virtual aps
TRANSCRIPT
-
8/14/2019 Virtual APs
1/18
doc.: IEEE 802.11-01/TBD
Submission
June 2003
Bernard Aboba/Microsoft
Virtual Access Points
http://www.drizzle.com/~aboba/IEEE/virtual-APs.ppt
Bernard Aboba
MicrosoftWFA Public Access Group
June 4, 2003
http://www.drizzle.com/~aboba/IEEE/virtual-APs.ppthttp://www.drizzle.com/~aboba/IEEE/virtual-APs.ppthttp://www.drizzle.com/~aboba/IEEE/virtual-APs.ppthttp://www.drizzle.com/~aboba/IEEE/virtual-APs.ppt -
8/14/2019 Virtual APs
2/18
doc.: IEEE 802.11-01/TBD
Submission
June 2003
Bernard Aboba/Microsoft
Outline
Goals and Objectives
Challenges for Public Access WLAN
What is a Virtual Access Point?
What Is Required for a Virtual Access Point?
Recommendations
-
8/14/2019 Virtual APs
3/18
doc.: IEEE 802.11-01/TBD
Submission
June 2003
Bernard Aboba/Microsoft
Goals and Objectives
To describe problems commonly encountered in
Public Access WLAN
To describe how Virtual Access Points can
address these problems
To describe the pros and cons of mechanisms used
to implement Virtual APs today
To recommend a single industry-standardmechanism for adoption by WFA
-
8/14/2019 Virtual APs
4/18
doc.: IEEE 802.11-01/TBD
Submission
June 2003
Bernard Aboba/Microsoft
Challenges for Public Access WLAN Minimizing channel conflicts
In some locations (e.g. airports) multiple networks are becoming the norm. Airlines are installing 802.11 networks for use in baggage reconciliation and roving
ticket counters
Multiple wireless ISPs often also want to serve airport customers
Radio interference is an issue In the US and Europe 802.11b networks can support only 3 non-overlapping channels
In France and Japan only one channel is available Once the channels are utilized by existing APs, additional APs will interfere and reduce
performance
Minimizing capital expenditures In this economic environment, raising capital is difficult
Undesirable to build out multiple networks in the same location - why not buildone network and share it?
Attaining high utilization of deployed Access Points Profitability enhanced by filling in periods of low usage on the diurnal curve
Implies a need to serve many different types of customers: business, consumers,etc.
Minimizing support costs
Desirable to support a wide variety of clients without having to preconfigure them
-
8/14/2019 Virtual APs
5/18
doc.: IEEE 802.11-01/TBD
Submission
June 2003
Bernard Aboba/Microsoft
Wouldnt It Be Great If
A single network could be shared by multiple providers?
Each provider could retain the flexibility to announce their own
SSID, and select the services they wish to provide (rates,
security mechanisms, etc.)?
Each provider could manage their own users without interfering
with other providers?
Customers could discover any of the offered networks without
needing to preconfigure their stations?
These are the benefits that Virtual Access Points provide!
-
8/14/2019 Virtual APs
6/18
doc.: IEEE 802.11-01/TBD
Submission
June 2003
Bernard Aboba/Microsoft
What is a Virtual Access Point?
A Virtual Access Point is a logical entity thatexists within a physical Access Point (AP).
Each Virtual AP appears to stations (STAs) to be
an independent physical AP. Virtual APs emulate the operation of physical APs atthe MAC layer.
Virtual APs provide partial emulation of the IP andApplication Layer behavior of physical APs.
Emulating the operation of a physical AP at the radiofrequency layer is typically not possible unless multipleradios are available.
-
8/14/2019 Virtual APs
7/18
doc.: IEEE 802.11-01/TBD
Submission
June 2003
Bernard Aboba/Microsoft
Is It Virtual Or Is It Real?
Only Your Radio Knows For Sure!
Channel 6Channel 6
AP AAP B STA
SSID: Foo
BSSID: A
Rates: 5.5,11
Security: WPA
SSID: Bar
BSSID: B
Rates: 1,2,5.5,11
Security: Open
Physical APs
AP A
Channel 6
Virtual APs
SSID: Foo
BSSID: A
Rates: 5.5,11
Security: WPA
SSID: Bar
BSSID: B
Rates: 1,2,5.5,11
Security: Open
Beacon/Probe
Response
-
8/14/2019 Virtual APs
8/18
doc.: IEEE 802.11-01/TBD
Submission
June 2003
Bernard Aboba/Microsoft
Virtual AP Scenarios
Airports Same infrastructure shared by airlines, FAA and wireless ISPs
Separate VLANs for each provider (for traffic isolation)
Support for different security schemes
WISPs may support both Web Portal and WPA
Airline may support WPA only FAA may want IEEE 802.11i only
Hot Spots
Multiple wireless ISPs sharing infrastructure provided by a wholesaler
Support for different security schemes
WISPs may support both Web Portal and WPA Separate VLANs for each WISP
User authenticates to their home authentication server
-
8/14/2019 Virtual APs
9/18
doc.: IEEE 802.11-01/TBD
Submission
June 2003
Bernard Aboba/Microsoft
What Is Required for a Virtual AP?
Multiple SSIDs. Support for multiple SSID advertisement by APs
Support for STA discovery for advertised SSIDs.
Multiple capability advertisements. Each Virtual AP can advertise its own set of capabilities.
Pre-authentication routing. Determination of the target SSID prior to Association (for routing
of pre-authentication traffic).
Multiple VLANs. Allow a unique VLAN (and unique default key) to be assigned to
each Virtual AP. Multiple RADIUS configurations.
Multiple RADIUS configurations, one for each virtual AP.
Multiple virtual SNMP MIBs. A virtual MIB instance per Virtual AP.
-
8/14/2019 Virtual APs
10/18
doc.: IEEE 802.11-01/TBD
Submission
June 2003
Bernard Aboba/Microsoft
The State of Virtual APs Today
IEEE 802.11-1999 does not provide guidance on
required MAC-layer behavior of Virtual APs
Result
Multiple approaches taken by AP vendors
Different assumptions made by NIC vendors
Interoperability, reliability problems abound
Need for a single, industry-wide solution WFA can help by providing guidance
-
8/14/2019 Virtual APs
11/18
doc.: IEEE 802.11-01/TBD
Submission
June 2003
Bernard Aboba/Microsoft
How Are Multiple SSIDs Implemented?
Multiple SSIDs/Beacon, Single Beacon, Single BSSID. AP uses a single BSSID, and sends a single Beacon.
AP includes multiple SSID Information Elements (IEs) within the
Beacon or Probe Response, with the Beacon interval remaining
unchanged.
Pros Not explicitly prohibited by IEEE 802.11-1999
Allows discovery of multiple SSIDs
Cons
Incompatible with many existing stations
Cant support different capability sets for each SSID
Cant support multiple capability sets within an SSID
Doesnt support pre-authentication routing
Summary
Dont do this - wont work reliably!
-
8/14/2019 Virtual APs
12/18
doc.: IEEE 802.11-01/TBD
Submission
June 2003
Bernard Aboba/Microsoft
How Are Multiple SSIDs Implemented? (Contd) Single SSID/Beacon, Multiple Beacons, Single BSSID.
AP only uses a single BSSID, but sends multiple Beacons, eachwith a single SSID IE.
AP responds to Probe Requests for supported SSIDs (including aRequest for the broadcast SSID) with a Probe Responseincluding the capabilities corresponding to each SSID.
Pros Can support different capability sets for each SSID
Allows discovery of multiple SSIDs
Cons
Some existing drivers will over-write previous advertisementwith the new one
Cant support multiple capability sets within an SSID
Doesnt support pre-authentication routing
Summary
Dont do this - wont work reliably!
-
8/14/2019 Virtual APs
13/18
doc.: IEEE 802.11-01/TBD
Submission
June 2003
Bernard Aboba/Microsoft
How Are Multiple SSIDs Implemented? (Contd) Single SSID/Beacon, Single Beacon, Single BSSID.
AP only uses a single BSSID and sends a single Beacon.
Each Beacon or Probe Response contains only one SSID IE.
Only the capabilities corresponding to the primary SSID are sent inthe Beacon and in response to a Probe Request for the broadcast SSID.
AP responds to Probe Requests for secondary SSIDs with a Probe
Response including the capabilities corresponding to that SSID. Pros
Compatible with existing stations
Can support different capability sets for each SSID
Cons
Doesnt allow discovery of secondary SSIDs requires pre-configuration
Cant support multiple capability sets within an SSID
Doesnt support pre-authentication routing
Summary
Can work, but not a satisfactory long-term solution
-
8/14/2019 Virtual APs
14/18
doc.: IEEE 802.11-01/TBD
Submission
June 2003
Bernard Aboba/Microsoft
How Are Multiple SSIDs Implemented? (Contd) Single SSID/Beacon, Multiple Beacons, Multiple BSSIDs.
AP uses multiple BSSIDs. Each Beacon or Probe Response contains only a single SSID IE.
AP sends Beacons for each Virtual AP that it supports at the standardBeacon interval, using a unique BSSID for each one.
AP responds to Probe Requests for supported BSSIDs (including aRequest for the broadcast SSID) with a Probe Response including the
capabilities corresponding to each BSSID. Pros
Compatible with existing stations
Can support different capability sets for each SSID
Can support multiple capability sets within an SSID Allows discovery of multiple SSIDs
Supports pre-authentication routing
Cons Not supported by some existing APs
Summary Offers the best mix of compatibility and flexibility
The best long-term solution
-
8/14/2019 Virtual APs
15/18
doc.: IEEE 802.11-01/TBD
Submission
June 2003
Bernard Aboba/Microsoft
Virtual APs and Pre-Authentication Routing
Selected SSID not known prior to Association/Reassociation
If multiple Virtual APs exist how does the AP know how
to route pre-authentication traffic?
NAI [RFC2486] might not be sufficient AP needs to know the SSID user wishes to Associate with
Solution
Unique BSSID per Virtual AP
AP includes SSID in Access-Request, based on target BSSID AAA proxy routes traffic based on SSID, NAI
-
8/14/2019 Virtual APs
16/18
doc.: IEEE 802.11-01/TBD
Submission
June 2003
Bernard Aboba/Microsoft
SNMP Support in Virtual APs Multiple providers may want to access to MIB information
Diagnostic information in IEEE 802.1X MIB
Accounting information in IEEE 802.1X MIB
Deployed approaches Multiple IP addressesone for each virtual MIB
SNMP proxy Individual providers query the proxy
SNMP approaches [RFC2975] Domain as index
Domain used as in index with tables
Can be supported in any version of SNMP
Requires support within the MIBnot supported in 802.11 or 802.1X MIBs
Contexts Enables maintenance of separate virtual tables for each context
SNMPv3 contextName used to distinguish virtual instances
Requires SNMPv3 support
Requires support within the SNMPv3 agent
Recommended approach for support of virtual tables per ESSID
-
8/14/2019 Virtual APs
17/18
doc.: IEEE 802.11-01/TBD
Submission
June 2003
Bernard Aboba/Microsoft
Summary
Support for Virtual APs is important to the long-term
future of Public WLAN access
Vendor community is adopting multiple, incompatible
mechanisms for support of Virtual APs
Several of these solutions cannot work reliably!
Result: customer pain, industry confusion
Multiple BSSID approach offers best mix of
compatibility and flexibility
Recommendation: WFA needs to provide guidelines on
how to implement Virtual APs.
-
8/14/2019 Virtual APs
18/18
doc.: IEEE 802.11-01/TBD
Submission
June 2003
Bernard Aboba/Microsoft
Feedback?