250 likes | 265 Views
Explore innovative techniques to diagnose faults in IEEE 802.11 networks, addressing connectivity, authentication, and performance issues. The proposed client-based framework enhances fault detection and localization, providing comprehensive insights.
E N D
Architecture and Techniques for Diagnosing Faults in IEEE 802.11 Infrastructure Networks Atul Adya, Victor Bahl, Ranveer Chandra, Lili Qiu Microsoft Research
Wireless Network Woes • How many times have you heard users say: • “My machine says: wireless connection unavailable” • “Why can’t my machine authenticate?” • “My performance on wireless really sucks” IT Dept: Several hundred complaints per month • You may have heard network admins say: • “I wonder if some one has sneakily installed an unauthorized access point” • “Do we have complete coverage in all the buildings?”
Enterprise Wireless Problems Main problems observed by IT department: • Connectivity: RF Holes • Authentication: 802.1x protocol issues • Performance: Unexplained delays • Security: Rogue APs
Existing Products • Provide management/diagnostic functions • E.g., AirWave, CA’s NSM, Air Defense, Air Magnet • Insufficient functionality: • No support for disconnected clients • Weak root-cause analysis (raw data, mostly) • Diagnosis only from the AP perspective • Sometimes need expensive sensor deployment
Our Contributions • Flexible client-based framework for detection and diagnosis of wireless faults • Client Conduit: communication for disconnected clients via nearby connected clients • Diagnostic mechanisms • Approximate location of disconnected clients • Rogue AP detection • Performance problem analysis
Talk Outline • Diagnostics architecture and implementation • Client Conduit: diagnosing disconnected clients • Diagnostic mechanisms • Locating disconnected clients • Detecting unauthorized APs • Analyzing performance problems • Summary and Future Work
Assumptions • Can install diagnostic software on clients • APs are typically closed platforms • Can provide improved diagnosis with modified APs • Nearby clients available for fault diagnosis • At least 13 active clients on our floor (approx. 2500 sq. feet) • Network admins maintain AP Location Database
Client-Centric Architecture Diagnostic Server (DS) Authentication/User Info RADIUS Kerberos Diagnostic APModule (DAP) Legacy AP Client Conduit Diagnostic ClientModule (DC) Disconnected Client
Diagnostic Architecture Properties • Exploits client-view of network (not just APs) • Supports proactive and reactive mechanisms • Scalable • Secure
Client Implementation • Prototype system on Windows • Native WiFi: Extensibility framework for 802.11 [Microsoft Networking 2003] • Daemon: most of functionality and main control flow • IM driver: limited changes • Packet capture & monitoring
Talk Outline • Diagnostics architecture and implementation • Client Conduit: diagnosing disconnected clients • Diagnostic mechanisms • Locating disconnected clients • Detecting unauthorized APs • Analyzing performance problems • Summary and Future Work
Cause of Disconnection • Lack of coverage • In an RF Hole • Just outside AP range • Authentication issues, e.g., stale certificates • Protocol problems, e.g., no DHCP address Can we communicate via nearby connected clients?
Possible (unsatisfactory) solutions: Multiple radios: extra radio for diagnostics MultiNet [InfoCom04]: Multiplex “Happy” between Infrastructure/Adhoc modes Penalizing normal case behavior for rare scenario Communication via Nearby Clients Adhoc Mode SOS Access Point Disconnected Client “Grumpy” Cannot be on 2 networks. Packet dropped! Connected Client “Happy” (Infrastructure)
Our Solution: Client Conduit Becomes an Access Point (Starts beaconing) Stops beaconing SOS Ack (Probe Req) Access Point Ad hoc networkvia MultiNet Connected Client“Happy” Disconnected Client “Not-so-Grumpy” Disconnected Client “Grumpy” SOS (Beacon) Disconnected station detected • Help disconnected wireless clients with: • Online diagnosis • Certificate bootstrapping
Client Conduit Features • Incurs no extra overhead for connected clients • Use existing 802.11 messages: beacons & probes • Works with legacy APs • Includes security mechanisms to avoid abuses
Client Conduit Performance • Time for “Grumpy” to get connected < 7 seconds • Reduced time can enable transparent recovery • Bandwidth available for diagnosis > 400 Kbps(when “Happy” donates only 20% of time)
Talk Outline • Diagnostics architecture and implementation • Client Conduit: diagnosing disconnected clients • Diagnostic mechanisms • Locating disconnected clients • Detecting unauthorized APs • Analyzing performance problems • Summary and Future Work
Locating Disconnected Clients Goal: Approximately locate to determine RF Holes Solution: Use nearby connected clients • “Grumpy” starts beaconing • Nearby clients report signal strength to server • Diagnostic server uses RADAR [InfoCom00] twice • Locates connected clients • Locates “Grumpy” with clients as “anchor points” • Location error: 10 – 15 meters
Talk Outline • Diagnostics architecture and implementation • Client Conduit: diagnosing disconnected clients • Diagnostic mechanisms • Locating disconnected clients • Detecting unauthorized APs • Analyzing performance problems • Summary and Future Work
Rogue AP Problems Why problematic? • Allow network access to unauthorized users • Hurt performance: interfere with existing APs Detection goals: • Common case: mistakes by employees • Detect unauthorized IEEE 802.11 APs • Not considering non-compliant APs Solution: Use clients for monitoring nearby APs
Rogue AP Detection • Clients monitor nearby APs. Send to server: • MAC address, Channel, SSID, RSSI (for location) • Server checks 4-tuple in AP Location Database • Obtaining AP Information at clients: • Same/overlapping channel as client: from Beacons • AP on non-overlapping channel: • Active Scan periodically • AP information from Probe Response
Rogue AP Detection Overheads • Bandwidth usage < 0.2 Kbps per client • Can active scans be performed without disruption? • Sufficient idleness available (2½ – 3 min.) • Simple threshold-based prediction:Active scan completed in idle period for 95% cases
Talk Outline • Diagnostics architecture and implementation • Client Conduit: diagnosing disconnected clients • Diagnostic mechanisms • Locating disconnected clients • Detecting unauthorized APs • Analyzing performance problems • Summary and Future Work
Summary • Diagnostics critical for 802.11 deployments • Client-centric architecture • Client Conduit • Diagnosis using nearby clients • Locate disconnected clients • Detect rogue APs • Analyze performance problems • Prototype in Windows using Native WiFi • Mechanisms are effective with low overheads
Future Work • Detecting Rogue Ad Hoc networks • 802.1x protocol analyzer • Detailed wireless delay analyzer • Automated recovery after fault diagnosis