1 / 25

Architecture and Techniques for Diagnosing Faults in IEEE 802.11 Infrastructure Networks

Explore innovative techniques to diagnose faults in IEEE 802.11 networks, addressing connectivity, authentication, and performance issues. The proposed client-based framework enhances fault detection and localization, providing comprehensive insights.

melodim
Download Presentation

Architecture and Techniques for Diagnosing Faults in IEEE 802.11 Infrastructure Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Architecture and Techniques for Diagnosing Faults in IEEE 802.11 Infrastructure Networks Atul Adya, Victor Bahl, Ranveer Chandra, Lili Qiu Microsoft Research

  2. Wireless Network Woes • How many times have you heard users say: • “My machine says: wireless connection unavailable” • “Why can’t my machine authenticate?” • “My performance on wireless really sucks” IT Dept: Several hundred complaints per month • You may have heard network admins say: • “I wonder if some one has sneakily installed an unauthorized access point” • “Do we have complete coverage in all the buildings?”

  3. Enterprise Wireless Problems Main problems observed by IT department: • Connectivity: RF Holes • Authentication: 802.1x protocol issues • Performance: Unexplained delays • Security: Rogue APs

  4. Existing Products • Provide management/diagnostic functions • E.g., AirWave, CA’s NSM, Air Defense, Air Magnet • Insufficient functionality: • No support for disconnected clients • Weak root-cause analysis (raw data, mostly) • Diagnosis only from the AP perspective • Sometimes need expensive sensor deployment

  5. Our Contributions • Flexible client-based framework for detection and diagnosis of wireless faults • Client Conduit: communication for disconnected clients via nearby connected clients • Diagnostic mechanisms • Approximate location of disconnected clients • Rogue AP detection • Performance problem analysis

  6. Talk Outline • Diagnostics architecture and implementation • Client Conduit: diagnosing disconnected clients • Diagnostic mechanisms • Locating disconnected clients • Detecting unauthorized APs • Analyzing performance problems • Summary and Future Work

  7. Assumptions • Can install diagnostic software on clients • APs are typically closed platforms • Can provide improved diagnosis with modified APs • Nearby clients available for fault diagnosis • At least 13 active clients on our floor (approx. 2500 sq. feet) • Network admins maintain AP Location Database

  8. Client-Centric Architecture Diagnostic Server (DS) Authentication/User Info RADIUS Kerberos Diagnostic APModule (DAP) Legacy AP Client Conduit Diagnostic ClientModule (DC) Disconnected Client

  9. Diagnostic Architecture Properties • Exploits client-view of network (not just APs) • Supports proactive and reactive mechanisms • Scalable • Secure

  10. Client Implementation • Prototype system on Windows • Native WiFi: Extensibility framework for 802.11 [Microsoft Networking 2003] • Daemon: most of functionality and main control flow • IM driver: limited changes • Packet capture & monitoring

  11. Talk Outline • Diagnostics architecture and implementation • Client Conduit: diagnosing disconnected clients • Diagnostic mechanisms • Locating disconnected clients • Detecting unauthorized APs • Analyzing performance problems • Summary and Future Work

  12. Cause of Disconnection • Lack of coverage • In an RF Hole • Just outside AP range • Authentication issues, e.g., stale certificates • Protocol problems, e.g., no DHCP address Can we communicate via nearby connected clients?

  13. Possible (unsatisfactory) solutions: Multiple radios: extra radio for diagnostics MultiNet [InfoCom04]: Multiplex “Happy” between Infrastructure/Adhoc modes Penalizing normal case behavior for rare scenario Communication via Nearby Clients Adhoc Mode SOS Access Point Disconnected Client “Grumpy” Cannot be on 2 networks. Packet dropped! Connected Client “Happy” (Infrastructure)

  14. Our Solution: Client Conduit Becomes an Access Point (Starts beaconing) Stops beaconing SOS Ack (Probe Req) Access Point Ad hoc networkvia MultiNet Connected Client“Happy” Disconnected Client “Not-so-Grumpy” Disconnected Client “Grumpy” SOS (Beacon) Disconnected station detected • Help disconnected wireless clients with: • Online diagnosis • Certificate bootstrapping

  15. Client Conduit Features • Incurs no extra overhead for connected clients • Use existing 802.11 messages: beacons & probes • Works with legacy APs • Includes security mechanisms to avoid abuses

  16. Client Conduit Performance • Time for “Grumpy” to get connected < 7 seconds • Reduced time can enable transparent recovery • Bandwidth available for diagnosis > 400 Kbps(when “Happy” donates only 20% of time)

  17. Talk Outline • Diagnostics architecture and implementation • Client Conduit: diagnosing disconnected clients • Diagnostic mechanisms • Locating disconnected clients • Detecting unauthorized APs • Analyzing performance problems • Summary and Future Work

  18. Locating Disconnected Clients Goal: Approximately locate to determine RF Holes Solution: Use nearby connected clients • “Grumpy” starts beaconing • Nearby clients report signal strength to server • Diagnostic server uses RADAR [InfoCom00] twice • Locates connected clients • Locates “Grumpy” with clients as “anchor points” • Location error: 10 – 15 meters

  19. Talk Outline • Diagnostics architecture and implementation • Client Conduit: diagnosing disconnected clients • Diagnostic mechanisms • Locating disconnected clients • Detecting unauthorized APs • Analyzing performance problems • Summary and Future Work

  20. Rogue AP Problems Why problematic? • Allow network access to unauthorized users • Hurt performance: interfere with existing APs Detection goals: • Common case: mistakes by employees • Detect unauthorized IEEE 802.11 APs • Not considering non-compliant APs Solution: Use clients for monitoring nearby APs

  21. Rogue AP Detection • Clients monitor nearby APs. Send to server: • MAC address, Channel, SSID, RSSI (for location) • Server checks 4-tuple in AP Location Database • Obtaining AP Information at clients: • Same/overlapping channel as client: from Beacons • AP on non-overlapping channel: • Active Scan periodically • AP information from Probe Response

  22. Rogue AP Detection Overheads • Bandwidth usage < 0.2 Kbps per client • Can active scans be performed without disruption? • Sufficient idleness available (2½ – 3 min.) • Simple threshold-based prediction:Active scan completed in idle period for 95% cases

  23. Talk Outline • Diagnostics architecture and implementation • Client Conduit: diagnosing disconnected clients • Diagnostic mechanisms • Locating disconnected clients • Detecting unauthorized APs • Analyzing performance problems • Summary and Future Work

  24. Summary • Diagnostics critical for 802.11 deployments • Client-centric architecture • Client Conduit • Diagnosis using nearby clients • Locate disconnected clients • Detect rogue APs • Analyze performance problems • Prototype in Windows using Native WiFi • Mechanisms are effective with low overheads

  25. Future Work • Detecting Rogue Ad Hoc networks • 802.1x protocol analyzer • Detailed wireless delay analyzer • Automated recovery after fault diagnosis

More Related