Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
CSIE
S. T. LIANG
DYU
CSIE
S. T. LIANG
1
DYU
CSIE Table of Content
S. T. LIANG
2
DYU
CSIE
S. T. LIANG
DYU
CSIE
S. T. LIANG
3
DYU
CSIE
Outline
S. T. LIANG
5
DYU
CSIE Standardization of Wireless LAN
S. T. LIANG
infrastructure network
Application Application
TCP access point TCP
IP IP
LLC LLC LLC
802.11 MAC 802.11 MAC 802.3 MAC 802.3 MAC
802.11 PHY 802.11 PHY 802.3 PHY 802.3 PHY
6
DYU
CSIE Standardization of Wireless LAN
S. T. LIANG
7
DYU
CSIE IEEE 802.11 Physical Layer Evolutions
S. T. LIANG
Estimated Throughput
Source: www.80211-planet.com
9
DYU
CSIE IEEE 802.11 Physical Layer Evolutions
S. T. LIANG
Pros Cons
• Modest price. • Slowest throughput.
• Mature technology with • Less spectrum.
many products available. • Only 3 channels available
• Throughput is adequate in 2.4GHz band.
for most home and office • Possible interference with
applications. other 2.4GHz devices
• In the best devices, (cordless phones,
throughput fluctuates little, microwaves, garage-door
out to the maximum range. openers)
Source: www.80211-planet.com
10
DYU
CSIE IEEE 802.11 Physical Layer Evolutions
S. T. LIANG
Source: www.80211-planet.com
11
DYU
CSIE IEEE 802.11 Physical Layer Evolutions
S. T. LIANG
Pros Cons
• Backwards compatibility. • Unavailable until early
• Throughput will be at least 2003.
double that of 802.11b. • Only 3 channels available
• Range will be at least in 2.4GHz band.
equal that of 802.11b. • Possible interference with
• Will use both DSSS and other 2.4GHz devices
OFDM technologies (cordless phones,
microwaves, garage-door
openers)
Source: www.80211-planet.com
12
DYU
CSIE Other IEEE Wireless Projects
S. T. LIANG
• Enterprise
– Wired LAN replacement, ad-hoc networks (NICs for PCs, printers, switches, and
other office appliances)
– Multiple cell coverage, high user density, roaming
• Home
– Networking for fixed (Residential Gateways, Set-Top Boxes) portable (Laptops)
and mobile (Notebook) terminals
– Distribution of digital video, Internet broadband access, sharing of PC
peripherals, …
• Education
– Cost effective network access to teachers and students anywhere within the
school from mobile and fixed terminals
• Retail / Manufacturing
– Inventory, prices “management” (labeling, shelf audits, updates), customer aid
for shopping lists, POS/cash register downloads
• Hotels
– Seamless connectivity for guest rooms and meeting rooms
• Public Access Points 15
DYU
CSIE
802.11 WLAN Architecture
S. T. LIANG
infrastructure
network
AP: Access Point
AP
AP wired network
AP
ad-hoc network
16
DYU
CSIE
802.11 Infrastructure Network
S. T. LIANG
•Station (STA)
802.11 LAN – terminal with access mechanisms to
802.x LAN
the wireless medium and radio contact
to the access point
STA1
BSS1
•Basic Service Set (BSS)
Portal – group of stations using the same radio
Access
Point frequency
•Access Point
Distribution System
– station integrated into the wireless LAN
Access and the distribution system
ESS Point
•Portal
BSS2 – bridge to other (wired) networks
•Distribution System
– interconnection network to form one
logical network (EES: Extended
STA2 STA3
802.11 LAN Service Set) based
on several BSS 17
DYU
CSIE
802.11 Ad-hoc Network
S. T. LIANG
STA5
802.11 LAN
18
DYU
CSIE
Services specified by IEEE 802.11
S. T. LIANG
19
DYU
CSIE
Services specified by IEEE 802.11
S. T. LIANG
20
DYU
CSIE
Services specified by IEEE 802.11
S. T. LIANG
– Re-association
– Distribution
– Integration
21
DYU
CSIE
Services specified by IEEE 802.11
S. T. LIANG
22
DYU
CSIE
Services specified by IEEE 802.11
S. T. LIANG
23
DYU
CSIE
Services specified by IEEE 802.11
S. T. LIANG
24
DYU
CSIE
Services specified by IEEE 802.11
S. T. LIANG
25
DYU
CSIE
Services specified by IEEE 802.11
S. T. LIANG
26
DYU
CSIE
Services specified by IEEE 802.11
S. T. LIANG
27
DYU
CSIE
Services specified by IEEE 802.11
S. T. LIANG
28
DYU
CSIE
Relationships between Services
S. T. LIANG
• A STA keeps two state variables for each STA with which direct
communication via the WM is needed:
– Authentication state
– Association state
• The current state existing between the source and destination
station determine the IEEE 802.11 frame types that may be
exchanged between that pair of STAs
state
authentication association
state
STA0 v
authentication association STA1
STA1 v
STA2 v v state
authentication association
STA0 v v
STA0 (AP) STA2
29
DYU
CSIE
Relationships between Services
S. T. LIANG
Unauthenticated,
Management Probe request/response, Frames
Unassociated
frames Beacon, Authentication,
Deauthentication, ATIM Successful De-Authentication
Data frames ad-hoc transfer only Authentication Notification
Class 1&2 State 2:
Management Association Authenticated,
Frames
Class 2
30
DYU
CSIE
Services Invoked for a Mobile Station
S. T. LIANG
f
Move
a c
e AP 3
b a. As the station find AP1, it will authenticate and
associate with AP1.
AP 2 b. As the station moves, it may pre-authenticate
AP 1 with AP2
d c. Station may re-associate with AP2
d. The re-association would cause AP2 to notify AP1
of new location of the station
back e. AP2 is disassociated with station
f. The station would need to find AP3 and
authenticate and associate with AP3 31
DYU
CSIE
S. T. LIANG
DYU
CSIE
S. T. LIANG
32
DYU
CSIE
Outline
S. T. LIANG
33
DYU
CSIE MAC sublayer and OSI reference model
S. T. LIANG
Network layer
LLC 802.2 logical link control
802.3 802.5 802.11
Other Data Link layer
MAC CSMA- token wireless
LANs
CD ring LANs
35
DYU
CSIE MAC Architecture
S. T. LIANG
Point Coordination
Function (PCF)
MAC
Extent Distribution Coordination Function
(DCF)
Physical
36
DYU
CSIE DCF
S. T. LIANG
• CSMA/CA
• Error Recovery Mechanisms
• DCF Access Procedure
37
DYU
CSIE CSMA/CA
S. T. LIANG
The frame from STA1 to STA2 can be corrupted by a transmission initiated by STA3.
The STA3 did not know the ongoing transmission from STA1 to STA2
38
DYU
CSIE CSMA/CA
S. T. LIANG
RTS
39
DYU
CSIE CSMA/CA
S. T. LIANG
• MAC-Level Acknowledgement
– Wireless media are noisy and unreliable
– The source needs to make sure the frame has
been correctly received by the destination
– If the source does not receive the ACK, the
source will retransmit the frame
40
DYU
CSIE CSMA/CA
S. T. LIANG
Collision
CTS Protect!!
who protect me?
(size is the key!!)
Data
ACK
41
DYU
CSIE CSMA/CA
S. T. LIANG
42
DYU
CSIE CSMA/CA
S. T. LIANG
43
DYU
CSIE CSMA/CA
S. T. LIANG
46
DYU
CSIE DCF Access procedure
S. T. LIANG
47
DYU
CSIE DCF Access procedure
S. T. LIANG
Slot Time
48
DYU
CSIE DCF Access procedure
S. T. LIANG
c After MSDU arriving at MAC, STA 3 senses medium free for DIFS, so it initiates transmission
immediately without backoff interval
d For STA 1,2, and 4, their DIFS intervals are interrupted by STA 3. Thus, the backoff
Intervals for STA 1, 2, and 4, are generated randomly (e.g., 12, 5, and 9, respectively)
e After transmission of STA 2, the remaining backoff interval of STA 1 is (12-5) = 7.
f After transmission of STA 2, the remaining backoff interval of STA 4 is (9-5) = 4.
g After transmission of STA 4, the remaining backoff interval of STA1 is (7-4) = 3. 49
DYU
CSIE DCF Access procedure
S. T. LIANG
STA 1 busy
backoff=5 backoff=20 g backoff=16
busy
STA 2
DIFS c
busy e
STA 3
backoff=5 backoff=18 backoff=14
busy busy
STA 4
c STA 3 senses medium free for DIFS and initiates transmission immediately
d For STA 1,2, and 4, their DIFS intervals are interrupted by STA 3. Thus, the backoff
Intervals for station 1, 2, and 4, are generated randomly (e.g., 9, 5, and 5, respectively)
e Collision occurs between STA 2 and 4.
f After the collision of STA 2 and 4, the remaining backoff interval of station 1 is (9-5) = 4.
g The backoff Intervals for retransmission of STA 2, and 4, are generated randomly (e.g.,
20 and 18, respectively). (tend to be larger the initial attempt) 50
DYU
CSIE PCF
S. T. LIANG
• PCF operation
– Priority-based access for providing contention-free
transmission
– The Point coordinator (PC; always located in AP)
takes control the medium
• Stations request PC to join the polling list
• The PCF uses the PIFS (<DIFS) to seize control of the
medium and then begins a contention-free period (CFP)
• PC regularly polls the stations for traffic via the CF-poll
frame
51
DYU
CSIE PCF
S. T. LIANG
• PCF operation
– At the beginning of CFP, PC sends Beacon frame
– Beacon includes CF parameters
(CFPMaxDuration: length of CF period)
– All stations receive Beacon
• Update NAV with the CFPMaxDuration
• Cannot access the medium until contention-free period end
– PC transmits the CF-End frame to announce the end
of CFP
– All stations receive the CF-END frame reset their
NAVs
52
DYU
CSIE PCF
S. T. LIANG
53
DYU
CSIE PCF
S. T. LIANG
NAV
55
DYU
CSIE MAC Frames
S. T. LIANG
56
DYU
CSIE
General Frame Format
S. T. LIANG
Upper layer data
• NAV information
• 2048 byte max
Or
• 256 upper layer header
• Short Id for PS-Poll
2 2 4 1 1 1 1 1 1 1 1
Protocol To From More Pwr More
type subtype retry WEP order
version DS DS frag mgt data
• More data
– It is set to “1” when there is at least one frame buffered at the AP
for the mobile station.
– During the CFP, station (which is polled by the PC) can use this
field to inform the PC that there is at least one additional frame
available for transmission in response to a CF-Poll.
– This field is set to 1 in broadcast/multicast frames transmitted by
the AP when additional broadcast/multicast frames remain to be
sent by the AP.
• Order
– It is set to one when the content of the data frame was provide to
the MAC with a request for strictly ordered service.
60
DYU
CSIE
Address Fields
S. T. LIANG
61
DYU
CSIE
Address Field Contents
S. T. LIANG
62
DYU
CSIE Example of End-to-End frame exchange
S. T. LIANG
Wireless DS
AP1 AP2
d
c e
63
DYU
CSIE Duration/ID
S. T. LIANG
12 bits 4 bits
66
DYU
CSIE
Format of Individual Control Frame
S. T. LIANG
67
DYU
CSIE
Format of Individual Control Frame
S. T. LIANG
– CTS 2 2 6 6 4
Frame
– ACK PS-Poll
control
AID BSSID TA FCS
– PS-Poll SIFS
70
DYU
CSIE
Format of Data Frame
S. T. LIANG
71
DYU
CSIE Transmission of MPDU
S. T. LIANG
DIFS
Source data
SIFS
Destination ACK
DIFS
other data
stations t
NAV(data)
contention
Defer Access
Duration=0 →reset NAV
72
DYU
CSIE Transmission of MPDU
S. T. LIANG
73
DYU
CSIE Transmission of MPDU
S. T. LIANG
Destination
Duration=0 → reset NAV
NAV (RTS)
Other stations NAV (CTS)
NAV (Frag 1)
NAV (ACK 1)
NAV(Frag2)
74
DYU
CSIE
S. T. LIANG
DYU
CSIE
S. T. LIANG
75
DYU
CSIE
Outline
S. T. LIANG
76
DYU
CSIE
Why MAC Management ?
S. T. LIANG
77
DYU
CSIE
MAC Management Frames
S. T. LIANG
78
DYU
CSIE Management Frame Body Components
S. T. LIANG
• Authentication
• Privacy (WEP)
• Association and Reassociation
• Synchronization
• Power Management
80
DYU
CSIE Authentication
S. T. LIANG
81
DYU
CSIE Authentication
S. T. LIANG
Requester Responder
Authentication frame
Authentication Algorithm ID=“Open System”; sequence#=1
Authentication frame
Authentication ID=“Open System”; sequence#=2; authentication result
82
DYU
CSIE Authentication
S. T. LIANG
Requester Responder
Authentication frame
Authentication ID=“shared key”; sequence#=1
Authentication frame
Authentication ID=“shared key”; sequence#=2; challenge text
Authentication frame
Authentication ID=“shared key”; sequence#=3; encrypted challenge text
Authentication frame
Authentication ID=“shared key”; sequence#=4; authentication result
83
DYU
CSIE Authentication
S. T. LIANG
• Pre-authentication
– Authentication is required before an association
can be establish
– The use of preauthentication takes the
authentication service overhead out of the time-
critical reassociation process
– A station may authenticate with many stations
– Authentication is initial by Mobile stations
– Rogue AP may adopt the SSID of the ESS and
cause the near mobile stations get a DoS attack
84
Authentication
DYU
CSIE
S. T. LIANG
status Meaning
• Authentication Frame 0 Successful
Body 1 Unspecified failure
2-9 Reserved
Order Information 10 Cannot support all requested capabilities in the
capability information field
1 Authentication algorithm
11 Reassociation denied due to inability to confirm
number (FF) that association algorithm
2 Authentication transaction 13 Responding station does not support the
specified authentication algorithm
sequence number (FF)
15 Authentication rejected because of challenge
3 Status code (FF) failure
16 Authentication rejected due to timeout waiting for
4 Challenge text (IE) next frame in sequence
17 Association denied because AP is unable
to handle additional associated stations
18 Association denied due to requesting
station not supporting all of the data rates
in the BSSBasicRateSet parameter
19 -- Reserved
86
Authentication
DYU
CSIE
S. T. LIANG
Encrypted
IV MSDU ICV
Bytes 4 1-2304 4
Initialization Key
Pad
Vector ID
Bits 24 6 2
ICV: Integrity Check Value
(ICV=CRC32(MSDU))
88
DYU
CSIE WEP Privacy
S. T. LIANG
• Encryption
IV
Initialization
Vector (IV) Seed Key Sequence
|| WEP
Secret Key PRNG Ciphertext
Plaintext
||
Integrity Algorithm
ICV message
89
DYU
CSIE WEP Privacy
S. T. LIANG
• Decryption
Secret Key Seed WEP Key Sequence
|| PRNG
IV
Ciphertext
message Plaintext
Integrity Algorithm
ICV’
ICV=ICV’ ?
ICV
90
DYU
WEP Privacy
CSIE
S. T. LIANG
91
DYU
WEP Privacy
CSIE
S. T. LIANG
92
DYU
CSIE Assocation
S. T. LIANG
• Association Request
– To be associated with an AP, after authenticated, a
STA initiates an association request (from the station)
including in it its “capabilities” information:
• Data rates, high rate PHY options; contention-free capabilities,
support of WEP and any request for contention-free service.
• The length of time in a low power operating mode.
– AP will decide whether to grant the request
• Policies and algorithms are not part of the standard.
• EX: long periods in low power operation may need excessive
buffer commitments from AP.
• Load balancing factors and availability of other APs nearby
93
DYU
CSIE Assocation
S. T. LIANG
4 Supported rates (IE; ID=1) •Indicates the identity of an ESS (or IBSS)
•A 0 length SSID → the broadcast SSID
The AID field is a value assigned 18 Association denied due to requesting station
by an AP during association that not supporting all of the data rates in the
BSSBasicRateSet parameter
represents the 16-bit ID of a STA
19 -- Reserved 97
DYU
CSIE Association
S. T. LIANG
• Association Response
Frame Body
•Indicates the supported rates in 1-8
Order Information otects each describes a single
supported rate in unit of 500k bps
1 Capability Information (FF)
•msb is set to
2 Status code (FF) •1, if the supported rate belongs to
(2 octects long) the BSSBasicRateSet
•0, otherwise
3 Association ID (AID) (IE)
BSSBassicRateSet:
•Set of integers, each in [2,127]
•Set of data rates (in units of 500kbps) that
must be supported by all STAs to join this BSS
98
DYU
CSIE Reassociation
S. T. LIANG
• Reassociation Request
– Used when a STA is moving from the
coverage of an AP to that of a new AP
• Lose contact with the old AP
• Initiate a new association (Reassociation) with
the new AP
– Provides information to DS about the location of the
STA
– Provides also the address of the old AP for the
termination of association with the old AP when the
reassociation is granted
99
DYU
CSIE Reassociation
S. T. LIANG
Order Information
1 Capability Information (FF)
100
DYU
Reassociation
CSIE
S. T. LIANG status Meaning
0 Successful
• Ressociation 1 Unspecified failure
Response Frame Body 2-9 Reserved
– Format is identical to the 10 Cannot support all requested
Association Response frame capabilities in the capability
information field
Order Information
11 Reassociation denied due to inability
1 Capability Information (FF) to confirm that association algorithm
13 Responding station does not support the specified
2 Status code (FF) authentication algorithm
15 Authentication rejected because of challenge failure
3 Association ID (AID) (IE) 16 Authentication rejected due to timeout waiting for
next frame in sequence
4 Supported rates (IE) 17 Association denied because AP is unable to handle
additional associated stations
18 Association denied due to requesting station not
supporting all of the data rates in the
BSSBasicRateSet parameter
19 -- Reserved
101
DYU
CSIE Power Management
S. T. LIANG
102
DYU
Power Management
CSIE
S. T. LIANG
104
DYU
CSIE Power Management
S. T. LIANG
• Beacon Frame
•Indicate Body
the •Indicate the •Up to 2008 bits,
number of number of beacon B1 - B2007 are the
beacon intervals intervals between buffered traffic
Order Information indicators for
before the next successive DTIM
1 Timestamp
DTIM(FF) AID=1- 2007
2 Beacon interval (FF) Partial
Element DTIM DTIM Bitmap
3 Capability (IE)ID=5 Length Count Period Control
Virtual
Bitmap
4 SSID (IE; ID=0)
Octects 1 1 1 1 1 1-251
5 Supported rates (IE; ID=1)
•Buffered traffic indicator for AID=0 Traffic Bitmap
6 FH Parameter Set (IE; ID=2) Indicator Offset
•Set when TDIMCount=0 and there
7 are buffered
DS Parameter Setor
multicast (IE; ID=3)
broadcast B0 B1 – B7
8 frames
CF Parameter Set (IE; ID=4)
•Word offset of the Partial
9 IBSS Parameter Set (IE; ID=6) virtual bitmap to indicate
10 TIM (IE; ID=5) the leading zero words
105
DYU
Power Management
CSIE
S. T. LIANG
106
DYU
CSIE Power Management
S. T. LIANG
Beacon
AP p
DTIM Broadcast
TIM Unicast
MH in active
mode Active
q r s
MH in PS
mode oPS-poll
107
DYU
CSIE Power Management
S. T. LIANG
108
DYU
CSIE Power Management
S. T. LIANG
109
DYU
CSIE Power Management
S. T. LIANG
110
DYU
CSIE Power Management
S. T. LIANG
Beacon
Active
MH A
ATIM-ACK ACK
MH B
111
DYU
CSIE
S. T. LIANG
112
DYU
CSIE
Outline
S. T. LIANG
113
DYU
CSIE Problems of Lagacy MAC
S. T. LIANG
PC PC
CF-Poll
Data
Data
Data
Collision
STA1 STA3 STA4
BSS1 BSS2
114
DYU
CSIE Characteristics of 802.11e
S. T. LIANG
115
DYU
CSIE Characteristics of 802.11e
S. T. LIANG
• Traffic ID (TID)
– Equal to the parameter value provided at the MAC
SAP
– 16 possible TID values
• 8 for traffic categories (TCs)
• 8 for traffic stream identifier (TSIDs)
– TID value is carried in each QoS data frame as part of
QoS Control field in the MAC header
116
DYU
CSIE Characteristics of 802.11e
S. T. LIANG
117
DYU
CSIE Characteristics of 802.11e
S. T. LIANG
118
DYU
CSIE EDCF
S. T. LIANG
AIFS(TC)
AIFS(TC) Low backoff
AIFS(TC) Priority TC
PIFS Medium
backoff
Priority TC
SIFS SIFS
High
Ack Priority TC
RTS
DATA CTS time
Contention Window SIFS
(Counted in slots)
119
DYU
CSIE EDCF
S. T. LIANG
Scheduler
Virtual Collision Handler
Transmission Transmission
attempt attempt
AIFS:Arbitration Inter-Frame Space
120
DYU
CSIE EDCF
S. T. LIANG
121
DYU
CSIE HCF
S. T. LIANG
TXOP TXOP
122
DYU
CSIE HCF
S. T. LIANG
• Polled TXOP
– QoS CF-Poll specifies the polled TXOPLimit
– During a polled TXOP, the TXOP holder can
determine whatever frames to send
– NAV protects a polled TXOP
SIFS
Slot
Time
HC or AP QoS CF-Poll TXOP granted by QoS CF-Poll
ACK 1 ACK 2
123
DYU
CSIE HCF
S. T. LIANG
• Implementation-dependent issues
– HC scheduling: mixture of downlink and
polled TXOP scheduling
– QSTA scheduling: during a polled TXOP,
schedule frame transmission
– Admission control by HC: to decide whether
to admit a TS or not
124
DYU
CSIE
S. T. LIANG
125
DYU
CSIE
Outline
S. T. LIANG
• Why IAPP ?
• 802.1D implementations of IAPP
• 802.11f IAPP
• Operation of 802.11f IAPP
• RADIUS Protocol Usage
• IAPP Packet Format
• Roaming in 802.11f IAPP
126
DYU
CSIE
Why IAPP?
S. T. LIANG
802.11 LAN
802.11 LAN
STA4 • IEEE 802.11 does not specify
STA1 DS implementations
BSS1 BSS3
• A number of implementation
Access Access
Point Point approaches cause Physical
AP devices are unlikely to
Distribution System
interoperate across a DS
Access
ESS Point • IAPP aims at providing the
achievement of multi-vendor
BSS2
Access Point interoperability
within the DS
AP z
(3) MOVE-notify
(s,x,y) Bridged LAN
(4) MOVE-response
(5) Layer 2 update (s,x,y)
AP y AP x
(2) reassociation(s, x)
s s
(1) move
128
DYU
CSIE
802.1D implementations of IAPP
S. T. LIANG
• Advantages
– less protocol overhead
• IAPP PDU exchanges remain in layer 2
– Possible to combine the Move-notify and the layer 2
update frame as a single frame
• Disadvantages
– Cannot support the cross-network roaming even
when the network layer roaming is implemented, or
– The enforcement in 802.11 that a STA is restricted
to have a single association at a given time is
violated.
129
DYU
CSIE
802.1D implementations of IAPP
S. T. LIANG
COLCOL
SWITCH 131415161718192021222324 13 14 15 16 17 18 19 20 21 22 23 24
Router
To other
layer 2 PWR
10M100M
ACTACT
COLCOL
SWITCH
1 23456 789101112
131415161718192021222324
1 2 3
13 14 15 16
4 5 6 7
17 18 19 20
8 9 10 11 12
21 22 23 24
UPLINK
COLCOL
SWITCH
1 23456 789101112
131415161718192021222324
1 2 3
13 14 15 16
4 5 6 7
17 18 19 20
8 9 10 11 12
21 22 23 24
UPLINK
devices
1 234 56 789101112 1 2 3 4 5 6 7 8 9 10 11 12
10M100M
ACTACT
PWR UPLINK
COLCOL
SWITCH 131415161718192021222324 13 14 15 16 17 18 19 20 21 22 23 24
1 234 56 789101112 1 2 3 4 5 6 7 8 9 10 11 12
10M100M
ACTACT
PWR UPLINK
COLCOL
SWITCH 131415161718192021222324 13 14 15 16 17 18 19 20 21 22 23 24
130
DYU
CSIE
802.11f IAPP
S. T. LIANG
131
DYU
CSIE
802.11f IAPP
S. T. LIANG
132
DYU
CSIE
802.11f IAPP
S. T. LIANG
133
DYU
CSIE
802.11f IAPP
S. T. LIANG
134
DYU
CSIE
802.11f IAPP
S. T. LIANG
135
DYU
CSIE
802.11f IAPP
S. T. LIANG
137
DYU
CSIE
802.11f IAPP
S. T. LIANG
138
DYU
CSIE
Operation of 802.11f IAPP
S. T. LIANG
139
DYU
CSIE IAPP Initiation
S. T. LIANG
MLME-RESET.request
MLME-RESET.confirm
IAPP-INITIATE.request
Send INITIATE-REQUEST
RADIUS Exchange
RADIUS Exchange
Recv INITIATE-ACCEPT
Open TCP/UDP Ports for IAPP
TCP/UDP Ports Opened for IAPP
IAPP-INITIATE.confirm
MLME-START.request (Status=SUCCESSFUL)
MLME-START.confirm
140
DYU
CSIE IAPP Initiation
S. T. LIANG
MLME-RESET.request
MLME-RESET.confirm
IAPP-INITIATE.request
Send INITIATE-REQUEST
RADIUS Exchange
RADIUS Exchange
Recv INITIATE-REJECT
IAPP-INITIATE.confirm
(Status=FAILURE)
141
DYU
CSIE IAPP Initiation
S. T. LIANG
MLME-RESET.request
MLME-RESET.confirm
IAPP-INITIATE.request
IAPP-INITIATE.confirm
(Status=RUNNING)
142
DYU
CSIE IAPP Termination
S. T. LIANG
143
DYU
CSIE
IAPP-ADD.request Sequence
S. T. LIANG
144
DYU
CSIE
IAPP-ADD.request Sequence
S. T. LIANG
Send Layer 2
Update Frame
(confirm)
Send ADD-
notify packet
(confirm)
IAPP-ADD.confirm Transport ADD-notify
(Status= packet to peer If station is shown
SUCCESSFUL) Arrival of ADD as being
-notify packet associated at
IAPP-ADD. the peer AP
indication
MLME-
DISASSOCIATE
.request
MLME-
DISASSOCIATE
.confirm
145
DYU
CSIE
IAPP-ADD.request Sequence
S. T. LIANG
Send Layer 2
Update Frame
Send ADD-
notify packet
IAPP-ADD.confirm Transport ADD-notify
(Status= packet to peer
Arrival of ADD
SUCCESSFUL) If station is shown
-notify packet IAPP-ADD. as being associated
indication at the peer AP with
IAPP-ADD.reques a newer sequence
t number
Send layer 2
Update Frame
Send ADD-
notify packet
Transport ADD-notify IAPP-ADD.confirm
packet to peer (Status=
Arrival of ADD
SUCCESSFUL)
IAPP-ADD -notify packet
MLME- .indication
DISASSOCIATE
.request
MLME-
DISASSOCIATE
.confirm 146
DYU
CSIE
IAPP-ADD.request Sequence
S. T. LIANG
• STA association – timeout
Local MLME Local APME Local IAPP Local TCP/UDP Peer TCP/UDP Peer IAPP Peer APME Peer MLME
MLME-ASSOCIATE
.indication
Start confirm
IAPP-ADD.request timeout
Send Layer 2
Update Frame
(confirm)
Send ADD-
notify packet
IAPP-ADD.confirm
(Status=
(confirm)
MLME- TIMEOUT)
Transport ADD-notify
DISASSOCIATE
packet to peer
.request If station is shown
Arrival of ADD as being associated
MLME-
-notify packet at the peer AP with
DISASSOCIATE
.confirm IAPP-ADD. older sequence
indication number
MLME-
DISASSOCIATE
.request
MLME-
DISASSOCIATE
.confirm
147
DYU
CSIE
IAPP-ADD.request Sequence
S. T. LIANG
Send Layer 2
Update Frame
Send ADD-notify
MLME- packet
IAPP-Add.confirm
DISASSOCIATE (Status=FAIL)
.request
MLME-
DISASSOCIATE
.confirm
148
DYU
CSIE
IAPP-MOVE.request Sequence
S. T. LIANG
149
DYU
CSIE
IAPP-MOVE.request Sequence
S. T. LIANG
• Normal STA reassociation
Local MLME Local APME Local IAPP Local TCP/UDP RADIUS Client
MLME- Start confirm
REASSOCIATE timeout
.indication IAPP-MOVE
.request
Send ACCESS-REQUEST packet or
translate Old AP MAC address to
DSM IP address locally
Receive ACCESS-ACCEPT packet or
return local translation of Old AP
MAC address to DSM IP address
Send Move- Peer TCP/UDP Peer IAPP Peer APME Peer MLME
notify packet If station is shown
Transport Move-notify as being associated
packet to peer Arrival of Move at the peer AP with
-notify packet older sequence
IAPP-MOVE number
.indication
IAPP-MOVE MLME-
.response DISASSOCIATE
(Status= .request
SUCCESSFUL) MLME-
Send Move- DISASSOCIATE
Transport Move- response packet .confirm
response packet
Arrival of Move-
to peer
IAPP-MOVE response packet
.confirm
(Status=
SUCCESSFUL) Send Layer 2
Update Frame
150
DYU
CSIE
IAPP-MOVE.request Sequence
S. T. LIANG
• STA reassociation – stale move
Local MLME Local APME Local IAPP Local TCP/UDP RADIUS Client
Start confirm
MLME-
timeout
REASSOCIATE
.indication IAPP-MOVE
.request
Send ACCESS-REQUEST packet or
translate Old AP MAC address to
DSM IP address locally
Receive ACCESS-ACCEPT packet or
return local translation of Old AP
MAC address to DSM IP address
Send Move- Peer TCP/UDP Peer IAPP Peer APME Peer MLME
notify packet
Transport Move-notify
packet to peer Arrival of Move
-notify packet
IAPP-MOVE If station is shown
.indication as being associated
IAPP-MOVE at the peer AP with
.response a more recent
(Status=STALE sequence number
Send Move-
MOVE)
Transport Move- response packet
response packet
Arrival of Move-
to peer
IAPP-MOVE response packet
.confirm
MLME- (Status=STALE
DISASSOCIATE MOVE)
.request
MLME-
DISASSOCIATE
.confirm 151
DYU
CSIE
IAPP-MOVE.request Sequence
S. T. LIANG
• STA reassociation – move denied
Local MLME Local APME Local IAPP Local TCP/UDP RADIUS Client
Start confirm
MLME-
timeout
REASSOCIATE
.indication IAPP-MOVE
.request
Send ACCESS-REQUEST packet or
translate Old AP MAC address to
DSM IP address locally
Receive ACCESS-ACCEPT packet or
return local translation of Old AP
MAC address to DSM IP address
Send Move- Peer TCP/UDP Peer IAPP Peer APME Peer MLME
notify packet
Transport Move-notify
packet to peer Arrival of Move
-notify packet
IAPP-MOVE
.indication
IAPP-MOVE
.response
(Status=MOVE
Send Move-
DENIED)
Transport Move- response packet
response packet
Arrival of Move-
to peer
IAPP-MOVE response packet
.confirm
MLME- (Status=MOVE
DISASSOCIATE DENIED)
.request
MLME-
DISASSOCIATE
.confirm 152
DYU
CSIE
IAPP-MOVE.request Sequence
S. T. LIANG
154
DYU
CSIE IAPP-CACHE-NOTIFY.request Sequence
S. T. LIANG
155
DYU
CSIE IAPP-CACHE-NOTIFY.request Sequence
S. T. LIANG
• neighbor graph
– A neighbor graph is the set of neighbors relative
to a given AP
– This set is kept by an AP for quickly identifying
the neighbors
– It may be dynamically learned and cached by
using proactive cache algorithm
156
DYU
CSIE IAPP-CACHE-NOTIFY.request Sequence
S. T. LIANG
Local MLME Local APME Local IAPP Local TCP/UDP Peer TCP/UDP Peer IAPP Peer APME Peer MLME
158
DYU
CSIE STA Reassociation Using Cache
S. T. LIANG
Local MLME Local APME Local IAPP Local TCP/UDP Peer TCP/UDP Peer IAPP Peer APME
MLME- On cache hit for
REASSOCIATE reassociating STA
.indication IAPP-CACHE-
Send Layer 2
NOTIFT.request
Update Frame
Send CACHE-
Transport CACHE
notify packet Recv. CACHE
-notify packet IAPP-CACHE-
-notify packet
NOTIFY.indication
IAPP-CACHE-
Send CACHE-
Transport CACHE- NOTIFY.response
Recv. CACHE- response packet
IAPP-CACHE- response packet
response packet
NOTIFY.confirm
IAPP-MOVE Start confirm RADIUS Client
.requests timeout
Send ACCESS-REQUEST packet or
translate Old AP MAC address to
DSM IP address locally
Receive ACCESS-ACCEPT packet or
return local translation of Old AP
MAC address to DSM IP address If station is shown
as being associated
Cache hit Send Move-
notify packet
Peer TCP/UDP
Transport Move-notify
Arrival of Move
at the peer AP with
older sequence
packet to peer IAPP-MOVE number
-notify packet
.indication
IAPP-MOVE MLME-
.response DISASSOCIATE
(Status= .request
SUCCESSFUL) MLME-
Send Move- DISASSOCIATE
Transport Move-
Arrival of Move- response packet .confirm
IAPP-MOVE response packet
response packet
.confirm to peer
(Status=
SUCCESSFUL) Send Layer 2 159
Update Frame
DYU
CSIE
STA Reassociation Using Cache
Local MLME Local APME Local IAPP Local TCP/UDP RADIUS Client
S. T. LIANG
MLME- Start confirm
REASSOCIATE timeout
.indication IAPP-MOVE
.request
Send ACCESS-REQUEST packet or
translate Old AP MAC address to
DSM IP address locally
Receive ACCESS-ACCEPT packet or
return local translation of Old AP
MAC address to DSM IP address
Send Move- Peer TCP/UDP Peer IAPP Peer APME Peer MLME
notify packet
Transport Move-notify If station is shown
packet to peer Arrival of Move as being associated
-notify packet at the peer AP with
IAPP-MOVE older sequence
Cache miss .indication
IAPP-MOVE
number
MLME-
.response DISASSOCIATE
(Status= .request
SUCCESSFUL) MLME-
Send Move- DISASSOCIATE
Transport Move-
Arrival of Move- response packet .confirm
IAPP-MOVE response packet
response packet
.confirm to peer
(Status=
SUCCESSFUL) Send Layer 2
IAPP-CACHE- Update Frame
NOTIFY.request Send Layer 2
Update Frame
Send CACHE-
Transport CACHE
notify packet Recv. CACHE
-notify packet IAPP-CACHE-
-notify packet
NOTIFY.indication
IAPP-CACHE-
Send CACHE-
Transport CACHE- NOTIFY.response
Recv. CACHE- response packet
IAPP-CACHE-
response packet
response packet 160
NOTIFY.confirm
DYU
CSIE RADIUS Protocol Usage
S. T. LIANG
161
DYU
CSIE RADIUS Protocol Exchange
S. T. LIANG
RADIUS RADIUS
APME IAPP
Client Server
IAPP-INITIATE.request
RADIUS Registration Access-Request
IAPP-MOVE.request
RADIUS Access-Request
RADIUS Access-Accept
∙
•Confirms the ESS membership of Old BSSID
∙
•Provides both the old and new AP with appropriate security
∙
information for establishing a secure communication channel 162
DYU
CSIE RADIUS Protocol Usage
S. T. LIANG
ESS-Old-ESP-Transform- The ESP Transform key that can be used to decrypt ADD-
26-13277-9
Key Notify packets when receiving, if the New-ESP-Transform-
Key does not work
27 Session-Timeout Number of seconds until the AP should reissue the Registration Access-
Request packet to the RADIUS Server to obtain new keying information
80 Message-Authenticator The RADIUS message’s authenticator 164
DYU
CSIE RADIUS Protocol Usage
S. T. LIANG
Old BSSID. The Old BSSID should be represented in ASCII format, with octet values
1 User-Name
separated by a "-". Example: "00-10-A4-23-19-C0".
2 User-Password NULL
NAS-IP-Address
4 New AP’s IP Address
(optional)
6 Service-Type IAPP-AP-Check (16)
26 Vendor-Specific The following IEEE 802.11 vendor-specific attributes:
IAPP-Liveliness- A32-byte nonce used to ensure liveliness of the secure IAPP traffic. This attribute should not
26-13277-1
Nonce (optional) be included if secure IAPP communications are not required by the AP.
The WM MAC Address of the new BSSID with which the STA is reassociating, in ASCII
format, with octet values separated by a "-". Example: "00-10-A4-23-19-C0". The
30 Called-Station-Id
SSID should be appended to the WM MAC address, separated from the MAC
address with a ":". Example "00-10-A4-23-19-C0:Company WLAN".
NAS-Identifier
32 New BSSID’s NAS Identifier
(optional)
61 NAS-Port-Type IAPP (25)
Message-
80
Authenticator
The RADIUS message’s authenticator 165
DYU
CSIE RADIUS Protocol Usage
S. T. LIANG
• Upon receipt of an Access-Request form the New BSSID, If the RADIUS server
verifies the old AP is a valid member of the ESS, RADIUS Access-Accept is
responded
Attribute
Attribute Name Value
Number
1 User-Name Old BSSID
8 Framed-IP-Address Old BSSID’s IP Address
The following IEEE 802.11 vendor-specific
26 Vendor-Specific
attributes:
Security Block encrypted using new BSSID’s
New-BSSID-Security-Block
26-13277-2 user-password, to be decrypted and
(optional)
used by the new BSSID
Security Block encrypted using old BSSID’s
Old-BSSID-Security-Block user-password, to be sent via IAPP from
26-13277-3
(optional) the new BSSID to the old BSSID, and
decrypted and used by the old BSSID
80 Message-Authenticator The RADIUS message’s authenticator
166
DYU
CSIE RADIUS Protocol Usage
S. T. LIANG
Old- RADIUS
BSSID- server
4 Security
Old- -Block
BSSID-
Security Old AP Old- New-
-Block 3 copy 1
BSSID- BSSID-
Security Security-
6 Verify -Block Block
5
New AP
New- 2
BSSID-
Security
-Block
167
DYU
CSIE IAPP Packet Format
S. T. LIANG
• ADD-notify packet
– Be sent to the IAPP IP multicast address via UDP (224.0.1.178)
– Reach every device on the DSM local subnet
IAPP Command
Identifier Length Data
Version =0
Octets: 1 1 2 2 0-n
Address Sequence
Reserved MAC Address
Length Number
Octets: 1 1 n=Address Length 2
XID
MAC DA MAC SA Length DSAP SSAP Control Information
Field
Octets: 6 6 2 1 1 1 3
170
DYU
CSIE IAPP Packet Format
S. T. LIANG
• MOVE-notify Packet
– Be sent from the AP directly to the old associated AP via TCP
IAPP Command
Identifier Length Data
Version =1
Octets: 1 1 2 2 0-n
Length of
Address MAC Sequence
Reserved Context Context Block
Length Address Number
Block
n = Address m = Length of
Octets: 1 1 2 2
Length Context Block
• MOVE-response Packet
– Be sent in response to MOVE-notify by TCP
IAPP Command
Identifier Length Data
Version =2
Octets: 1 1 2 2 0-n
Address Sequence Length of
Status MAC Address Context Block
Length Number Context Block
n = Address m = Length of
Octets: 1 1 2 2
Length Context Block
• CACHE-notify Packet
– Be sent to neighboring AP in anticipation of reassociation by TCP
IAPP Command
Identifier Length Data
Version =5
Octets: 1 1 2 2 0-n
n = Address m = Length of
Octets: 1 1 2 n 2 2
Length Context Block
• CACHE-response Packet
– Be sent in response to CACHE-notify by TCP
IAPP Command
Identifier Length Data
Version =6
Octets: 1 1 2 2 0-n
Status Definition
Value
0 Successful
1 Stale Cache
2-255 Reserved
174
DYU
CSIE IAPP Packet Format
S. T. LIANG
• Send-Security-Block packet
– Be sent directly from the AP to old previously associated AP via TCP
IAPP Command
Identifier Length Data
Version =3
Octets: 1 1 2 2 0-n
Initialization Vector Length of Security Block Security Block
Octets:8 2 m = Length of Security Block
• ACK-Security-Block packet
– Be sent directly from the old AP to the new AP via TCP
IAPP Command
Identifier Length Data
Version =4
Octets: 1 1 2 2 0-n
An 8-byte value copied Initialization New-AP-ACK-
from the Data/Time Vector Authenticator
stamp Octets: 8 48
176
DYU
CSIE Roaming in 802.11f IAPP
S. T. LIANG
• Reassociation
MOVE-notify can pass
Layer-2 update frame blocked
123456789101112 1 2 3 4 5 6 7 8 9 10 11 12
10M100M
ACTACT
PWR UPLINK
COLCOL
SWITCH 131415161718192021222324 13 14 15 16 17 18 19 20 21 22 23 24
Router
To other
layer 2 PWR
10M100M
ACTACT
COLCOL
SWITCH
1 23456 789101112
131415161718192021222324
1 2 3
13 14 15 16
4 5 6 7
17 18 19 20
8 9 10 11 12
21 22 23 24
UPLINK
COLCOL
SWITCH
1 23456 789101112
131415161718192021222324
1 2 3
13 14 15 16
4 5 6 7
17 18 19 20
8 9 10 11 12
21 22 23 24
UPLINK
devices
1 234 56 789101112 1 2 3 4 5 6 7 8 9 10 11 12
10M100M
ACTACT
PWR UPLINK
COLCOL
SWITCH 131415161718192021222324 13 14 15 16 17 18 19 20 21 22 23 24
1 23456 789101112 1 2 3 4 5 6 7 8 9 10 11 12
10M100M
ACTACT
PWR UPLINK
COLCOL
SWITCH 131415161718192021222324 13 14 15 16 17 18 19 20 21 22 23 24
177
DYU
CSIE Roaming in 802.11f IAPP
S. T. LIANG
• Association
ADD-notify and Layer-2
update frame are blocked 10M100M
ACTACT
123456789101112 1 2 3 4 5 6 7 8 9 10 11 12
PWR UPLINK
COLCOL
SWITCH 131415161718192021222324 13 14 15 16 17 18 19 20 21 22 23 24
Router
To other
layer 2 PWR
10M100M
ACTACT
COLCOL
SWITCH
1 23456 789101112
131415161718192021222324
1 2 3
13 14 15 16
4 5 6 7
17 18 19 20
8 9 10 11 12
21 22 23 24
UPLINK
COLCOL
SWITCH
1 23456 789101112
131415161718192021222324
1 2 3
13 14 15 16
4 5 6 7
17 18 19 20
8 9 10 11 12
21 22 23 24
UPLINK
devices
1 234 56 789101112 1 2 3 4 5 6 7 8 9 10 11 12
10M100M
ACTACT
PWR UPLINK
COLCOL
SWITCH 131415161718192021222324 13 14 15 16 17 18 19 20 21 22 23 24
1 23456 789101112 1 2 3 4 5 6 7 8 9 10 11 12
10M100M
ACTACT
PWR UPLINK
COLCOL
SWITCH 131415161718192021222324 13 14 15 16 17 18 19 20 21 22 23 24
178
DYU
CSIE Discussion
S. T. LIANG
179
DYU
CSIE Q&A
S. T. LIANG
THANK YOU !!
180