virtual aps

Upload: koen-van-oost

Post on 04-Jun-2018

219 views

Category:

Documents


0 download

TRANSCRIPT

  • 8/14/2019 Virtual APs

    1/18

    doc.: IEEE 802.11-01/TBD

    Submission

    June 2003

    Bernard Aboba/Microsoft

    Virtual Access Points

    http://www.drizzle.com/~aboba/IEEE/virtual-APs.ppt

    Bernard Aboba

    MicrosoftWFA Public Access Group

    June 4, 2003

    http://www.drizzle.com/~aboba/IEEE/virtual-APs.ppthttp://www.drizzle.com/~aboba/IEEE/virtual-APs.ppthttp://www.drizzle.com/~aboba/IEEE/virtual-APs.ppthttp://www.drizzle.com/~aboba/IEEE/virtual-APs.ppt
  • 8/14/2019 Virtual APs

    2/18

    doc.: IEEE 802.11-01/TBD

    Submission

    June 2003

    Bernard Aboba/Microsoft

    Outline

    Goals and Objectives

    Challenges for Public Access WLAN

    What is a Virtual Access Point?

    What Is Required for a Virtual Access Point?

    Recommendations

  • 8/14/2019 Virtual APs

    3/18

    doc.: IEEE 802.11-01/TBD

    Submission

    June 2003

    Bernard Aboba/Microsoft

    Goals and Objectives

    To describe problems commonly encountered in

    Public Access WLAN

    To describe how Virtual Access Points can

    address these problems

    To describe the pros and cons of mechanisms used

    to implement Virtual APs today

    To recommend a single industry-standardmechanism for adoption by WFA

  • 8/14/2019 Virtual APs

    4/18

    doc.: IEEE 802.11-01/TBD

    Submission

    June 2003

    Bernard Aboba/Microsoft

    Challenges for Public Access WLAN Minimizing channel conflicts

    In some locations (e.g. airports) multiple networks are becoming the norm. Airlines are installing 802.11 networks for use in baggage reconciliation and roving

    ticket counters

    Multiple wireless ISPs often also want to serve airport customers

    Radio interference is an issue In the US and Europe 802.11b networks can support only 3 non-overlapping channels

    In France and Japan only one channel is available Once the channels are utilized by existing APs, additional APs will interfere and reduce

    performance

    Minimizing capital expenditures In this economic environment, raising capital is difficult

    Undesirable to build out multiple networks in the same location - why not buildone network and share it?

    Attaining high utilization of deployed Access Points Profitability enhanced by filling in periods of low usage on the diurnal curve

    Implies a need to serve many different types of customers: business, consumers,etc.

    Minimizing support costs

    Desirable to support a wide variety of clients without having to preconfigure them

  • 8/14/2019 Virtual APs

    5/18

    doc.: IEEE 802.11-01/TBD

    Submission

    June 2003

    Bernard Aboba/Microsoft

    Wouldnt It Be Great If

    A single network could be shared by multiple providers?

    Each provider could retain the flexibility to announce their own

    SSID, and select the services they wish to provide (rates,

    security mechanisms, etc.)?

    Each provider could manage their own users without interfering

    with other providers?

    Customers could discover any of the offered networks without

    needing to preconfigure their stations?

    These are the benefits that Virtual Access Points provide!

  • 8/14/2019 Virtual APs

    6/18

    doc.: IEEE 802.11-01/TBD

    Submission

    June 2003

    Bernard Aboba/Microsoft

    What is a Virtual Access Point?

    A Virtual Access Point is a logical entity thatexists within a physical Access Point (AP).

    Each Virtual AP appears to stations (STAs) to be

    an independent physical AP. Virtual APs emulate the operation of physical APs atthe MAC layer.

    Virtual APs provide partial emulation of the IP andApplication Layer behavior of physical APs.

    Emulating the operation of a physical AP at the radiofrequency layer is typically not possible unless multipleradios are available.

  • 8/14/2019 Virtual APs

    7/18

    doc.: IEEE 802.11-01/TBD

    Submission

    June 2003

    Bernard Aboba/Microsoft

    Is It Virtual Or Is It Real?

    Only Your Radio Knows For Sure!

    Channel 6Channel 6

    AP AAP B STA

    SSID: Foo

    BSSID: A

    Rates: 5.5,11

    Security: WPA

    SSID: Bar

    BSSID: B

    Rates: 1,2,5.5,11

    Security: Open

    Physical APs

    AP A

    Channel 6

    Virtual APs

    SSID: Foo

    BSSID: A

    Rates: 5.5,11

    Security: WPA

    SSID: Bar

    BSSID: B

    Rates: 1,2,5.5,11

    Security: Open

    Beacon/Probe

    Response

  • 8/14/2019 Virtual APs

    8/18

    doc.: IEEE 802.11-01/TBD

    Submission

    June 2003

    Bernard Aboba/Microsoft

    Virtual AP Scenarios

    Airports Same infrastructure shared by airlines, FAA and wireless ISPs

    Separate VLANs for each provider (for traffic isolation)

    Support for different security schemes

    WISPs may support both Web Portal and WPA

    Airline may support WPA only FAA may want IEEE 802.11i only

    Hot Spots

    Multiple wireless ISPs sharing infrastructure provided by a wholesaler

    Support for different security schemes

    WISPs may support both Web Portal and WPA Separate VLANs for each WISP

    User authenticates to their home authentication server

  • 8/14/2019 Virtual APs

    9/18

    doc.: IEEE 802.11-01/TBD

    Submission

    June 2003

    Bernard Aboba/Microsoft

    What Is Required for a Virtual AP?

    Multiple SSIDs. Support for multiple SSID advertisement by APs

    Support for STA discovery for advertised SSIDs.

    Multiple capability advertisements. Each Virtual AP can advertise its own set of capabilities.

    Pre-authentication routing. Determination of the target SSID prior to Association (for routing

    of pre-authentication traffic).

    Multiple VLANs. Allow a unique VLAN (and unique default key) to be assigned to

    each Virtual AP. Multiple RADIUS configurations.

    Multiple RADIUS configurations, one for each virtual AP.

    Multiple virtual SNMP MIBs. A virtual MIB instance per Virtual AP.

  • 8/14/2019 Virtual APs

    10/18

    doc.: IEEE 802.11-01/TBD

    Submission

    June 2003

    Bernard Aboba/Microsoft

    The State of Virtual APs Today

    IEEE 802.11-1999 does not provide guidance on

    required MAC-layer behavior of Virtual APs

    Result

    Multiple approaches taken by AP vendors

    Different assumptions made by NIC vendors

    Interoperability, reliability problems abound

    Need for a single, industry-wide solution WFA can help by providing guidance

  • 8/14/2019 Virtual APs

    11/18

    doc.: IEEE 802.11-01/TBD

    Submission

    June 2003

    Bernard Aboba/Microsoft

    How Are Multiple SSIDs Implemented?

    Multiple SSIDs/Beacon, Single Beacon, Single BSSID. AP uses a single BSSID, and sends a single Beacon.

    AP includes multiple SSID Information Elements (IEs) within the

    Beacon or Probe Response, with the Beacon interval remaining

    unchanged.

    Pros Not explicitly prohibited by IEEE 802.11-1999

    Allows discovery of multiple SSIDs

    Cons

    Incompatible with many existing stations

    Cant support different capability sets for each SSID

    Cant support multiple capability sets within an SSID

    Doesnt support pre-authentication routing

    Summary

    Dont do this - wont work reliably!

  • 8/14/2019 Virtual APs

    12/18

    doc.: IEEE 802.11-01/TBD

    Submission

    June 2003

    Bernard Aboba/Microsoft

    How Are Multiple SSIDs Implemented? (Contd) Single SSID/Beacon, Multiple Beacons, Single BSSID.

    AP only uses a single BSSID, but sends multiple Beacons, eachwith a single SSID IE.

    AP responds to Probe Requests for supported SSIDs (including aRequest for the broadcast SSID) with a Probe Responseincluding the capabilities corresponding to each SSID.

    Pros Can support different capability sets for each SSID

    Allows discovery of multiple SSIDs

    Cons

    Some existing drivers will over-write previous advertisementwith the new one

    Cant support multiple capability sets within an SSID

    Doesnt support pre-authentication routing

    Summary

    Dont do this - wont work reliably!

  • 8/14/2019 Virtual APs

    13/18

    doc.: IEEE 802.11-01/TBD

    Submission

    June 2003

    Bernard Aboba/Microsoft

    How Are Multiple SSIDs Implemented? (Contd) Single SSID/Beacon, Single Beacon, Single BSSID.

    AP only uses a single BSSID and sends a single Beacon.

    Each Beacon or Probe Response contains only one SSID IE.

    Only the capabilities corresponding to the primary SSID are sent inthe Beacon and in response to a Probe Request for the broadcast SSID.

    AP responds to Probe Requests for secondary SSIDs with a Probe

    Response including the capabilities corresponding to that SSID. Pros

    Compatible with existing stations

    Can support different capability sets for each SSID

    Cons

    Doesnt allow discovery of secondary SSIDs requires pre-configuration

    Cant support multiple capability sets within an SSID

    Doesnt support pre-authentication routing

    Summary

    Can work, but not a satisfactory long-term solution

  • 8/14/2019 Virtual APs

    14/18

    doc.: IEEE 802.11-01/TBD

    Submission

    June 2003

    Bernard Aboba/Microsoft

    How Are Multiple SSIDs Implemented? (Contd) Single SSID/Beacon, Multiple Beacons, Multiple BSSIDs.

    AP uses multiple BSSIDs. Each Beacon or Probe Response contains only a single SSID IE.

    AP sends Beacons for each Virtual AP that it supports at the standardBeacon interval, using a unique BSSID for each one.

    AP responds to Probe Requests for supported BSSIDs (including aRequest for the broadcast SSID) with a Probe Response including the

    capabilities corresponding to each BSSID. Pros

    Compatible with existing stations

    Can support different capability sets for each SSID

    Can support multiple capability sets within an SSID Allows discovery of multiple SSIDs

    Supports pre-authentication routing

    Cons Not supported by some existing APs

    Summary Offers the best mix of compatibility and flexibility

    The best long-term solution

  • 8/14/2019 Virtual APs

    15/18

    doc.: IEEE 802.11-01/TBD

    Submission

    June 2003

    Bernard Aboba/Microsoft

    Virtual APs and Pre-Authentication Routing

    Selected SSID not known prior to Association/Reassociation

    If multiple Virtual APs exist how does the AP know how

    to route pre-authentication traffic?

    NAI [RFC2486] might not be sufficient AP needs to know the SSID user wishes to Associate with

    Solution

    Unique BSSID per Virtual AP

    AP includes SSID in Access-Request, based on target BSSID AAA proxy routes traffic based on SSID, NAI

  • 8/14/2019 Virtual APs

    16/18

    doc.: IEEE 802.11-01/TBD

    Submission

    June 2003

    Bernard Aboba/Microsoft

    SNMP Support in Virtual APs Multiple providers may want to access to MIB information

    Diagnostic information in IEEE 802.1X MIB

    Accounting information in IEEE 802.1X MIB

    Deployed approaches Multiple IP addressesone for each virtual MIB

    SNMP proxy Individual providers query the proxy

    SNMP approaches [RFC2975] Domain as index

    Domain used as in index with tables

    Can be supported in any version of SNMP

    Requires support within the MIBnot supported in 802.11 or 802.1X MIBs

    Contexts Enables maintenance of separate virtual tables for each context

    SNMPv3 contextName used to distinguish virtual instances

    Requires SNMPv3 support

    Requires support within the SNMPv3 agent

    Recommended approach for support of virtual tables per ESSID

  • 8/14/2019 Virtual APs

    17/18

    doc.: IEEE 802.11-01/TBD

    Submission

    June 2003

    Bernard Aboba/Microsoft

    Summary

    Support for Virtual APs is important to the long-term

    future of Public WLAN access

    Vendor community is adopting multiple, incompatible

    mechanisms for support of Virtual APs

    Several of these solutions cannot work reliably!

    Result: customer pain, industry confusion

    Multiple BSSID approach offers best mix of

    compatibility and flexibility

    Recommendation: WFA needs to provide guidelines on

    how to implement Virtual APs.

  • 8/14/2019 Virtual APs

    18/18

    doc.: IEEE 802.11-01/TBD

    Submission

    June 2003

    Bernard Aboba/Microsoft

    Feedback?