AAA and Network Security for Mobile Access: Radius, Diameter, EAP, PKI and IP Mobility by Mahsa Nakhjiri, Madjid Nakhjiri

6.4. RADIUS Support for Roaming and Mobility

When it comes to support for mobility and multi-domain operation, RADIUS specification is very primitive. As we will see in Chapter 8, RADIUS specification provided by IETF does not provide any support for Mobile IP functionality, at least not at the time of writing. Most support for user mobility is in terms of support for roaming applications and is based on the work done by the "Roaming Operations" working group in IETF [ROAMOPSWEB], shortly named ROAMOPS. In the following subsection we will briefly show some of the highlights of their work.

6.4.1. RADIUS Support for Proxy Chaining

When it comes to support for roaming within RADIUS, one of the most relevant specifications that the ROAMOPS group generated is RFC 2607 [PROX2607], which defines the procedures for proxy chaining. For our discussion we can define proxy chaining as the procedures needed to forward the AAA packets between an NAS device and a home RADIUS server through a series of proxies when the user is roaming within a foreign domain.

The definition of a proxy in RADIUS is, on the other hand, very brief and its operation can only be understood through drawing inferences from the proxy chaining RFCs. We will see in Chapter 7 how Diameter takes great care in defining the terminology and the roles of various Diameter nodes, such as relay agents and proxies. Anyhow, [PROX2607] defines the RADIUS proxy as a node that can be employed to provide routing of authentication and ...