IEEE-SA - Service mapping between the ISS and...
20
1 bz-nfinn-service-mapping-0913-v01.pptx IEEE 802.1 interim meeting, York UK, September 2013 Service mapping between the ISS and 802.11 Norman Finn Cisco Systems Version 1, August 1, 2013
Transcript of IEEE-SA - Service mapping between the ISS and...
1 bz-nfinn-service-mapping-0913-v01.pptx IEEE 802.1 interim meeting, York UK, September 2013
Service mapping between the ISS and 802.11
Norman Finn Cisco Systems
Version 1, August 1, 2013
bz-nfinn-service-mapping-0913-v01.pptx 2 IEEE 802.1 interim meeting, York UK, September 2013
• IEEE Std 802.1Q-2011
IEEE Std802.1Q-2011 LOCAL AND METROPOLITAN AREA NETWORKS
106 Copyright © 2011 IEEE. All rights reserved.
8.2 Bridge architecture
A Bridge comprises at least one bridge component. A bridge component comprises
a) A MAC Relay Entity that interconnects the Bridge’s Ports;b) At least two Ports;c) Higher layer entities, including at least a Spanning Tree Protocol Entity.
The VLAN-aware Bridge architecture is illustrated in Figure 8-2. The MAC Relay Entity handles the mediaaccess method independent functions of relaying frames among Bridge Ports, filtering frames, and learningfiltering information. It uses the Enhanced Internal Sublayer Service (EISS) (6.8, 6.9) provided by eachBridge Port.
Each Bridge Port also functions as an end station providing one or more instances of the MAC Service. Eachinstance of the MAC Service is provided to a distinct LLC Entity that supports protocol identification,multiplexing, and demultiplexing, for PDU transmission and reception by one or more higher layer entities.
NOTE 1—In most cases, each Port provides a single instance of the MAC Service, to an LLC Entity that supports allHigher Layer Entities that require a point of attachment to the Port. Further instances are only provided when thespecifications of the Higher Layer Entities require the use of different instances of the MAC service or of differentsource addresses.
An LLC Entity for each Bridge Port shall use an instance of the MAC Service provided for that Port tosupport the operation of LLC Type 1 procedures in order to support the operation of the Spanning Tree
Figure 8-2—VLAN-aware Bridge architecture
NOTE—The notation “IEEE Std 802.n” in this figure indicates that the specifications for these functions can befound in the relevant standard for the media access method concerned; for example, n would be 3 (IEEE Std 802.3)in the case of Ethernet.
Higher Layer Entities
MAC Relay Entity
Bridge Port
LAN
ISS
MS MS
EISS
LAN
ISS
Media Access Method
IndependentFunctions (6.9)
Media Access Method Specific Functions (IEEE Std 802.n)
Media Access Method
DependentConvergence
Functions (6.7)
EISS
Bridge Port
bz-nfinn-service-mapping-0913-v01.pptx 3 IEEE 802.1 interim meeting, York UK, September 2013
• IEEE Std 802.1Q-2011
IEEE Std802.1Q-2011 LOCAL AND METROPOLITAN AREA NETWORKS
106 Copyright © 2011 IEEE. All rights reserved.
8.2 Bridge architecture
A Bridge comprises at least one bridge component. A bridge component comprises
a) A MAC Relay Entity that interconnects the Bridge’s Ports;b) At least two Ports;c) Higher layer entities, including at least a Spanning Tree Protocol Entity.
The VLAN-aware Bridge architecture is illustrated in Figure 8-2. The MAC Relay Entity handles the mediaaccess method independent functions of relaying frames among Bridge Ports, filtering frames, and learningfiltering information. It uses the Enhanced Internal Sublayer Service (EISS) (6.8, 6.9) provided by eachBridge Port.
Each Bridge Port also functions as an end station providing one or more instances of the MAC Service. Eachinstance of the MAC Service is provided to a distinct LLC Entity that supports protocol identification,multiplexing, and demultiplexing, for PDU transmission and reception by one or more higher layer entities.
NOTE 1—In most cases, each Port provides a single instance of the MAC Service, to an LLC Entity that supports allHigher Layer Entities that require a point of attachment to the Port. Further instances are only provided when thespecifications of the Higher Layer Entities require the use of different instances of the MAC service or of differentsource addresses.
An LLC Entity for each Bridge Port shall use an instance of the MAC Service provided for that Port tosupport the operation of LLC Type 1 procedures in order to support the operation of the Spanning Tree
Figure 8-2—VLAN-aware Bridge architecture
NOTE—The notation “IEEE Std 802.n” in this figure indicates that the specifications for these functions can befound in the relevant standard for the media access method concerned; for example, n would be 3 (IEEE Std 802.3)in the case of Ethernet.
Higher Layer Entities
MAC Relay Entity
Bridge Port
LAN
ISS
MS MS
EISS
LAN
ISS
Media Access Method
IndependentFunctions (6.9)
Media Access Method Specific Functions (IEEE Std 802.n)
Media Access Method
DependentConvergence
Functions (6.7)
EISS
Bridge Port
Let’s zoom in on this
bz-nfinn-service-mapping-0913-v01.pptx 4 IEEE 802.1 interim meeting, York UK, September 2013
Three methods
• P802.1Qbz Draft 1.2 (still in early Task Group balloting stage)
Enhancements to Bridging of 802.11 Media IEEE P802.1Qbz/D1.2July 31, 2013
Copyright © 2013 IEEE. All rights reserved. 23This is an unapproved IEEE Standards Draft, subject to change.
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354
G.4.2 Infrastructure convergence
The infrastructure convergence function defined in IEEE 802.1AC Clause TBD provides a set of virtualpoint-to-point instances of the 802.1AE MAC Security sublayer and the ISS, one to each station to which anIEEE Std 802.11 access point is attached. The convergence function maps this set of ISS instances to asingle instance of the infrastructure interface defined in IEEE Std 802.11ak Clause TBD. Bridges connectingto IEEE Std 802.11 access points using this interface can form a Bridged LAN or Virtual Bridged LAN thatserves as an IEEE Std 802.11 distribution system to those access points. This interface supports IEEE Std802.11 media interior to a Bridged LAN or Virtual Bridged LAN.
G.4.3 Non-AP station convergence
The non-AP station convergence function, defined in IEEE 802.1AC Clause TBD is used between the IEEEStd 802.1AE MAC Security layer, the ISS below it, and the non-AP station interface defined in IEEE Std802.11ak Clause TBD. This method allows an IEEE Std 802.11 non-AP station to serve as a Bridge Port.
The Forwarding Process (8.6)
Support ofEISS(6.9)
802.1AC Clause TBDInfrastructure convergence
Support of EISS(6.9)
Support of EISS(6.9)
Support of EISS(6.9)
Support of EISS(6.9)
IEEE Std 802.11Portal and distribution system
802.11access point
802.11access point
IEEE 802.11access point
IEEE Std 802.11akInfrastructure access
IEEE Std 802.11ak Non-AP
station access
IEEE Std 802.11non-AP station
802.11medium
802.11medium
802.11medium
802.11medium
IEEE 802.1AC Clause 12.1.2802.11 Portal convergence
Figure G-2—Methods for Bridge access to IEEE 802.11 media
Portal (G.4.1) Infrastructure (G.4.2) Non-AP station (G.4.3)
802.1AC TBDnon-AP stationconvergence
DONE NEW NEW
1 2 3
Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 5
bz-nfinn-service-mapping-0913-v01.pptx 6 IEEE 802.1 interim meeting, York UK, September 2013
2
• For most media (e.g. 802.3, FDDI, MOST, or the 802.11 Portal interface) it is a relatively simple chore to map the ISS parameters to the particular medium’s parameters.
• For P802.1Qbz / P802.11ak, convergence is more complex. Ø The security layer is necessarily down in
802.11, not above the ISS, because 802.11 secures fragments of frames.
Ø There is one physical interface that can send a multicast, theoretically sent on multiple ports, with a single transmission.
Ø This multiplexing involves the cooperation of the AP and the non-AP station; the non-AP station must decode the port selection encoded in the frame by the AP.
Media Access Method Dependent Convergence Functions
(802.11)
802.1AE SecY (ISS)
(ISS) (ISS)
controlled uncontrolled
802.1AE SecY
(ISS) (ISS)
controlled uncontrolled
(ISS)
(Not strictly 802.1AE SecY, but equivalent in terms of usage and effect.)
bz-nfinn-service-mapping-0913-v01.pptx 7 IEEE 802.1 interim meeting, York UK, September 2013
802.1AC Media Access Method Dependent Convergence Functions Many ISS ßà Infrastructure SAP + vector of ports
802.1ak Infrastructure access Vector of ports ßà N frames with third MAC address and subset encoding
(802.11)
SecY 1
(ISS) (ISS)
SecY 2
(ISS) (ISS)
SecY m
(ISS) (ISS)
(ISS) (ISS) … (ISS)
C UC C UC C UC C:
UC: controlled uncontrolled
(Infrastructure SAP with port vector)
bz-nfinn-service-mapping-0913-v01.pptx 8 IEEE 802.1 interim meeting, York UK, September 2013
802.1AC Media Access Method Dependent Convergence Functions Many ISS ßà Infrastructure SAP + vector of ports
802.1ak Infrastructure access Vector of ports ßà N frames with third MAC address and subset encoding
(802.11)
(ISS) (ISS) (ISS) (ISS) (ISS) (ISS) … C UC C UC C UC
Eliminate the SecY. Attach both controlled and uncontrolled ports to the convergence function. (This trick goes in 802.1Qbz.)
(Infrastructure SAP with port vector)
1 2 m
bz-nfinn-service-mapping-0913-v01.pptx 9 IEEE 802.1 interim meeting, York UK, September 2013
(ISS) (ISS) (ISS) (ISS) (ISS) (ISS) … C UC C UC C UC
• All of the ports associated with a given AP (or BSS, in the sense of a logical function) go through a single instance of the convergence function.
• For .requests: The convergence function turns some number of .requests presented “simultaneously” on some number of its upper SAPs into a single .request and a vector indicating on which SAPs it was presented.
• For .indications: The convergence function presents the frame on the SAP(s) indicated by the vector. (It so happens that this is always just one port.)
(Infrastructure SAP with port vector)
1 2 m
bz-nfinn-service-mapping-0913-v01.pptx 10 IEEE 802.1 interim meeting, York UK, September 2013
(Infrastructure SAP with port vector)
(ISS) (ISS) (ISS) (ISS) (ISS) (ISS) … C UC C UC C UC
• The creation and deletion of upper SAPs are handled by the AP and its security layer. The signaling of these events is a matter not visible outside the system, so may or may not be standardized, at the choice of 802.11 TGak.
• Of course, the 802.1AC convergence function also performs any minor mapping required between the ISS and 802.11 service definitions.
1 2 m
bz-nfinn-service-mapping-0913-v01.pptx 11 IEEE 802.1 interim meeting, York UK, September 2013
(Infrastructure SAP with port vector)
• (Feel free to suggest better names for this function.)
• For .requests: The frame has only Destination and Source addresses. Every frame has a Source and Transmitter address both the AP’s MAC address. Using the port vector, the infrastructure access function selects a Destination/Receiver address (either a unicast to a non-AP station or a broadcast to all) and encodes the station list appropriately in the A-MSDU.
• For .indications: The Transmitter address and whether the frame was encrypted determine the single-bit vector passed up with the frame.
(802.11)
bz-nfinn-service-mapping-0913-v01.pptx 12 IEEE 802.1 interim meeting, York UK, September 2013
• As will be made clear in P802.1Qbz (and in P802.11ak, if TGak so desires), the purpose of the architecture is to specify outcomes, not internal processes.
• So, whether variances in VLAN tagging, VID mapping, or priority mapping cause a frame to be replicated above 802.1AC convergence function, or below the 802.11 infrastructure access function, is irrelevant to IEEE Std 802.1Q or to IEEE Std 802.1AC.
• If TGak chooses to add such mapping functions to the A-MSDU encoding, it will be documented in IEEE Std 802.11ak.
Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 13
bz-nfinn-service-mapping-0913-v01.pptx 14 IEEE 802.1 interim meeting, York UK, September 2013
(only two ports, controlled and uncontrolled) 802.1AC Media Access Method Dependent Convergence Functions
Many ISS ßà Infrastructure SAP + vector of ports
802.1ak Non-AP station Vector of ports ßà 1 frame with third MAC address and subset encoding
(802.11)
(ISS) (ISS) C UC
(Non-AP station SAP with port vector)
bz-nfinn-service-mapping-0913-v01.pptx 15 IEEE 802.1 interim meeting, York UK, September 2013
(Non-AP station SAP with port vector)
• The creation and deletion of upper SAPs are handled by the station and its security layer. The signaling of these events is a matter not visible outside the system, so may or may not be standardized, at the choice of 802.11 TGak.
• Of course, the 802.1AC convergence function also performs any minor mapping required between the ISS and 802.11 service definitions.
(ISS) (ISS) C UC
bz-nfinn-service-mapping-0913-v01.pptx 16 IEEE 802.1 interim meeting, York UK, September 2013
• For .requests: The frame has only Destination and Source addresses. The port vector simply indicates whether the frame is or is not encrypted. The outer Destination and Receiver addresses are the AP, the Source/Transmitter address the non-AP station. The A-MSDU does not carry any subset encoding.
• For .indications: Whether or not the frame was encrypted determines the single-bit vector passed up with the frame.
(802.11)
(Non-AP station SAP with port vector)
Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 17
bz-nfinn-service-mapping-0913-v01.pptx 18 IEEE 802.1 interim meeting, York UK, September 2013
• If preferred by TGak, it would be just as easy to make separate controlled and uncontrolled ports at the 802.11 interface:
Controlled 802.1AC convergence function
Controlled 802.1ak infrastructure access
(802.11)
(ISS) (ISS) (ISS) … C C C
(Infrastruct. SAP w/ port vector)
Uncontrolled 802.1AC convergence function
Uncontrolled 802.1ak infrastructure access
(802.11)
(ISS) (ISS) (ISS) … UC UC UC
(Infrastruct. SAP w/ port vector)
1 2 m
1 2 m
C UC
bz-nfinn-service-mapping-0913-v01.pptx 19 IEEE 802.1 interim meeting, York UK, September 2013
• Note that, because the non-AP station has only one SAP for the AP, this effectively reduces the 802.1AC non-AP station convergence function to be exactly the same as the current Portal convergence function.
• Of course, the anti-reflection part of the subset solution is still required.
Thank you.
