1 / 21

Fast BSS-Transition Tunnel October 15, 2004

Fast BSS-Transition Tunnel October 15, 2004. Darwin Engwer Nortel Networks 4655 Great America Pkwy Santa Clara, CA 95054, USA Phone: 408-495-7099 Fax: 408-495-5615 Email: dengwer@nortelnetworks.com. Haixiang He Nortel Networks 600 Technology Park Drive Billerica, MA 01801, USA

lenore
Download Presentation

Fast BSS-Transition Tunnel October 15, 2004

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Fast BSS-Transition TunnelOctober 15, 2004 Darwin Engwer Nortel Networks 4655 Great America Pkwy Santa Clara, CA 95054, USA Phone: 408-495-7099 Fax: 408-495-5615 Email: dengwer@nortelnetworks.com Haixiang He Nortel Networks 600 Technology Park Drive Billerica, MA 01801, USA Phone: 978-288-7482 Fax: 978-288-0620 Email: haixiang@nortelnetworks.com Haixiang He, Nortel Networks

  2. Abstract This submission represents a complete proposal to 802.11TGr’s call for proposal to achieve Fast BSS Transition. In the proposal, the new AP will extend the old data path by tunneling traffic (11i protected MPDUs) from the old AP to the MU while setting up the new data path with the MU. The proposal does not require any changes of current technologies including 11i, 11e, allows back-end resource allocation only at the time of re-association, minimizes the resource usage on both MU and AP, and does not require MU to switch channels for re-associations. The solution features Make-before-Break, Divide-and-Conquer, and Pre-transition Preparation. Haixiang He, Nortel Networks

  3. Content • Transition delay analysis • Design goals • Fast BSS Transition Tunnel • Security • Open questions • Summary Haixiang He, Nortel Networks

  4. BSS Transition Delay Analysis • Message processing delay. • Affected by processing power of the devices. • Affected by implementations such as priorities for processing time critical messages. • IEEE 802.11 has no control over and cannot reduce this delay assuming other things are equal. • But we should make conservative assumptions and accommodate at least devices with low processing power such as VoIP handsets. Haixiang He, Nortel Networks

  5. Delay Analysis Cont. • Over the air message exchanges delay. • Messages include • Auth_request/response • Reassociation_request/response • 11i 4-way handshake, 802.1x full authentication if PMK is not valid • 11e TSPEC • any future message. • The shorter and fewer the messages, the shorter the delay. • Only messages that affect data path count. • Valid design rationales and architecture should be preserved as much as possible when reducing this delay. Haixiang He, Nortel Networks

  6. Delay Analysis Cont. • Infrastructure message exchanges delay. • Exchanges between an AP and back-end Authentication Server (AS) in 11i, Policy Server (PS) in 11e, and … • Distances between an AP and servers, the number of exchanges, and the speed of the back-end network affect the delay. • Some delay could be avoided by doing the exchanges ahead of transition such as 11i pre-authentication and PMK caching. • But we should consider the tradeoff between resource usages and resource limitations. Haixiang He, Nortel Networks

  7. Delay Analysis Cont. • DS update and data path switching delay. • Delay includes: (more details in 04/86r3) • Inter AP communication delay to avoid “dangling association”. • Data path switching and its trigger DS update such as learning of MU MAC address-to-port mapping. • Different DS implementations should be considered such as WDS • Different network deployments should also be considered such as Hotspot Haixiang He, Nortel Networks

  8. Design Goals • Maintain as much as possible the current technologies such as 11i, 11e. • Minimize as much as possible the resource usages. • Consider all delays, not just over the air message exchange delay. • Consider as many as possible network deployment scenarios and implementations. Haixiang He, Nortel Networks

  9. Fast BSS Transition Tunnel • Remember it is all about delivering the traffic timely and securely. • The data path through the old AP (its DS port) is secure between the MU and the old AP. • The old secure data path could be extended through the new AP by tunneling MPDUs. • Then the only delay is the signaling of the tunnel setup for data path extension. Haixiang He, Nortel Networks

  10. AP#1 SSID= “ACME” BSSID= AP1 AP#2 SSID= “ACME” BSSID= AP2 MU MAC = MU1 Proposal Process Step6: Once the new data path is set up with new AP, the tunnel (old data path) is cut off. Step5: New AP encapsulates the MU’s MPDUs in a new 802.11 MF for delivery to the MU. At the same time, the new data path is set up between MU and the new AP. Step4: MU’s MPDU (not MSDU) is tunneled from old AP to new AP. Step2: old AP suspend traffic forwarding and buffer the traffic. Similar to PSP Step3: MU sends “Fast BSS Transition Tunnel Request” Step1: MU sends “Fast BSS-Transition Notification” 802.11 MF to old AP (optional) Haixiang He, Nortel Networks

  11. Proposal Highlights • Make before break • The new data path is set up before the old data path is broken. • The old data path is extended through the new AP using tunnels. • Divide and conquer • Traffic delivery mixes with new data path setup. • Pre-Transition Preparation • MU notifies its transition intention. • Help infrastructure to prepare for fast BSS transition. • DS switch over is single atomic operation. Haixiang He, Nortel Networks

  12. Message Sequence Chart (MSC) • See companion submission 11-04-1182-00-000r-fast-bss-transition-tunnel-msc for details. Haixiang He, Nortel Networks

  13. Fast BSS-Transition Mode (FBTM) • This is a new concept to be introduced. • The old AP transits to FBTM when • Specifically notified by the MU using a new MF. • When the old AP cannot successfully transmit more MPDUs through air interface. • When in FBTM, the old AP should • Buffer the MU’s traffic and maintain the STA context such as PTK. • Handle the FBSST Tunnel request and tunnel MU’s MPDUs. (not necessary if old and new APs are on the same switch) Haixiang He, Nortel Networks

  14. FBTM behaviors on new AP • Triggered specifically by the MU • A new class1 mgmt frame? • New AP will relay the trigger from MU to the old AP. • Handle the delivery of the data traffic from old AP to the MU. • Break the tunnel when the new data path is setup. Haixiang He, Nortel Networks

  15. FBTM behaviors on the MU • Transit to FBTM when the it decides to transit to new AP. • Notify its old AP about its intention to transit to a particular new AP. • Signal the new AP to request the fast transition tunnel service. • Using the tunnel to continue the old data path until the new data path is setup. • Signal the new AP to cut off the tunnel and update the DS. Haixiang He, Nortel Networks

  16. Security • Require trust relationship between old AP and new AP. • Trust can be easily established since APs are in the same administrative domain. • Communication channel between old and new APs can be reasonably secured. • New AP leverages the trust relationship between MU and old AP until the a new security relationship established between MU and new AP. Traffic delivery is not affected during this time. • Unprotected tunnel signaling is as good as the current standard and does not introduce new security threats • Re-association exchange is not protected in the current standard and can cause similar security hole: redirect traffic. • Redirected traffic are 11i protected MPDUs that can be captured through air interface anyway. Haixiang He, Nortel Networks

  17. Security Cont. • Trust relationship between MU and new AP • Trust relationships exist between MU and old AP as well as between old and new APs. • Trust relationship between MU and new AP can be setup by way of old AP. The approach is similar to the current 11i model among AS, AP and MU. • The tunnel signaling can be protected. • Security association exists between MU and old AP. • PTK is still valid/fresh since data path is not cut off, just extended through tunnels. • Tunnel request/response could be protected using the PTK between MU and old AP. • Possible solution: • MU can attach a security payload in tunnel request message and the new AP forwards the payload to old AP for verification. A random number could be used for request replay protection. • New AP can attach a security payload generated by the old AP in its tunnel response message to MU. New AP’s BSSID could be included in the security payload to prevent rogue AP. Haixiang He, Nortel Networks

  18. Open Questions • Back-end tunnel and tunnel signaling between old and new APs • Not necessary when two thin APs are connected to a same switch. Still required for inter-switch transition. • In or out of scope of 802.11/802.11TGr? • If in scope, can we extend IAPP? • Security • Do we want to address the security issue given that management frames are not protected. • It can be done but it still introduces complexities. Haixiang He, Nortel Networks

  19. Proposal Advantages • Don’t need any changes with current technologies including 11i, 11e. • Allow back-end resource allocation only at the time of re-association. • Minimize the resource usage on both MU and APs • Don’t need to pre-setup any information with the new AP and hence don’t need extra resources to store the information. • Don’t require channel switching in MU. • Allow possible differentiations for both MU and infrastructure. Haixiang He, Nortel Networks

  20. Summary • All delays should be considered. • Solution should try to maintain the current technologies, minimize the resource usages and consider different deployment scenarios. • A new approach or a new way of thinking is introduced: Fast BSS Transition Tunnel. Haixiang He, Nortel Networks

  21. Next Steps • Challenge members to think hard. • Welcome feedbacks. • Welcome partnerships. • Provide next level of details. Haixiang He, Nortel Networks

More Related