doc.: IEEE /1191r5 Submission November 2004 Mike Moreton, STMicroelectronicsSlide 1 AP Architecture Thoughts Mike Moreton, STMicroelectronics
doc.: IEEE /1191r5 Submission November 2004 Mike Moreton, STMicroelectronicsSlide 2 Introduction defines terms such as Integration Function, Portal, DS, DSM etc. Definition is deliberately vague –To allow different implementations Hence different companies have different views of what these terms actually mean –Almost any diagram is likely to be unacceptable to a majority of companies
doc.: IEEE /1191r5 Submission November 2004 Mike Moreton, STMicroelectronicsSlide distribution system (DS): A system used to interconnect a set of BSSs and integrated LANs to create an ESS distribution system medium (DSM): The medium or set of media used by a DS for communications between APs and portals of an ESS extended service set (ESS): A set of one or more interconnected BSSs and integrated LANs that appears as a single BSS to the LLC layer at any station associated with one of those BSSs integration: The service that enables delivery of MSDUs between the DS and an existing, non-IEEE LAN (via a portal) portal: The logical point at which MSDUs from a non- IEEE LAN enter the DS of an ESS. Definitions
doc.: IEEE /1191r5 Submission November 2004 Mike Moreton, STMicroelectronicsSlide 4 Position of Portal
doc.: IEEE /1191r5 Submission November 2004 Mike Moreton, STMicroelectronicsSlide 5 DS and Integrated LAN (1999) Integrated LAN Portal (Integration Function) MAC (AP STA) DSM DS AP STA BSS Non Endpoint ESS MAC (AP STA)
doc.: IEEE /1191r5 Submission November 2004 Mike Moreton, STMicroelectronicsSlide 6 DSM MAC Integrated LAN Portal MAC Relay Entity MAC (AP STA) DSM DS MAC (AP STA) DS and Integrated LAN (1999) – missing blocks filled in MAC Relay Entity AP STA BSS Non Endpoint ESS DSM MAC
doc.: IEEE /1191r5 Submission November 2004 Mike Moreton, STMicroelectronicsSlide D Architecture
doc.: IEEE /1191r5 Submission November 2004 Mike Moreton, STMicroelectronicsSlide 8 DSM MAC Integrated LAN Portal MAC Relay Entity MAC (AP STA) DSM DS AP STA BSS Non Endpoint ESS DSM MAC 1999 including LLC LLC Higher Layer Entities MAC Relay Entity LLC Higher Layer Entities MAC (AP STA)
doc.: IEEE /1191r5 Submission November 2004 Mike Moreton, STMicroelectronicsSlide X MAC Virtual Integrated LAN Virtual Portal MAC Relay Entity MAC (AP STA) 802.X LAN DS AP STA BSS 802.X Endpoint ESS 802.X MAC 1999 with 802.X DS LLC Higher Layer Entities MAC Relay Entity LLC Higher Layer Entities MAC (AP STA) Frame Routing
doc.: IEEE /1191r5 Submission November 2004 Mike Moreton, STMicroelectronicsSlide 10 Integrated LAN (ILAN) Portal MAC Relay Entity MAC (AP STA) DS AP STA BSS Non Endpoint ESS ILAN MAC 1999 – portal in AP LLC Higher Layer Entities MAC Relay Entity LLC Higher Layer Entities MAC (AP STA) Frame Routing Portal ILAN MAC Frame Routing DS Frame Routing
doc.: IEEE /1191r5 Submission November 2004 Mike Moreton, STMicroelectronicsSlide X Port Model (not controlled and uncontrolled!) 802.1X authenticates the device connected to a port For 802.3, the security association between the authentication and frames is provided by the physical limitations of the port Switch STA Apologies to 802.1X experts for any errors…
doc.: IEEE /1191r5 Submission November 2004 Mike Moreton, STMicroelectronicsSlide X and Broadcast LANs One STA authenticating doesnt prove anything, as frames could come from another STA. Switch STA
doc.: IEEE /1191r5 Submission November 2004 Mike Moreton, STMicroelectronicsSlide X and i Use encryption with pairwise key to create virtual links between the switch and a single STA. As long as encryption is enabled before controlled port is enabled, cant steal someone elses authentication. Correspondence between pairwise key and virtual port Switch STA
doc.: IEEE /1191r5 Submission November 2004 Mike Moreton, STMicroelectronicsSlide 14 11i Separate port created for each STA at association 802.1X controls communication to relay entity Relay entity similar to 802.1D, but not identical. DS Update at Controlled Port Authentication? MAC Relay Entity Port for STA 1 Frame Routing Port for STA 2 Frame Routing Port for STA 3 Frame Routing DS Controlled / Uncontrolled Port Filtering
doc.: IEEE /1191r5 Submission November 2004 Mike Moreton, STMicroelectronicsSlide 15 11i with broadcast Broadcast frames have their own key – so surely they have their own virtual port? Relay Entity has different rules for forwarding frames to ports depending on type Controlled port authorised at first association? MAC Relay Entity Port for STA 1 Frame Routing Port for STA 2 Frame Routing Port for STA 3 Frame Routing DS Broadcast Port Frame Routing
doc.: IEEE /1191r5 Submission November 2004 Mike Moreton, STMicroelectronicsSlide 16 11i with broadcast, single MAC Reality is more like this. The different ports share a MAC One MAC can handle multiple ports as port is identified by MAC address MAC Relay Entity Port for STA 1 Frame Routing Port for STA 2 Frame Routing Port for STA 3 Frame Routing DS Broadcast Port Frame Routing MAC
doc.: IEEE /1191r5 Submission November 2004 Mike Moreton, STMicroelectronicsSlide 17 11i with broadcast plus WDS WDS links are AP to AP links Will probably have pairwise keys (TGs to define) Relay treatment is like standard 802.1D Relay MAC Relay Entity Port for STA 1 Frame Routing Port for STA 2 Frame Routing Port for STA 3 Frame Routing DS Broadcast Port Frame Routing MAC WDS Port 1 Frame Routing WDS Port 2 Frame Routing WDS Port 3 Frame Routing
doc.: IEEE /1191r5 Submission November 2004 Mike Moreton, STMicroelectronicsSlide i Relay Entity Port Types Unicast –Address comes from association, not learnt –No flooding of unknown frames –No forwarding of broadcast frames Broadcast –No forwarding of any unicast frames (known or unknown) –Forward copy of each broadcast frame WDS –Learn addresses at remote end –Flood unknown frames –Forward copy of each broadcast frame –Run STP
doc.: IEEE /1191r5 Submission November 2004 Mike Moreton, STMicroelectronicsSlide 19 Question Should define its own (enhanced) Relay Entity, or should the standard 802.1D Relay Entity be enhanced to support i?