Presentation is loading. Please wait.

Presentation is loading. Please wait.

Segregated Data Services in

Published byMitchell Cain Modified over 5 years ago

Similar presentations

Presentation on theme: "Segregated Data Services in"— Presentation transcript:

1 Segregated Data Services in 802.11
July 2007July 2007 July 2007 doc.: IEEE /xxx2r0 July 2007 July 2007 Segregated Data Services in Date: Authors: Slide 1 Donald Eastlake 3rd, Motorola Donald Eastlake (Motorola), Guido Hiertz (Philips)Donald Eastlake 3rd, Motorola Donald Eastlake 3rd, Motorola

2 July 2007July 2007 July 2007 doc.: IEEE /xxx2r0 July 2007 July 2007 Abstract Essentially all networks need VLANs or a similar mechanism for segregated data services. The need varies from a mild requirement to distinguish “visitors” from “residents” in a one AP home network to much stronger and more complex requirements in enterprise, municipal, and other systems. Scenarios and requirements for adding segregated services / VLANs to IEEE are presented along with some comments on existing or prospective mechanisms. Slide 2 Donald Eastlake 3rd, Motorola Donald Eastlake (Motorola), Guido Hiertz (Philips)Donald Eastlake 3rd, Motorola Donald Eastlake 3rd, Motorola

3 July 2007July 2007 July 2007 doc.: IEEE /xxx2r0 July 2007 July 2007 Motivation Segregating traffic for “visitors” who should only have access to the Internet and limited facilities, from “insider” traffic. Provision of different services for free and subscriptions services in Hot Zone or Municipal systems. (May also segregate subscription service through different carriers.) In mesh environments, ability to safely forward data through nodes with limited trust. To enable aggregation of traffic over a single infrastructure for efficient deployment. Dedicated traffic segregation by type, such as VoIP Slide 3 Donald Eastlake 3rd, Motorola Donald Eastlake (Motorola), Guido Hiertz (Philips)Donald Eastlake 3rd, Motorola Donald Eastlake 3rd, Motorola

4 July 2007 Example Scenario I (unified infrastructure, single interface end stations) Internet Firewall Protected Services MAP 2 MAP 1 AP 2 Local Station Local Station Local Station Guest Station Local VLAN Guest VLAN Wired Connection Local Station Guest Station

5 Example Scenario II (diverse mesh, multi-interface mesh points)
July 2007 Example Scenario II (diverse mesh, multi-interface mesh points) Internet Organization 2 Infrastructure Org 2 MPP Organization 1 Infrastructure Org 1 MPP Organization 1 Service Organization 2 Service Local Mesh Service Org 1 MP Org 2 MP Org 2 MP Org 1 MP Org 3 MP Org 2 MP Org 1 MP

6 Tentative Requirements
July 2007July 2007 July 2007 doc.: IEEE /xxx2r0 July 2007 July 2007 Tentative Requirements Advertising Availability of Services Associating/Authenticating/Authorizing for One or more Specific Services Multiple Service Security Channels Between Two Stations Transit Frame Labelling Protection of Segregated Data from Unauthorized Access Configuration and Management Slide 6 Donald Eastlake 3rd, Motorola Donald Eastlake (Motorola), Guido Hiertz (Philips)Donald Eastlake 3rd, Motorola Donald Eastlake 3rd, Motorola

7 1. Advertising Availability of Services
July 2007July 2007 July 2007 doc.: IEEE /xxx2r0 July 2007 July 2007 1. Advertising Availability of Services Current practice: Transmit multiple Beacons, as is done at IEEE 802 meetings. Work in progress: General Advertisement Service (GAS) mechanisms in TGu (Interworking with External Networks). Includes SSIDC (SSID Container IE) for transmission of multiple SSIDs (with or without multiple BSSIDs) in a single beacon. Possible new work: Extensions to TGu GAS. Other mechanisms. Slide 7 Donald Eastlake 3rd, Motorola Donald Eastlake (Motorola), Guido Hiertz (Philips)Donald Eastlake 3rd, Motorola Donald Eastlake 3rd, Motorola

8 2. Associating/Authenticating/Authorizing for a Specific Service
July 2007July 2007 July 2007 doc.: IEEE /xxx2r0 July 2007 July 2007 2. Associating/Authenticating/Authorizing for a Specific Service Current practice: Only one association, i security. Work in progress: TGw (Protected Management Frames) to extends security to some control messages TGs (Mesh Networking) with authentication to mesh distinguished from authentication to an AP TGu (Interworking with External Networks) different credentials/authentication for different back end carriers Possible new work: Different credentials/authentication for different Services/VLANs. Slide 8 Donald Eastlake 3rd, Motorola Donald Eastlake (Motorola), Guido Hiertz (Philips)Donald Eastlake 3rd, Motorola Donald Eastlake 3rd, Motorola

9 3. Multiple Service Security Channels Between Two Stations
July 2007July 2007 July 2007 doc.: IEEE /xxx2r0 July 2007 July 2007 3. Multiple Service Security Channels Between Two Stations Current Practice: AP can have multiple security associations but each with a different end station. Two stations can have multiple IPsec security associations or the like at the application level. Work in Progress: TGs (Mesh Networking) permits multiple associations but each with a different mesh point. Possible new work: Different security associations for different services/VLANs Development of a new Authenticator PAE function that can manage multiple SAs with a given neighbor Slide 9 Donald Eastlake 3rd, Motorola Donald Eastlake (Motorola), Guido Hiertz (Philips)Donald Eastlake 3rd, Motorola Donald Eastlake 3rd, Motorola

10 4. Transit Frame Labelling
July 2007July 2007 July 2007 doc.: IEEE /xxx2r0 July 2007 July 2007 4. Transit Frame Labelling Current Practice: Current standard explicitly permits 802.1Q-Tag in payload ( Annex M) but Q-Tag’s priority and VLAN ID fields are otherwise ignored. Only obvious way is to use different MAC addresses. Work in Progress: none...(?) Possible new work: Header addition to distinguish Service/VLAN Other mechanisms Slide 10 Donald Eastlake 3rd, Motorola Donald Eastlake (Motorola), Guido Hiertz (Philips)Donald Eastlake 3rd, Motorola Donald Eastlake 3rd, Motorola

11 5. Protection of Segregated Data from Unauthorized Access
July 2007July 2007 July 2007 doc.: IEEE /xxx2r0 July 2007 July 2007 5. Protection of Segregated Data from Unauthorized Access Current Practice: Have to use IPsec or some similar application level mechanism to protect data at intermediate hops. Work in Progress: none... Possible new work: Optional edge-to-edge security between original source station and final destination station. But not all services would require this. (If VLAN mapping is possible, authentication should be keyed to SSID, not VLAN ID.) Slide 11 Donald Eastlake 3rd, Motorola Donald Eastlake (Motorola), Guido Hiertz (Philips)Donald Eastlake 3rd, Motorola Donald Eastlake 3rd, Motorola

12 6. Configuration and Management
July 2007July 2007 July 2007 doc.: IEEE /xxx2r0 July 2007 July 2007 6. Configuration and Management Current Practice: SNMP (Simple Network Management Protcol) GVRP (GARP VLAN Registration Protocol) Proprietary command line interfaces and protocols Work in Progress: SNMP MIB (Management Information Base) additions by TGu (Interworking with External Networks) Possible new work: MIB additions or other mechanisms for configuration and management including setting-up and deleting VLANs Slide 12 Donald Eastlake 3rd, Motorola Page 12 Donald Eastlake (Motorola), Guido Hiertz (Philips)Donald Eastlake 3rd, Motorola Donald Eastlake 3rd, Motorola

13 July 2007July 2007 July 2007 doc.: IEEE /xxx2r0 July 2007 July 2007 Straw Poll Should the WNG SC proceed at this time to vote on a motion to set up a Study Group? Yes: No: Should receive further presentations on the topic of segregated data services for the purpose of exploring the creation of a Study Group at a later time? Yes: No: Slide 13 Donald Eastlake 3rd, Motorola Donald Eastlake (Motorola), Guido Hiertz (Philips)Donald Eastlake 3rd, Motorola Donald Eastlake 3rd, Motorola

14 July 2007July 2007 July 2007 doc.: IEEE /xxx2r0 July 2007 July 2007 Motion Moved, To request the IEEE Working Group to approve and forward to the IEEE 802 Executive Committee the creation of a “WLAN Multiple Segregated Data Services” Study Group to draft a PAR and 5 Criterion for the provision of secure segregated data services in , such services to include some or all of the following: advertising and associating with such services; labeling frames per service; security of data within a service; and the configuration and management of such services. Moved: Seconded: Yes: No: Abstain: Slide 14 Donald Eastlake 3rd, Motorola Page 14 Donald Eastlake (Motorola), Guido Hiertz (Philips)Donald Eastlake 3rd, Motorola Donald Eastlake 3rd, Motorola

15 References Standard 802.11-2007 – WLANs
July 2007July 2007 July 2007 doc.: IEEE /xxx2r0 July 2007 July 2007 References Standard – WLANs Standard 802.1Q-2005 – VLANs, GVRP Draft s D1.05 – ESS Mesh Networking Draft u D1.0 – Interworking with External Networks Draft w D2.0, – Protected Management Frames IETF STD 62 (IETF RFCs 3411 through 3418) – SNMP Slide 15 Donald Eastlake 3rd, Motorola Donald Eastlake (Motorola), Guido Hiertz (Philips)Donald Eastlake 3rd, Motorola Donald Eastlake 3rd, Motorola

Download ppt "Segregated Data Services in"

Similar presentations

Doc.: IEEE 802.11-08/1120r2 Submission September 2008 Guido R. Hiertz et al., PhilipsSlide 1 Terminology changes in a nutshell … Date: 2008-09-09 Authors:

Doc.: IEEE /1120r2 Submission September 2008 Guido R. Hiertz et al., PhilipsSlide 1 Terminology changes in a nutshell … Date: Authors:
Submission doc.: IEEE 11-12/0589r0 May 2012 Donald Eastlake 3rd, Huawei R&D USASlide 1 General 802.11 Links Date: 2012-05-08 Authors:

Submission doc.: IEEE 11-12/0589r0 May 2012 Donald Eastlake 3rd, Huawei R&D USASlide 1 General Links Date: Authors:
Submission doc.: IEEE 11-12/0589r2 July 2012 Donald Eastlake 3rd, Huawei R&D USASlide 1 General 802.11 Links Date: 2012-05-08 Authors:

Submission doc.: IEEE 11-12/0589r2 July 2012 Donald Eastlake 3rd, Huawei R&D USASlide 1 General Links Date: Authors:
Submission doc.: IEEE 802.11-14/1015r1 September 2015 Guido R. Hiertz et al., EricssonSlide 1 Proxy ARP in 802.11ax Date: 2015-08-25 Authors:

Submission doc.: IEEE /1015r1 September 2015 Guido R. Hiertz et al., EricssonSlide 1 Proxy ARP in ax Date: Authors:
Submission doc.: IEEE 11-12/0589r1 May 2012 Donald Eastlake 3rd, Huawei R&D USASlide 1 General 802.11 Links Date: 2012-05-08 Authors:

Submission doc.: IEEE 11-12/0589r1 May 2012 Donald Eastlake 3rd, Huawei R&D USASlide 1 General Links Date: Authors:
Submission doc.: IEEE 802.11-14/1014r0 September 2015 Guido R. Hiertz et al., EricssonSlide 1 Multiple BSSID element Date: 2015-08-01 Authors:

Submission doc.: IEEE /1014r0 September 2015 Guido R. Hiertz et al., EricssonSlide 1 Multiple BSSID element Date: Authors:
Doc.: IEEE 802.11-07/2491r00 Submission September 2007 D. Eastlake (Motorola), G. Hiertz (Philips)Slide 1 WLAN Segregated Data Services Date: 2007-09-17.

Doc.: IEEE /2491r00 Submission September 2007 D. Eastlake (Motorola), G. Hiertz (Philips)Slide 1 WLAN Segregated Data Services Date:
Doc.: IEEE 802.11-08/114r1 Submission January 2008 D. Eastlake (Motorola)Slide 1 Segregated Data Services Date: 2008-01-14 Authors:

Doc.: IEEE /114r1 Submission January 2008 D. Eastlake (Motorola)Slide 1 Segregated Data Services Date: Authors:
Doc.: IEEE 802.11-07/2161r1 Submission July 2007 Slide 1 July 2007 Donald Eastlake 3rd, MotorolaSlide 1 Segregated Data Services in 802.11 Date: 2007-07-17.

Doc.: IEEE /2161r1 Submission July 2007 Slide 1 July 2007 Donald Eastlake 3rd, MotorolaSlide 1 Segregated Data Services in Date:
Doc.: IEEE 802.11-09/0817r1 Submission July 2009 McCann et al. (RIM)Slide 1 QoS support in Management Frames Date: 2009-07-13 Authors:

Doc.: IEEE /0817r1 Submission July 2009 McCann et al. (RIM)Slide 1 QoS support in Management Frames Date: Authors:
Submission doc.: IEEE 802.11-15/871r3 July 2015 Guido R. Hiertz et al., EricssonSlide 1 Efficiency enhancement for 802.11ax Date: 2015-07-16 Authors:

Submission doc.: IEEE /871r3 July 2015 Guido R. Hiertz et al., EricssonSlide 1 Efficiency enhancement for ax Date: Authors:
Doc.: IEEE 802.11-13/1313r4 Submission November 2013 Stephen McCann, BlackberrySlide 1 TGaq Mini Tutorial Date: 2013-11-13 Authors:

Doc.: IEEE /1313r4 Submission November 2013 Stephen McCann, BlackberrySlide 1 TGaq Mini Tutorial Date: Authors:
Doc.: IEEE 802.11-04/0103r0 Submission January 2004 Jesse Walker, Intel CorporationSlide 1 Some LB 62 Motions January 14, 2003.

Doc.: IEEE /0103r0 Submission January 2004 Jesse Walker, Intel CorporationSlide 1 Some LB 62 Motions January 14, 2003.
Relationship between peer link and physical link

Relationship between peer link and physical link
802.11u and Emergency Services

802.11u and Emergency Services
History of s Standardization

History of s Standardization
Content Protection Support in

Content Protection Support in
FILS Reduced Neighbor Report

FILS Reduced Neighbor Report
Month Year doc.: IEEE yy/xxxxr0 May 2012

Month Year doc.: IEEE yy/xxxxr0 May 2012
Segregated Data Services

Segregated Data Services

Similar presentations

Ads by Google