1. doc.: IEEE 802.11-04/1565r0 Submission December 2004 Haixiang He, Nortel NetworksSlide 1 Fast BSS Transition Tunnel Notice: This document has been prepared to assist IEEE 802.11. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. Release: The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE 802.11. Patent Policy and Procedures: The contributor is familiar with the IEEE 802 Patent Policy and Procedures, including the statement "IEEE standards may include the known use of patent(s), including patent applications, provided the IEEE receives assurance from the patent holder or applicant with respect to patents essential for compliance with both mandatory and optional portions of the standard." Early disclosure to the Working Group of patent information that might be relevant to the standard is essential to reduce the possibility for delays in the development process and increase the likelihood that the draft publication will be approved for publication. Please notify the Chair as early as possible, in written or electronic form, if patented technology (or technology under patent application) might be incorporated into a draft standard being developed within the IEEE 802.11 Working Group. If you have questions, contact the IEEE Patent Committee Administrator at.http:// ieee802.org/guides/bylaws/sb-bylaws.pdfstuart.kerry@philips.compatcom@ieee.org Date: 2004-12-18 Authors:

2. doc.: IEEE 802.11-04/1565r0 Submission December 2004 Haixiang He, Nortel NetworksSlide 2 Abstract This submission represents a complete proposal to 802.11 TGr’s call for proposal to achieve Fast BSS Transition. In the proposal, the new AP will extend the old data path by tunneling traffic (11i protected MPDUs) from the old AP to the MU while setting up the new data path with the MU. The proposal does not require any changes of current technologies including 11i, 11e, allows back-end resource allocation only at the time of re-association, minimizes the resource usage on both MU and AP, and does not require MU to switch channels for re- associations. It can also support high-speed STA transition. The solution features Make-before-Break, Divide-and-Conquer, and Pre-transition Preparation.

3. doc.: IEEE 802.11-04/1565r0 Submission December 2004 Haixiang He, Nortel NetworksSlide 3 Different Approach: Fast BSS Transition Tunnel Extend the old secure data path through the target AP and treat the current AP as an anchor point to facilitate the Fast BSS Transition! –Old secure data path is at the MPDU level. –MPDUs need to be carried inside the frames between the STA and the target AP. The MPDUs are tunneled. –The target AP looks like a repeater of the current AP but at layer 2. The only delay is the STA signaling to the target AP to open the tunnel point.

4. doc.: IEEE 802.11-04/1565r0 Submission December 2004 Haixiang He, Nortel NetworksSlide 4 Key Advantages No data packet lose –The current AP buffers the traffic during the STA transition and delivers the packets by way of the target AP. Near instantaneous transition –The data path switch time is near zero (single atomic operation). –Decouples time consuming tasks from the actual transition. The delay to set up the new data path is decoupled from the time sensitive traffic delivery –The STA exchanges packets with DS using the current AP’s DS port while setting up the new data path with the target AP. –The new data path setup is no longer time critical.

5. doc.: IEEE 802.11-04/1565r0 Submission December 2004 Haixiang He, Nortel NetworksSlide 5 Other Advantages Don’t need any changes with current technologies including 11i, 11e. Allow back-end resource allocation only at the time of re-association. Minimize the resource usage on both MU and APs –Don’t need to pre-setup any information with the new AP and hence don’t need extra resources to store the information. Don’t require channel switching in MU. –Data path with old AP is maintained during the transition. –Communication is not through old AP’s air interface hence does not need channel switching in MU. Support high-speed STA transition. Allow possible differentiations for both MU and infrastructure.

6. doc.: IEEE 802.11-04/1565r0 Submission December 2004 Haixiang He, Nortel NetworksSlide 6 High-level Process MU MAC = MU1 AP#1 SSID= “ACME” BSSID= AP1 AP#2 SSID= “ACME” BSSID= AP2 Step1: MU informs old AP its intention to transit so the back-end can prepare for it. (optional) Step2: old AP suspend traffic forwarding and buffer the traffic. Similar to PSP Step3: MU sends “Fast BSS Transition Tunnel Request” Step4: MU’s MPDU (not MSDU) is transferred from old AP to new AP. Step5: New AP encapsulates the MU’s MPDUs in a new 802.11 MF for delivery to the MU. At the same time, the new data path is set up between MU and the new AP. Step6: Once the new data path is set up with new AP, the tunnel (old data path) is cut off.

7. doc.: IEEE 802.11-04/1565r0 Submission December 2004 Haixiang He, Nortel NetworksSlide 7 Overview of the Fast BSS Tunnel Process STA requests tunneled data delivery service Data packets from current AP are tunneled to and delivered through the target AP STA establishes new context with target AP (security, QoS,...) Break tunnel/ instantaneous transition to target AP

8. doc.: IEEE 802.11-04/1565r0 Submission December 2004 Haixiang He, Nortel NetworksSlide 8 Major Events Step1: Tunnel Request 1.STA => TAP: Tunnel Request (CAP BSSID) 2.TAP => STA: Tunnel Response (Status) 3.TAP: Inform CAP to forward STA’s MPDUs Step2: Tunnel MPDUs –STA  TAP: Tunnel Data (MPDUs) TAP  CAP: Exchange (MPDUs) Step3: Setup New Data Path (simultaneous with Step2) –STA  TAP: Management frames exchanges Step4: Actual Transition 1.STA => TAP: Tunnel Break Request (CAP BSSID) 2.TAP => STA: Tunnel Break Response (Status) 3.TAP: break tunnel, inform DS, inform CAP, start normal traffic delivery CAP: Current AP TAP: Target AP

9. doc.: IEEE 802.11-04/1565r0 Submission December 2004 Haixiang He, Nortel NetworksSlide 9 Message Sequence Chart (MSC) See companion submission 11-04-1182-01-000r-fast-bss- transition-tunnel-msc.xls for details. This is only an example for illustration purpose.

10. doc.: IEEE 802.11-04/1565r0 Submission December 2004 Haixiang He, Nortel NetworksSlide 10 High-speed STA Transition High-speed STA transition can be better supported in this proposal. –Because in our proposal, the delay of new data path setup is decoupled from traffic delivery and it is no more time critical. A STA only needs to send the tunnel request. It does not need to complete the full re-association process that may take a longer time. –Just tunnel, no re-association. A full re-association can be done when STA at lower speed. –To remove the load of the anchor point or switch to a new anchor.

11. doc.: IEEE 802.11-04/1565r0 Submission December 2004 Haixiang He, Nortel NetworksSlide 11 Proposed Changes of Standard Text Only a few new management frames and their related primitives (normative text changes) –Pre-transition request/response –Tunnel request/response –Tunnel Data –Tunnel Break Informative description of the solution –Solution operation (more details to be provided) –An overview about the architecture maybe useful as informative text. (currently not specified)

12. doc.: IEEE 802.11-04/1565r0 Submission December 2004 Haixiang He, Nortel NetworksSlide 12 Implementation Example: WLAN Switch Two Possible Approaches during the tunneling phase –Switch encrypts traffic and forwards to target thin APs for direct delivery to STA. –Switch forwards MPDUs and corresponding current AP keys to target thin AP for delivery to STA. No inter-AP signaling and traffic forwarding for intra- switch transition. –Just need to wrap different AP MAC headers and send to corresponding thin APs. –Change to new association context when breaking the tunnel. High-speed STA transition is much easier –Traffic is already buffered at the switch –Centralized anchor point already exists within the switch

13. doc.: IEEE 802.11-04/1565r0 Submission December 2004 Haixiang He, Nortel NetworksSlide 13 Proposal Highlights Make before break –The new data path is set up before the old data path is broken. –The old data path is extended through the new AP using tunnels. Divide and conquer –Traffic delivery mixes with new data path setup. –The whole delay periods can be divided and long delay can be avoided. Pre-Transition Preparation (Optional) –MU notifies its transition intention. –Help infrastructure to prepare for fast BSS transition. DS switch over is a single atomic operation High-speed STA transition support is possible

14. doc.: IEEE 802.11-04/1565r0 Submission December 2004 Haixiang He, Nortel NetworksSlide 14 It works! It is easy!

15. doc.: IEEE 802.11-04/1565r0 Submission December 2004 Haixiang He, Nortel NetworksSlide 15 References 11-04-1564-00-000r-fast-bss-transition-tunnel- proposed-changes.doc 11-04-1179-00-000r-fast-bss-transition-tunnel.ppt 11-04-1182-01-000r-fast-bss-transition-tunnel-msc.xls 11-04-0086-03-frfh-measurement-802-11-roaming- intervals.ppt

16. doc.: IEEE 802.11-04/1565r0 Submission December 2004 Haixiang He, Nortel NetworksSlide 16 Back Up

17. doc.: IEEE 802.11-04/1565r0 Submission December 2004 Haixiang He, Nortel NetworksSlide 17 Fast BSS-Transition Mode (FBTM) This is a new concept to be introduced. The old AP transits to FBTM when –Specifically notified by the MU using a new MF. –When the old AP cannot successfully transmit more MPDUs through air interface. When in FBTM, the old AP should –Maintain the STA context such as PTK. –Buffer the MU’s traffic for very short period to time. –Handle the transfer of MU’s MPDUs to another AP. (not necessary if old and new APs are on the same switch) –Different implementations may do things differently.

18. doc.: IEEE 802.11-04/1565r0 Submission December 2004 Haixiang He, Nortel NetworksSlide 18 FBTM behaviors on new AP Triggered specifically by the MU –A new class1 mgmt frame. Handle the delivery of the MPDUs from old AP to the MU by encapsulating them in a new management frame. Handle the receiving of MPDUs from old AP. Break the tunnel when the new data path is setup. Different implementations may do things differently.

19. doc.: IEEE 802.11-04/1565r0 Submission December 2004 Haixiang He, Nortel NetworksSlide 19 FBTM behaviors on the MU Transit to FBTM when the it decides to transit to a new AP. Notify its old AP about its intention to transit to a particular new AP. Signal the new AP to request the fast transition tunnel service. Using the tunnel to continue the old data path while the new data path is set up. De-capsulate and treat the MPDUs as if there are received from old AP. Signal the new AP to cut off the tunnel and update the DS once the new data path is set up.

20. doc.: IEEE 802.11-04/1565r0 Submission December 2004 Haixiang He, Nortel NetworksSlide 20 Security Require trust relationship between old AP and new AP. –Trust can be easily established since APs are in the same administrative domain. –Communication channel between old and new APs can be reasonably secured. –New AP leverages the trust relationship between MU and old AP until the a new security relationship established between MU and new AP. Traffic delivery is not affected during this time. Unprotected tunnel signaling is as good as the current standard and does not introduce new security threats –Re-association exchange is not protected in the current standard and can cause similar security hole: redirect traffic. –Redirected traffic are 11i protected MPDUs that can be captured through air interface anyway.

21. doc.: IEEE 802.11-04/1565r0 Submission December 2004 Haixiang He, Nortel NetworksSlide 21 Security Cont. Trust relationship between MU and new AP –Trust relationships exist between MU and old AP as well as between old and new APs. –Trust relationship between MU and new AP can be setup by way of old AP. The approach is similar to the current 11i model among AS, AP and MU. The tunnel signaling can be protected –Security association exists between MU and old AP. –PTK is still valid/fresh since data path is not cut off, just extended through tunnels. –Tunnel request/response could be protected using the PTK between MU and old AP. Possible solution: –MU can attach a security payload in tunnel request message and the new AP forwards the payload to old AP for verification. A random number could be used for request replay protection. –New AP can attach a security payload generated by the old AP in its tunnel response message to MU. New AP’s BSSID could be included in the security payload to prevent rogue AP.