Transcript PPT Version

WAP!
CAPWAP BOF
Control And Provisioning of
Wireless Access Points
James Kempf
DoCoMo Labs USA
Dorothy Stanley
Agere Systems
Agenda
•
•
•
•
•
•
•
•
Intro and Agenda Bashing (10 min)
LWAPP (Pat Calhoun) (10 min)
SNMP (Marcus Brunner) (10 min)
Access Point Discovery (Inderpreet Singh) (10
min).
Security and Certificate Provisioning (David
Molnar) (10 min)
AAA (James Kempf for Bill Arbaugh, 5 min)
Discussion (40 min)
Summary and Next Steps (10 min)
Problem Statement: 802.11 Network
Installation and Management
• Installation of 802.11 Access Points (APs) is
expensive and complex.
– Each stand-alone AP requires individual configuration
and radio tuning upon installation.
– Result is large OPEX for installation.
• Management of 802.11 APs is difficult.
– Radio interactions between APs difficult to manage due
to standalone nature of APs.
• If an AP fails, you’ve got a black hole.
– Interactions between Access Routers (ARs) and APs
unmanaged or proprietary.
– Result is large OPEX for management.
Problem Statement: 802.11 AP
Security and Handover
• Security protocol to establish trust relationship between
ARs and APs is lacking.
– Unsanctioned, insecure APs are a problem in enterprise networks.
• Radio resources are unmanaged and can lead to AP
overload.
• Complex handover protocols exist for security and
performance reasons.
– AP as NAS means thousands of control points for network access.
• A target rich environment
– Performance hit on handover.
• Self-contained nature of APs means each AP must handle handover
itself.
History
• Internet draft on IAPP circa 1995.
– Never reached BOF stage but went to 802.11.
– IAPP now an 802.11f Recommended Practice.
– But depends heavily on IETF protocols (RADIUS,
UDP) so not strictly L2 protocol.
• CRAPS BOF, 2000
– Covered many areas including AP control.
– Resulted in Seamoby WG.
– But AP control and management component dropped
due to lack of vendor interest.
• There was resistance in the IETF to standardizing
a protocol that carries L2 information elements.
What’s Changed?
• 802.11 network expansion.
– Real radio protocol that anybody can deploy.
• But exactly that is the problem:
– Deploying large 802.11 networks is expensive and time
consuming.
– Anybody can deploy an access point and be a Bad Guy.
• Collection of vendors who want an interoperable
WLAN control and management protocol for real
products.
– Not a research question anymore.
Architectural Question: What is an
Access Point
• Layer 2 device?
– But it performs some Layer 3 functions:
•
•
•
•
Handover support
Network Access Server
Firewall.
NAT
• Layer 3 device?
– But it primarily bridges between the wireless and wired
networks.
– Not a router or host.
Technical Presentations
Should IETF Do This Work?
• Lightweight access point model could simplify
deployment, security, and maintenance of 802.11
networks.
• Vendors are interested in a standardized, secure
protocol for lightweight access points so their
routers, switches, and access points interoperate.
• Access points have enough Layer 3 characteristics
that it may be in IETF’s scope.
• Additional radio protocols (ex. UWB) may need
support in the future.
Charter Proposal:Standardize These
Protocol Functions
• Independent of wireless link protocol.
• Discovery of a CAPWAP manager (AR, IP
addressable switch).
• Acquisition of APs by CAPWAP manager.
• Configuration and monitoring of wireless link by
CAPWAP manager.
• Partially and/or fully terminate the wireless MAC
layer at the CAPWAP manager.
– Including security of host traffic.
– NOT intended to define changes in MAC!
• Control of AP host load.
• Security for CAPWAP signaling.
Next Steps
• Finalize charter.
• Discuss with IESG and charter as quickly as
possible.
• Work to complete standardization in a year.
– Note: Quick standardization requires a
commitment to working together and
willingness to compromise.