CAPWAP BOF Control And Provisioning of Wireless Access Points James Kempf DoCoMo Labs USA Dorothy Stanley Agere Systems WAP!

Agenda Intro and Agenda Bashing (10 min) LWAPP (Pat Calhoun) (10 min) SNMP (Marcus Brunner) (10 min) Access Point Discovery (Inderpreet Singh) (10 min). Security and Certificate Provisioning (David Molnar) (10 min) AAA (James Kempf for Bill Arbaugh, 5 min) Discussion (40 min) Summary and Next Steps (10 min)

Problem Statement: Network Installation and Management Installation of Access Points (APs) is expensive and complex. –Each stand-alone AP requires individual configuration and radio tuning upon installation. –Result is large OPEX for installation. Management of APs is difficult. –Radio interactions between APs difficult to manage due to standalone nature of APs. If an AP fails, you’ve got a black hole. –Interactions between Access Routers (ARs) and APs unmanaged or proprietary. –Result is large OPEX for management.

Problem Statement: AP Security and Handover Security protocol to establish trust relationship between ARs and APs is lacking. –Unsanctioned, insecure APs are a problem in enterprise networks. Radio resources are unmanaged and can lead to AP overload. Complex handover protocols exist for security and performance reasons. –AP as NAS means thousands of control points for network access. A target rich environment –Performance hit on handover. Self-contained nature of APs means each AP must handle handover itself.

History Internet draft on IAPP circa –Never reached BOF stage but went to –IAPP now an f Recommended Practice. –But depends heavily on IETF protocols (RADIUS, UDP) so not strictly L2 protocol. CRAPS BOF, 2000 –Covered many areas including AP control. –Resulted in Seamoby WG. –But AP control and management component dropped due to lack of vendor interest. There was resistance in the IETF to standardizing a protocol that carries L2 information elements.

What’s Changed? network expansion. –Real radio protocol that anybody can deploy. But exactly that is the problem: –Deploying large networks is expensive and time consuming. –Anybody can deploy an access point and be a Bad Guy. Collection of vendors who want an interoperable WLAN control and management protocol for real products. –Not a research question anymore.

Architectural Question: What is an Access Point Layer 2 device? –But it performs some Layer 3 functions: Handover support Network Access Server Firewall. NAT Layer 3 device? –But it primarily bridges between the wireless and wired networks. –Not a router or host.

Technical Presentations

Should IETF Do This Work? Lightweight access point model could simplify deployment, security, and maintenance of networks. Vendors are interested in a standardized, secure protocol for lightweight access points so their routers, switches, and access points interoperate. Access points have enough Layer 3 characteristics that it may be in IETF’s scope. Additional radio protocols (ex. UWB) may need support in the future.

Charter Proposal:Standardize These Protocol Functions Independent of wireless link protocol. Discovery of a CAPWAP manager (AR, IP addressable switch). Acquisition of APs by CAPWAP manager. Configuration and monitoring of wireless link by CAPWAP manager. Partially and/or fully terminate the wireless MAC layer at the CAPWAP manager. –Including security of host traffic. –NOT intended to define changes in MAC! Control of AP host load. Security for CAPWAP signaling.

Next Steps Finalize charter. Discuss with IESG and charter as quickly as possible. Work to complete standardization in a year. –Note: Quick standardization requires a commitment to working together and willingness to compromise.