Re: [Dime] Defining a new Application for mip6-split ?

[Jari Arkko <jari.arkko at piuha.net>]

Avi,

> If I have two EAP based application in my network, one that is
> handling pure EAP application, the other is extended to handle the new
> behavior then I need a way to route the (same) command correctly.
>
Ah, but that is a new requirement. If you believe that you need
to route EAP authentication from a 802.11 AP differently
than from IKEv2/MIPv6, then you need one of these:

- Use different user/domain names for the users of
  the different services.

- Point to different servers from the AP and SGW (but
  this works less well if you have proxies and roaming).

- New application ID.

- Some weird form of Diameter and RADIUS source routing
  based on what type of node sent the message.

However, it is far from clear to me why you would really
need to route the authentication differently *for the same
user*. Many authentication mechanisms can also have state,
which would imply that at the end they need to end up in
the same device anyhow. Can you expand on why you need
to handle the same users in different authentication
servers?

--Jari


_______________________________________________
DiME mailing list
DiME at ietf.org
https://www1.ietf.org/mailman/listinfo/dime