HPLMN) or a Visited PLMN (VPLMN), where roaming is supported.
GSM/UMTS roaming principles are employed for routing AAA requests
from the VPLMN to the Home Public Land-based Mobile Network (HPLMN)
using either RADIUS or Diameter. The procedure for selecting the
intermediary network has been specified in the stage 3 technical
specifications [<a href="#ref-3GPPCT1WLANTS">3GPPCT1WLANTS</a>] and [<a href="#ref-3GPPCT4WLANTS">3GPPCT4WLANTS</a>].
<span class="grey">Arkko, et al. Informational [Page 35]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-36" ></span>
<span class="grey"><a href="./rfc5113">RFC 5113</a> Network Discovery and SP January 2008</span>
In order to select the PLMN, the following procedure is required:
o The user may choose the desired HPLMN or VPLMN manually or let the
WLAN User Equipment (WLAN UE) choose the PLMN automatically, based
on user and operator defined preferences.
o AAA messages are routed based on the decorated or undecorated NAI.
o EAP is utilized as defined in [<a href="./rfc3748" title=""Extensible Authentication Protocol (EAP)"">RFC3748</a>] and [<a href="./rfc3579" title=""RADIUS (Remote Authentication Dial In User Service) Support For Extensible Authentication Protocol (EAP)"">RFC3579</a>].
o PLMN advertisement and selection is based on [<a href="./rfc4284" title=""Identity Selection Hints for the Extensible Authentication Protocol (EAP)"">RFC4284</a>], which
defines only realm advertisement. The document refers to the
potential need for extensibility, though EAP MTU restrictions make
this difficult.
The I-WLAN specification states that "realm hints" are only provided
when an unreachable realm is encountered. Where VPLMN control is
required, this is handled via NAI decoration. The station may
manually trigger PLMN advertisement by including an unknown realm
(known as the Alternative NAI) within the EAP-Response/Identity. A
realm guaranteed not to be reachable within 3GPP networks is utilized
for this purpose.
The I-WLAN security requirements are described in the 3GPP stage 3
technical specification [<a href="#ref-3GPPSA3WLANTS">3GPPSA3WLANTS</a>]. The security requirements
for PLMN selection are discussed in 3GPP contribution
[<a href="#ref-3GPP-SA3-030736">3GPP-SA3-030736</a>], which concludes that both SSID and EAP-based
mechanisms have similar security weaknesses. As a result, it
recommends that PLMN advertisements should be considered as hints.
<span class="h3"><a class="selflink" id="appendix-A.4" href="#appendix-A.4">A.4</a>. Other</span>
[<a id="ref-INTELe2e">INTELe2e</a>] discusses the need for realm selection where an access
network may have more than one roaming relationship path to a home
realm. It also describes solutions to the realm selection problem
based on EAP, SSID and Protected EAP (PEAP) based mechanisms.
Eijk et al. [<a href="#ref-WWRF-ANS">WWRF-ANS</a>] discusses the realm and network selection
problem. The authors concentrate primarily on discovery of access
networks meeting a set of criteria, noting that information on the
realm capabilities and reachability inherently resides in home AAA
servers, and therefore it is not readily available in a central
location, and may not be easily obtained by NAS devices.
<span class="grey">Arkko, et al. Informational [Page 36]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-37" ></span>
<span class="grey"><a href="./rfc5113">RFC 5113</a> Network Discovery and SP January 2008</span>
<span class="h2"><a class="selflink" id="appendix-B" href="#appendix-B">Appendix B</a>. Acknowledgements</span>
The authors of this document would like to especially acknowledge the
contributions of Farid Adrangi, Michael Richardson, Pasi Eronen, Mark
Watson, Mark Grayson, Johan Rune, and Tomas Goldbeck-Lowe.
Input for the early versions of this document has been gathered from
many sources, including the above persons as well as 3GPP and IEEE
developments. We would also like to thank Alper Yegin, Victor Lortz,
Stephen Hayes, and David Johnston for comments.
Jouni Korhonen would like to thank the Academy of Finland for
providing funding to work on this document.
<span class="grey">Arkko, et al. Informational [Page 37]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-38" ></span>
<span class="grey"><a href="./rfc5113">RFC 5113</a> Network Discovery and SP January 2008</span>
Authors' Addresses
Jari Arkko
Ericsson
Jorvas 02420
Finland
EMail: jari.arkko@ericsson.com
Bernard Aboba
Microsoft
One Microsoft Way
Redmond, WA 98052
USA
EMail: bernarda@microsoft.com
Jouni Korhonen
TeliaSonera
Teollisuuskatu 13
Sonera FIN-00051
Finland
EMail: jouni.korhonen@teliasonera.com
Farooq Bari
AT&T
7277 164th Avenue N.E.
Redmond WA 98052
USA
EMail: farooq.bari@att.com
<span class="grey">Arkko, et al. Informational [Page 38]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-39" ></span>
<span class="grey"><a href="./rfc5113">RFC 5113</a> Network Discovery and SP January 2008</span>
Full Copyright Statement
Copyright (C) The IETF Trust (2008).
This document is subject to the rights, licenses and restrictions
contained in <a href="https://www.rfc-editor.org/bcp/bcp78">BCP 78</a>, and except as set forth therein, the authors
retain all their rights.
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Intellectual Property
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in <a href="https://www.rfc-editor.org/bcp/bcp78">BCP 78</a> and <a href="https://www.rfc-editor.org/bcp/bcp79">BCP 79</a>.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
<a href="http://www.ietf.org/ipr">http://www.ietf.org/ipr</a>.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at
ietf-ipr@ietf.org.
Arkko, et al. Informational [Page 39]
</pre>
|
