1 / 19

AP Architecture Thoughts

AP Architecture Thoughts. Mike Moreton, STMicroelectronics. Introduction. 802.11 defines terms such as “Integration Function”, “Portal”, “DS”, “DSM” etc. Definition is deliberately vague To allow different implementations

stu
Download Presentation

AP Architecture Thoughts

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. AP Architecture Thoughts Mike Moreton, STMicroelectronics Mike Moreton, STMicroelectronics

  2. Introduction • 802.11 defines terms such as “Integration Function”, “Portal”, “DS”, “DSM” etc. • Definition is deliberately vague • To allow different implementations • Hence different companies have different views of what these terms actually mean • Almost any diagram is likely to be unacceptable to a majority of companies Mike Moreton, STMicroelectronics

  3. Definitions 3.20 distribution system (DS): A system used to interconnect a set of BSSs and integrated LANs to create an ESS. 3.21 distribution system medium (DSM): The medium or set of media used by a DS for communications between APs and portals of an ESS. 3.25 extended service set (ESS): A set of one or more interconnected BSSs and integrated LANs that appears as a single BSS to the LLC layer at any station associated with one of those BSSs. 3.29 integration: The service that enables delivery of MSDUs between the DS and an existing, non-IEEE 802.11 LAN (via a portal). 3.39 portal: The logical point at which MSDUs from a non-IEEE 802.11 LAN enter the DS of an ESS. Mike Moreton, STMicroelectronics

  4. Position of Portal Mike Moreton, STMicroelectronics

  5. DS and Integrated LAN (1999) DS DSM Portal (Integration Function) 802.11 MAC (AP STA) 802.11 MAC (AP STA) Integrated LAN AP AP Non 802.11 Endpoint STA STA BSS BSS ESS Mike Moreton, STMicroelectronics

  6. DS and Integrated LAN (1999) – missing blocks filled in DS 802.11 MAC Relay Entity 802.11 MAC Relay Entity DSM MAC DSM MAC AP AP DSM 802.11 MAC (AP STA) 802.11 MAC (AP STA) Portal Integrated LAN STA Non 802.11 Endpoint STA BSS BSS ESS Mike Moreton, STMicroelectronics

  7. 802.1D Architecture Mike Moreton, STMicroelectronics

  8. 1999 including LLC Higher Layer Entities Higher Layer Entities 802.11 MAC Relay Entity 802.11 MAC Relay Entity LLC LLC LLC LLC DSM MAC DSM MAC AP AP DSM 802.11 MAC (AP STA) 802.11 MAC (AP STA) Portal DS Integrated LAN Non 802.11 Endpoint STA STA BSS BSS ESS Mike Moreton, STMicroelectronics

  9. 1999 with 802.X DS Higher Layer Entities Higher Layer Entities 802.11 MAC Relay Entity 802.11 MAC Relay Entity LLC LLC LLC LLC Frame Routing 802.X MAC 802.X MAC Frame Routing AP AP 802.X LAN 802.11 MAC (AP STA) 802.11 MAC (AP STA) Virtual Portal DS Virtual Integrated LAN 802.X Endpoint STA STA BSS BSS ESS Mike Moreton, STMicroelectronics

  10. 1999 – portal in AP Higher Layer Entities Higher Layer Entities 802.11 MAC Relay Entity 802.11 MAC Relay Entity LLC LLC LLC LLC Portal Portal Frame Routing Frame Routing DS DS Frame Routing Frame Routing 802.11 MAC (AP STA) 802.11 MAC (AP STA) ILAN MAC ILAN MAC AP AP Integrated LAN (ILAN) STA Non 802.11 Endpoint STA BSS BSS ESS Mike Moreton, STMicroelectronics

  11. STA STA 802.1X Port Model (not controlled and uncontrolled!) Switch • 802.1X authenticates the device connected to a port • For 802.3, the security association between the authentication and frames is provided by the physical limitations of the port Apologies to 802.1X experts for any errors… Mike Moreton, STMicroelectronics

  12. STA STA 802.1X and Broadcast LANs Switch • One STA authenticating doesn’t prove anything, as frames could come from another STA. Mike Moreton, STMicroelectronics

  13. STA STA 802.1X and 802.11i Switch • Use encryption with pairwise key to create virtual links between the switch and a single STA. • As long as encryption is enabled before controlled port is enabled, can’t “steal” someone else’s authentication. • Correspondence between pairwise key and “virtual port” Mike Moreton, STMicroelectronics

  14. 11i DS • Separate port created for each STA at association • 802.1X controls communication to relay entity • Relay entity similar to 802.1D, but not identical. • DS Update at Controlled Port Authentication? 802.11 MAC Relay Entity Controlled / Uncontrolled Port Filtering Frame Routing Frame Routing Frame Routing Port for STA 1 Port for STA 2 Port for STA 3 Mike Moreton, STMicroelectronics

  15. 11i with broadcast DS • Broadcast frames have their own key – so surely they have their own virtual port? • Relay Entity has different rules for forwarding frames to ports depending on type • Controlled port authorised at first association? 802.11 MAC Relay Entity Frame Routing Frame Routing Frame Routing Frame Routing Port for STA 1 Port for STA 2 Port for STA 3 Broadcast Port Mike Moreton, STMicroelectronics

  16. 11i with broadcast, single MAC DS • Reality is more like this. • The different “ports” share a MAC • One MAC can handle multiple ports as port is identified by MAC address. 802.11 MAC Relay Entity Frame Routing Frame Routing Frame Routing Frame Routing Port for STA 1 Port for STA 2 Port for STA 3 Broadcast Port 802.11 MAC Mike Moreton, STMicroelectronics

  17. 11i with broadcast plus WDS DS • WDS links are AP to AP links • Will probably have pairwise keys (TGs to define) • Relay treatment is like standard 802.1D Relay 802.11 MAC Relay Entity Frame Routing Frame Routing Frame Routing Frame Routing Frame Routing Frame Routing Frame Routing WDS Port 1 WDS Port 2 WDS Port 3 Port for STA 1 Port for STA 2 Port for STA 3 Broadcast Port 802.11 MAC Mike Moreton, STMicroelectronics

  18. 802.11i Relay Entity Port Types • Unicast • Address comes from association, not learnt • No flooding of unknown frames • No forwarding of broadcast frames • Broadcast • No forwarding of any unicast frames (known or unknown) • Forward copy of each broadcast frame • WDS • Learn addresses at remote end • Flood unknown frames • Forward copy of each broadcast frame • Run STP Mike Moreton, STMicroelectronics

  19. Question • Should 802.11 define it’s own (enhanced) Relay Entity, or should the standard 802.1D Relay Entity be enhanced to support 802.11i? Mike Moreton, STMicroelectronics

More Related