120 likes | 127 Views
This presentation explores scenarios and requirement areas for adding segregated data services to IEEE 802.11 networks, including advertising and providing connection to services, transit frame labeling, and security.
E N D
Segregated Data Services Authors: Date: 2008-05-12 Slide 1 D. Eastlake (Motorola)
Abstract An 802.11 network frequently handles different communities that need separate services. The need varies from distinguishing between “visitors” and “residents” in a home network to much stronger and more complex requirements in enterprise, municipal, and other systems. This presentation provides scenarios and requirement areas for adding segregated data services to IEEE 802.11. Slide 2 D. Eastlake (Motorola)
Protected Services Firewall MAP 1 AP 2 Example Scenario I(unified infrastructure, single interface end stations) Internet End Point Assessment & Remediation MAP 2 New Station New Station Mgmt Station Local Station Local Station Local Station Assessment & Remediation Guest Station Local VLAN Wired Connection Local Station Mgmt Station Guest Station Mgmt VLAN Guest VLAN D. Eastlake (Motorola)
Organization 1 Infrastructure Organization 2 Infrastructure Local Mesh Service Organization 1 Service Organization 2 Service Org 1MPP Org 1MP Org 2MP Org 2MP Org 2MPP Org 2MP Org 1MP Org 3MP Org 1MP Example Scenario II(diverse mesh, multi-interface mesh points) Internet D. Eastlake (Motorola)
Org 1MPP Org 1MP Org 2MP Org 2MP Org 2MPP Org 2MP Org 1MP Org 3MP Org 1MP Scenario II without segregated data services Internet Organization 1 Infrastructure Organization 2 Infrastructure Organization 1 Service Organization 2 Service D. Eastlake (Motorola)
Requirements • Work Done or in Process • Advertising and Providing Connection to Services • TGu/TGv adding facilities supporting multiple SSIDs/BSSIDs • Transit Frame Labelling • Just use the 802.1 C-tag • New Work • Mapping of Services and VLANs • At APs and Mesh Points • Security • Tunnelling a frame through nodes not fully trusted by the end points. • Edge to Edge security. Slide 6 D. Eastlake (Motorola)
Advertising and Providing Connection to Services • Probably satisfied by work in progress: • TGv: Multiple BSSIDs. • TGu: General Advertisement Service (GAS) mechanisms includes SSIDC (SSID Container IE) for transmission of multiple service advertisements in a single beacon. Slide 7 D. Eastlake (Motorola)
Transit Frame Labelling • Probably satisfied by an existing facility: • Base 802.11 standard explicitly permits an 802.1 C-Tag in payload but such tags are currently ignored. VLAN ID seems reasonable for distinguishing frames belonging to different services. Slide 8 D. Eastlake (Motorola)
Mapping of Services and Tags • New work: • Methods to manage Service ↔ Tag mappings at • the APs in an ESS and • at Mesh Points (MPs) Slide 9 D. Eastlake (Motorola)
Security New work: Optional edge-to-edge security between original source 802.11 station and final destination 802.11 station. Optional ability to tunnel frames for one service through a node that is not part of that service. Slide 10 D. Eastlake (Motorola)
Motion • Moved, To request the IEEE 802.11 Working Group to approve and forward to the IEEE 802 Executive Committee the creation of a “WLAN Segregated Data Services” Study Group to consider how best to meet requirements as follows and how best to coordinate such activities with 802.1: • labeling frames • mapping between 802.11 service sets and such labels • security of data within a service Mover: Seconder: Yes: No: Abstain: D. Eastlake (Motorola)
References • IEEE Standard 802.11-2007 – WLANs • IEEE Standard 802.1Q-2005 – VLANs • Draft 802.11s D2.0 – ESS Mesh Networking • Draft 802.11u D2.01 – Interworking with External Networks • Draft 802.11v D2.01 – Network Management Slide 12 D. Eastlake (Motorola)