Connecting the Dots: Integrating RADIUS to Network Measurement and Monitoring TREX Workshop 2013 30th of October 2013 Karri Huhtanen (Arch Red Oy, Open System Consultants)
Connecting the Dots: Integrating RADIUS to Network Measurement and Monitoring
Jun 21, 2015
Nowadays data of the network usage is too often separated to various network components all around service provider network. Utilising RADIUS more efficiently is one approach to collect more data about network usage, combining it to network measurement, monitoring and management makes it even more efficient tool to use to get a real network situation and history overview.
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Connecting the Dots: Integrating RADIUS to Network Measurement and Monitoring
TREX Workshop 2013 30th of October 2013
!Karri Huhtanen
(Arch Red Oy, Open System Consultants)
Finnish and Australianengineers
Since 2003 Since 1993
developed, supported and consulted by
RADIUSAuth.
NetworkManagement,
Monitoring
InfraServices
(DHCP, DNS, etc.)
Access devices,e.g. WiFi controllers,
DSLAMs etc.
Devices
Servers
People
RADIUSAuth.
NetworkManagement,
Monitoring
InfraServices
(DHCP, DNS, etc.)
Access devices,e.g. WiFi controllers,
DSLAMs etc.
Devices
Servers
People
• Network monitoring is done by polling each component
• Network management is done via pushing configurations to components
RADIUSAuth.
NetworkManagement,
Monitoring
InfraServices
(DHCP, DNS, etc.)
Access devices,e.g. WiFi controllers,
DSLAMs etc.
Devices
Servers
People
Most of the network components and devices use infra services, which may have no connection to other systems
RADIUSAuth.
NetworkManagement,
Monitoring
InfraServices
(DHCP, DNS, etc.)
Access devices,e.g. WiFi controllers,
DSLAMs etc.
Devices
Servers
People
RADIUS is used only for access control (authentication)
RADIUSAuth.
NetworkManagement,
Monitoring
InfraServices
(DHCP, DNS, etc.)
Access devices,e.g. WiFi controllers,
DSLAMs etc.
Devices
Servers
People
• Actual data about network (usage) is spread all around.
• Some data may be lost as it is not collected from sources regularly.
• Combining data is limited to possibly some network availability data and mining logs.
• Administrative access to network equipment, servers etc. is not controlled by using access level and roles.
So what can RADIUS do?
RADIUS AAA
NetworkManagement,
Monitoring AND Measurement
InfraServices
(DHCP, DNS, etc.)
Access devices,e.g. WiFi controllers,
DSLAMs etc.
Devices
Servers
People
• RADIUS for Authentication AND Accounting AND Authorization
• Dialog between network components, infrastructure and services
• Collecting all data • Dynamic configuration
How? Well… among others …
• RADIUS authentication and accounting
• TACACS authentication, accounting and authorisation
• Radiator RADIUS server integration capabilities, additional dynamic modules
• AAA/IdM protocol translation (LDAP, SAML, etc.)
• RADIUS/TACACS proxying/roaming for federated authentication
• 802.1X access control and authorisation
• Various two-factor authentication solutions
• Did I mention Radiator RADIUS server is based on Perl?
More?
my contact information !
Karri Huhtanen [email protected]
http://www.archred.com/ !
these and more slides: http://www.slideshare.net/
khuhtanen/
Related Documents
![ROTHER PRECISION · MSR [option] Battery charger Specification Direct thermal line printing Default : 42cpl 32cpl Option . 48cpl 6), 24cpl Eng : dots, dots Kor : dots dots] Simplified/Traditional](https://static.cupdf.com/doc/110x72/5fd2b041bcfdb17b192b5e3d/rother-msr-option-battery-charger-specification-direct-thermal-line-printing-default.jpg)
![Denial-of-Service Open Threat Signaling (DOTS). · architecture, called DDoS Open Threat Signaling (DOTS) [I-D.ietf-dots-architecture], in which a DOTS client can inform a DOTS server](https://static.cupdf.com/doc/110x72/6018af73a358a566d57c4efb/denial-of-service-open-threat-signaling-dots-architecture-called-ddos-open-threat.jpg)
