Research On AAA Resource Management Architecture Based On MIPv6

In recent years, with the rapid development of Internet technology and network base infrastructure, mobile terminal equipment has been widely used. In order to ensure network security, implementing authentication, authorization and accounting (AAA) to users is an effective ladder of management. But most of the AAA systems are based on conventional AAA protocols, such as RADIUS and TACACS;these authentication mechanisms can no longer meet the user authentication requirements because of growing network services.As a next-generation AAA protocol, Diameter not only solve the problems in the traditional AAA protocol, but also be fully compatible with them. It can implement effective authentication for increasing mobile user.In the future all-IP network, IPv6 protocol will be used, so Diameter applications based on Mobile IPv6 will be widely used in mobile terminal authentication, authorization and accounting. Therefore, research on the next generation of AAA protocol--Diameter Mobile IPv6 protocol applications has some practical value and theoretical value, with broad application prospects.This paper analyzes mobile IP technology and AAA technology in depth.Based on the basic Diameter application in Mobile IPv6 environment, two mechanisms on the combination of Mobile IPv6 and AAA are discussed:MN sends BU to HA directly(direct BU), MN sends the BU message to HA directly after successful EAP authentication, this mechanism may causes more traffic;AAAH sends BU to HA on behalf of MN(Indirect BU), MN does not send BU to HA directly, but encapsulates the BU message in authentication/authorization message, and sends it to HA, this mechanism can reduce traffic and shorten the time which is needed in the first authentication/authorization process.The exchange of the BU information inside AAA messages can be done in two different ways, extend the AAA message and extend the EAP message, the former can be used for different EAP methods but is hard to be implemented, the latter is limited by EAP method,but is easy to implemented.Finally, the Indirect BU is implemented on the mobile IPv6 test bed using extended EAP method, and the hand-over time of using direct binding update mechanism and indirect binding update mechanism are compared. The results show that the indirect binding update can significantly reduce the handoff latency in multi-domain network.