Doc.: IEEE 802.11-05/0395-01-000s Submission May 2005 Jonathan Agre et al., Fujitsu Labs of AmericaSlide 1 802.11 TGs ESS Mesh Networking Proposal Preliminary

May 2005

Jonathan Agre et al., Fujitsu Labs of America

Slide 1

doc.: IEEE 802.11-05/0395-01-000s

Submission

802.11 TGs ESS Mesh Networking ProposalPreliminary Overview of Secure NOmadic Wireless MESH (SNOWMESH)

Date: 2005-05-10

Notice: This document has been prepared to assist IEEE 802.11. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein.

Release: The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE 802.11.

Patent Policy and Procedures: The contributor is familiar with the IEEE 802 Patent Policy and Procedures <http:// ieee802.org/guides/bylaws/sb-bylaws.pdf>, including the statement "IEEE standards may include the known use of patent(s), including patent applications, provided the IEEE receives assurance from the patent holder or applicant with respect to patents essential for compliance with both mandatory and optional portions of the standard." Early disclosure to the Working Group of patent information that might be relevant to the standard is essential to reduce the possibility for delays in the development process and increase the likelihood that the draft publication will be approved for publication. Please notify the Chair <[email protected]> as early as possible, in written or electronic form, if patented technology (or technology under patent application) might be incorporated into a draft standard being developed within the IEEE 802.11 Working Group. If you have questions, contact the IEEE Patent Committee Administrator at <[email protected]>.

Authors:Name Address Company Phone Email

Jonathan R. Agre 8400 Baltimore Ave., #302 College Park, MD 20740 USA

Fujitsu Laboratories of America

301 486 0978 [email protected]

Wei-Peng Chen 1240 E. Arques Ave.

Sunnyvale, CA 00180 USA



Mohamed Refaei 8400 Baltimore Ave., #302 College Park, MD 20740 USA



Anuja Sonalker 8400 Baltimore Ave., #302 College Park, MD 20740 USA



May 2005


Slide 2

doc.: IEEE 802.11-05/0395-01-000s

Submission

Additional Authors

Name Address Company Phone Email

Xun Yuan 8400 Baltimore Ave., #302 College Park, MD 20740 USA

University of Maryland


Chenxi Zhu 8400 Baltimore Ave., #302 College Park, MD 20740 USA



Harshal Dharia 8400 Baltimore Ave., #302 College Park, MD 20740 USA



May 2005


Slide 3

doc.: IEEE 802.11-05/0395-01-000s

Submission

Contents

• Architecture• Usage Scenarios• Autoconfiguration/Initialization/Discovery• Routing

– Topology Maintenance– Mobility

• Security• QoS• Performance Evaluation• Conclusion

May 2005


Slide 4

doc.: IEEE 802.11-05/0395-01-000s

Submission

Architecture

MPAP

MPAP = Mesh Point with AP functions

MPAP(PL) = Mesh Point with active Portal

STA – Client Station

MPAP

MPAP

MPAP MPAP

MPAP(PL)

MPAP(PL)MPAP(PL)STA

STASTA

STA

STASTA

STA

STA STA

STASTA

STA

STASTA

STA

STA

STASTA

STA

STA

WDS Link

Normal Link

May 2005


Slide 5

doc.: IEEE 802.11-05/0395-01-000s

Submission

Architecture

MPAP

MPAP = Mesh Point with AP functions

MPAP(PL) = Mesh Point with active Portal

STA – Client Station

MPAP

MPAP MPAP

MPAP(PL)

MPAP(PL)MPAP(PL)STA

STASTA

STA

STASTA

STA

STASTA

STA

STASTA

STA

STA

STASTA

STA

WDS Link

Normal Link

MP(AP)

MP(AP)

MP(AP)

MP(AP) MP(AP)

MPAP(PL)

MP(AP,GW)

STA

STA

STASTA

STASTA

STA

STA

STASTA

STA

STA

A. S

A.S. – Authentication Server

May 2005


Slide 6

doc.: IEEE 802.11-05/0395-01-000s

Submission

Usage Scenarios• Community Networks

– Ubiquitous network access– Alternative broadband service to residential users– Static MPs, mobile STAs

• Emergency Response Networks– Environments with limited infrastructure (on-site networks)– Rapid deployment, low mobility, high security, high reliability, continual

operation/fault tolerant

• Enterprise Networks– Extensions to primary LANs– Interoperability, simple operation, low mobility, high security

• SoHo Networks – Simple deployment, simple operation, low mobility, moderate security

• Hotspots– Extensions of coverage areas

May 2005


Slide 7

doc.: IEEE 802.11-05/0395-01-000s

Submission

Key Points• Network is sized for approximately 32 mesh points• Each Mesh Point contains AP and Portal functions• Single or Multiple Radios supported

– A MP may contain multiple 802.11 PHY radios operating on different channels. • The inter-MP communication is via authenticated WDS links• The mesh supports routing to multiple entry/exit points (Portals).

– Portals connect to other 802.1 networks (including other Mesh-nets)• STAs are unaware of the mesh and their operation is unaffected by

connection to mesh• Self-configuring, self-healing, automatic formation/maintenance of mesh

network• Two Security modes – Authentication-server mode and Standalone mode

– Require modification to 802.11i that will support WDS authentication• QoS adapted for multi-hop mesh is supported

May 2005


Slide 8

doc.: IEEE 802.11-05/0395-01-000s

Submission

MPAP Architecture

Portal

Phy1 Phyn

Mesh MAC Layer

Mesh identified by single SSID

One MAC address for the MP (feasibility under study)

Phyi – 802.11 PHY - Each Phyi on a separate channel, designated by port

Mesh MAC Layer handles routing, QoS, security across Ports

MAC for each Phy handles lower level security, association, sequencing, etc.

Portal attaches to other 802.1 network(s)

Ports

MAC MAC

WDS Security Routing

May 2005


Slide 9

doc.: IEEE 802.11-05/0395-01-000s

Submission

Network Initialization and Discovery

Mesh Initialization and Network Discovery (MIND)• When MP powered on, enters discovery mode

– Based on active scan of all channels by each port• Send probe messages • Probe response from MPs includes some additional information

– e.g., routing protocol option, security option, parameters, etc

– Mesh identified by matching mesh SSID (preconfigured parameter)• MP receives probe responses from all neighbors on each channel

– If not secure mesh and no mesh found after several attempts, MP becomes Mesh Initial MP• Potential problem with merging independently formed subnets

– Resolution methods under study (e.g., lowest MAC address, most nodes, etc)

– If secure mesh, some requirements for 1st node pre-configuration (discussed in security section)• Simple solution is to require that designated node be powered on first

May 2005


Slide 10

doc.: IEEE 802.11-05/0395-01-000s

Submission

Network Discovery (cont)

– If mesh found (i.e. matching SSID), • MP “selects” best channels for its own radios to connect to mesh, thus

determining its 1-hop neighbors in the mesh

• MP initiates WDS link establishment for each neighbor MP

• If secure mesh then WDS link is blocked until authenticated– MP initiates authentication with each WDS neighbor– Authentication certificate identifies MP as MP-capable – An Authenticated MP either requests or waits for next Network

Advertisement message

• If open security, then MP simply waits for Network Advertisement

May 2005


Slide 11

doc.: IEEE 802.11-05/0395-01-000s

Submission

Mesh Network Maintenance (MNM)

• Handles addition, deletion of MPs, mobility• Maintenance scheme is function of routing protocol option in effect

– Format of net advertisement data also defined by routing protocol option

• In Basic Scheme: Each associated MP periodically issues network advertisement messages to propagate topology information

– The Basic Routing Protocol option includes a simple Mesh Network Maintenance scheme Simple-MNM as follows:

• Flat Topology Table of all MAC addresses• Two types of Network Advertisement messages are used in basic scheme

– Full update (NA-message) – Network topology table of all MAC addresses of MPs and STAs, channels, link metrics, portals, authentication server

– Change update (δ-NA messages) – includes only changes since last full update (or indicates no change)

• Each MP broadcasts a network advertisement message to its one-hop neighbors– Periods for Full update and Change update are parameters– Sent using group keys in secure modes

• Ageing and replacement scheme based on sequence numbers

May 2005


Slide 12

doc.: IEEE 802.11-05/0395-01-000s

Submission

Routing

• Mesh will support multiple routing protocols specified through mesh configuration options.

• Recommend that all MPs implement at least a Basic Mesh Routing Protocol

• We propose a Simple Link-state Routing Protocol (SLRP)– Weighted shortest path, computed by Dijkstra’s Algorithm from

Topology Table– Weighted by link quality (RSSI, load, other factors, formula TBD)

– Operates on Flat Topology Table• MAC addresses of all MPs, MAC addresses of associated STAs• MAC addresses of Portals• For each MAC address in the mesh:

For each directly connected neighbor to that address :Store the Channel, Link quality metrics, Sequence number

– Basic topology maintenance using Simple-MNM

May 2005


Slide 13

doc.: IEEE 802.11-05/0395-01-000s

Submission

Basic Routing Protocol Features

– Routing Tables contains entry for each possible Destination MAC in Mesh (MPs, STAs, Portals)

– (Destination MAC, Next Hop MAC address, Outgoing Port/Channel)

– Mobility of MPs and STAs handled by Network Advertisements (break-before-make scheme)

– Packet format for MP-MP messages is WDS using 4 MAC address fields

– (Next-hop receiver address, current transmitter address, original destination address, original source address)

– Additional Hop Count field added to packet for loop detection• Considering TTL field

– Maximum values for Hop Count or TTL are parameters

May 2005


Slide 14

doc.: IEEE 802.11-05/0395-01-000s

Submission

Routing Issues• Routing will consider QoS

– Priority queues and link metrics are under study

• Support for broadcast and multicast groups– Secure keys for broadcast and multicast – Needs further study

• Routing to external networks – How choose best portal – shortest path, learned routes, flooding?

• High mobility will hurt the basic scheme• Scalability questions• Future system could allow dynamic choice of routing

scheme

May 2005


Slide 15

doc.: IEEE 802.11-05/0395-01-000s

Submission

Optional Routing Scheme – Hybrid Mesh Routing Protocol (HMRP)

• Suitable to community networks with static MPs and mobile STAs

• Use a proactive routing to maintain the topology of static MPs – Topology propagation in the basic mode only contains the links

between MPs

• Use an on-demand routing for discovery of mobile STAs– AODV-like (REQ/REP) mechanism

• Learn/Maintain topology from various sources – Data packets: effective for long-live connections

– Authentication / Association packets

May 2005


Slide 16

doc.: IEEE 802.11-05/0395-01-000s

Submission

Security Issues

• Two security modes will be supported– Authentication Server Mode – based on normal 802.11i and 802.1x.

An authentication server (e.g., Radius) is assumed to be reachable within the mesh or externally via a portal

– Standalone Mode – An authentication server is not available and an internal trust model is developed.

• Basic Security Architecture– Security can be enabled or disabled– A single administrative domain is assumed

• Valid STAs and MP have certificates recognized by admin domain– Each STA will authenticate with its associated MPAP using 802.11i– Each MP will authenticate with each of its WDS link neighbors

• Extension to 802.1x and 802.11i needed for WDS authentication– Once authenticated as an MP, an MP can participate in mesh

routing and will become an authenticator for other MPs

May 2005


Slide 17

doc.: IEEE 802.11-05/0395-01-000s

Submission

Security• Authentication Server Mode

– A proper certificate is assumed to be installed on the MP indicating that this is a valid MP for this mesh SSID

– Each STA will authenticate with its associated MPAP using 802.11i– A new MP joining the mesh will independently authenticate with each of its (1-

hop) WDS neighbors as a supplicant using augmented 802.11i – Once authenticated as an MP, an MP can participate in mesh routing and will

become an authenticator for other MPs and STAs– An authentication server (e.g. Radius) may be hosted on an MP or a route to

an external authentication server is known to the mesh • Requirement of initial mesh node

– MPAP maintains a Security table entry for each authenticated MPAP neighbor, any multicast groups and broadcast

• Encryption – Along with authentication, encryption keys are defined per communicating

pair, i.e., • 802.11i pair-wise encryption is used for STA to MPAP and for MPAP to MPAP

– E.g., full WPA 2• Support both dynamic key distribution and pre-shared keys• Group keys also established at time of authentication

May 2005


Slide 18

doc.: IEEE 802.11-05/0395-01-000s

Submission

Security (cont.d)• Standalone Mode (Authentication Server not available)

– Each MP has a proper attribute certificate indicating that this is a valid MP for this mesh SSID and defining the capability of the MP

– New MP joining the mesh will authenticate with each of its (1-hop) WDS neighbors as a supplicant using the attribute certificate assigned to it.

• Local, 2-party authentication (e.g., challenge-handshake)– Once authenticated as an MP, an MP can participate in mesh

routing and will become an authenticator for other MPs and STAs– MPAP maintains a table entry for each authenticated MPAP

neighbors, multicast groups and broadcast– Revocation of issued certificates and renewal of expiring

certificates required.– MPs exchange periodic information on authenticated/revoked

supplicants – Threat model and security attributes currently under research

May 2005


Slide 19

doc.: IEEE 802.11-05/0395-01-000s

Submission

Roaming/Mobility

• STAs and MPs can be mobile– Basic routing protocol designed for low mobility, infrequent

changes

• In basic scheme, a STA that moves between MPAPs will re-associate and re-authenticate

• A MPAP that moves will re-associate and reauthenticate will all new 1-hop neighbors

• The mesh will attempt to support 802.11r Fast Roaming when defined– Method TBD

May 2005


Slide 20

doc.: IEEE 802.11-05/0395-01-000s

Submission

Quality-of-Service• 802.11e QoS will be supported (Mny details still TBD)

– For STAs, the MPAP will appear as a normal 11e AP • Admission control scheme at MPAP needs to be modified to account for

end-to-end delay over multiple hops

– Each MPAP will support up to eight priority queues as in 11e• Admission control for admitting new MPAPs still under consideration• MPs will negotiate between themselves to set up end-to-end QoS support• Mesh management messages need priority (i.e., network advertisements)• Should forwarded traffic get priority?

– Extensions to TSPEC being considered and integration with network advertisement metrics

– Algorithm/Performance under investigation via simulation

May 2005


Slide 21

doc.: IEEE 802.11-05/0395-01-000s

Submission

Ongoing Issues

• Desire a simple, but expandable framework• Connection to IP networks needs further refinement

– General philosophy is that basic functions are independent of IP, but recognize that IP is most common application

• ARP needed, Proxy ARP may be significant improvement• Others: DHCP, NAT,… should work smoothly• VLAN support (?)• VPN support (?)

– E.g., Clients should be able to send/receive Internet messages, browse the web, if paths exist

• Additional mesh management messages may still be required• Power efficiency not considered (as yet)

May 2005


Slide 22

doc.: IEEE 802.11-05/0395-01-000s

Submission

Prototyping Efforts

• Working on single- and multi-radio prototypes that follow the proposal

• Consideration of existing architecture has guided many decisions – Reuse as much of existing MAC as possible, but we need a

new view of what an AP can do, e.g., • The MPAP should be able to initiate an active scan (currently

not typical)• The MPAP should be able to associate (establish a WDS link)

and authenticate to another MPAP to use the WDS link under 802.1x procedures (e.g., supplicant)

• The MPAP should be able to perform as an authenticator after becoming authenticated (as a supplicant)

May 2005


Slide 23

doc.: IEEE 802.11-05/0395-01-000s

Submission

Performance Simulation• 8*4 MPs in grid structure, 100 static STAs

• Each STA starts one CBR (4kbps) flow. 50% of the destinations locate outside mesh

• Evaluation of full topology update in basic mode

• BW = 11 Mbps, 12 MPs interfere with the central portal

0

20

40

60

80

100

1000 2000 4000 1000 2000 4000 1000 2000 4000 1000 2000 4000

Rate(bps)

Ratio

(%)

0

0.5

1

1.5

2

2.5

3

3.5

4

Late

ncy(

sec)

delivery ratio latency

1 Ch 1 PL 2 Ch 1 PL 2 Ch 2 PL 2 Ch 4 PL

May 2005


Slide 24

doc.: IEEE 802.11-05/0395-01-000s

Submission

Summary/Conclusions

• Basic extensible mesh framework defined– Simple base components defined

• routing, QoS, autoconfiguration• Two modes of security

– Infrastructure and infrastructureless

– Options to extend components

• Work is continuing on several open issues– Interface with external networks, QoS

• Performance simulations of base components underway• Prototyping effort using COTS radios

We are looking to harmonize/partner with other proposalsPlease contact us!

Documents

Doc.: IEEE 802.11-05/0395-01-000s Submission May 2005 Jonathan Agre et al., Fujitsu Labs of AmericaSlide 1 802.11 TGs ESS Mesh Networking Proposal Preliminary