Doc.: IEEE 802.11-04/1565r0 Submission December 2004 Haixiang He, Nortel NetworksSlide 1 Fast BSS...
21
Decembe r 2004 Haixi ang H e, No Slide 1 doc.: IEEE 802.11-04/1565r0 Submission Fast BSS Transition Tunnel Notice: This document has been prepared to assist IEEE 802.11. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. Release: The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE 802.11. Patent Policy and Procedures: The contributor is familiar with the IEEE 802 Patent Policy and Procedures < http:// ieee802.org/guides/bylaws/sb-bylaws.pdf >, including the statement "IEEE standards may include the known use of patent(s), including patent applications, provided the IEEE receives assurance from the patent holder or applicant with respect to patents essential for compliance with both mandatory and optional portions of the standard." Early disclosure to the Working Group of patent information that might be relevant to the standard is essential to reduce the possibility for delays in the development process and increase the likelihood that the draft publication will be approved for publication. Please notify the Chair < [email protected] > as early as possible, in written or electronic form, if patented technology (or technology under patent application) might be incorporated into a draft standard being developed within the IEEE 802.11 Working Group. If Date: 2004-12-18 N am e C om pany A ddress Phone em ail H aixiang H e N ortelN etw orks 600 Technology Park D rive Billerica, M A 01821,U SA 978-288-7482 [email protected] D arw in Engw er N ortelN etw orks 4655 G reatA m erica Pkw y Santa Clara, CA 95054,U SA 408-495-7099 dengwer@ nortelnetworks.com Authors:
-
Upload
sharleen-thornton -
Category
Documents
-
view
214 -
download
0
Transcript of Doc.: IEEE 802.11-04/1565r0 Submission December 2004 Haixiang He, Nortel NetworksSlide 1 Fast BSS...
December 2004
Haixiang He, Nortel Networks
Slide 1
doc.: IEEE 802.11-04/1565r0
Submission
Fast BSS Transition Tunnel
Notice: This document has been prepared to assist IEEE 802.11. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein.
Release: The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE 802.11.
Patent Policy and Procedures: The contributor is familiar with the IEEE 802 Patent Policy and Procedures <http:// ieee802.org/guides/bylaws/sb-bylaws.pdf>, including the statement "IEEE standards may include the known use of patent(s), including patent applications, provided the IEEE receives assurance from the patent holder or applicant with respect to patents essential for compliance with both mandatory and optional portions of the standard." Early disclosure to the Working Group of patent information that might be relevant to the standard is essential to reduce the possibility for delays in the development process and increase the likelihood that the draft publication will be approved for publication. Please notify the Chair <[email protected]> as early as possible, in written or electronic form, if patented technology (or technology under patent application) might be incorporated into a draft standard being developed within the IEEE 802.11 Working Group. If you have questions, contact the IEEE Patent Committee Administrator at <[email protected]>.
Date: 2004-12-18
Name Company Address Phone email Haixiang He Nortel Networks 600 Technology Park Drive
Billerica, MA 01821, USA 978-288-7482 [email protected]
Darwin Engwer Nortel Networks 4655 Great America Pkwy Santa Clara, CA 95054, USA
408-495-7099 [email protected]
Authors:
December 2004
Haixiang He, Nortel Networks
Slide 2
doc.: IEEE 802.11-04/1565r0
Submission
Abstract
This submission represents a complete proposal to 802.11 TGr’s call for proposal to achieve Fast BSS Transition. In the proposal, the new AP will extend the old data path by tunneling traffic (11i protected MPDUs) from the old AP to the MU while setting up the new data path with the MU.
The proposal does not require any changes of current technologies including 11i, 11e, allows back-end resource allocation only at the time of re-association, minimizes the resource usage on both MU and AP, and does not require MU to switch channels for re-associations. It can also support high-speed STA transition.
The solution features Make-before-Break, Divide-and-Conquer, and Pre-transition Preparation.
December 2004
Haixiang He, Nortel Networks
Slide 3
doc.: IEEE 802.11-04/1565r0
Submission
Different Approach: Fast BSS Transition Tunnel
• Extend the old secure data path through the target AP and treat the current AP as an anchor point to facilitate the Fast BSS Transition!– Old secure data path is at the MPDU level.
– MPDUs need to be carried inside the frames between the STA and the target AP. The MPDUs are tunneled.
– The target AP looks like a repeater of the current AP but at layer 2.
• The only delay is the STA signaling to the target AP to open the tunnel point.
December 2004
Haixiang He, Nortel Networks
Slide 4
doc.: IEEE 802.11-04/1565r0
Submission
Key Advantages
• No data packet lose– The current AP buffers the traffic during the STA transition and
delivers the packets by way of the target AP.
• Near instantaneous transition– The data path switch time is near zero (single atomic operation).– Decouples time consuming tasks from the actual transition.
• The delay to set up the new data path is decoupled from the time sensitive traffic delivery– The STA exchanges packets with DS using the current AP’s DS port
while setting up the new data path with the target AP.– The new data path setup is no longer time critical.
December 2004
Haixiang He, Nortel Networks
Slide 5
doc.: IEEE 802.11-04/1565r0
Submission
Other Advantages
• Don’t need any changes with current technologies including 11i, 11e.
• Allow back-end resource allocation only at the time of re-association.
• Minimize the resource usage on both MU and APs– Don’t need to pre-setup any information with the new AP and
hence don’t need extra resources to store the information.• Don’t require channel switching in MU.
– Data path with old AP is maintained during the transition.– Communication is not through old AP’s air interface hence does
not need channel switching in MU.• Support high-speed STA transition.• Allow possible differentiations for both MU and
infrastructure.
December 2004
Haixiang He, Nortel Networks
Slide 6
doc.: IEEE 802.11-04/1565r0
Submission
High-level Process
MUMAC = MU1
AP#1SSID= “ACME”BSSID= AP1
AP#2SSID= “ACME”BSSID= AP2
Step1: MU informs old AP its intention to transit so the back-end can prepare for it. (optional)
Step2: old AP suspend traffic forwarding and buffer the traffic. Similar to PSP
Step3: MU sends “Fast BSS Transition Tunnel Request”
Step4: MU’s MPDU (not MSDU) is transferred from old AP to new AP.
Step5: New AP encapsulates the MU’s MPDUs in a new 802.11 MF for delivery to the MU. At the same time, the new data path is set up between MU and the new AP.
Step6: Once the new data path is set up with new AP, the tunnel (old data path) is
cut off.
December 2004
Haixiang He, Nortel Networks
Slide 7
doc.: IEEE 802.11-04/1565r0
Submission
Overview of the Fast BSS Tunnel Process
• STA requests tunneled data delivery service
• Data packets from current AP are tunneled to and delivered through the target AP
• STA establishes new context with target AP (security, QoS, ...)
• Break tunnel/ instantaneous transition to target AP
December 2004
Haixiang He, Nortel Networks
Slide 8
doc.: IEEE 802.11-04/1565r0
Submission
Major Events
• Step1: Tunnel Request1. STA => TAP: Tunnel Request (CAP BSSID)2. TAP => STA: Tunnel Response (Status)3. TAP: Inform CAP to forward STA’s MPDUs
• Step2: Tunnel MPDUs– STA TAP: Tunnel Data (MPDUs)
• TAP CAP: Exchange (MPDUs)
• Step3: Setup New Data Path (simultaneous with Step2)– STA TAP: Management frames exchanges
• Step4: Actual Transition1. STA => TAP: Tunnel Break Request (CAP BSSID)2. TAP => STA: Tunnel Break Response (Status)3. TAP: break tunnel, inform DS, inform CAP, start normal traffic delivery
CAP: Current APTAP: Target AP
December 2004
Haixiang He, Nortel Networks
Slide 9
doc.: IEEE 802.11-04/1565r0
Submission
Message Sequence Chart (MSC)
• See companion submission 11-04-1182-01-000r-fast-bss-transition-tunnel-msc.xls for details.
• This is only an example for illustration purpose.
December 2004
Haixiang He, Nortel Networks
Slide 10
doc.: IEEE 802.11-04/1565r0
Submission
High-speed STA Transition
• High-speed STA transition can be better supported in this proposal.– Because in our proposal, the delay of new data path setup is
decoupled from traffic delivery and it is no more time critical.
• A STA only needs to send the tunnel request. It does not need to complete the full re-association process that may take a longer time.– Just tunnel, no re-association.
• A full re-association can be done when STA at lower speed.– To remove the load of the anchor point or switch to a new anchor.
December 2004
Haixiang He, Nortel Networks
Slide 11
doc.: IEEE 802.11-04/1565r0
Submission
Proposed Changes of Standard Text
• Only a few new management frames and their related primitives (normative text changes)– Pre-transition request/response
– Tunnel request/response
– Tunnel Data
– Tunnel Break
• Informative description of the solution– Solution operation (more details to be provided)
– An overview about the architecture maybe useful as informative text. (currently not specified)
December 2004
Haixiang He, Nortel Networks
Slide 12
doc.: IEEE 802.11-04/1565r0
Submission
Implementation Example: WLAN Switch
• Two Possible Approaches during the tunneling phase– Switch encrypts traffic and forwards to target thin APs for direct
delivery to STA.– Switch forwards MPDUs and corresponding current AP keys to
target thin AP for delivery to STA.
• No inter-AP signaling and traffic forwarding for intra-switch transition.– Just need to wrap different AP MAC headers and send to
corresponding thin APs.– Change to new association context when breaking the tunnel.
• High-speed STA transition is much easier– Traffic is already buffered at the switch– Centralized anchor point already exists within the switch
December 2004
Haixiang He, Nortel Networks
Slide 13
doc.: IEEE 802.11-04/1565r0
Submission
Proposal Highlights
• Make before break – The new data path is set up before the old data path is broken.– The old data path is extended through the new AP using tunnels.
• Divide and conquer– Traffic delivery mixes with new data path setup.– The whole delay periods can be divided and long delay can be
avoided.• Pre-Transition Preparation (Optional)
– MU notifies its transition intention.– Help infrastructure to prepare for fast BSS transition.
• DS switch over is a single atomic operation• High-speed STA transition support is possible
December 2004
Haixiang He, Nortel Networks
Slide 14
doc.: IEEE 802.11-04/1565r0
Submission
It works! It is easy!
December 2004
Haixiang He, Nortel Networks
Slide 15
doc.: IEEE 802.11-04/1565r0
Submission
References
• 11-04-1564-00-000r-fast-bss-transition-tunnel-proposed-changes.doc
• 11-04-1179-00-000r-fast-bss-transition-tunnel.ppt
• 11-04-1182-01-000r-fast-bss-transition-tunnel-msc.xls
• 11-04-0086-03-frfh-measurement-802-11-roaming-intervals.ppt
December 2004
Haixiang He, Nortel Networks
Slide 16
doc.: IEEE 802.11-04/1565r0
Submission
Back Up
December 2004
Haixiang He, Nortel Networks
Slide 17
doc.: IEEE 802.11-04/1565r0
Submission
Fast BSS-Transition Mode (FBTM)
• This is a new concept to be introduced.• The old AP transits to FBTM when
– Specifically notified by the MU using a new MF.– When the old AP cannot successfully transmit more MPDUs
through air interface.• When in FBTM, the old AP should
– Maintain the STA context such as PTK.– Buffer the MU’s traffic for very short period to time.– Handle the transfer of MU’s MPDUs to another AP. (not
necessary if old and new APs are on the same switch)– Different implementations may do things differently.
December 2004
Haixiang He, Nortel Networks
Slide 18
doc.: IEEE 802.11-04/1565r0
Submission
FBTM behaviors on new AP
• Triggered specifically by the MU– A new class1 mgmt frame.
• Handle the delivery of the MPDUs from old AP to the MU by encapsulating them in a new management frame.
• Handle the receiving of MPDUs from old AP.• Break the tunnel when the new data path is setup.• Different implementations may do things differently.
December 2004
Haixiang He, Nortel Networks
Slide 19
doc.: IEEE 802.11-04/1565r0
Submission
FBTM behaviors on the MU
• Transit to FBTM when the it decides to transit to a new AP.
• Notify its old AP about its intention to transit to a particular new AP.
• Signal the new AP to request the fast transition tunnel service.
• Using the tunnel to continue the old data path while the new data path is set up. De-capsulate and treat the MPDUs as if there are received from old AP.
• Signal the new AP to cut off the tunnel and update the DS once the new data path is set up.
December 2004
Haixiang He, Nortel Networks
Slide 20
doc.: IEEE 802.11-04/1565r0
Submission
Security
• Require trust relationship between old AP and new AP.– Trust can be easily established since APs are in the same
administrative domain.– Communication channel between old and new APs can be
reasonably secured. – New AP leverages the trust relationship between MU and old AP
until the a new security relationship established between MU and new AP. Traffic delivery is not affected during this time.
• Unprotected tunnel signaling is as good as the current standard and does not introduce new security threats– Re-association exchange is not protected in the current standard
and can cause similar security hole: redirect traffic.– Redirected traffic are 11i protected MPDUs that can be captured
through air interface anyway.
December 2004
Haixiang He, Nortel Networks
Slide 21
doc.: IEEE 802.11-04/1565r0
Submission
Security Cont.
• Trust relationship between MU and new AP– Trust relationships exist between MU and old AP as well as between old and new
APs.– Trust relationship between MU and new AP can be setup by way of old AP. The
approach is similar to the current 11i model among AS, AP and MU.
• The tunnel signaling can be protected– Security association exists between MU and old AP.– PTK is still valid/fresh since data path is not cut off, just extended through tunnels.– Tunnel request/response could be protected using the PTK between MU and old
AP.
• Possible solution:– MU can attach a security payload in tunnel request message and the new AP
forwards the payload to old AP for verification. A random number could be used for request replay protection.
– New AP can attach a security payload generated by the old AP in its tunnel response message to MU. New AP’s BSSID could be included in the security payload to prevent rogue AP.
