Analysis of Roaming Techniques

March 2004 doc.: IEEE 802.11-04/0377r1 Analysis of Roaming Techniques Areg Alimian Communication Machinery Corporation aalimian@cmc.com Bernard Aboba Microsoft bernarda@microsoft.com Submission Slide 1 Areg Alimian CMC, Bernard Aboba Microsoft March 2004 doc.: IEEE 802.11-04/0377r1 Outline • • • • • Roaming Definition & Phases Test Configurations for roaming measurements Contributors to handoff latency Existing and emerging solutions for fast handoff Conclusions Submission Slide 2 Areg Alimian CMC, Bernard Aboba Microsoft March 2004 doc.: IEEE 802.11-04/0377r1 How do we define roaming? • Roaming latency – “The period from when the STA last receives data traffic via its old AP and when it receives data from the new AP is often referred to as the handoff latency or handoff delay”. • Triggering roaming – When the STA moves away from its current AP, the signal quality of the messages from the above AP will decrease. – At some (configurable) signal quality threshold, or after a number of failed retransmission attempts, the STA starts looking for a „better” AP to reassociate with, triggering a handover procedure. Submission Slide 3 Areg Alimian CMC, Bernard Aboba Microsoft March 2004 doc.: IEEE 802.11-04/0377r1 Handoff Scenario Channel 11 c D v 802.11 scan 802.1X authentication 4-way handshake Movement detection Address assignment Duplicate detection IKE renegotiation MIP signalling TCP adjustment period Channel 6 Latency Contributors AP B STA AP A c ~ 10-20 ft D ~ 100-300 ft Submission Slide 4 Areg Alimian CMC, Bernard Aboba Microsoft Latency Budget March 2004 Layer L2 L2 L2 L2 Item 802.11 scan (passive) 802.11 scan (active) 802.11 assoc/reassoc (no IAPP) 802.11 assoc/reassoc (w/ IAPP) IPv4 Best Case (ms) 0 (cached) 20 4 20 IPv4 Worst Case (ms) 1 sec (wait for Beacon) 300 20 80 doc.: IEEE 802.11-04/0377r1 IPv6 Best Case (ms) IPv6 Worst Case (ms) 0 (cached) 20 4 20 1 sec (wait for Beacon) 300 20 80 L2 L2 L2 L3 L3 L3 L3 L3 L3 L3 L4 802.1X authentication (full) 802.1X Fast resume Fast handoff (4-way handshake only) DHCPv4 (6to4 scenario only) IPv4 DAD Initial RS/RA Wait for more RAs IPv6 DAD MN-HA BU MN-CN BU TCP adjustment Submission 750 150 10 200 0 (DNA) 1200 300 80 500 3000 0 0 0 200 200 Varies Slide 5 750 150 10 0 0 5 0 0 (Optimistic DAD) 0 100 0 1200 300 80 0 0 10 1500 1000 200 200 Varies 0 0 0 0 100 0 Areg Alimian CMC, Bernard Aboba Microsoft March 2004 doc.: IEEE 802.11-04/0377r1 • • • • • • • – – – Logical Steps/Phases in Handoff Detection/Rate adaptation Mobile station starts adjusting the traffic rate all the way down to the minimum for its PHY (rate fallback ). The signal strength and the signal-to-noise ratio of the signal from a station‟s current AP degrade and the station retransmits without a response. Scanning Mobile station initiates active scanning to probe for nearby APs. – Association/Reassociation 802.1X (re-)authentication STA attempts (re)authentication with the new AP. With PMK Caching/SAs the EAP authentication phase with a back-end server is not necessary. – – – – – IEEE 802.11 AKM IP Layer Configuration Acquiring a valid IP address Duplicate Address Detection (DAD) Mobile IP signaling IKE signaling (if required) Transport layer adjustment TCP adjustment period Slide 6 Areg Alimian CMC, Bernard Aboba Microsoft Submission March 2004 doc.: IEEE 802.11-04/0377r1 802.11 Handoff Problem Space DT/B Scan + Pre-auth via Old AP Pre-Auth 4-way + Scan + Radio tuning Neighbor graph 3-way Association handshake, handshake, not possible no 802.1X no 802.1X c DTPA Stationary Submission D DTPA D DTFH D DTReassoc High Speed Pedestrian Vehicular Station Velocity Slide 7 Areg Alimian CMC, Bernard Aboba Microsoft March 2004 doc.: IEEE 802.11-04/0377r1 Handoff Test Metrics Summary • Rate adaptation • (Re)authentication • Roaming – – – – – Rate adaptation time – Packet loss during rate adaptation – (Re)authentication (AKM) without prior security Association states. – (Re)authentication (AKM) without prior security State. – (Re)authentication with IAPP. Handoff Interval Downstream loss during handover Session continuity during handover Upstream delay • Scanning • Behavioral – Passive Scanning – Active Scanning • Network Connectivity resumption Submission Slide 8 – Roaming hysteresis – Rate adaptation hysteresis – Valid IP address acquisition/ IP configuration – Transport adaptation Areg Alimian CMC, Bernard Aboba Microsoft March 2004 doc.: IEEE 802.11-04/0377r1 Test Scenarios for Handoff Performance • Handoff Triggering Mechanisms – The power to the current AP is switched off – Decreasing the Tx power of current AP – Changing the load on the current AP • Injecting Traffic Patterns during handoff – Unidirectional upstream traffic from STA to a host on the LAN – Unidirectional downstream traffic from LAN host to STA. – Bidirectional traffic between STA and LAN host. – 2nd STA at the new AP competing for media access. Submission Slide 9 Areg Alimian CMC, Bernard Aboba Microsoft March 2004 doc.: IEEE 802.11-04/0377r1 General Observations Based on Test Data • Handoff triggering mechanism (power off vs. Tx Power reduction) affects movement “detection” time. • Traffic pattern during roam affects overall handoff latency and packet loss during roam. • Handoff latency varies significantly based on specific equipment, especially STAs. Submission Slide 10 Areg Alimian CMC, Bernard Aboba Microsoft March 2004 doc.: IEEE 802.11-04/0377r1 Handover Latency Summary • Detection and active scanning probe phase can be too long, therefore increasing overall roaming latency. • Rate adaptation down to 1 or 2 Mbps can take significant time and affects the throughput of other STAs if one or more STA are connected at the lower rate. • Significant delays at L3 • Significant delays at L4 in some scenarios Submission Slide 11 – IP address assignment (when DHCP server is far from host) – Duplicate Address Detection (DAD) – Mobile IP signaling – Movement from high bw/low delay network to low bw/high delay network Areg Alimian CMC, Bernard Aboba Microsoft March 2004 doc.: IEEE 802.11-04/0377r1 The current 802.11 probe function The probe function is the IEEE 802.11 MAC active scan function And the standard specifies a scanning procedure as follows: For each channel to be scanned, • 1. STA sends a probe request with broadcast destination, SSID, and broadcast BSSID. • 2. STA starts a ProbeTimer. • 3. If medium is not busy before the ProbeTimer reaches MinChannelTime, scan the next channel, else when ProbeTimer reaches MaxChannelTime, process all received probe responses and proceed to next channel. Submission Slide 12 Areg Alimian CMC, Bernard Aboba Microsoft March 2004 doc.: IEEE 802.11-04/0377r1 Existing Techniques for Handover Optimization • – – Limiting Rate adaptation range Allowing negotiation of 1 and 2 Mbps rates is very time consuming. If there are one or more stations associated at lower rates, this will limit the throughput of stations associated at higher rates. • • – – – – AP Initiated Handoff At the PHY Layer Optimized Active Scanning • Scan most likely channels first. Obtain channel list from the AP. Fast Active Scanning. Sending a probe request to a specific AP on its operation channel designating as the sole responder. Designated AP sends probe response after SIFS deferral. Submission Slide 13 Areg Alimian CMC, Bernard Aboba Microsoft March 2004 doc.: IEEE 802.11-04/0377r1 Existing Techniques for Handover Optimization - 2 • – – – Providing “Candidate Lists” to roaming STA Roaming Station can request a candidate list from the AP to obtain relevant information about neighborhood STAs. A “Site Report” is not necessarily the same as a “candidate list” Difference: The list of all neighbors vs. the list of authorized, functional neighbors • – Optimized IP Layer configuration • Significant delays in Layer 3 due to Duplicate Address Detection (DAD) and IP address assignment IPv4: significant delay in DHCP where the DHCP server is far away from the host. IPv6: delays due to movement detection constants – – Submission • DNA reduces IP address assignment delays for intra-subnet roaming, provided there are reliable “hints” from L2 Optimistic DAD (IPv6 only) reduces DAD delays Slide 14 Areg Alimian CMC, Bernard Aboba Microsoft March 2004 doc.: IEEE 802.11-04/0377r1 Detection of Network Attachment (DNA) • The time required to detect movement (or lack of movement) between subnets, and to obtain (or continue to use) a valid IP address may be significant as a fraction of the total delay in moving between points of attachment. As a result, optimizing detection of network attachment is important for mobile hosts. • Detection of Network Attachment follows the principles below: – – – – Treatment of Link-Up indications from the Link Layer Link-Local addressing as a mechanism of last resort Utilization of hints from the Link Layer on current Subnet Performing reachability test instead address acquisition where a valid IP address exists on the “most likely” point of attachment – Sending a DHCPDISCOVER instead of a DHCPREQUEST if the subnet is likely to have changed. Submission Slide 15 Areg Alimian CMC, Bernard Aboba Microsoft March 2004 doc.: IEEE 802.11-04/0377r1 Issues with DNA • Today, there are no reliable “hints” of subnet attachment • SSID is not a reliable “hint” of subnet attachment – “Default” SSIDs are common; can disambiguate w/BSSID – STA may change prefix within same SSID – STA may keep same prefix when changing SSIDs (less likely) • DNA will not optimize the IP configuration phase significantly without reliable link layer hints Submission Slide 16 Areg Alimian CMC, Bernard Aboba Microsoft March 2004 doc.: IEEE 802.11-04/0377r1 Factors Affecting STA Roam Decision • Factors that may affect the quality of the connection between the AP and the STA include: • Factors that affect which AP, currently, would be the best choice for a STA to (re)associate with to maintain the upper layer connection include the above considerations plus: – – – – – – Loading/Load Balancing Considerations Capability matching SNR Received Signal Strength Security SSID - Received Signal Power - Retransmissions Submission Slide 17 Areg Alimian CMC, Bernard Aboba Microsoft March 2004 doc.: IEEE 802.11-04/0377r1 Using Candidate List Reports • – A “candidate list report” contains information on APs that are valid handoff candidates for a STA In response to a “candidate list request”, AP in response will send Candidate list report for the ESS specified. If the SSID IE is not present it will send a Candidate List Report for the SSID for the current ESS. If the AP has no information on the ESS of which the SSID has been requested it will send a Candidate List Response with a length of zero. Valid = not a rogue, connected to the DS, forwarding frames, etc. • – – – Submission Slide 18 Areg Alimian CMC, Bernard Aboba Microsoft March 2004 doc.: IEEE 802.11-04/0377r1 Issues with the “Site Report” • “Site report” may or may not be equivalent to a “candidate list report” • Site Report Response uses mgmt action frames which are not secured in the current specification. • Even if the STA has the BSSID of the AP to preauthenticate to, it needs to be within the AP’s coverage area to reassociate. • The site report may not narrow the roaming candidates – Is purpose of “site report” to obtain a list of all APs, or just valid roaming candidates? – “Site Report” may contain unsuitable roaming candidates – SNR is necessary to choose between roaming candidates – Using a “site report” as a “candidate list report” may cause the station to preauthenticate to more APs, increasing load. Submission Slide 19 Areg Alimian CMC, Bernard Aboba Microsoft March 2004 doc.: IEEE 802.11-04/0377r1 Alternative Approaches • Obtain neighbor information only after completion of authenticated key management (AKM) – Neighbor information obtained only from authenticated APs – “Candidate list” exchange is authenticated via a unicast key, not a group key – Semantics provide a “candidate list” not a “site report” Submission Slide 20 Areg Alimian CMC, Bernard Aboba Microsoft March 2004 doc.: IEEE 802.11-04/0377r1 Handoff – Alternative Approach • AP-Initiated handoff – IAPP approach – WLAN switch approach – PHY layer approach • PMKs made available to “dumb APs” by WLAN switch • PMKs propagated between APs • Same SSID, same BSSID, same channel. • STA does not know that it is roaming. • Result is very small handoff latency. • Realities – This approach is now ubiquitous (but non-interoperable). – Standardizing AP-initiated handoff is not a worthwhile activity – Probably more profitable to focus on other issues Submission Slide 21 Areg Alimian CMC, Bernard Aboba Microsoft March 2004 doc.: IEEE 802.11-04/0377r1 Related Work • • • • • • • Papers on this topic include: http://www.ieee802.org/11/Documents/DocumentHolder/3-417.zip http://www.ieee802.org/11/Documents/DocumentHolder/3-416.zip http://www.it.kth.se/~vatn/research/handover-perf.pdf http://www.drizzle.com/~aboba/IEEE/692.zip http://www.cs.umd.edu/~waa/pubs/handoff-lat-acm.pdf http://www.it.kth.se/~hvelayos/papers/TRITA-IMIT-LCN%20R%200302%20Handover%20in%20IEEE%20802.pdf http://www.cs.cmu.edu/~glennj/scp/FixingAPSelection.html 11-04-0086-02-frfh-measurement-802-11-roaming-intervals.ppt (on www.802wirelessworld.com) • • Submission Slide 22 Areg Alimian CMC, Bernard Aboba Microsoft March 2004 doc.: IEEE 802.11-04/0377r1 Conclusions • Biggest challenges occur prior to authentication • Potential solutions are available – – – – – – Channel maps Roaming Candidate lists Active scan optimizations Rate adaptation limits DNA Optimistic DAD – Detection algorithms (when to roam) – Rate adaptation algorithms – Scanning latency (particularly for 802.11a/b/g devices) • Key management techniques not a high priority • Fitting within 50ms VOIP budget is possible…. – And involves hard implementation work, not rocket science. Slide 23 Submission Areg Alimian CMC, Bernard Aboba Microsoft – TGi pre-authentication, PMK caching enables working systems today March 2004 doc.: IEEE 802.11-04/0377r1 Feedback? Submission Slide 24 Areg Alimian CMC, Bernard Aboba Microsoft