Presentation is loading. Please wait.

Presentation is loading. Please wait.

Topic #3 DTLS/CAPWAP Interactions

Published byWalter Moody Modified over 6 years ago

Similar presentations

Presentation on theme: "Topic #3 DTLS/CAPWAP Interactions"— Presentation transcript:

1 Topic #3 DTLS/CAPWAP Interactions
Pat R. Calhoun

2 Issue 226: Transition to Join State
The original intent was to use DTLS as a “black box” Current CAPWAP state machine requires knowledge of DTLS state machine and inspection of DTLS packets

3 Current CAPWAP State Machine
/ < \ v |d | b | | Idle |-->| Discovery |--->| Sulking | | a c | ^ |aa ^ |e / \ | | V f| v k| | | h i j | | /--| Join |->| Configure |-->| Image Data | | | | g | | | "c1, ^ ^ ^ m| ^ |l | | | "c4 " " " | / / | /----/ | | " " " " V |s v V | | “ " " " o | | “ " " " | Run |->| Reset | / | “ " " " n p | “ " " " "c2 ^ ^ c3" ^ \---"-----"--"---" "----" / " “ CAPWAP ~~~~"~~~~~"~~"~~~"~~~~~~~~“~~~~"~~~~~~~~~~~~"~~~"~~~~~~~~~~~~ “ " “ " " " " " DTLS v " "n2 \"""""\ " “ v "n6,n7 /--> " W " " " | /-| Idle | " C| Auth |--"~-"----"----->| Shutdown | \P | | " V “ “ " /--->| |<----\ | | |X Z| " ^ U| " " n4 " | | | | | | " | | " " n5," | ^ | | | | v "n1 |Y | n3“ v n8" |R |Q | | | | | S | | | | | Init | \->| Run |<--| Rekey | | | | | | |-->| | | | | | T | | | \ / | \ /

4 Current State Machine Text
Idle to Join (aa): This transition occurs when the WTP presents a DTLSClientHello message containing a valid cookie to the AC. WTP: This transition is a no-op for the WTP. AC: The AC does not maintain state information until the WTP presents a DTLS ClientHello message containing a valid cookie. Upon receipt of a DTLS ClientHello message containing a valid cookie, the AC creates session state and transitions to the Join state.

5 Proposed Solution Only define the necessary touch points between CAPWAP/DTLS: Establish Session Request Session Established Failed Session Establishment Shutdown/Abort Session Leave the rest of the DTLS state machine definitions stay in the DTLS RFC

6 Proposed CAPWAP State Machine #1
/==========<===============\ “ “n3 “ W “ | DTLS Idle |===>| DTLS Run |======>| DTLS Shutdown | “ ^ “n1,n2,n8 ^ n6,n7“ ^ DTLS ~~”~~~”~~”~~~~~~~~~”~~~~~~~~~~~~~~~~~~~~~~~~~~~~”~~”~~~~~~~~~~~~ “ “ “ /=======+============================/ “ CAPWAP “ “ “ “ “ “ “ “ “ “ / < \ “ c1“ v v v “c |d “ | “ b “ | v | Idle |-->| Discovery |--->| Sulking | “ | “ a c “ ^ “ ^ |aa ^ |e / \ | “ | | | | | “c3 | | “ | | | | o | | “ | | | | | Run |->| Reset | / “ | | | | n p | “ | | | | ^ ^ ^ ^ | “ | | | | | /-----/ | | |s | v f| v m| k| | |l v \==> I | j | Join |->| Configure | >| Image Data | / g | | h | \ > / Not defining the state transitions Significantly reduce the interactions!

7 Proposed CAPWAP State Machine #2
/==========<===============\ “ “n3 “ | DTLS | “ ^ “n1,n2,n8 ^ n6,n7“ ^ DTLS ~~”~~~”~~”~~~~~~~~~”~~~~~~~~~~~~~~~~~~~~~~~~~~~~”~~”~~~~~~~~~~~~ “ “ “ /=======+============================/ “ CAPWAP “ “ “ “ “ “ “ “ “ “ / < \ “ c1“ v v v “c |d “ | “ b “ | v | Idle |-->| Discovery |--->| Sulking | “ | “ a c “ ^ “ ^ |aa ^ |e / \ | “ | | | | | “c3 | | “ | | | | o | | “ | | | | | Run |->| Reset | / “ | | | | n p | “ | | | | ^ ^ ^ ^ | “ | | | | | /-----/ | | |s | v f| v m| k| | |l v \==> I | j | Join |->| Configure | >| Image Data | / g | | h | \ > / Don’t worry about DTLS state machine altogether

8 New State Machine Events
Idle -> DTLS Idle WTP: Occurs when WTP transmits a DTLSStart to the AC and starts the WaitDTLS timer AC: Occurs when the AC receives a DTLSStart. WaitDTLS timer is started. DTLS Idle -> Idle WTP: Occurs when DTLSSessionEstablished notification is not received within WaitDTLS Timer AC: Occurs when DTLSSessionEstablished notification is not received within WaitDTLS Timer Discovery -> DTLS Idle AC: This is an invalid state since the AC does not maintain per WTP discovery state

9 New State Machine Events
DTLS Run -> Join WTP: Occurs when DTLSSessionEstablished command is received from DTLS. WTP transmits a Join Request AC: Occurs when the AC receives a Join Request from the WTP, following a DTLSSessionEstablished command from DTLS. Run -> Reset WTP: Occurs when the WTP receives a Reset Request from the AC. AC: Occurs when the AC transmits a Reset Request to the WTP Reset -> DTLS Shutdown WTP: Occurs when WTP transmits a Reset Response to the AC. AC: Occurs after the AC receives a Reset Response to the WTP The WTP transmits a DTLSSessionShutdown notification to the DTLS stack

10 New State Machine Events
DTLS Shutdown -> Idle WTP: Occurs when the WTP receives a DTLSSessionShutdown notification from DTLS AC: Occurs when the AC receives a DTLSSessionShutdown confirmation notification from DTLS

11 Other Required Changes
Remove unnecessary notifications defined in sections (CAPWAP to DTLS Commands) and (DTLS to CAPWAP Commands) Remove section (DTLS State Transitions)

12 Discussion Point Should CAPWAP worry about the DTLS re-handshake process? Shouldn’t this occur purely within the DTLS stack? Certainly CAPWAP can be responsible for “configuring” the session lifetime, but is that it? This section is another case where that requires the management of DTLS sessions within CAPWAP If we agree this is a DTLS stack issue, then text within section (and sub-sections) should be eliminated

Download ppt "Topic #3 DTLS/CAPWAP Interactions"

Similar presentations

TCP/IP Protocol Suite 1 Chapter 13 Upon completion you will be able to: Stream Control Transmission Protocol Be able to name and understand the services.

TCP/IP Protocol Suite 1 Chapter 13 Upon completion you will be able to: Stream Control Transmission Protocol Be able to name and understand the services.
TCP/IP Protocol Suite 1 Chapter 13 Upon completion you will be able to: Stream Control Transmission Protocol Be able to name and understand the services.

TCP/IP Protocol Suite 1 Chapter 13 Upon completion you will be able to: Stream Control Transmission Protocol Be able to name and understand the services.
Synchronization in Distributed Systems. Mutual Exclusion To read or update shared data, a process should enter a critical region to ensure mutual exclusion.

Synchronization in Distributed Systems. Mutual Exclusion To read or update shared data, a process should enter a critical region to ensure mutual exclusion.
draft-kompella-mpls-rmr Kireeti Kompella IETF 91

draft-kompella-mpls-rmr Kireeti Kompella IETF 91
Internet Command Message Protocol (ICMP) CS-431 Dick Steflik.

Internet Command Message Protocol (ICMP) CS-431 Dick Steflik.
CAPWAP Editor’s Report Pat R. Calhoun Cisco Systems, Inc.

CAPWAP Editor’s Report Pat R. Calhoun Cisco Systems, Inc.
1 CMPT 471 Networking II ICMP © Janice Regan, 2012.

1 CMPT 471 Networking II ICMP © Janice Regan, 2012.
ICMP (Internet Control Message Protocol) Computer Networks By: Saeedeh Zahmatkesh 90-91 spring.

ICMP (Internet Control Message Protocol) Computer Networks By: Saeedeh Zahmatkesh spring.
Light Weight Access Point Protocol (LWAPP) IETF 57 Pat Calhoun, Airespace.

Light Weight Access Point Protocol (LWAPP) IETF 57 Pat Calhoun, Airespace.
CMPT 471 Networking II DHCP © Janice Regan, 2006-2013.

CMPT 471 Networking II DHCP © Janice Regan,
8.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 8: Introducing Computer Accounts.

8.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 8: Introducing Computer Accounts.
1 CMPT 471 Networking II DHCP Failover and multiple servers © Janice Regan, 2006-2013.

1 CMPT 471 Networking II DHCP Failover and multiple servers © Janice Regan,
Simplified BFD Procedures for Bi-Directional LSPs.

Simplified BFD Procedures for Bi-Directional LSPs.
Border Gateway Protocol

Border Gateway Protocol
Yang Shi, Chris Elliott, Yong Zhang IETF 73 rd 18 Nov 2008, Minneapolis CAPWAP WG MIB Drafts Report.

Yang Shi, Chris Elliott, Yong Zhang IETF 73 rd 18 Nov 2008, Minneapolis CAPWAP WG MIB Drafts Report.
(Business) Process Centric Exchanges

(Business) Process Centric Exchanges
21-05-614-00-0000 IEEE 802.21 MEDIA INDEPENDENT HANDOVER DCN: 21-06-0614-00-0000 Title: MIH_Handover primitives and scenarios Date Submitted: April, 30,

IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: MIH_Handover primitives and scenarios Date Submitted: April, 30,
SPS policy – Information Presentation Presentation to ROS June 16, 2004.

SPS policy – Information Presentation Presentation to ROS June 16, 2004.
Authentication Mechanism for Port Control Protocol (PCP) draft-wasserman-pcp-authentication-01.txt Margaret Wasserman Sam Hartman Painless Security Dacheng.

Authentication Mechanism for Port Control Protocol (PCP) draft-wasserman-pcp-authentication-01.txt Margaret Wasserman Sam Hartman Painless Security Dacheng.
© 2001, Cisco Systems, Inc. A_BGP_Confed BGP Confederations.

© 2001, Cisco Systems, Inc. A_BGP_Confed BGP Confederations.

Similar presentations

Ads by Google