CAPWAP BOFControl And Provisioning of

Wireless Access Points

James KempfDoCoMo Labs USA

Dorothy StanleyAgere Systems

WAP!

Agenda

• Intro and Agenda Bashing (10 min) • LWAPP (Pat Calhoun) (10 min) • SNMP (Marcus Brunner) (10 min) • Access Point Discovery (Inderpreet Singh) (10

min). • Security and Certificate Provisioning (David

Molnar) (10 min) • AAA (James Kempf for Bill Arbaugh, 5 min)• Discussion (40 min) • Summary and Next Steps (10 min)

Problem Statement: 802.11 Network Installation and Management

• Installation of 802.11 Access Points (APs) is expensive and complex.– Each stand-alone AP requires individual configuration

and radio tuning upon installation.

– Result is large OPEX for installation.

• Management of 802.11 APs is difficult.– Radio interactions between APs difficult to manage due

to standalone nature of APs.• If an AP fails, you’ve got a black hole.

– Interactions between Access Routers (ARs) and APs unmanaged or proprietary.

– Result is large OPEX for management.

Problem Statement: 802.11 AP Security and Handover

• Security protocol to establish trust relationship between ARs and APs is lacking.– Unsanctioned, insecure APs are a problem in enterprise networks.

• Radio resources are unmanaged and can lead to AP overload.

• Complex handover protocols exist for security and performance reasons.– AP as NAS means thousands of control points for network access.

• A target rich environment

– Performance hit on handover.• Self-contained nature of APs means each AP must handle handover

itself.

History• Internet draft on IAPP circa 1995.

– Never reached BOF stage but went to 802.11.– IAPP now an 802.11f Recommended Practice.– But depends heavily on IETF protocols (RADIUS,

UDP) so not strictly L2 protocol.

• CRAPS BOF, 2000– Covered many areas including AP control.– Resulted in Seamoby WG.– But AP control and management component dropped

due to lack of vendor interest.

• There was resistance in the IETF to standardizing a protocol that carries L2 information elements.

What’s Changed?

• 802.11 network expansion.– Real radio protocol that anybody can deploy.

• But exactly that is the problem:– Deploying large 802.11 networks is expensive and time

consuming.

– Anybody can deploy an access point and be a Bad Guy.

• Collection of vendors who want an interoperable WLAN control and management protocol for real products.– Not a research question anymore.

Architectural Question: What is an Access Point

• Layer 2 device?– But it performs some Layer 3 functions:

• Handover support• Network Access Server• Firewall.• NAT

• Layer 3 device?– But it primarily bridges between the wireless and wired

networks.– Not a router or host.

Technical Presentations

Should IETF Do This Work?

• Lightweight access point model could simplify deployment, security, and maintenance of 802.11 networks.

• Vendors are interested in a standardized, secure protocol for lightweight access points so their routers, switches, and access points interoperate.

• Access points have enough Layer 3 characteristics that it may be in IETF’s scope.

• Additional radio protocols (ex. UWB) may need support in the future.

Charter Proposal:Standardize These Protocol Functions

• Independent of wireless link protocol.• Discovery of a CAPWAP manager (AR, IP

addressable switch).• Acquisition of APs by CAPWAP manager.• Configuration and monitoring of wireless link by

CAPWAP manager.• Partially and/or fully terminate the wireless MAC

layer at the CAPWAP manager.– Including security of host traffic.– NOT intended to define changes in MAC!

• Control of AP host load. • Security for CAPWAP signaling.

Next Steps

• Finalize charter.

• Discuss with IESG and charter as quickly as possible.

• Work to complete standardization in a year.– Note: Quick standardization requires a

commitment to working together and willingness to compromise.