January 2008

D. Eastlake (Motorola)

Slide 1

doc.: IEEE 802.11-08/114r1

Submission Slide 1

Segregated Data ServicesDate: 2008-01-14

Authors:Name Affiliations Address Phone email

Donald Eastlake 3rd

Motorola 111 Locke Drive, Marlboro, MA 01757 USA

+1-508-786-7554 Donald.Eastlake@motorola.com

Guido R. Hiertz Philips ComNets, RWTH Aachen

University Kopernikusstr. 16, 52074 Aachen, Germany

+49-241-802-5829 hiertz@ieee.org

Stephen McCann Nokia Siemens

Networks

Roke Manor Research Ltd Old Salisbury Lane Romsey, Hampshire

SO51 0ZN, United Kingdom

+44 1794 833341 stephen.mccann@roke.co.uk

Dee Denteneer Philips Philips Research, HTC 27 (WL

1.132), 5656 AE Eindhoven, The Netherlands

+31-402-746-937 dee.denteneer@philips.com

Stephen Rayment BelAir Networks 603 March Road, Ottawa, ON, Canada K2K 2M5

+1 613 254 7070 x112

srayment@belairnetworks.com

Tony Metke Motorola 1301 E. Algonquin Road Mail Stop: 1232

Schaumberg, IL 60196 USA

+1-847-576-0092 Tony.Metke@motorola.com

Michael Bahr Siemens Enterprise

Communications

Otto-Hahn-Ring 6 81730 München

Germany

+49-89-636-49926 bahr@siemens.com

January 2008

D. Eastlake (Motorola)

Slide 2

doc.: IEEE 802.11-08/114r1

Submission Slide 2

Abstract

802.11 networks frequently handle different communities that need to be provided separate services. This is typically done by VLANs in wired networks. The need varies from distinguishing between “visitors” and “residents” in a home network to much stronger and more complex requirements in enterprise, municipal, and other systems. This presentation provides scenarios and requirement areas for adding segregated data services to IEEE 802.11.

January 2008

D. Eastlake (Motorola)

Slide 3

doc.: IEEE 802.11-08/114r1

Submission

Example Scenario Ia(unified infrastructure, single interface end stations)

MAP 1

Guest Station

MAP 2

AP 2

Guest Station

Local Station

Local Station

Internet

Local Station

Protected Services

Local Station

Local VLAN

Guest VLAN

Wired Connection

Firewall

January 2008

D. Eastlake (Motorola)

Slide 4

doc.: IEEE 802.11-08/114r1

Submission

Example Scenario Ib(unified infrastructure, single interface end stations)

MAP 1

Infected Station

MAP 2

AP 2

New Station

Healthy Station

Healthy Station

Healthy Station Healthy Station

Normal VLAN

Assessment and Remediation VLAN

Wired Connection

Other Services

End Point Assesment and Remediation

January 2008

D. Eastlake (Motorola)

Slide 5

doc.: IEEE 802.11-08/114r1

Submission

Example Scenario II(diverse mesh, multi-interface mesh points)

Org 1MP

Internet

Org 1MP

Org 2MP

Org 2MP

Org 2MP

Org 3MP

Org 1MP

Organization 1 Infrastructure

Org 1MPP

Lo

cal M

esh

Ser

vice

Org

aniz

atio

n 1

S

ervi

ce

Org

aniz

atio

n 2

S

ervi

ce

Organization 2 Infrastructure

Org 2MPP

January 2008

D. Eastlake (Motorola)

Slide 6

doc.: IEEE 802.11-08/114r1

Submission

Scenario II without segregated data services

Org 1MP

Internet

Org 1MP

Org 2MP

Org 2MP

Org 2MP

Org 3MP

Org 1MP

Organization 1 Infrastructure

Org 1MPP

Org

aniz

atio

n 1

S

ervi

ce

Org

aniz

atio

n 2

S

ervi

ce

Organization 2 Infrastructure

Org 2MPP

January 2008

D. Eastlake (Motorola)

Slide 7

doc.: IEEE 802.11-08/114r1

Submission Slide 7

Areas• Work Done or in Process?

1. Advertising Availability of Services• In 802.11, “service” = SSID• TGu is adding facilities to advertise multiple SSIDs

2. Transit Frame Labelling• Just use VLAN ID in an 802.1 C-tag (formerly called Q-tag)?

• New Work?3. Portal/Link Mapping of Services/VLANs & Priority

• Must be configurable but should have reasonable defaults

4. Service Location & Multi-Service Connections• Primarily relates to mesh and mesh peer links

5. Security• Tunnelling a frame through nodes not fully trusted by the end

points.

January 2008

D. Eastlake (Motorola)

Slide 8

doc.: IEEE 802.11-08/114r1

Submission Slide 8

Advertising Availability of Services

• Work in progress: General Advertisement Service (GAS) mechanisms in 802.11 TGu (Interworking with External Networks).– Includes SSIDC (SSID Container IE) for transmission

of multiple SSIDs (with or without multiple BSSIDs) in a single beacon.

January 2008

D. Eastlake (Motorola)

Slide 9

doc.: IEEE 802.11-08/114r1

Submission Slide 9

Transit Frame Labelling

• Current Practice:– Base 802.11 standard explicitly permits 802.1 C-Tag

(formerly Q-Tag) in payload (802.11-2007 Annex M) but C-Tag’s priority and VLAN ID fields are currently ignored. VLAN ID seems reasonable for distinguishing frames belonging to different services.

January 2008

D. Eastlake (Motorola)

Slide 10

doc.: IEEE 802.11-08/114r1

Submission Slide 10

Portal/Link Mapping of Services/VLANs & Priority

• Possible new work:– VLAN IDs can probably be coordinated in a BSS or

across an ESS. But in a mesh this would be very difficult. So maybe in a mesh the VLAN ID is just a local abbreviation mapped on each peer link hop?

– Should portals have a configurable mapping, with reasonable defaults, between external priority and 802.11 TID?

January 2008

D. Eastlake (Motorola)

Slide 11

doc.: IEEE 802.11-08/114r1

Submission Slide 11

Service Location &Multi-Service Connections

• Possible new work:– A legacy station to AP link is almost by definition

limited to carrying one service. But mesh peer links might carry any service that is transiting the mesh…

– How does a mesh station (which might have just joined the mesh) find a new service that was not previously transiting the mesh but is offered by some other station/portal?

January 2008

D. Eastlake (Motorola)

Slide 12

doc.: IEEE 802.11-08/114r1

Submission Slide 12

Security

• Current Practice: Use IPsec or some similar application level mechanism to protect data end-to-end.

• Possible new work:– Optional edge-to-edge security between original source

802.11 station and final destination 802.11 station.

January 2008

D. Eastlake (Motorola)

Slide 13

doc.: IEEE 802.11-08/114r1

Submission Slide 13

Results in Waikoloa• 11-07/2941r1 Presented In WNG Standing Committee• Vote in WNG

– Moved, To request the IEEE 802.11 Working Group to approve and forward to the IEEE 802 Executive Committee the creation of a “WLAN Segregated Data Services” Study Group to consider how best to meet requirements as follows and how best to coordinate such activities with 802.1:

• labeling frames per service; security of data within a service; and the configuration and management of such services.

– Moved: Donald Eastlake 3rd Seconded: Guido Hiertz– Yes: 22 No: 0 Abstain: 4 (100% approval)

• Vote In 802.11 Working Group at Closing Plenary– Yes: 19 No: 9 Abstain: 24 (67.85% approval)

January 2008

D. Eastlake (Motorola)

Slide 14

doc.: IEEE 802.11-08/114r1

Submission Slide 14

Results in Atlanta• 11-07/2491r2 Presented In Mid-Week Plenary

• Motion in 802.11 Closing Plenary– Moved, To approve and forward to the IEEE 802 Executive

Committee for their approval the creation of a “WLAN Segregated Data Services” Study Group to consider how best to meet requirements as follows in 802.11 and how best to coordinate such activities with 802.1:

• labeling 802.11 frames per service; security of data within such services; and the configuration and management of such services.

– Moved: Donald Eastlake 3rd Seconded: Stephen McCann– Withdrawn due to several objections that the scope was be to broad

and unspecific, proposed Study Group needs to be rethought, etc.

• (This presentation, 11-08/114 in Taipei, tries to be narrower and more specific.)

January 2008

D. Eastlake (Motorola)

Slide 15

doc.: IEEE 802.11-08/114r1

Submission Slide 15

References

• IEEE Standard 802.11-2007 – WLANs

• IEEE Standard 802.1Q-2005 – VLANs

• Draft 802.11s D1.07 – ESS Mesh Networking

• Draft 802.11u D1.02 – Interworking with External Networks