WLAN Segregated Data Services

Slides:



Advertisements
Similar presentations
July 2006IETF TRILL1 Multicast MAC Addresses for Standards Use Donald E. Eastlake 3 rd
Advertisements

Submission doc.: IEEE 11-12/0589r0 May 2012 Donald Eastlake 3rd, Huawei R&D USASlide 1 General Links Date: Authors:
Submission doc.: IEEE 11-12/0589r2 July 2012 Donald Eastlake 3rd, Huawei R&D USASlide 1 General Links Date: Authors:
Submission doc.: IEEE 11-12/0589r1 May 2012 Donald Eastlake 3rd, Huawei R&D USASlide 1 General Links Date: Authors:
Doc.: IEEE /2491r00 Submission September 2007 D. Eastlake (Motorola), G. Hiertz (Philips)Slide 1 WLAN Segregated Data Services Date:
Doc.: IEEE /114r1 Submission January 2008 D. Eastlake (Motorola)Slide 1 Segregated Data Services Date: Authors:
Doc.: IEEE /2161r1 Submission July 2007 Slide 1 July 2007 Donald Eastlake 3rd, MotorolaSlide 1 Segregated Data Services in Date:
Submission doc.: IEEE 11-13/0526r1 May 2013 Donald Eastlake, HuaweiSlide 1 Sub-Setting Date: Authors:
Doc.: IEEE /1313r1 Submission November 2013 Stephen McCann, BlackberrySlide 1 TGaq Mini Tutorial Date: Authors:
Doc.: IEEE /1313r2 Submission November 2013 Stephen McCann, BlackberrySlide 1 TGaq Mini Tutorial Date: Authors:
Doc.: IEEE /0817r1 Submission July 2009 McCann et al. (RIM)Slide 1 QoS support in Management Frames Date: Authors:
Doc.: IEEE /1313r4 Submission November 2013 Stephen McCann, BlackberrySlide 1 TGaq Mini Tutorial Date: Authors:
Doc.: IEEE /0103r0 Submission January 2004 Jesse Walker, Intel CorporationSlide 1 Some LB 62 Motions January 14, 2003.
History of s Standardization
FILS Reduced Neighbor Report
More “what is u?” Date: Authors: March 2006
Segregated Data Services
Next Generation: Internet Protocol, Version 6 (IPv6) RFC 2460
Proposed SFD Text for ai Link Setup Procedure
TGaq Service Transaction Protocol for ANDSF Discovery Service
May 2007 doc.: IEEE c doc.: IEEE /0783r0 July 2007
IEEE 802 wide project on Emergency Services
P802.11aq Waiver request regarding IEEE RAC comments
Additional TRILL Work/Documents
November 2008 doc.: IEEE /1437r1 July 2010
TGs Atlanta Closing Report
Lightweight Mesh Point – A confusing term
Technical Requirements for IEEE ESS Mesh Networks
Enhancements to Mesh Discovery
Enhancement to Mesh Discovery
TGs San Diego Closing Report
Mesh Frame Formats Date: Authors: July 2007 March 2007
Resolutions to orphan comments
FILS Reduced Neighbor Report
Segregated Data Services
Coexistence problem of s Congestion Control
Generic Mechanism Across Multiple Technologies / SDOs
TGs PAR Amendment Authors: March 2007 Date: March 2007
Lightweight Mesh Point – A confusing term
Coexistence problem of s Congestion Control
Discovery of ESS services
TGaq Mini Tutorial Date: Authors: November 2013
Infrastructure Service Discovery
TGs Waikoloa Closing Report
TGs PAR Amendment Authors: March 2007 Date: March 2007
Packet forwarding for non-routable devices in Multi-hop Wireless Mesh
November 2010 doc.: IEEE /0800r9 November 2010
TGs Dallas Closing Report
Closing Report Date: Authors: September 2009 September 2009
November 2008 doc.: IEEE /1437r1 November 2010
Terminology changes in a nutshell …
Mesh Frame Formats Date: Authors: June 2007 March 2007
Closing Report Date: Authors: September 2010 March 2010
TGs Waikoloa Closing Report
IEEE Emergency Services
Infrastructure Service Discovery
Relationship between peer link and physical link
WNG SC Agenda Authors: July 2009 Date: March 2009
Lightweight Mesh Point – A confusing term
P802.11aq Waiver request regarding IEEE RAC comments
Segregated Data Services in
July 2009 Closing Plenary Motions
July 2011 EC Motions Date: Authors: July 2011
Mesh Frame Formats Date: Authors: July 2007 March 2007
TGs Denver Closing Report
TGu/TGv Joint Meeting Date: Authors: May 2008 Month Year
Lightweight Mesh Point – A confusing term
TGs San Diego Closing Report
TGs March Mid-Week Report
Multi hop connections using
Presentation transcript:

WLAN Segregated Data Services November 2007July 2007 July 2007 IEEE P802.11-07/2491r2doc.: IEEE 802.11-07/xxx2r0 doc.: IEEE 802.11-07/xxx2r0 November 2007 WLAN Segregated Data Services Date: 2007-11-13 Authors: Slide 1 D. Eastlake (Motorola), G. Hiertz (Philips) D. Eastlake (Motorola), G. Hiertz (Philips)Donald Eastlake 3rd, Motorola Donald Eastlake 3rd, Motorola

IEEE P802.11-07/2491r2doc.: IEEE 802.11-07/xxx2r0 July 2007 November 2007July 2007 IEEE P802.11-07/2491r2doc.: IEEE 802.11-07/xxx2r0 doc.: IEEE 802.11-07/xxx2r0 November 2007 Abstract 802.11 networks need VLANs or a similar mechanism for segregated data services. The need varies from a mild requirement to distinguish “visitors” from “residents” in a one AP home network to much stronger and more complex requirements in enterprise, municipal, and other systems. Scenarios and requirements for adding segregated services to IEEE 802.11 are presented along with some comments on prospective or under development mechanisms to met those requirements. Slide 2 D. Eastlake (Motorola), G. Hiertz (Philips) D. Eastlake (Motorola), G. Hiertz (Philips)Donald Eastlake 3rd, Motorola Donald Eastlake 3rd, Motorola

IEEE P802.11-07/2491r2doc.: IEEE 802.11-07/xxx2r0 July 2007 November 2007July 2007 IEEE P802.11-07/2491r2doc.: IEEE 802.11-07/xxx2r0 doc.: IEEE 802.11-07/xxx2r0 November 2007 Some Motivations Segregating traffic for “visitors” who should only have access to the Internet and limited facilities, from “insider” traffic. Provision of different services for free, subscription, and municipal services in Hot Zone or Municipal systems. In mesh environments, ability to safely forward data through nodes with limited trust. To enable aggregation of traffic over a single infrastructure for efficient deployment. Slide 3 D. Eastlake (Motorola), G. Hiertz (Philips) D. Eastlake (Motorola), G. Hiertz (Philips)Donald Eastlake 3rd, Motorola Donald Eastlake 3rd, Motorola

November 2007 Example Scenario Ia (unified infrastructure, single interface end stations) Internet Firewall Protected Services MAP 2 MAP 1 AP 2 Local Station Local Station Local Station Guest Station Local VLAN Guest VLAN Wired Connection Local Station Guest Station D. Eastlake (Motorola), G. Hiertz (Philips)

End Point Assesment and Remediation November 2007 Example Scenario Ib (unified infrastructure, single interface end stations) Other Services End Point Assesment and Remediation MAP 2 MAP 1 AP 2 Healthy Station Healthy Station Healthy Station Healthy Station Infected Station Normal VLAN Assessment and Remediation VLAN Wired Connection New Station D. Eastlake (Motorola), G. Hiertz (Philips)

Example Scenario II (diverse mesh, multi-interface mesh points) November 2007 Example Scenario II (diverse mesh, multi-interface mesh points) Internet Organization 2 Infrastructure Org 2 MPP Organization 1 Infrastructure Org 1 MPP Organization 1 Service Organization 2 Service Local Mesh Service Org 1 MP Org 2 MP Org 2 MP Org 1 MP Org 3 MP Org 2 MP Org 1 MP D. Eastlake (Motorola), G. Hiertz (Philips)

Scenario II without segregated data services November 2007 Scenario II without segregated data services Internet Organization 1 Infrastructure Organization 2 Infrastructure Organization 1 Service Organization 2 Service Org 2 MPP Org 1 MPP Org 1 MP Org 2 MP Org 2 MP Org 1 MP Org 3 MP Org 2 MP Org 1 MP D. Eastlake (Motorola), G. Hiertz (Philips)

IEEE P802.11-07/2491r2doc.: IEEE 802.11-07/xxx2r0 July 2007 November 2007July 2007 IEEE P802.11-07/2491r2doc.: IEEE 802.11-07/xxx2r0 doc.: IEEE 802.11-07/xxx2r0 November 2007 Requirements Advertising Availability of Services Associating/Authenticating/Authorizing for One or more Specific Services Multiple Service Security Channels Between Two Stations Transit Frame Labelling Protection of Segregated Data from Unauthorized Access Configuration and Management Slide 8 D. Eastlake (Motorola), G. Hiertz (Philips) D. Eastlake (Motorola), G. Hiertz (Philips)Donald Eastlake 3rd, Motorola Donald Eastlake 3rd, Motorola

1. Advertising Availability of Services July 2007 November 2007July 2007 IEEE P802.11-07/2491r2doc.: IEEE 802.11-07/xxx2r0 doc.: IEEE 802.11-07/xxx2r0 November 2007 1. Advertising Availability of Services Current practice: Transmit multiple Beacons, as is done at IEEE 802 meetings. Work in progress: General Advertisement Service (GAS) mechanisms in 802.11 TGu (Interworking with External Networks). Includes SSIDC (SSID Container IE) for transmission of multiple SSIDs (with or without multiple BSSIDs) in a single beacon. No additional chartered work appears necessary for this requirement. Slide 9 D. Eastlake (Motorola), G. Hiertz (Philips) D. Eastlake (Motorola), G. Hiertz (Philips)Donald Eastlake 3rd, Motorola Donald Eastlake 3rd, Motorola

2. Associating/Authenticating/Authorizing for a Specific Service July 2007 November 2007July 2007 IEEE P802.11-07/2491r2doc.: IEEE 802.11-07/xxx2r0 doc.: IEEE 802.11-07/xxx2r0 November 2007 2. Associating/Authenticating/Authorizing for a Specific Service Current practice: Only one association, 802.11i security. Work in progress: TGw (Protected Management Frames) to extends security to some control messages TGs (Mesh Networking) with authentication to mesh distinguished from authentication to an AP TGu (Interworking with External Networks) different credentials/authentication for different back end carriers Possible new work: Ability to have different credentials / authentication for different Services/VLANs. Slide 10 D. Eastlake (Motorola), G. Hiertz (Philips) D. Eastlake (Motorola), G. Hiertz (Philips)Donald Eastlake 3rd, Motorola Donald Eastlake 3rd, Motorola

3. Multiple Service Security Channels Between Stations July 2007 November 2007July 2007 IEEE P802.11-07/2491r2doc.: IEEE 802.11-07/xxx2r0 doc.: IEEE 802.11-07/xxx2r0 November 2007 3. Multiple Service Security Channels Between Stations Current Practice: AP can have multiple security associations but each with a different end station. Two stations can have multiple IPsec security associations or the like at the application level. Work in Progress: TGs (Mesh Networking) permits multiple associations but each with a different mesh point. Possible new work: Different security associations for different services/VLANs Need to handling unicast, multicast, and broadcast Development of a new Authenticator PAE function that can manage multiple SAs with a given neighbor Slide 11 D. Eastlake (Motorola), G. Hiertz (Philips) D. Eastlake (Motorola), G. Hiertz (Philips)Donald Eastlake 3rd, Motorola Donald Eastlake 3rd, Motorola

4. Transit Frame Labelling July 2007 November 2007July 2007 IEEE P802.11-07/2491r2doc.: IEEE 802.11-07/xxx2r0 doc.: IEEE 802.11-07/xxx2r0 November 2007 4. Transit Frame Labelling Current Practice: Current standard explicitly permits 802.1Q-Tag in payload (802.11-2007 Annex M) but Q-Tag’s priority and VLAN ID fields are otherwise ignored. Only obvious way is to use different MAC addresses. Work in Progress: none... Possible new work: Header addition to distinguish Service/VLAN? Other mechanisms? Slide 12 D. Eastlake (Motorola), G. Hiertz (Philips) D. Eastlake (Motorola), G. Hiertz (Philips)Donald Eastlake 3rd, Motorola Donald Eastlake 3rd, Motorola

5. Protection of Segregated Data from Unauthorized Access July 2007 November 2007July 2007 IEEE P802.11-07/2491r2doc.: IEEE 802.11-07/xxx2r0 doc.: IEEE 802.11-07/xxx2r0 November 2007 5. Protection of Segregated Data from Unauthorized Access Current Practice: Have to use IPsec or some similar application level mechanism to protect data at intermediate hops. Work in Progress: none... Possible new work: Optional edge-to-edge security between original source station and final destination station. But not all services would require this. (If VLAN mapping is possible, authentication should be keyed to SSID, not VLAN ID.) Slide 13 D. Eastlake (Motorola), G. Hiertz (Philips) D. Eastlake (Motorola), G. Hiertz (Philips)Donald Eastlake 3rd, Motorola Donald Eastlake 3rd, Motorola

6. Configuration and Management July 2007 November 2007July 2007 IEEE P802.11-07/2491r2doc.: IEEE 802.11-07/xxx2r0 doc.: IEEE 802.11-07/xxx2r0 November 2007 6. Configuration and Management Current Practice: SNMP (Simple Network Management Protcol) GVRP/MVRP (VLAN Registration Protocols) Proprietary command line interfaces and protocols Work in Progress: SNMP MIB (Management Information Base) additions by TGu (Interworking with External Networks) Possible new work: MIB additions or other mechanisms for configuration and management including setting-up and deleting VLANs Slide 14 D. Eastlake (Motorola), G. Hiertz (Philips) Page 14 D. Eastlake (Motorola), G. Hiertz (Philips)Donald Eastlake 3rd, Motorola Donald Eastlake 3rd, Motorola

IEEE P802.11-07/2491r2doc.: IEEE 802.11-07/xxx2r0 July 2007 November 2007July 2007 IEEE P802.11-07/2491r2doc.: IEEE 802.11-07/xxx2r0 doc.: IEEE 802.11-07/xxx2r0 November 2007 Results in Waikoloa In WNG Standing Committee Moved, To request the IEEE 802.11 Working Group to approve and forward to the IEEE 802 Executive Committee the creation of a “WLAN Segregated Data Services” Study Group to consider how best to meet requirements as follows and how best to coordinate such activities with 802.1: labeling frames per service; security of data within a service; and the configuration and management of such services. Moved: Donald Eastlake 3rd Seconded: Guido Hiertz Yes: 22 No: 0 Abstain: 4 (100% approval) In 802.11 Working Group at Closing Plenary Yes: 19 No: 9 Abstain: 24 (67.85% approval) Slide 15 D. Eastlake (Motorola), G. Hiertz (Philips) Page 15 D. Eastlake (Motorola), G. Hiertz (Philips)Donald Eastlake 3rd, Motorola Donald Eastlake 3rd, Motorola

Motion for Closing Plenary in Atlanta November 2007 Motion for Closing Plenary in Atlanta Moved, To approve and forward to the IEEE 802 Executive Committee for their approval the creation of a “WLAN Segregated Data Services” Study Group to consider how best to meet requirements as follows in 802.11 and how best to coordinate such activities with 802.1: labeling 802.11 frames per service; security of data within such services; and the configuration and management of such services. Moved: Donald Eastlake 3rd Seconded: Stephen McCann D. Eastlake (Motorola), G. Hiertz (Philips)

Projected Near Term Segregated Data Services Schedule November 2007 Projected Near Term Segregated Data Services Schedule November 2007: 802.11 Working Group approval March 2008: 802 Executive Committee approval May 2008: First Study Group Meeting By that time, 3 Task Groups should have completed. Scheduled final ExecComm vote: November 2007: TGk March 2008: TGr March 2008: TGy D. Eastlake (Motorola), G. Hiertz (Philips)

IEEE P802.11-07/2491r2doc.: IEEE 802.11-07/xxx2r0 July 2007 November 2007July 2007 IEEE P802.11-07/2491r2doc.: IEEE 802.11-07/xxx2r0 doc.: IEEE 802.11-07/xxx2r0 November 2007 References Draft 802.11s D1.07 – ESS Mesh Networking Draft 802.11u D1.01 – Interworking with External Networks Draft 802.11w D3.0, – Protected Management Frames IEEE Standard 802.11-2007 – WLANs IEEE Standard 802.1Q-2005 – VLANs IETF RFC 3410 – SNMP Slide 18 D. Eastlake (Motorola), G. Hiertz (Philips) D. Eastlake (Motorola), G. Hiertz (Philips)Donald Eastlake 3rd, Motorola Donald Eastlake 3rd, Motorola

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.