November 2004 doc IEEE 802 11 041191 r
November 2004 doc. : IEEE 802. 11 -04/1191 r 5 AP Architecture Thoughts Mike Moreton, STMicroelectronics Submission 1 Mike Moreton, STMicroelectronics
November 2004 doc. : IEEE 802. 11 -04/1191 r 5 Introduction • 802. 11 defines terms such as “Integration Function”, “Portal”, “DSM” etc. • Definition is deliberately vague – To allow different implementations • Hence different companies have different views of what these terms actually mean – Almost any diagram is likely to be unacceptable to a majority of companies Submission 2 Mike Moreton, STMicroelectronics
November 2004 doc. : IEEE 802. 11 -04/1191 r 5 Definitions 3. 20 distribution system (DS): A system used to interconnect a set of BSSs and integrated LANs to create an ESS. 3. 21 distribution system medium (DSM): The medium or set of media used by a DS for communications between APs and portals of an ESS. 3. 25 extended service set (ESS): A set of one or more interconnected BSSs and integrated LANs that appears as a single BSS to the LLC layer at any station associated with one of those BSSs. 3. 29 integration: The service that enables delivery of MSDUs between the DS and an existing, non-IEEE 802. 11 LAN (via a portal). 3. 39 portal: The logical point at which MSDUs from a non-IEEE 802. 11 LAN enter the DS of an ESS. Submission 3 Mike Moreton, STMicroelectronics
November 2004 doc. : IEEE 802. 11 -04/1191 r 5 Position of Portal Submission 4 Mike Moreton, STMicroelectronics
November 2004 doc. : IEEE 802. 11 -04/1191 r 5 DS and Integrated LAN (1999) Integrated LAN Submission AP Non 802. 11 Endpoint BSS ESS 5 (AP STA) Portal (Integration Function) AP STA 802. 11 MAC DSM (AP STA) 802. 11 MAC DS BSS STA Mike Moreton, STMicroelectronics
November 2004 doc. : IEEE 802. 11 -04/1191 r 5 DS and Integrated LAN (1999) – missing blocks filled in STA AP DSM Portal Integrated LAN BSS ESS Submission DSM MAC Non 802. 11 Endpoint 6 (AP AP 802. 11 MAC Relay Entity 802. 11 MAC STA) DSM MAC 802. 11 MAC STA) (AP 802. 11 MAC Relay Entity DS BSS STA Mike Moreton, STMicroelectronics
November 2004 doc. : IEEE 802. 11 -04/1191 r 5 802. 1 D Architecture Submission 7 Mike Moreton, STMicroelectronics
November 2004 doc. : IEEE 802. 11 -04/1191 r 5 1999 including LLC DSM MAC AP DSM Portal DS LLC (AP STA) LLC DSM MAC 802. 11 MAC Relay Entity 802. 11 MAC AP Higher Layer Entities LLC 802. 11 MAC Relay Entity (AP STA) 802. 11 MAC LLC Higher Layer Entities Integrated LAN STA Submission BSS ESS Non 802. 11 Endpoint 8 BSS STA Mike Moreton, STMicroelectronics
November 2004 doc. : IEEE 802. 11 -04/1191 r 5 1999 with 802. X DS STA Submission Virtual Portal DS Virtual Integrated LAN BSS ESS 802. X Endpoint 9 BSS (AP STA) Frame AP Routing 802. X MAC 802. 11 MAC 802. X LAN (AP STA) 802. 11 MAC Frame Routing AP LLC 802. 11 MAC Relay Entity LLC Higher Layer Entities STA Mike Moreton, STMicroelectronics
November 2004 doc. : IEEE 802. 11 -04/1191 r 5 1999 – portal in AP Portal Frame Routing ILAN MAC AP AP Frame Routing DS (AP STA) Portal 802. 11 MAC (AP STA) Frame Routing 802. 11 MAC DS LLC 802. 11 MAC Relay Entity LLC Higher Layer Entities Integrated LAN (ILAN) STA BSS ESS Submission Non 802. 11 Endpoint 10 BSS STA Mike Moreton, STMicroelectronics
November 2004 doc. : IEEE 802. 11 -04/1191 r 5 802. 1 X Port Model (not controlled and uncontrolled!) Switch STA • 802. 1 X authenticates the device connected to a port • For 802. 3, the security association between the authentication and frames is provided by the physical limitations of the port Apologies to 802. 1 X experts for any errors… Submission 11 Mike Moreton, STMicroelectronics
November 2004 doc. : IEEE 802. 11 -04/1191 r 5 802. 1 X and Broadcast LANs • One STA authenticating doesn’t prove anything, as frames could come from another STA. Switch STA Submission STA 12 Mike Moreton, STMicroelectronics
November 2004 doc. : IEEE 802. 11 -04/1191 r 5 802. 1 X and 802. 11 i Switch STA Submission STA • Use encryption with pairwise key to create virtual links between the switch and a single STA. • As long as encryption is enabled before controlled port is enabled, can’t “steal” someone else’s authentication. • Correspondence between pairwise key and “virtual port” 13 Mike Moreton, STMicroelectronics
November 2004 doc. : IEEE 802. 11 -04/1191 r 5 11 i DS Frame Routing Port for STA 1 Port for STA 2 Port for STA 3 802. 11 MAC Relay Entity Submission Controlled / Uncontrolled Port Filtering • Separate port created for each STA at association • 802. 1 X controls communication to relay entity • Relay entity similar to 802. 1 D, but not identical. • DS Update at Controlled Port Authentication? 14 Mike Moreton, STMicroelectronics
November 2004 doc. : IEEE 802. 11 -04/1191 r 5 11 i with broadcast DS Frame Routing Port for STA 1 Port for STA 2 Port for STA 3 Broadcast Port 802. 11 MAC Relay Entity Submission • Broadcast frames have their own key – so surely they have their own virtual port? • Relay Entity has different rules forwarding frames to ports depending on type • Controlled port authorised at first association? 15 Mike Moreton, STMicroelectronics
November 2004 doc. : IEEE 802. 11 -04/1191 r 5 11 i with broadcast, single MAC DS Frame Routing Port for STA 1 Port for STA 2 Port for STA 3 Broadcast Port 802. 11 MAC Relay Entity 802. 11 MAC Submission • Reality is more like this. • The different “ports” share a MAC • One MAC can handle multiple ports as port is identified by MAC address. 16 Mike Moreton, STMicroelectronics
November 2004 doc. : IEEE 802. 11 -04/1191 r 5 11 i with broadcast plus WDS DS Frame Routing Frame Routing Port for STA 1 Port for STA 2 Port for STA 3 Broadcast Port WDS Port 1 WDS Port 2 WDS Port 3 802. 11 MAC Relay Entity 802. 11 MAC Submission 17 • WDS links are AP to AP links • Will probably have pairwise keys (TGs to define) • Relay treatment is like standard 802. 1 D Relay Mike Moreton, STMicroelectronics
November 2004 doc. : IEEE 802. 11 -04/1191 r 5 802. 11 i Relay Entity Port Types • Unicast – Address comes from association, not learnt – No flooding of unknown frames – No forwarding of broadcast frames • Broadcast – No forwarding of any unicast frames (known or unknown) – Forward copy of each broadcast frame • WDS – – Submission Learn addresses at remote end Flood unknown frames Forward copy of each broadcast frame Run STP 18 Mike Moreton, STMicroelectronics
November 2004 doc. : IEEE 802. 11 -04/1191 r 5 Question • Should 802. 11 define it’s own (enhanced) Relay Entity, or should the standard 802. 1 D Relay Entity be enhanced to support 802. 11 i? Submission 19 Mike Moreton, STMicroelectronics
- Slides: 19