| With more and more abundant resources and service, Internet has already developed into the commercialized network.The use of very most of resources and service need paying and protecting to avoid being used improperly. For example, user who roams among the different network areas is to study, work and entertain with resources and various kinds of services of network whenever and wherever possible.For instance, someone on the plane may use the portable computer to enter a certain charging website to obtain information, or someone on the train may want to obtain the weather forecast of the destination through the cell-phone terminal. These paid service problems were not involved and solved in IPv6 and mobile IPv6 scheme.In addition, many present network service providers do things in their own way, different facilitators have support and management of different network resource and equipment, which leads to the fact that personal users need to offer account and password to various kinds of facilitators in order to apply to network resources under their administrations continuously. Not only the fact aggravated the burden of the network, also hindered the speed of using resources of the network while moving like this.For this, IETF has set up an AAA protocol work group which is responsible for drawing up management protocol of authentication, authorization and accounting information of the network service.These three problems, authentication, authorization and accounting, must be solved for the public offering commerce service. Combining mobile IP with AAA (Authentication, Authorization, Accounting) protocol together, enabling the communication function of mobile IP separated from the verify function and revising the trust model of mobile IP can finish the authentication/authorization ,accounting by AAA protocol and realize the support of across areas and some characteristics that the commercial network need . This paper introduces the basic principle of mobile IPv6 and AAA protocol. It discusses Diameter protocol and RADIUS protocol especially.AS authentication/authorization and accounting protocol of new generation, Diameter has a lot of advantages. This paper recommends the general model of AAA under Diameter, analyses general process of AAA on the basis of mobile IPv6 and Ticket mode.Mainly it discusses the handover of mobile node across areas and puts forward the new improvement mode. The mode takes the whole course of AAA mechanism into account.Ticket mode has only considered mobile node authentication process without considering the process of authorization.After authenticating the identity of MN,the network authorizes it when MN accesses newly.Ticket mode has accelerated authentication process of the MN,but mobile node can not use the resources at once,because it has not obtained the corresponding authority of using ,it needs to get in touch with AAAH and obtains authorization information of MN,returns to Acess Router ,then offers the service of corresponding resources.The network carries on authentication and authorization to the mobile node at the same time. AAAV kept authentication and authorization information(Credential) that MN has gotten in the cache. Diameter encapsulates a large mount of the authorization information in AVP,so it is very essential for MN and AAAV to consider it respectively.MN does not keep authorization information in cache,it just keeps the information related to authentication in Ticket. When MN frequently switches back and forth between home domain and foriegn domain, foriegn domain and foriegn domain.If the mobile node's corresponding authorization/authorization information exists and it is effective, then we can use directly.It is unnecessary to send authentication request to the home domain each time, this kind of scheme has reduced communicatition between the AAAH server and AAAV server. In actual life MN is usually convenient equipment for instance the portable computer, cell-phone, etc..The range of the frequent activity of user who holds the equipment is limited, so the scale of ticket list is very limited too. The pressure about space and time that storage and inquiry of ticketbrings to system is very low. If the scale of network is large, the information of MN managed by AAAV is great, especially while MNs switch frequently, the scale of Credential list is very large too. The inquiry operation of Credential list can bring delay to authentication/authorization. We add one unit (accountnum) into Credential to record the time of MN visiting corresponding AAAV, arrange Credential in AAAV according to accountnum in the desascendant order.The Credential that is inqired frequently lies in the front of the list which increases the efficiency of inquiry. Accountnum in one Credential is the same to another, we adopt the principle of having priority recently, place recent Credential on the front, which accelerates authentication/authorization of MN. In this paper we add Ticket table to the cache of MN.MN is usually convenient equipment, for example the notebook computer,cell-phone,etc, the range of the frequent activity of user who holds the equipment is limited, so the size of Ticket table is very small and limited that its memory and query put small pressure on system. We also add Credential table to the cache of AAAV.When network size is big, each one AAAV is managing a lot of MN information, every MN, while frequently switching over in the network, Credential table will grow up very largly, query in Credential table can delay the process of authentication/Authorization.To avoid it,we Add one new attribute to Credential,accountnum,which register the visited number of MN,arrange in an order in AAAV according to the Credential's accountnum,the accountnum is more big,the Credential's position in AAAV cache is more front.So the query of Credential is improved rapidly.Once the accountnum is same,We select the lastest used Credential in front of these same Credentials.It can quicken the process of authentication/Authorization. Then this paper studied the accounting process of AAA mechanism,realized a simple charging model by programming,have produced charge file finally.When customer end(access router) receives authentication /authorization success of AAA reply it keeps and sends it to AAA...
|
PDF Full Text Request