TIP2013

close
Use Internet2 SiteID

Already have an Internet2 SiteID?
Sign in here.

Internet2 SiteID

The Design and Implementation of a Scalable, Dual-Stack Oriented, Consolidated Authentication System

Time 01/15/13 10:40AM-11:00AM

We do not host flash-based video files on our servers anymore. Please contact Web Support for further details about netcast videos.

Session Abstract

In the dual-stack environment, enterprises that desire the ability to log network traffics (but not contents) in the same manner as the call-logging of the telephone industry and be traceable back to the individual conducting the transactions will critically need an authentication system that can bind the user account to all of the IP addresses, both IPv4 and IPv6, on the machine the user log-in, and release the bindings when the user log-out. In many countries, particularly in Thailand, IT laws mandate exactly such capability. Aggravating users by requiring them to do multiple log-in, one per address, is out of the question.

In this report, we present the design and implementation of a scalable, dual-stack oriented, consolidated authentication system for large-scale campus network.

The Kasetsart University network---The NontriNet (pronounce known-see-net)---is used as the testbed, achieving 1.3+ million authentication sessions per month for 63,000+ unique users. Our traffic log shows that 71% of our machines is currently IPv6-attached (65% as dual-address systems, the other 6% as pure-IPv6). Further statistics collected since

Speakers

Speaker Pirwat Watanapongse Kasetsart University, Thailand

Presentation Media

Secondary tracks Network Architecture & Operations IPv6

gold Sponsors

silver Sponsors