CAPWAP BOF Control And Provisioning of Wireless Access Points

1. WAP! CAPWAP BOFControl And Provisioning of Wireless Access Points James Kempf DoCoMo Labs USA Dorothy Stanley Agere Systems

2. Agenda • Intro and Agenda Bashing (10 min) • LWAPP (Pat Calhoun) (10 min) • SNMP (Marcus Brunner) (10 min) • Access Point Discovery (Inderpreet Singh) (10 min). • Security and Certificate Provisioning (David Molnar) (10 min) • AAA (James Kempf for Bill Arbaugh, 5 min) • Discussion (40 min) • Summary and Next Steps (10 min)

3. Problem Statement: 802.11 Network Installation and Management • Installation of 802.11 Access Points (APs) is expensive and complex. • Each stand-alone AP requires individual configuration and radio tuning upon installation. • Result is large OPEX for installation. • Management of 802.11 APs is difficult. • Radio interactions between APs difficult to manage due to standalone nature of APs. • If an AP fails, you’ve got a black hole. • Interactions between Access Routers (ARs) and APs unmanaged or proprietary. • Result is large OPEX for management.

4. Problem Statement: 802.11 AP Security and Handover • Security protocol to establish trust relationship between ARs and APs is lacking. • Unsanctioned, insecure APs are a problem in enterprise networks. • Radio resources are unmanaged and can lead to AP overload. • Complex handover protocols exist for security and performance reasons. • AP as NAS means thousands of control points for network access. • A target rich environment • Performance hit on handover. • Self-contained nature of APs means each AP must handle handover itself.

5. History • Internet draft on IAPP circa 1995. • Never reached BOF stage but went to 802.11. • IAPP now an 802.11f Recommended Practice. • But depends heavily on IETF protocols (RADIUS, UDP) so not strictly L2 protocol. • CRAPS BOF, 2000 • Covered many areas including AP control. • Resulted in Seamoby WG. • But AP control and management component dropped due to lack of vendor interest. • There was resistance in the IETF to standardizing a protocol that carries L2 information elements.

6. What’s Changed? • 802.11 network expansion. • Real radio protocol that anybody can deploy. • But exactly that is the problem: • Deploying large 802.11 networks is expensive and time consuming. • Anybody can deploy an access point and be a Bad Guy. • Collection of vendors who want an interoperable WLAN control and management protocol for real products. • Not a research question anymore.

7. Architectural Question: What is an Access Point • Layer 2 device? • But it performs some Layer 3 functions: • Handover support • Network Access Server • Firewall. • NAT • Layer 3 device? • But it primarily bridges between the wireless and wired networks. • Not a router or host.

8. Technical Presentations

9. Should IETF Do This Work? • Lightweight access point model could simplify deployment, security, and maintenance of 802.11 networks. • Vendors are interested in a standardized, secure protocol for lightweight access points so their routers, switches, and access points interoperate. • Access points have enough Layer 3 characteristics that it may be in IETF’s scope. • Additional radio protocols (ex. UWB) may need support in the future.

10. Charter Proposal:Standardize These Protocol Functions • Independent of wireless link protocol. • Discovery of a CAPWAP manager (AR, IP addressable switch). • Acquisition of APs by CAPWAP manager. • Configuration and monitoring of wireless link by CAPWAP manager. • Partially and/or fully terminate the wireless MAC layer at the CAPWAP manager. • Including security of host traffic. • NOT intended to define changes in MAC! • Control of AP host load. • Security for CAPWAP signaling.

11. Next Steps • Finalize charter. • Discuss with IESG and charter as quickly as possible. • Work to complete standardization in a year. • Note: Quick standardization requires a commitment to working together and willingness to compromise.