Susan Agre-Kippenhan, Portland State University Professor, Art Department
Doc.: IEEE 802.11-05/0395-01-000s Submission May 2005 Jonathan Agre et al., Fujitsu Labs of...
-
Upload
jonah-melton -
Category
Documents
-
view
212 -
download
0
Transcript of Doc.: IEEE 802.11-05/0395-01-000s Submission May 2005 Jonathan Agre et al., Fujitsu Labs of...
May 2005
Jonathan Agre et al., Fujitsu Labs of America
Slide 1
doc.: IEEE 802.11-05/0395-01-000s
Submission
802.11 TGs ESS Mesh Networking ProposalPreliminary Overview of Secure NOmadic Wireless MESH (SNOWMESH)
Date: 2005-05-10
Notice: This document has been prepared to assist IEEE 802.11. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein.
Release: The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE 802.11.
Patent Policy and Procedures: The contributor is familiar with the IEEE 802 Patent Policy and Procedures <http:// ieee802.org/guides/bylaws/sb-bylaws.pdf>, including the statement "IEEE standards may include the known use of patent(s), including patent applications, provided the IEEE receives assurance from the patent holder or applicant with respect to patents essential for compliance with both mandatory and optional portions of the standard." Early disclosure to the Working Group of patent information that might be relevant to the standard is essential to reduce the possibility for delays in the development process and increase the likelihood that the draft publication will be approved for publication. Please notify the Chair <[email protected]> as early as possible, in written or electronic form, if patented technology (or technology under patent application) might be incorporated into a draft standard being developed within the IEEE 802.11 Working Group. If you have questions, contact the IEEE Patent Committee Administrator at <[email protected]>.
Authors:Name Address Company Phone Email
Jonathan R. Agre 8400 Baltimore Ave., #302 College Park, MD 20740 USA
Fujitsu Laboratories of America
301 486 0978 [email protected]
Wei-Peng Chen 1240 E. Arques Ave.
Sunnyvale, CA 00180 USA
Fujitsu Laboratories of America
408 530 4622 [email protected]
Mohamed Refaei 8400 Baltimore Ave., #302 College Park, MD 20740 USA
Fujitsu Laboratories of America
301 486 0978 [email protected]
Anuja Sonalker 8400 Baltimore Ave., #302 College Park, MD 20740 USA
Fujitsu Laboratories of America
301 486 0978 [email protected]
May 2005
Jonathan Agre et al., Fujitsu Labs of America
Slide 2
doc.: IEEE 802.11-05/0395-01-000s
Submission
Additional Authors
Name Address Company Phone Email
Xun Yuan 8400 Baltimore Ave., #302 College Park, MD 20740 USA
University of Maryland
301 486 1749 [email protected]
Chenxi Zhu 8400 Baltimore Ave., #302 College Park, MD 20740 USA
Fujitsu Laboratories of America
301 486 0671 [email protected]
Harshal Dharia 8400 Baltimore Ave., #302 College Park, MD 20740 USA
Fujitsu Laboratories of America
301 486 0489 [email protected]
May 2005
Jonathan Agre et al., Fujitsu Labs of America
Slide 3
doc.: IEEE 802.11-05/0395-01-000s
Submission
Contents
• Architecture• Usage Scenarios• Autoconfiguration/Initialization/Discovery• Routing
– Topology Maintenance– Mobility
• Security• QoS• Performance Evaluation• Conclusion
May 2005
Jonathan Agre et al., Fujitsu Labs of America
Slide 4
doc.: IEEE 802.11-05/0395-01-000s
Submission
Architecture
MPAP
MPAP = Mesh Point with AP functions
MPAP(PL) = Mesh Point with active Portal
STA – Client Station
MPAP
MPAP
MPAP MPAP
MPAP(PL)
MPAP(PL)MPAP(PL)STA
STASTA
STA
STASTA
STA
STA STA
STASTA
STA
STASTA
STA
STA
STASTA
STA
STA
WDS Link
Normal Link
May 2005
Jonathan Agre et al., Fujitsu Labs of America
Slide 5
doc.: IEEE 802.11-05/0395-01-000s
Submission
Architecture
MPAP
MPAP = Mesh Point with AP functions
MPAP(PL) = Mesh Point with active Portal
STA – Client Station
MPAP
MPAP MPAP
MPAP(PL)
MPAP(PL)MPAP(PL)STA
STASTA
STA
STASTA
STA
STASTA
STA
STASTA
STA
STA
STASTA
STA
WDS Link
Normal Link
MP(AP)
MP(AP)
MP(AP)
MP(AP) MP(AP)
MPAP(PL)
MP(AP,GW)
STA
STA
STASTA
STASTA
STA
STA
STASTA
STA
STA
A. S
A.S. – Authentication Server
May 2005
Jonathan Agre et al., Fujitsu Labs of America
Slide 6
doc.: IEEE 802.11-05/0395-01-000s
Submission
Usage Scenarios• Community Networks
– Ubiquitous network access– Alternative broadband service to residential users– Static MPs, mobile STAs
• Emergency Response Networks– Environments with limited infrastructure (on-site networks)– Rapid deployment, low mobility, high security, high reliability, continual
operation/fault tolerant
• Enterprise Networks– Extensions to primary LANs– Interoperability, simple operation, low mobility, high security
• SoHo Networks – Simple deployment, simple operation, low mobility, moderate security
• Hotspots– Extensions of coverage areas
May 2005
Jonathan Agre et al., Fujitsu Labs of America
Slide 7
doc.: IEEE 802.11-05/0395-01-000s
Submission
Key Points• Network is sized for approximately 32 mesh points• Each Mesh Point contains AP and Portal functions• Single or Multiple Radios supported
– A MP may contain multiple 802.11 PHY radios operating on different channels. • The inter-MP communication is via authenticated WDS links• The mesh supports routing to multiple entry/exit points (Portals).
– Portals connect to other 802.1 networks (including other Mesh-nets)• STAs are unaware of the mesh and their operation is unaffected by
connection to mesh• Self-configuring, self-healing, automatic formation/maintenance of mesh
network• Two Security modes – Authentication-server mode and Standalone mode
– Require modification to 802.11i that will support WDS authentication• QoS adapted for multi-hop mesh is supported
May 2005
Jonathan Agre et al., Fujitsu Labs of America
Slide 8
doc.: IEEE 802.11-05/0395-01-000s
Submission
MPAP Architecture
Portal
Phy1 Phyn
Mesh MAC Layer
Mesh identified by single SSID
One MAC address for the MP (feasibility under study)
Phyi – 802.11 PHY - Each Phyi on a separate channel, designated by port
Mesh MAC Layer handles routing, QoS, security across Ports
MAC for each Phy handles lower level security, association, sequencing, etc.
Portal attaches to other 802.1 network(s)
Ports
MAC MAC
WDS Security Routing
May 2005
Jonathan Agre et al., Fujitsu Labs of America
Slide 9
doc.: IEEE 802.11-05/0395-01-000s
Submission
Network Initialization and Discovery
Mesh Initialization and Network Discovery (MIND)• When MP powered on, enters discovery mode
– Based on active scan of all channels by each port• Send probe messages • Probe response from MPs includes some additional information
– e.g., routing protocol option, security option, parameters, etc
– Mesh identified by matching mesh SSID (preconfigured parameter)• MP receives probe responses from all neighbors on each channel
– If not secure mesh and no mesh found after several attempts, MP becomes Mesh Initial MP• Potential problem with merging independently formed subnets
– Resolution methods under study (e.g., lowest MAC address, most nodes, etc)
– If secure mesh, some requirements for 1st node pre-configuration (discussed in security section)• Simple solution is to require that designated node be powered on first
May 2005
Jonathan Agre et al., Fujitsu Labs of America
Slide 10
doc.: IEEE 802.11-05/0395-01-000s
Submission
Network Discovery (cont)
– If mesh found (i.e. matching SSID), • MP “selects” best channels for its own radios to connect to mesh, thus
determining its 1-hop neighbors in the mesh
• MP initiates WDS link establishment for each neighbor MP
• If secure mesh then WDS link is blocked until authenticated– MP initiates authentication with each WDS neighbor– Authentication certificate identifies MP as MP-capable – An Authenticated MP either requests or waits for next Network
Advertisement message
• If open security, then MP simply waits for Network Advertisement
May 2005
Jonathan Agre et al., Fujitsu Labs of America
Slide 11
doc.: IEEE 802.11-05/0395-01-000s
Submission
Mesh Network Maintenance (MNM)
• Handles addition, deletion of MPs, mobility• Maintenance scheme is function of routing protocol option in effect
– Format of net advertisement data also defined by routing protocol option
• In Basic Scheme: Each associated MP periodically issues network advertisement messages to propagate topology information
– The Basic Routing Protocol option includes a simple Mesh Network Maintenance scheme Simple-MNM as follows:
• Flat Topology Table of all MAC addresses• Two types of Network Advertisement messages are used in basic scheme
– Full update (NA-message) – Network topology table of all MAC addresses of MPs and STAs, channels, link metrics, portals, authentication server
– Change update (δ-NA messages) – includes only changes since last full update (or indicates no change)
• Each MP broadcasts a network advertisement message to its one-hop neighbors– Periods for Full update and Change update are parameters– Sent using group keys in secure modes
• Ageing and replacement scheme based on sequence numbers
May 2005
Jonathan Agre et al., Fujitsu Labs of America
Slide 12
doc.: IEEE 802.11-05/0395-01-000s
Submission
Routing
• Mesh will support multiple routing protocols specified through mesh configuration options.
• Recommend that all MPs implement at least a Basic Mesh Routing Protocol
• We propose a Simple Link-state Routing Protocol (SLRP)– Weighted shortest path, computed by Dijkstra’s Algorithm from
Topology Table– Weighted by link quality (RSSI, load, other factors, formula TBD)
– Operates on Flat Topology Table• MAC addresses of all MPs, MAC addresses of associated STAs• MAC addresses of Portals• For each MAC address in the mesh:
For each directly connected neighbor to that address :Store the Channel, Link quality metrics, Sequence number
– Basic topology maintenance using Simple-MNM
May 2005
Jonathan Agre et al., Fujitsu Labs of America
Slide 13
doc.: IEEE 802.11-05/0395-01-000s
Submission
Basic Routing Protocol Features
– Routing Tables contains entry for each possible Destination MAC in Mesh (MPs, STAs, Portals)
– (Destination MAC, Next Hop MAC address, Outgoing Port/Channel)
– Mobility of MPs and STAs handled by Network Advertisements (break-before-make scheme)
– Packet format for MP-MP messages is WDS using 4 MAC address fields
– (Next-hop receiver address, current transmitter address, original destination address, original source address)
– Additional Hop Count field added to packet for loop detection• Considering TTL field
– Maximum values for Hop Count or TTL are parameters
May 2005
Jonathan Agre et al., Fujitsu Labs of America
Slide 14
doc.: IEEE 802.11-05/0395-01-000s
Submission
Routing Issues• Routing will consider QoS
– Priority queues and link metrics are under study
• Support for broadcast and multicast groups– Secure keys for broadcast and multicast – Needs further study
• Routing to external networks – How choose best portal – shortest path, learned routes, flooding?
• High mobility will hurt the basic scheme• Scalability questions• Future system could allow dynamic choice of routing
scheme
May 2005
Jonathan Agre et al., Fujitsu Labs of America
Slide 15
doc.: IEEE 802.11-05/0395-01-000s
Submission
Optional Routing Scheme – Hybrid Mesh Routing Protocol (HMRP)
• Suitable to community networks with static MPs and mobile STAs
• Use a proactive routing to maintain the topology of static MPs – Topology propagation in the basic mode only contains the links
between MPs
• Use an on-demand routing for discovery of mobile STAs– AODV-like (REQ/REP) mechanism
• Learn/Maintain topology from various sources – Data packets: effective for long-live connections
– Authentication / Association packets
May 2005
Jonathan Agre et al., Fujitsu Labs of America
Slide 16
doc.: IEEE 802.11-05/0395-01-000s
Submission
Security Issues
• Two security modes will be supported– Authentication Server Mode – based on normal 802.11i and 802.1x.
An authentication server (e.g., Radius) is assumed to be reachable within the mesh or externally via a portal
– Standalone Mode – An authentication server is not available and an internal trust model is developed.
• Basic Security Architecture– Security can be enabled or disabled– A single administrative domain is assumed
• Valid STAs and MP have certificates recognized by admin domain– Each STA will authenticate with its associated MPAP using 802.11i– Each MP will authenticate with each of its WDS link neighbors
• Extension to 802.1x and 802.11i needed for WDS authentication– Once authenticated as an MP, an MP can participate in mesh
routing and will become an authenticator for other MPs
May 2005
Jonathan Agre et al., Fujitsu Labs of America
Slide 17
doc.: IEEE 802.11-05/0395-01-000s
Submission
Security• Authentication Server Mode
– A proper certificate is assumed to be installed on the MP indicating that this is a valid MP for this mesh SSID
– Each STA will authenticate with its associated MPAP using 802.11i– A new MP joining the mesh will independently authenticate with each of its (1-
hop) WDS neighbors as a supplicant using augmented 802.11i – Once authenticated as an MP, an MP can participate in mesh routing and will
become an authenticator for other MPs and STAs– An authentication server (e.g. Radius) may be hosted on an MP or a route to
an external authentication server is known to the mesh • Requirement of initial mesh node
– MPAP maintains a Security table entry for each authenticated MPAP neighbor, any multicast groups and broadcast
• Encryption – Along with authentication, encryption keys are defined per communicating
pair, i.e., • 802.11i pair-wise encryption is used for STA to MPAP and for MPAP to MPAP
– E.g., full WPA 2• Support both dynamic key distribution and pre-shared keys• Group keys also established at time of authentication
May 2005
Jonathan Agre et al., Fujitsu Labs of America
Slide 18
doc.: IEEE 802.11-05/0395-01-000s
Submission
Security (cont.d)• Standalone Mode (Authentication Server not available)
– Each MP has a proper attribute certificate indicating that this is a valid MP for this mesh SSID and defining the capability of the MP
– New MP joining the mesh will authenticate with each of its (1-hop) WDS neighbors as a supplicant using the attribute certificate assigned to it.
• Local, 2-party authentication (e.g., challenge-handshake)– Once authenticated as an MP, an MP can participate in mesh
routing and will become an authenticator for other MPs and STAs– MPAP maintains a table entry for each authenticated MPAP
neighbors, multicast groups and broadcast– Revocation of issued certificates and renewal of expiring
certificates required.– MPs exchange periodic information on authenticated/revoked
supplicants – Threat model and security attributes currently under research
May 2005
Jonathan Agre et al., Fujitsu Labs of America
Slide 19
doc.: IEEE 802.11-05/0395-01-000s
Submission
Roaming/Mobility
• STAs and MPs can be mobile– Basic routing protocol designed for low mobility, infrequent
changes
• In basic scheme, a STA that moves between MPAPs will re-associate and re-authenticate
• A MPAP that moves will re-associate and reauthenticate will all new 1-hop neighbors
• The mesh will attempt to support 802.11r Fast Roaming when defined– Method TBD
May 2005
Jonathan Agre et al., Fujitsu Labs of America
Slide 20
doc.: IEEE 802.11-05/0395-01-000s
Submission
Quality-of-Service• 802.11e QoS will be supported (Mny details still TBD)
– For STAs, the MPAP will appear as a normal 11e AP • Admission control scheme at MPAP needs to be modified to account for
end-to-end delay over multiple hops
– Each MPAP will support up to eight priority queues as in 11e• Admission control for admitting new MPAPs still under consideration• MPs will negotiate between themselves to set up end-to-end QoS support• Mesh management messages need priority (i.e., network advertisements)• Should forwarded traffic get priority?
– Extensions to TSPEC being considered and integration with network advertisement metrics
– Algorithm/Performance under investigation via simulation
May 2005
Jonathan Agre et al., Fujitsu Labs of America
Slide 21
doc.: IEEE 802.11-05/0395-01-000s
Submission
Ongoing Issues
• Desire a simple, but expandable framework• Connection to IP networks needs further refinement
– General philosophy is that basic functions are independent of IP, but recognize that IP is most common application
• ARP needed, Proxy ARP may be significant improvement• Others: DHCP, NAT,… should work smoothly• VLAN support (?)• VPN support (?)
– E.g., Clients should be able to send/receive Internet messages, browse the web, if paths exist
• Additional mesh management messages may still be required• Power efficiency not considered (as yet)
May 2005
Jonathan Agre et al., Fujitsu Labs of America
Slide 22
doc.: IEEE 802.11-05/0395-01-000s
Submission
Prototyping Efforts
• Working on single- and multi-radio prototypes that follow the proposal
• Consideration of existing architecture has guided many decisions – Reuse as much of existing MAC as possible, but we need a
new view of what an AP can do, e.g., • The MPAP should be able to initiate an active scan (currently
not typical)• The MPAP should be able to associate (establish a WDS link)
and authenticate to another MPAP to use the WDS link under 802.1x procedures (e.g., supplicant)
• The MPAP should be able to perform as an authenticator after becoming authenticated (as a supplicant)
May 2005
Jonathan Agre et al., Fujitsu Labs of America
Slide 23
doc.: IEEE 802.11-05/0395-01-000s
Submission
Performance Simulation• 8*4 MPs in grid structure, 100 static STAs
• Each STA starts one CBR (4kbps) flow. 50% of the destinations locate outside mesh
• Evaluation of full topology update in basic mode
• BW = 11 Mbps, 12 MPs interfere with the central portal
0
20
40
60
80
100
1000 2000 4000 1000 2000 4000 1000 2000 4000 1000 2000 4000
Rate(bps)
Ratio
(%)
0
0.5
1
1.5
2
2.5
3
3.5
4
Late
ncy(
sec)
delivery ratio latency
1 Ch 1 PL 2 Ch 1 PL 2 Ch 2 PL 2 Ch 4 PL
May 2005
Jonathan Agre et al., Fujitsu Labs of America
Slide 24
doc.: IEEE 802.11-05/0395-01-000s
Submission
Summary/Conclusions
• Basic extensible mesh framework defined– Simple base components defined
• routing, QoS, autoconfiguration• Two modes of security
– Infrastructure and infrastructureless
– Options to extend components
• Work is continuing on several open issues– Interface with external networks, QoS
• Performance simulations of base components underway• Prototyping effort using COTS radios
We are looking to harmonize/partner with other proposalsPlease contact us!