Light weight access point protocol lwapp ietf 57 pat calhoun airespace
1 / 15

Light Weight Access Point Protocol (LWAPP) IETF 57 Pat Calhoun, Airespace - PowerPoint PPT Presentation

  • Uploaded on

Light Weight Access Point Protocol (LWAPP) IETF 57 Pat Calhoun, Airespace. LWAPP Architecture. AR. Ethernet or UDP. LWAPP. AP. Mobile. Why LWAPP?.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about ' Light Weight Access Point Protocol (LWAPP) IETF 57 Pat Calhoun, Airespace' - bessie

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Light weight access point protocol lwapp ietf 57 pat calhoun airespace

Light Weight Access Point Protocol (LWAPP)


Pat Calhoun, Airespace

Lwapp architecture
LWAPP Architecture


Ethernet or





Why lwapp

  • At last count, there are at least 6 WLAN switch vendors, plus some of the Ethernet switching incumbents have announced products in this space.

  • Most of these products have a proprietary protocol between the AP and the AR (A.K.A WLAN Switch).

  • APs are being commoditized, and many AP OEMs see LWAPP as a way to enter the enterprise market - interest is very strong here!

  • Standardizing LWAPP would benefit the Internet community by ensuring interoperability between WLAN switches and APs.

Lwapp goals

  • Reduction of the amount of protocol code being executed at the light weight AP.

  • Centralization of the bridging, forwarding, authentication, encryption and policy enforcement functions for a WLAN, to apply the capabilities of network processing silicon to the WLAN, as it has already been applied to wired LANs.

  • Providing a generic encapsulation and transport mechanism, the protocol may be applied to other access protocols in the future (note: the draft needs work here)

Division of labor
Division of Labor


802.11 Data & Management

Ethernet or


LWAPP Control (signalling) & Data


802.11 Control

LWAPP assumes the MAC is split between

the AP and the AR, reducing the functions

required on the AP.


What does it do
What does it do?

  • LWAPP enables a new architecture for 802.11 infrastructure devices.

  • Most of the functionality that is traditionally in the AP can be moved to the centralized AR.

  • This gives the AR a greater view of the RF topology, enabling many different types of benefits, such as:

    • Security. Detecting attacks on a network basis vs. on a single cell

    • Mobility. Easier to proactively handle mobility events

Lwapp components
LWAPP Components

  • LWAPP consists of the following:

    • Control Channel Management

    • AR Configuration

    • Mobile Session Management

    • Firmware Management

    • Transport Services

    • Security

Control channel management
Control Channel Management

  • Discovery

    • The draft currently defines a zero-config dynamic discovery mechanism for Ethernet and IP (when run in same subnet). The draft proposes different discovery mechanisms, but this area probably needs some work

  • AP-AR session establishment

    • Creates a binding between the AP and the AR. This phase also includes a key exchange to secure all control messages

  • Heatbeat

  • Key Update

    • Periodically update the AP-AR key

Ar configuration
AR Configuration

  • Configure Response

    • Allows the AP to securely push its current configuration to the AR

  • Configure Update

    • Allows the AR to securely push configuration to the AP

  • Statistics Update

    • Allows the AP to send current stats to the AR

  • Reset Request

    • Reboots the AP

Mobile session management
Mobile Session Management

  • Add Mobile

    • Pushes a specific rule (and optionally dynamic TKIP/WEP/AES key) to the AP

  • Delete Mobile

    • Deletes a previous rule (and key)

Firmware management
Firmware Management

  • During the AP-AR session establishment phase, the peers exchange firmware versions.

  • If the versions are out of sync, this allows the AR to securely download a new image to the AP.

Transport services
Transport Services

  • The LWAPP document includes a transport section, and currently defines two transports:

    • Ethernet, allows LWAPP to run natively over Layer 2

    • IP, specifies how LWAPP is run over UDP

  • The transport section discusses the following:

    • Transport specific discovery extensions

    • Packet Framing

    • Fragmentation/Reassembly issues

Lwapp security
LWAPP Security

  • The document currently assumes that all LWAPP peers have a certificate

  • During the AP-AR session establishment phase, a session key is exchanged and all control packets are subsequently encrypted using AES-CCM

  • A rekey message exists in order to allow the AP (or AR) to create a new session key

Points raised on the mailing list
Points raised on the mailing list

  • Where does encryption occur?

  • LWAPP discovery over Layer 3

  • Should LWAPP data messages be secured?

  • Should we use certificates or shared keys?

Lwapp mailing list
LWAPP Mailing List

  • The mailing list is accessible at [email protected]