Site Report Conceptual Model - PowerPoint PPT Presentation

JasminFlorian
site report conceptual model n.
Skip this Video
Loading SlideShow in 5 Seconds..
Site Report Conceptual Model PowerPoint Presentation
Download Presentation
Site Report Conceptual Model

play fullscreen
1 / 14
Download Presentation
Site Report Conceptual Model
233 Views
Download Presentation

Site Report Conceptual Model

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Site Report Conceptual Model Bernard Aboba Microsoft Bernard Aboba, Microsoft

  2. Problem Statement • The primary purpose of the Site Report is to provide measurements to the STA prior to scanning, which enable the STA to optimize aspects of roaming: • Scanning • Pre-authentication • Others? • Are there secondary purposes? Bernard Aboba, Microsoft

  3. Basic Principles • The Information in the Site Report is only a “hint”. • The information could be wrong, so the STA needs to be robust against misleading Site Reports. • This is true whether the Site Report is authenticated or not. • The STA will always scan prior to roaming (passive or active). • At a minimum, the STA needs to determine which APs it can communicate with prior to roaming. Bernard Aboba, Microsoft

  4. Robustness Against Bad “Hints” • A STA may choose to ignore part or all of the Site Report. • The STA might investigate the first few entries, fail to find an AP of interest and do a full scan. • The STA might investigate all the entries, regardless of any prioritization implied in the Site Report. • A STA MUST be robust against misleading information. • A STA should not “blacklist” APs based on the Site Report • “Bad” APs are just lower priority, not “off limits”. • When information in the Site Report conflicts with other sources, the other sources (scan, 4-way handshake, etc.) are definitive. • Once the STA scans, it behaves the same way it would if there were no site report. • The Site Report has a very short “shelf life” Bernard Aboba, Microsoft

  5. Examples of “Bad Hints” • APA provides irrelevant information in the site report • STA was headed north, APA provided info on APs to the south. • APA provided info on APs supporting IEEE 802.11a, but STA only support 802.11b. • Result: STA does a conventional scan, is no worse off. • APA has stale information on APB • STA will discover correct capabilities when it scans or receives IEs in the 4-way handshake • Lesson: STA can benefit by scanning for low priority APs. • Need to be careful how APA obtains information provided in the Site Report • Information obtained from STAs can be stale, pollute APA cache • Need to carefully define what info STAs provide • APA priorities differ from STA priorities • Example: APA thinks pre-authentication is not as good as other schemes, prioritizes APB lower… • STA only supports pre-authentication, but APA has no way to know this. • Better for APA to provide the info, let the STA decide Bernard Aboba, Microsoft

  6. Site Report vs. Scanning • The Site Report can provide information that the STA needs prior to scanning. • If the information isn’t required prior to scanning, it should be considered for the Beacon/Probe Response, not the Site Report. • Even though the Site Report is more scalable than the Beacon/Probe Response, this doesn’t imply that the Site Report should replace existing scan mechanisms. • All STAs and APs implement the Beacon/Probe Response. • Not all APs or STAs will implement the Site Report. Bernard Aboba, Microsoft

  7. Implementation Choices • A STA may choose to scan in the background. • The scan may not be on the critical path for roaming, but reducing unnecessary scanning is still useful. • AP may not have enough buffers to avoid losing packets when frequently placed into power save mode. • A STA may choose to send Site Report queries and receive responses in the background. • The STA may wish to obtain a Site Report every DT, regardless of the status of the current point of attachment. • Enables a STA to handle a disassociation at any time, without additional on-the-wire functionality. Bernard Aboba, Microsoft

  8. 1 A Conceptual model Channel 6 Channel 11 c v 2 D STA APB APA • At Point 1, the STA obtains the Site Report. • At Point 2, the STA scans. • Shortly thereafter, the STA roams from APA to APB. Bernard Aboba, Microsoft

  9. What Information Is Needed Early? • Information related to pre-authentication. • By the time the STA gets to point 2, it may be too late to complete pre-authentication successfully. • Information related to scanning. • Optimized scanning can enable the STA to pick up APB earlier, particularly if scanning occurs in the background and traffic is heavy. Bernard Aboba, Microsoft

  10. What Information Do We Need? • AP BSSIDs, Channels, SSIDs • A STA can function with only this information: • Sufficient for scan optimization • STA can try pre-auth to all APs, regardless of whether they support it or are reachable. Bernard Aboba, Microsoft

  11. What Information Might We Want? • Information to allow the STA to prioritize potential roaming candidates • STA may not have the resources (or time) to “investigate” all potential roaming candidates • AP may not be aware of all STA capabilities, therefore cannot prioritize potential roaming candidates the same way the STA would. • Examples: • RSN IE Match • Whether an AP supports pre-authentication, WPA2, etc. • Reachability • Whether an 802.1X pre-authentication packet sent by the STA can reach the AP. Bernard Aboba, Microsoft

  12. Thinking About Security • The Site Report may be needed even in networks where security is not in use. • Even Open networks may want to optimize scanning! • STAs need to be robust against bad “hints” regardless of whether the Site Report is authenticated • Question: Should security be mandatory to use for the Site Report? Bernard Aboba, Microsoft

  13. Case Study: “Trusted” Bit • Meaning: APB is a member of the ESS, according to APA. • What does a STA do with this? • STA may choose to prefer a “Trusted” AP. • STA may also choose to ignore the “Trusted” bit. • If APA is truly “untrusted” then pre-auth will fail. • If STA has resources to try pre-auth to “untrusted” APs, it may not care about the value of the “Trusted” bit. • What does the STA not do with it? • Refuse to talk to APA : enables a DoS attack Bernard Aboba, Microsoft

  14. Feedback? Bernard Aboba, Microsoft