light weight access point protocol (lwapp) ietf 57 pat calhoun, airespace
TRANSCRIPT
![Page 1: Light Weight Access Point Protocol (LWAPP) IETF 57 Pat Calhoun, Airespace](https://reader035.vdocuments.mx/reader035/viewer/2022071807/56649e215503460f94b0cb56/html5/thumbnails/1.jpg)
Light Weight Access Point Protocol (LWAPP)IETF 57
Pat Calhoun, Airespace
![Page 2: Light Weight Access Point Protocol (LWAPP) IETF 57 Pat Calhoun, Airespace](https://reader035.vdocuments.mx/reader035/viewer/2022071807/56649e215503460f94b0cb56/html5/thumbnails/2.jpg)
Mobile
AP
AR
Ethernet orUDP
LWAPP
LWAPP Architecture
![Page 3: Light Weight Access Point Protocol (LWAPP) IETF 57 Pat Calhoun, Airespace](https://reader035.vdocuments.mx/reader035/viewer/2022071807/56649e215503460f94b0cb56/html5/thumbnails/3.jpg)
Why LWAPP?
● At last count, there are at least 6 WLAN switch vendors, plus some of the Ethernet switching incumbents have announced products in this space.
● Most of these products have a proprietary protocol between the AP and the AR (A.K.A WLAN Switch).
● APs are being commoditized, and many AP OEMs see LWAPP as a way to enter the enterprise market - interest is very strong here!
● Standardizing LWAPP would benefit the Internet community by ensuring interoperability between WLAN switches and APs.
![Page 4: Light Weight Access Point Protocol (LWAPP) IETF 57 Pat Calhoun, Airespace](https://reader035.vdocuments.mx/reader035/viewer/2022071807/56649e215503460f94b0cb56/html5/thumbnails/4.jpg)
LWAPP Goals● Reduction of the amount of protocol code being
executed at the light weight AP.● Centralization of the bridging, forwarding,
authentication, encryption and policy enforcement functions for a WLAN, to apply the capabilities of network processing silicon to the WLAN, as it has already been applied to wired LANs.
● Providing a generic encapsulation and transport mechanism, the protocol may be applied to other access protocols in the future (note: the draft needs work here)
![Page 5: Light Weight Access Point Protocol (LWAPP) IETF 57 Pat Calhoun, Airespace](https://reader035.vdocuments.mx/reader035/viewer/2022071807/56649e215503460f94b0cb56/html5/thumbnails/5.jpg)
Division of Labor
Mobile
AP
AR
802.11 Control
802.11 Data & Management
Ethernet orUDP
LWAPP Control (signalling) & Data
LWAPP assumes the MAC is split betweenthe AP and the AR, reducing the functionsrequired on the AP.
![Page 6: Light Weight Access Point Protocol (LWAPP) IETF 57 Pat Calhoun, Airespace](https://reader035.vdocuments.mx/reader035/viewer/2022071807/56649e215503460f94b0cb56/html5/thumbnails/6.jpg)
What does it do?
● LWAPP enables a new architecture for 802.11 infrastructure devices.
● Most of the functionality that is traditionally in the AP can be moved to the centralized AR.
● This gives the AR a greater view of the RF topology, enabling many different types of benefits, such as:– Security. Detecting attacks on a network basis vs. on
a single cell– Mobility. Easier to proactively handle mobility events
![Page 7: Light Weight Access Point Protocol (LWAPP) IETF 57 Pat Calhoun, Airespace](https://reader035.vdocuments.mx/reader035/viewer/2022071807/56649e215503460f94b0cb56/html5/thumbnails/7.jpg)
LWAPP Components
● LWAPP consists of the following:– Control Channel Management– AR Configuration– Mobile Session Management– Firmware Management– Transport Services– Security
![Page 8: Light Weight Access Point Protocol (LWAPP) IETF 57 Pat Calhoun, Airespace](https://reader035.vdocuments.mx/reader035/viewer/2022071807/56649e215503460f94b0cb56/html5/thumbnails/8.jpg)
Control Channel Management
● Discovery– The draft currently defines a zero-config dynamic
discovery mechanism for Ethernet and IP (when run in same subnet). The draft proposes different discovery mechanisms, but this area probably needs some work
● AP-AR session establishment– Creates a binding between the AP and the AR. This phase
also includes a key exchange to secure all control messages
● Heatbeat● Key Update
– Periodically update the AP-AR key
![Page 9: Light Weight Access Point Protocol (LWAPP) IETF 57 Pat Calhoun, Airespace](https://reader035.vdocuments.mx/reader035/viewer/2022071807/56649e215503460f94b0cb56/html5/thumbnails/9.jpg)
AR Configuration
● Configure Response– Allows the AP to securely push its current
configuration to the AR● Configure Update
– Allows the AR to securely push configuration to the AP
● Statistics Update– Allows the AP to send current stats to the AR
● Reset Request– Reboots the AP
![Page 10: Light Weight Access Point Protocol (LWAPP) IETF 57 Pat Calhoun, Airespace](https://reader035.vdocuments.mx/reader035/viewer/2022071807/56649e215503460f94b0cb56/html5/thumbnails/10.jpg)
Mobile Session Management
● Add Mobile– Pushes a specific rule (and optionally dynamic
TKIP/WEP/AES key) to the AP● Delete Mobile
– Deletes a previous rule (and key)
![Page 11: Light Weight Access Point Protocol (LWAPP) IETF 57 Pat Calhoun, Airespace](https://reader035.vdocuments.mx/reader035/viewer/2022071807/56649e215503460f94b0cb56/html5/thumbnails/11.jpg)
Firmware Management
● During the AP-AR session establishment phase, the peers exchange firmware versions.
● If the versions are out of sync, this allows the AR to securely download a new image to the AP.
![Page 12: Light Weight Access Point Protocol (LWAPP) IETF 57 Pat Calhoun, Airespace](https://reader035.vdocuments.mx/reader035/viewer/2022071807/56649e215503460f94b0cb56/html5/thumbnails/12.jpg)
Transport Services
● The LWAPP document includes a transport section, and currently defines two transports:– Ethernet, allows LWAPP to run natively over Layer 2– IP, specifies how LWAPP is run over UDP
● The transport section discusses the following:– Transport specific discovery extensions– Packet Framing– Fragmentation/Reassembly issues
![Page 13: Light Weight Access Point Protocol (LWAPP) IETF 57 Pat Calhoun, Airespace](https://reader035.vdocuments.mx/reader035/viewer/2022071807/56649e215503460f94b0cb56/html5/thumbnails/13.jpg)
LWAPP Security
● The document currently assumes that all LWAPP peers have a certificate
● During the AP-AR session establishment phase, a session key is exchanged and all control packets are subsequently encrypted using AES-CCM
● A rekey message exists in order to allow the AP (or AR) to create a new session key
![Page 14: Light Weight Access Point Protocol (LWAPP) IETF 57 Pat Calhoun, Airespace](https://reader035.vdocuments.mx/reader035/viewer/2022071807/56649e215503460f94b0cb56/html5/thumbnails/14.jpg)
Points raised on the mailing list
● Where does encryption occur?● LWAPP discovery over Layer 3● Should LWAPP data messages be secured?● Should we use certificates or shared keys?