802.11k/r/vProtocol Analysis of the impact on Voice

Andrew McHale

@mac_wifi | mac-wifi.com | andrew@mac-wifi.com

2© 2 0 1 9 V O C E R A C O M M U N I C A T I O N S . A L L R I G H T S R E S E R V E D .

Setup

• iPhone XS Max iOS 13.1

• Vocera B3000N - Channel plan 36-64

• Cisco vWLC 8.5

• 3x Cisco 3502i (Ch 36, 48 & 64) – need 3 to trigger Enterprise roaming

• WLAN - PSK & PEAP, Fastlane=Disabled

• Microsoft Active Directory, Certificate Services & Network Policy Server (RADIUS)

• Omnipeek, 2x Anker A7513, 8x Netgear A6210/AC1200

• Channels scanned = 1, 36, 40, 44, 48, 64, 140, 149

• Vocera VoIP call between iPhone & Badge

802.11k

4© 2 0 1 9 V O C E R A C O M M U N I C A T I O N S . A L L R I G H T S R E S E R V E D .

Why 802.11k?

• Drugs are bad, m’Kay?

• More information = Better Decisions

• Faster decisions = Smoother roams

• Smoother roams = Happier voice users

Roaming without 11k

6© 2 0 1 9 V O C E R A C O M M U N I C A T I O N S . A L L R I G H T S R E S E R V E D .

Client Roaming

• Some clients scan the whole channel plan. Others keep a cache of channels

they’ve seen around each BSSID.

• Some clients scan just at the time they need to roam. Others proactively scan all

the time to learn the WLAN.

• Active and Passive scanning

• Reset iPhone/Badge before every 11k test to clear cache

7© 2 0 1 9 V O C E R A C O M M U N I C A T I O N S . A L L R I G H T S R E S E R V E D .

iPhone Upstream

8© 2 0 1 9 V O C E R A C O M M U N I C A T I O N S . A L L R I G H T S R E S E R V E D .

iPhone Upstream + Probes

9© 2 0 1 9 V O C E R A C O M M U N I C A T I O N S . A L L R I G H T S R E S E R V E D .

iPhone Upstream + Probes + Downstream

1 0© 2 0 1 9 V O C E R A C O M M U N I C A T I O N S . A L L R I G H T S R E S E R V E D .

iPhone (much later)

1 1© 2 0 1 9 V O C E R A C O M M U N I C A T I O N S . A L L R I G H T S R E S E R V E D .

Typical iPhone scan

Without 11k

3.046 secs

1 2© 2 0 1 9 V O C E R A C O M M U N I C A T I O N S . A L L R I G H T S R E S E R V E D .

Badge Upstream

1 3© 2 0 1 9 V O C E R A C O M M U N I C A T I O N S . A L L R I G H T S R E S E R V E D .

Badge Upstream + Probes

1 4© 2 0 1 9 V O C E R A C O M M U N I C A T I O N S . A L L R I G H T S R E S E R V E D .

Badge Upstream + Probes + Downstream

1 5© 2 0 1 9 V O C E R A C O M M U N I C A T I O N S . A L L R I G H T S R E S E R V E D .

Typical Badgescan

Without 11k

1.712 secs

Roaming with 11k

1 7© 2 0 1 9 V O C E R A C O M M U N I C A T I O N S . A L L R I G H T S R E S E R V E D .

iPhone Upstream + Probes + Downstream + Key 4 + Neighbour Info

1 8© 2 0 1 9 V O C E R A C O M M U N I C A T I O N S . A L L R I G H T S R E S E R V E D .

iPhone 802.11k ComparisonW

ith

With

ou

t

1 9© 2 0 1 9 V O C E R A C O M M U N I C A T I O N S . A L L R I G H T S R E S E R V E D .

Typical iPhone scan

Without 11k

3.046 secs

With 11k

0.178 secs

2 0© 2 0 1 9 V O C E R A C O M M U N I C A T I O N S . A L L R I G H T S R E S E R V E D .

Badge Upstream + Probes + Downstream + Key 4 + Neighbour info

2 1© 2 0 1 9 V O C E R A C O M M U N I C A T I O N S . A L L R I G H T S R E S E R V E D .

Badge 802.11k ComparisonW

ith

ou

tW

ith

2 2© 2 0 1 9 V O C E R A C O M M U N I C A T I O N S . A L L R I G H T S R E S E R V E D .

Typical Badge scan

Without 11k

1.712 secs

With 11k

0.561 secs

2 3© 2 0 1 9 V O C E R A C O M M U N I C A T I O N S . A L L R I G H T S R E S E R V E D .

802.11k Thoughts

• Impact is minimal for clients with small & configurable channel plan

• Huge benefit to:

• consumer clients without configurable channel plan

• large channel plans (*cough* 6GHz *cough*)

• Most useful for users moving through new areas (shoppers) vs local users (nurses)

• Better on than off – minimal risk

802.11rFast Transition

2 5© 2 0 1 9 V O C E R A C O M M U N I C A T I O N S . A L L R I G H T S R E S E R V E D .

Why 802.11r/Fast Transition?

• R is for Roaming.

• Historically advised to use PreShared Key for short

predictable associations.

• Proprietary solutions (CCKM / OKC) been

available but not as widely supported by clients.

• CCKM/OKC/FT provide faster roams than PSK.

• Useful in deployments like EduRoam where your

authenticator could be 1000’s miles away.

R is for

Roaming

Roaming without 11r FT

2 8© 2 0 1 9 V O C E R A C O M M U N I C A T I O N S . A L L R I G H T S R E S E R V E D .

Full RADIUS Authentication

Roaming with 11r FTOver-The-Air (OTA)

3 1© 2 0 1 9 V O C E R A C O M M U N I C A T I O N S . A L L R I G H T S R E S E R V E D .

802.11r FT OTA

Without 11r

0.472 secs

With 11r OTA

0.002 secs

Roaming with 11rOver-The-DS (OTDS)

3 4© 2 0 1 9 V O C E R A C O M M U N I C A T I O N S . A L L R I G H T S R E S E R V E D .

802.11r FT OTDS

Without 11r

0.472 secs

With 11r OTDS

0.060 secs

With 11r OTA

0.002 secs

3 5© 2 0 1 9 V O C E R A C O M M U N I C A T I O N S . A L L R I G H T S R E S E R V E D .

iPhone 802.11 Comparison

802.11r OTA

802.11r OTDS

No 802.11r

3 6© 2 0 1 9 V O C E R A C O M M U N I C A T I O N S . A L L R I G H T S R E S E R V E D .

802.11r Fast Transition Thoughts

• 802.11r Fast Transition has huge impact on Dot1X roams.

• CCKM and OKC already provided this feature.

• Being part of the IEEE 802.11 Standard will hopefully encourage client vendor

adoption where CCKM and OKC were seen as ‘nice to have’.

• Voice roaming is not a reason to stick with PSK anymore.

• Over-The-DS not advised for highly mobile time-sensitive applications

• Requires connection to current BSSID to initiate – no good for

stairwells/lifts

• Proprietary mechanisms used for LAN segments

• 11r FT can co-exist with non-FT clients (on Cisco) - mac-wifi.com/ciscos-802-

11r-ft-settings-adaptive-mode-explained/

802.11vBSS Transition

3 8© 2 0 1 9 V O C E R A C O M M U N I C A T I O N S . A L L R I G H T S R E S E R V E D .

802.11v

• Victory or “Don’t give me the V’s”

• ‘11k++’ - not just information but

recommendations too.

• Can insist a client moves, but not a default

setup (thankfully).

• No AP can know what is happening at the

client. Client best placed to make decisions.

• A wrong decision can cost 100’s of

milliseconds.

• Balance your less mobile clients, and leave

time-sensitive clients alone. Use QBSS instead.

3 9© 2 0 1 9 V O C E R A C O M M U N I C A T I O N S . A L L R I G H T S R E S E R V E D .

802.11v Results

4 0© 2 0 1 9 V O C E R A C O M M U N I C A T I O N S . A L L R I G H T S R E S E R V E D .

802.11v Results

4 1© 2 0 1 9 V O C E R A C O M M U N I C A T I O N S . A L L R I G H T S R E S E R V E D .

802.11v Results

4 2© 2 0 1 9 V O C E R A C O M M U N I C A T I O N S . A L L R I G H T S R E S E R V E D .

iPhone Upstream + Probes + Downstream + 11v Req/Resp (zoomed)

4 3© 2 0 1 9 V O C E R A C O M M U N I C A T I O N S . A L L R I G H T S R E S E R V E D .

Android Upstream + Probes + Downstream + 11v Req/Resp

4 4© 2 0 1 9 V O C E R A C O M M U N I C A T I O N S . A L L R I G H T S R E S E R V E D .

802.11v Thoughts

• The phones were too good at roaming.

• To force 11v I had to make Optimized Roaming very aggressive

which led to a poor voice experience

• Cisco bug forced ‘Disassociation Imminent’ even when Disabled.

• If client vendor is advanced enough to include support for 11v then

they probably have adequate roaming triggers and algorithms.

Layer them together…

4 6© 2 0 1 9 V O C E R A C O M M U N I C A T I O N S . A L L R I G H T S R E S E R V E D .

iPhone + 802.11k + 802.11r OTA + 802.11v

4 7© 2 0 1 9 V O C E R A C O M M U N I C A T I O N S . A L L R I G H T S R E S E R V E D .

Summary

1. Testing was conducted with two very capable voice clients.

2. 11k allowed iOS device to focus.

3. 11r FT has a big impact on Dot1X roam times but isn’t new.

4. 11r FT Over-The-DS not recommended for voice.

5. 11v showed to have little value due and could be dangerous.

4 8© 2 0 1 9 V O C E R A C O M M U N I C A T I O N S . A L L R I G H T S R E S E R V E D .

11k11r OTA

11v

The Winners

Thank You!Andrew McHale

@mac_wifi | mac-wifi.com | andrew@mac-wifi.com