150 likes | 427 Views
Site Report Conceptual Model. Bernard Aboba Microsoft. Problem Statement. The primary purpose of the Site Report is to provide measurements to the STA prior to scanning , which enable the STA to optimize aspects of roaming: Scanning Pre-authentication Others?
E N D
Site Report Conceptual Model Bernard Aboba Microsoft Bernard Aboba, Microsoft
Problem Statement • The primary purpose of the Site Report is to provide measurements to the STA prior to scanning, which enable the STA to optimize aspects of roaming: • Scanning • Pre-authentication • Others? • Are there secondary purposes? Bernard Aboba, Microsoft
Basic Principles • The Information in the Site Report is only a “hint”. • The information could be wrong, so the STA needs to be robust against misleading Site Reports. • This is true whether the Site Report is authenticated or not. • The STA will always scan prior to roaming (passive or active). • At a minimum, the STA needs to determine which APs it can communicate with prior to roaming. Bernard Aboba, Microsoft
Robustness Against Bad “Hints” • A STA may choose to ignore part or all of the Site Report. • The STA might investigate the first few entries, fail to find an AP of interest and do a full scan. • The STA might investigate all the entries, regardless of any prioritization implied in the Site Report. • A STA MUST be robust against misleading information. • A STA should not “blacklist” APs based on the Site Report • “Bad” APs are just lower priority, not “off limits”. • When information in the Site Report conflicts with other sources, the other sources (scan, 4-way handshake, etc.) are definitive. • Once the STA scans, it behaves the same way it would if there were no site report. • The Site Report has a very short “shelf life” Bernard Aboba, Microsoft
Examples of “Bad Hints” • APA provides irrelevant information in the site report • STA was headed north, APA provided info on APs to the south. • APA provided info on APs supporting IEEE 802.11a, but STA only support 802.11b. • Result: STA does a conventional scan, is no worse off. • APA has stale information on APB • STA will discover correct capabilities when it scans or receives IEs in the 4-way handshake • Lesson: STA can benefit by scanning for low priority APs. • Need to be careful how APA obtains information provided in the Site Report • Information obtained from STAs can be stale, pollute APA cache • Need to carefully define what info STAs provide • APA priorities differ from STA priorities • Example: APA thinks pre-authentication is not as good as other schemes, prioritizes APB lower… • STA only supports pre-authentication, but APA has no way to know this. • Better for APA to provide the info, let the STA decide Bernard Aboba, Microsoft
Site Report vs. Scanning • The Site Report can provide information that the STA needs prior to scanning. • If the information isn’t required prior to scanning, it should be considered for the Beacon/Probe Response, not the Site Report. • Even though the Site Report is more scalable than the Beacon/Probe Response, this doesn’t imply that the Site Report should replace existing scan mechanisms. • All STAs and APs implement the Beacon/Probe Response. • Not all APs or STAs will implement the Site Report. Bernard Aboba, Microsoft
Implementation Choices • A STA may choose to scan in the background. • The scan may not be on the critical path for roaming, but reducing unnecessary scanning is still useful. • AP may not have enough buffers to avoid losing packets when frequently placed into power save mode. • A STA may choose to send Site Report queries and receive responses in the background. • The STA may wish to obtain a Site Report every DT, regardless of the status of the current point of attachment. • Enables a STA to handle a disassociation at any time, without additional on-the-wire functionality. Bernard Aboba, Microsoft
1 A Conceptual model Channel 6 Channel 11 c v 2 D STA APB APA • At Point 1, the STA obtains the Site Report. • At Point 2, the STA scans. • Shortly thereafter, the STA roams from APA to APB. Bernard Aboba, Microsoft
What Information Is Needed Early? • Information related to pre-authentication. • By the time the STA gets to point 2, it may be too late to complete pre-authentication successfully. • Information related to scanning. • Optimized scanning can enable the STA to pick up APB earlier, particularly if scanning occurs in the background and traffic is heavy. Bernard Aboba, Microsoft
What Information Do We Need? • AP BSSIDs, Channels, SSIDs • A STA can function with only this information: • Sufficient for scan optimization • STA can try pre-auth to all APs, regardless of whether they support it or are reachable. Bernard Aboba, Microsoft
What Information Might We Want? • Information to allow the STA to prioritize potential roaming candidates • STA may not have the resources (or time) to “investigate” all potential roaming candidates • AP may not be aware of all STA capabilities, therefore cannot prioritize potential roaming candidates the same way the STA would. • Examples: • RSN IE Match • Whether an AP supports pre-authentication, WPA2, etc. • Reachability • Whether an 802.1X pre-authentication packet sent by the STA can reach the AP. Bernard Aboba, Microsoft
Thinking About Security • The Site Report may be needed even in networks where security is not in use. • Even Open networks may want to optimize scanning! • STAs need to be robust against bad “hints” regardless of whether the Site Report is authenticated • Question: Should security be mandatory to use for the Site Report? Bernard Aboba, Microsoft
Case Study: “Trusted” Bit • Meaning: APB is a member of the ESS, according to APA. • What does a STA do with this? • STA may choose to prefer a “Trusted” AP. • STA may also choose to ignore the “Trusted” bit. • If APA is truly “untrusted” then pre-auth will fail. • If STA has resources to try pre-auth to “untrusted” APs, it may not care about the value of the “Trusted” bit. • What does the STA not do with it? • Refuse to talk to APA : enables a DoS attack Bernard Aboba, Microsoft
Feedback? Bernard Aboba, Microsoft