Blog (WLAN Pros Blog)
Thanks Keith. My name is Perry Correll. I’m Director Product Management over at Aerohive. And thanks for attending. I was just talking to David Coleman. He said that I should spend some of my time explaining to you the value of using the “Wi-Fi 6” moniker.
Just checking the audience, checking the audience. That’s that’s what it is. OK. We’re going to talk about 802.11kvr which in reality isn’t kvr anymore it’s been wrapped into the 802.11 spec 2012 2016 2019. Whatever comes along. But it’s important I understand when we’re talking about standards like that whether it happens to be kvr happens to be 11x or any of them. What’s in this standard isn’t really what people use. So if you look at what’s in IEEE spec what’s in a Wi-Fi Alliance certification and what the vendors are doing there all over the map. And it’s important to understand that. So when we talk about 11 K functionality there’s probably 10 times more stuff in that that people aren’t using than people actually are using. The same thing with “v” same thing with “r”. So it’s very important I understand that that those of you who really like to get into read these I mean the the eleven v spec is 500 pages long. I don’t think many of you would bother reading that but be aware if you read through all that and start a lot of the features and a lot of the capabilities just like with 11 X and you’re never going to see those be used anywhere it’s just different groups of people are involved in doing this stuff. So just just kind of understand that from the very very beginning of what’s happening with that. The other thing too is things change over time. I mean we’ll talk about a lot of the standards that have evolved over the last years about why fine about Romney in particular and if you think about Wi-Fi. A lot of smart people in here. The first thing is about association. I want to get connected and the next thing is about mobility and when you talk about mobility you’re talking about roaming.
What’s the difference between nomadic and seamless roaming. See I make you guys talk. Much nomadic roaming
Excuse make when you drop or typically it’s like if you’re in a class you open your laptop you do your work class and you close your laptop you go to the next room you open it up and you connect again but it’s really not designed to be seamless. We’re seamlessly roaming is really more about Wi-Fi. Voice over Wi-Fi in that that it’s supposed to say associate as I go along with you. So the whole idea is Wi-Fi is supposed to stay seamless connected to the same SS I.D. when you roam. Without losing that connection. That’s the goal. That’s the dream you’re always going to lose some you’re gonna drop a little bit about that functionality. So. What’s the difference between selling roaming and Wi-Fi roaming
So you’re told you can make your guys answer questions. Well I can’t answer questions at the end he said so in the middle I can’t
Control but a carry. Typically when cellular roaming you make before you break. With Wi-Fi I break before I make I got to actually do the disassociation before I do the re association. I can actually authenticate ahead of time but I can’t associate ahead of time. So you’ve got to do it. So that’s one of the things I’ve been challenging with all these years and stuff is dealing with this. So. So with roaming. What’s good enough
How fast should a client roam from disassociate with one IP to associate with the next day.
Whatever. That’s actually a very good idea if you didn’t hear it. Whatever doesn’t break your application that’s it. The answer is what depend it depends. You know if you’re sorry if you’re doing real time voice you know you get up here and help if you want but it’s Thursday. OK. But that’s the whole idea is it depends on the application you’re doing some application they’re very very sensitive. Others heck you could disconnect for a week and probably would know depending on what you’re trying to do but the idea is to make it a seamless as possible. And there’s a lot of tools as a lot of capabilities that come along to try to help you do that. The other thing is there is a big interest right now in what’s called the client experience or the user experience. I participate in something called H TNG which is a hospitality workgroup. And they’re trying to define what that experience is. What’s an acceptable level of delay of latency when you’re Rome dependent and if you’re a five star hotel or one star hotel. Because once again different levels the Wi-Fi Alliance right now is even starting to have just general feelers of could we actually do a certification along these lines. It’s kind of tough it’s almost impossible to do that because the different clients the different use cases is a different environment so it’s going to be very difficult to do that.
But you’re also going to see a lot of vendors do it first. I mean I’m an arrow high and this is a marketing thing but we’re doing things like how to identify what’s happened at the client what are their roaming experience. Can I identify why that room took so long. And every other vendor is doing that at the same level so that’s that’s kind of where we are right now. So the idea today is kind of understand what’s going on and understand where the industry has gone. And you know roaming is a tough subject a lot of people have different ideas of what it is. A lot of people have different ideas had a design for it. What’s the appropriate overlap and what the RSA PSI level is you could have religious discussions about that and that’s really not where we’re going to have today. So that being said kind of moving along. One of the common I want to make is doing the 11th hour stuff. I got more into a nation and key management than I ever wanted to do in my entire life. And to those of you who enjoy that
I’m very impressed and slightly sad because it’s unbelievable. I mean some of this stuff David helped me with is like I only had to read the thing 14 times to understand what they were trying to accomplish. Well we’re going to talk through that. No actually explain it to you as we go along. So that being said important thing understand we start to talk about roaming. How does a client room today. How does it work. I’m associated to a client. Fat dumb and happy. Everything’s good. When do I decide to Rome. What makes me decide to Rome
To hear that a lot depends on. Typically it’s gonna be RSS I my RSS I is going down here I could maybe I can hear another AP with a hierarchy say what vendor specific stuff. It could be CRC or is it could be lost packets I could have missed some beacons it could be s and R8 any one of those values and there is actually gonna make the decision. So at that point I need to scan I need to find another AP to connect to. And by the way there’s different ways you can do that I can actually scan before idea associate or I can scan after idea associate once again lots of different types of clients out there that have lots of different types of capabilities be aware of. So if I want to look for a new access point I can do a pre discovery before I actually am in the roaming stage. I can look at the environment. I can say whether APIs are out here whether they’re using my Asus I.D. what are there in my environment. That’s a great idea because it saves time on roaming. It’s a really bad idea because actually I lose connection on my channel while I’m looking at these other channels. So if I’m gonna go and look at you know I’m in a mixed environment two point four and five I can have 20 21 22 other channels I have to look at. To try to figure out if an SSD idea I’m looking for is over there. How long do I have to spend on a channel
Once a beacon interval. You guys better all know this. Hundred milliseconds so I got to stay there about that time. So I have to stay over 100 milliseconds on each channel. Probably a bad idea. That’s a passive Rome type environment. The other is an active Rome. I go to this channel I send out a probe should get back to me with 10 20 milliseconds whatever kind of a faster way to do it. But once again is a problem associated with this. What if I’m on a DFS channel. What if I’m connected on a DFS channel. I’m not allowed to leave that channel let’s see what else is available in other channels. Lot of challenges associated with me that we really don’t think about. The other thing is once I determine the target how do I determine who I want to roam to. Most of the time it’s a stronger our society. That’s one of the things that we need to deal with and fix it and then finally have to roam. How do I roam. Once again as crazy it may seem they’re different clients to do different things. Some actually just leave which isn’t really a room. If I’ve got an AP and kicks a client off. Is that a room.
No it isn’t. It’s just being kicked off a roaming is actually a process where I do a d association. Once I do that the association some clients that’s when they start looking for the next day P to join. Probably not a good way to do it but once again that’s one of the options associate and I’ll eventually find a good client to associate with. Then I’m gonna send it off their authentication request to that client I’m going to get offended Haitian response then I’m gonna do an association request and I’m going to go an association response and then depending on the environment depending on what kind of security I’m using it’s either open and it’s really easy. It’s appreciated key. Not too bad or it’s ATO to that one X or it’s edgy Rome where I don’t know where that offend occasion server is. So how long can that take. Hundred milliseconds three days whatever it’s going to actually take to pay them what it was. And that’s the problem. That’s the problem. Most of this other stuff I don’t lose the next sessions with most. But this is the problem if I have to reoffend skate and go through the problem. So that’s what we’re trying to fix. And you get the four way handshake and you get connected.
And by the way there’s also a backup that’s additional part where typically if I connected to AP to AP to supposed to send a message back to AP one saying hey by the way this guy roamed over to me and sent me all the buffered frames you have. Got a lot of people do that. But actually it’s mentioned in the spec but nobody tells anybody how to do it or if they even have to do it at the same time I have to tell the switch I’m connected to that send all the update the forwarding table send all that information to me. So that’s kind of where we are today that we just walk down the hall and connect from one to the other. That’s what we have a lot of problems associated with it roaming. Is the biggest problem is the clients are making the decision. The clients decide when to Rome where for the most part. And so that’s what we’ve been trying to buy say we the industry been trying to fix for about 21 years now. You know Wi-Fi you know 10 11 came out nineteen ninety seven. So we’ve been working on this for quite some time.
So how do we fix that or what do we do with that. There’s a got messed up
A lot of different things we’ve tried to do obviously we had some proprietary stuff came out. Cisco did some neat stuff you had opportunistic key caching where you had a great idea Who’s my real people. Raise your hand. Don’t roam don’t let the client know they’re Roman. Put everybody on the same b.s. idea and they don’t know when they’re wrong. It’s actually a really good idea for time sensitive applications. Not so good for high density type deployments but it is kind of a neat way they did that but then the standards organization came along and said we got some great ideas. A total of an E F. And then we never heard of f
Come on we see a hand one hand to hand. I think Cisco’s the only one even tried to do it. That’s the only standard or spec I ever saw that was withdrawn. People gave up on it that it just kind of didn’t go where they wanted to do. You had eleven I had eleven you had eleven K and V are now you’ve got a I which is fast initial links say session you got to dot twenty one.
How do I roam between technologies. So once again there’s a lot of effort associated this both in the AI Tripoli and the Wi-Fi Alliance Wi-Fi Alliance so we’ll talk about this before the voice enterprise an advantage and is probably another half dozen other work groups involved that all have fast transition part of their solution because once again we’re at the point now and I’m not going to say Wi-Fi is fast enough but it is it’s fast enough there’s enough good enough stuff associated with it now it’s making it seamless make it more reliable you know if you look at what’s coming out last year and this year you had a ax you got WPA 3 security performance.
Now let’s make it a little bit more better user experience improve the experience and that’s what these standards are trying to folks that are trying to do and be aware every vendor’s on a different page I’m not saying every vendor but be aware it just because one vendor whether it happens to be an AP vendor or whether it happens to be a client vendor just because they’re doing something that doesn’t mean everybody else is doing things the exact same way. Just to let you know about six months ago we were working with a customer and they had different persons APIs mixed with our APIs and we had all kinds of problems just because we were both doing are just a little bit different. We were both doing it legally according to the spec. But we just did a little bit differently and actually caused some interoperability issues which is why you guys get the big bucks for troubleshooting and you learn a lot more about doing traces but that’s kind of where we’re at today. So coming along 11 TAVR came out in 2004 2008 2011 is pretty much when they showed up.
Support of real time applications. How can I make this seamless How can I drop as few packets as possible if you look at what the Wi-Fi Alliance tried to do advantage they said you know loss of under 50 milliseconds jitter of under 50 milliseconds loss of less than 1 percent packets no more than three packets lost in a row. Pretty strict requirements as far as that’s concerned so that’s kind of what they were trying to do packet loss latency efficiency sessions. I can’t emphasize enough that when we talk about caving in are that when we’re talking about that for the most of us we’re talking about how they assist roaming there’s tons of other functionalities that was built in that. So as I said there’s hundreds of pages in each one of these documents and we’re just touching on that very high level really important to realize that a lot of that stuff if you read through every page you’re never going to see all of it. So just be aware of it that we just try to make things a little bit better. So eleven k
Resource management tries to make life easier on you tries to make it simpler. Okay. I need to Rome. Where should I go. Well typically the client’s going to look around and say well is there’s a stronger. HP over there there’s a stronger radio over there. I don’t know anything about I don’t know the load on that device. I don’t know the performance on that device. I don’t know noise levels I don’t know anything about that device at all. So the whole idea of K or one of the ideas about K is for me we’re able to get choices before I actually do it. So instead of having to. Go off my channel. And
Scan either passively or actively for other SS ideas or excuse me for other APIs on my same s this idea that I might want to join the ideas. Can I just ask somebody. Can I just ask somebody and they can give me this information. So that’s what eleven K is really all about the ability of client now. I can ask my associate AP and say Hey. I need to roam what’s around me. Once again there’s some different vendors do different things how they gather this information. If I’m talking in a controller based environment controller connected a bunch a piece back controller has a lot of a good view of the environment they’re getting information from their their APIs they know what’s going on in there and that controller can send you out a what’s called a a neighbor packet or a neighbor a neighbor message and say this is your neighbors. This is kind of maybe you’re the signal strength of them. This is your reachable to them. They’re using your same security functionality. They’re all using the same five functionality you have. So this is a candidate for you to roam to. If I’m not in a controller based environment. Different vendors have different solutions within arrow hive our APIs talk to each other with protocols ACM MSP and MRP. And we learn that same information. So somehow some way the AP is going to be a gas bill to gather and build a database of this. The other part about this is in the actual Levin case standard the idea is it’s supposed to be reactive. So when a client asks the AP what’s around me what can you tell me about at that point. The AP is actually supposed to build the database. In reality that database is probably already built they might refresh some stuff get some different information. But the whole idea is to build that information up note a neighbor notification and send that information back. To the device and say Here’s your choices. With 11 k
The AP is not actually telling them where to go. They’re just saying what’s available. It’s really designed to. You know safe scanning time
More efficient usage of the air. People even say it’s more efficient use of a better battery management. And assuming you know if I’ve got to jump in check 20 different channels and probes on each and listen yeah it’s a little bit of that better management type functionality for that but totally is better. So better roaming better searching better capabilities all that type functionality.
The other thing about eleven K is what everybody thinks about as a neighbor report the clients gather an awful lot of information and they can push that information up to the piece what the status of me is what’s happening on my own network what’s happening on my channel what beacons I’m seeing from other devices all this information on the right. This is what’s gathered with eleven k. Problem is a lot of people don’t do a lot more than just the neighbor report. So it’s important I understand that as I said when you’re looking through this and saying wow I can find out all the other beacon traffic. Well yes theoretically I can look for that but I’m not you know I can actually see the station statistics the location configuring multiple BBM the SS I.D. type functionality on their transmit power control stream category linked measurement information. That stuff was all built in there once again. If you’ve ever been involved in. Writing in I Tripoli spec obviously everybody’s got their little baby they want to get in there and when something comes along like resource management they put all that stuff in. But for the most part what we’re really focused on is a neighbor report neighbor report is just the idea to kind of see what’s happening on the network.
So this is really what’s going to happen. Clients associate the AP number one client decides their own based on whatever their internal functionality tells them to do client requests a neighbor report. So it’s going to request this from its associate the AP its associated to the AP is going to build that report AP controller switch that could also be vendor specific information there’s other stuff that can actually go in there. So there’s a lot of open fields available and it’s going to send that down and it’s going to have the information that the SSA I.D. the AP and channel the RSI all the information a client needs to know. Now the client once again is going to make the best choice. Mind you all I know is if this information I don’t know at this point. Maybe there’s to a piece right next to each other and I can roamed either one of them. One of them has a little bit stronger RSI than the other. But that one also might be
200 percent overloaded on the radios and the other one might have three people connected to it. I don’t know that at this point we might talk about that a little bit more and we get to eleven V but the whole idea is it’s the first step it’s what it does. People are going to implement it as more and more as far as clients IAW is implemented a lot of this. That was one of the challenges I had looking around is that you know what vendors doing what with the client side and the AP side and it’s kind of all over the map as far as they’re concerned. So at this point I’m gonna make a decision I’m going to Rome the associate do the authentication. If indication the association association I’m up and running. Pretty basic type functionality if you kind of
Step through neighbor report notification. This is kind of what the frame’s gonna look like. I’m gonna get one of these for each. Essential. Each business idea or each APM able to identify neighbor report. The MAC address whether it’s reachable or not.
Operating class what it’s doing can I connect to isn’t within my save ESFS. Is it within my safe environment. Is it a real room. A room has to be within my same SS I.D. I can still go to another one but that’s actually not a true room.
The fi level all that type of information associated with it and we kind of look at this is kind of small it’s hard to see maybe you guys can capture one later day. Kind of shows you what it looks like in here. If you go up to the top under the red you’ll see SS I.D. then I’ll give all the information about it. If what channel no it was on fire type all this information and with this the client’s gonna make a decision.
It’s not a perfect decision. I don’t know what exactly that client is doing what exactly that AP is doing but it’s better than what I had before and this is where we’re gonna go. We’re gonna go baby steps a little bit of time different vendors are doing things different vendors are offering different capabilities.
All right so I got all this information. I know a lot more about what’s going on in the environment. Things are looking good now comes along something else comes along. 11 v basically be SS transition
There’s been proprietary protocols in the past that have said you know if I can put a client on the roof I can put a software client on the client I can control when it moves.
Well that’s part of the idea of this is I want to be able to see the environment I want to make decisions I want to make intelligent decisions. That’s what 11 v does and important understand especially you know we’re going to be talking about the B SS transition management. But there’s a tremendous amount of topology information is tremendous amount of multiple B SS I.D. type functionality is a tremendous amount of other information that is in the eleven v standard that very few vendor nobody. Leverages all of it. They just don’t. So different vendors leverage different things. But the high o idea once again is where k is really designed to speed up a decision making these really designed to help you make a better decision is probably the best way to say it. So if you look at this functionality here it’s not only Roman related. Once again we keep focused on roaming with KBR but it’s actually more to that Lane’s clients to exchange information that clients can tell the AP a lot more stuff. What what am I seeing what’s around my environment you see I got this AP and APIs are sensors they see the environment they see what’s going on but every client that’s attached to them sees a lot more information what they surround an environment with you know an AP client attached to an AP might hear beacons from other APIs that this one just doesn’t know exists. I want to learn what that whole environment looks like location information sleep modes all this type functionality for the most part all we’re really dealing with with the as far as what most people think about as roaming and that actually has to do with some making some better decisions. These are the I.V. capabilities once again the highlighted one is that when we focus on all the other stuff is stuff people threw in there and I don’t mean that negatively in any way shape or form.
It’s a great idea within the Wi-Fi Alliance is actually a work group now called Data Elements.
Has anybody heard of that none. OK. Data Element is kind of like what other information can I get clients to give me and can I encourage them to actually do that. Once again the more information controller a network management system has the better decision they can make on the overall network. So as you can see as a lot of different information up there transition management is pretty much where we live. So what happens with this. What is a what is eleven v going to do for me. There’s a kind of different things as what’s called a solicitor request and there’s unsolicited requests. Solicit Brest is pretty easy. The. Client gets their information they roam. They connect to another AP and based on whatever they think data throughput whatever they can actually send a request saying you know. Is this the best I can do. Is there a better AP out there that maybe has less load on it. Maybe it will offer me a stronger SSI or maybe a higher data rate. Maybe this RSI is really really high but I didn’t know the ESA Na was really really high. So I a win over here with a lower or SSI. Lower ESA Nah I can actually have a better data rate. So that’s kind of the idea for it. So it’s actually the client’s pay. Point me in a different direction. Give me a better shot. Obviously very very useful. The other three are what’s called unsolicited requests and this is where the AP you try to connect to the AP. Eleven cases go to me you try to connect to me and I say I’m not your best choice.
Why did you go to connect to this guy. For whatever reason maybe because I see what you’re trying to do. Maybe I’m overloaded. Maybe RSI maybe data rates I can do it for lower so sorry I can do for low data rates I can do it. I got enough devices on me I know this AP. 60 feet away is only got 17 clients on it. I know I’ve already got five hundred and twelve which some better say they can sport don’t understand that but. It. Was a shot. I’m sorry. And then the last one is the AP eleven V is actually positioned as advice. To a client. It actually also has the ability to disassociate the client. 11 v actually has the ability to say hey I think it’s better if you go somewhere else. I think it’s better if you go to this guy. You know it’s really better if you go to them and if you don’t within the next three seconds I’m going to kick you off. So it actually has the ability to do that most vendors don’t actually implement that. Or if you do you’ve got to have some system in place that after you kick them off. Maybe he only wants to be on you and you gotta let him back or he goes one. So once again this is kind of a whole process associate this. This is the management phase is the functionality but this is probably about
50 of the 500 pages in this document. So it’s a lot of other good stuff hopefully coming down the pipe. You can’t see it now because nobody is actually gathering this. I don’t know what was gathered but nobody’s actually transferring this information so it’s very important. The last. Fast transfer me fast transition in Rome and 11 are
11 are as I said the very began and when I got in is kind of exciting. Reading through this and you’ve got what’s going on I like to ask questions so fornication and key management. How many people love that. One too. Did you say yes or do you just pointed him
What’s gone. I joke but it is actually important but it’s the most convoluted stuff at least for me. So you know I’m looking at this I’m going to go through this and the whole idea is that one of the biggest problems if I’m in a secure environment and I’m roaming that’s going to be where your application breaks that’s where your session is going break down because you know open pressured t even essay is a little bit faster it’s probably not going to go an issue but if I got to go through ATO to it I went X each time I go to another AP is gonna be obviously the client experience is gonna be lacking. So you go through this and you look at this and I actually kind of spend some time going through what essentially happens. Who’s my attitude I want experts I want to ask you a question I want to see raise your hand. Nobody my God I’m so smart up here I feel. Or your line with ATO two on when X when I go through that whole process I create what’s called a triple a key or a master session key. Right. Everybody nod their heads OK. That master session key then gets derived into what’s called the Paraguay’s master key at this point I can also tie unappreciated key because you pressured key whether you’re you know WPA to WPA 3 essay whatever that can actually come and that becomes a pressure master key those p.m. KS Then when you get into r become what’s called. PM K R zeros
Which get hosted on the authenticated device I’m going to confuse you all and we’re gonna actually go through because this is what I had to go through they get hosted on the authenticator device so the client and the authenticator that authenticator could be a controller or it could be an AP and distribute environment. So now they both have this this paralyze Masaki or PMA are zero they then take those keys and create something called a k ah one confused yet. Now I’ve got them K are 1 and 2 p.m. K our one here if I’m not a controller environment I take that P.M. K our 1 and I give it to all my other apes trying to give an idea how I can seamlessly roam. If I’m in a distributed environment the first AP that does this they have to have a mechanism to distribute that P.M. K R one to all the other apes. Don’t tell you how to do it but you just have to do it and those then people those PMP are ones they become. Your p k. Which is
Hair wise transit K which actually make your encryption active. So once again you can all take past the security close. Right. Pretty good in that. That’s what I read about 17 times before I figured out actually what they were talking about. But it’s kind of important and it’s useful to know so let’s kind of go through here a little bit. The whole idea of all art is to simplify this lot of different a lot of different words lot of different acronyms it’s kind of insane but it’s all designed so when I go through the first time I associate to my first AP I go through the whole ATO to it I want to x process I get onboard now when I roam I want that to be seamless I don’t want to have to do that. That’s the whole process here. And once again there’s some proprietary ways with opportunistic key caching and pre caching and all this stuff in the past but there had to be a standard way to do it. So the idea here is OK secure works with everything no need to reaffirm indicate benefits. Obviously voice voice voice multimedia any real time application. Obviously it’s very very valuable to it because you can’t recover that stuff.
I mean non real time you know if I drop a bunch of packets if it’s DCP they’ll come back you know if it’s UDP I probably won’t worried about him to begin with. So the whole idea. So this is kind of a step in a way what I just said maybe a little bit and I’m not quite sure who I stole this from but if it was one of you people in this room on a blog. Thank you. And let me know I’ll give you credit. The NSA resigned to the client subsequent thing. Pretty much what happens the ATO took it out ex process creates a triple a key or an MSA key terms are used interchangeably whichever you like. I have no problem with this also and that eventually gets derived into the parishes that paralyze master key which once again works the same way with WPA to. Eventually you get a PSA at some point the Paraguay’s master key within eleven R is called PM k r 0 P Mark k r 0 is hosted in the 2 people that started it the client
And the controller or the first AP those devices then create what’s called excuse me p.m. K are 1. This is derived from that and that gets distributed to the other APIs. And then from that I can actually create the encryption keys so now you can actually see what I said. So working through this in a much much deeper clearer way and obviously these presentations are available for you guys this kind of takes what I just said and with that just went and goes in depth step by step. So once again the first time I go through I go through the ATO to an ex said all that functionality up. Uses this radius key exchange get the first level Paraguay’s master key first level pass my creating called APM K are zero sensitive fornicate in the wireless LAN client once again the authenticator could be an AP the authenticator could be the wireless LAN controller really doesn’t matter to me depending on which environment you want. That’s a. Debatable decision. Three levels once again PMC 0 P.M. zero only stays in the authenticator p.m. K are one that’s actually used to create the P2 case or a lot more information associated with that various levels a key is controlled by different people once again as you can see I got that I got that and the supplicant has the RS 0 wanted to suffocate in the authenticator will always have the RS zero and they’ll create the sublevel keys associated with that.
Kind of talked about that already. The keys are cast on the APIs that’s that’s the key to all this that once I get the PMA car 0 I turn it new PMA are 1 those keys are distributed to the client 2 for that they have the client has it and obviously the. The. Apis have it that’s the whole key point with previous ATO 211 I where you had pre sharing of keys you could only see one half awake and only go backwards they had some vendor specific proprietary ones it’s actually standardize the whole process so once again once I’ve got that are ah zero defined once I have my mobility zone defined everybody within that and with mobility devote mobility domain
That’s an AP gets that are one key which means I’m able to communicate I’m able to roam and get through some of this stuff pm KS I used to drive the pressure I talked about that talked about that I’m going to kind of show the road and this is kind of what happens before here. Now. My first original AP got that information it sends the PM car one via whatever back I can do it over the air I can do it over the wire and by the way this. Eleven are actually works over the air or over the back in the back end over the wired infrastructure it is optional. Good luck. I don’t mean that negatively whatever but it’s pretty much it’s up to you guys to figure out how to or it’s up to the vendor to figure out how to do that. It’s not part of it doesn’t actually say how to do it over two not three but that’s actually how that functionality works. Talked about that. So non rolling. This is kind of what we’re gonna have I got to Rome. I’m in a secure environment. I go up. I connect to the target AP. I go through the authentication I go through the areas or there re association. And I go through the four way handshake functionality. This is kind of what happens here and once again it gets a little bit convoluted but the whole idea behind here is add more acronyms. That’s the key focus of 11 are. So. I’m associated to the original IP I decide I want to room.
I’ve gone through this before I’ve already exchanged either my controller or my original AP is already exchanged PMA are one with all the other a piece. So I’m gonna go in here and I’m gonna generate an association of frame association frames got a few more things associated with it now. It’s got a fast transition authentication algorithm. It’s got our rowboat robust. Our ascent. Robust secure network. Information element with P.M. k ah 0 with the mobile domain information element with the fast transition information element with an S nuts as the station nuts. This kind of looks like if you’ll look at the information here it kind of looks like a four way handshake if you think about if you’re familiar with that and I send that over because what I’m trying to do with that is I’m trying to say is the APM trying to
Rome too. Are they aware of PMA are zero. If they are then they’re within my environment.
If they’re not they’re not going to give me the right replies. What happened. He’s going to reply back to me once again robust security network information element p.m. hours a MDI AFTRA a nonce s Nines and the AR one. Now I know that he’s already got that information. So with that what we can actually do is go through and do the four way handshake essentially that what we’re doing we’re doing a four way handshake by any other thing. We go back and forth the dance the US dance the source our dress the destination address once again if you’ve gone through any of the four way handshake stuff. All these terms look very very familiar with you as far as you. At that point we’re done. We’re set. It’s done in four. And it uses the existing four exchanges. It uses the existing authentication reply authentication response association requests association response. So once again it’s very very simple and very very easy. Anyone here as essay very much looking
How that works. WPA 3 I say you know if you look at how that authentication works in that they’re doing a similar type stuff prior to all this stuff coming out the offending nation really wasn’t very much it was like Are you are you eight or ten eleven yeah I’m eight it to eleven and the last time anybody use that was back in the web days. So then I actually start to use those frames which are kind of. I don’t say they weren’t important but they weren’t doing very much the same saying why don’t we use that information exchange to do this instead of repeating it later. Once again once I get the PM K one once I know that the client has I can go associate over there. We can create a new pair Y’s transition key between the that AP and the client
And we’re up and running.
Same thing. The ISIS transmission GSK authorization once again works the same way because if you think about it when we start to go to the when X we got to the mass in session key and that became a Paraguay’s master key. We start with the PSA we get to the Paraguay’s master key so it works the same in both ways. So if there’s really not going to be much difference at all. Essentially is if roaming in appreciated key environment or passphrase environment or to the when X environment as long as I support 8 or 11 arc
Gonna be a couple more cams if you’re interested when when stations go to associate to an access point exit point. They exchange information about what what. Authentication key management schemes can you support. Obviously this adds a few more to that.
So what’s kind of happening now. Every vendor is doing their own thing we’ve got something called 360 once again. We’re looking at this stuff we’re looking at data elements we’re looking at anything a client will give us. And try to figure out how I can suck in this information in a standard based way or proprietary way to actually make better decisions because it’s very very important within the Wi-Fi Alliance. Obviously there’s a lot of different activity going on there and pretty much almost all the certifications associated are Andy adding some form of fast transition in. So if they’re not there already there’s actually action going on typically in the past like 11 hour functionality fast transition lived within the security task group pretty much lives in every function living and every task group right now. So it’s kind of interested and as I said before in hospitality and also in healthcare I know there’s a big effort going on right now in the client experience the user experience. How do I how do I define it. How do I improve it. How do I do things better going forward. As far as who supports what. IAW is doing a great job of supporting a lot of this stuff. K and V are type functionality not all versions I think tend out Oh I always tend to oh it has a lot of this functionality in it.
I’m not saying Samsung does or Android does it whatever but there’s so many different cases out there you’re really going to have to check it individually. This is something from a network management point of view. We are looking at a company that if I’m having issues with it with the devices roaming or associate or whatever to have the ability to say OK that’s a x y z device with firmware X X X which I can gather just from looking at how they generate traffic and then if I can have some back end database and while I know this guy does not support eleven R so I need to make I got a cyst that or I need to make sure they get on a society that doesn’t have 11 you are because a lot of times an AP that supports in a client that doesn’t support it. Sometimes a client just gives up says I do not like what you’re saying and I’m not going to talk to you which is not a good idea in a public environment. You know if you if you control are your client you control your APIs that actually works pretty good. But just kind of be aware about that. So be aware what’s going on there.
Summary roaming roaming is a good thing. Very few people don’t want to roam association number one roaming is number two.
The idea romance is seamless. Not many people care about nomadic roaming anymore except classroom to classroom type functionality. Ivy our goals is to simplify your life be aware there is gonna be what we’re talking about right now is just roaming it’s a lot of the and I think I beat that point to death. It’s just a matter of time I say this nicely. It’s forcing the clients to do it. I’ll be honest most year AP vendors would love all this information and we will implement it will suck it in will gather it because we can use that. It’s very very useful to us but depending on you your apples of the world are going to do a lot of stuff you’re at your lower end stuff. Probably never will. And now you’ve got this whole i o t world that are gonna have the cheapest possible chipsets and firmware. So how that works but hopefully a lot of the IO T devices aren’t really designed as roaming you’re stuck up on a wall so they’ll do that vendor specific solutions you’re always gonna see them they’re always gonna be around round. And that’s it.
Thank you very much.
Convert audio to text with Sonix. Sonix is the best online audio transcription software
Sonix accurately transcribed the audio file, “IEEE 802 11kvr _ Perry Correll _ WLPC Phoenix 2019.mp4” , using cutting-edge AI. Get a near-perfect transcript in minutes, not hours or days when you use Sonix. Sonix is the industry-leading audio-to-text converter. Signing up for a free trial is easy.
For audio files (such as “IEEE 802 11kvr _ Perry Correll _ WLPC Phoenix 2019.mp4”), thousands of researchers and podcasters use Sonix to automatically transcribe mp4 their audio files. Easily convert your mp4 file to text or docx to make your media content more accessible to listeners.
Best audio transcription software: Sonix
Researching what is “the best audio transcription software” can be a little overwhelming. There are a lot of different solutions. If you are looking for a great way to convert mp4 to text , we think that you should try Sonix. They use the latest AI technology to transcribe your audio and are one my favorite pieces of online software.
In This Episode:
Keith answers the question sent in by Bob:
“How can I get non-technical people to have a basic understanding of the dynamics of Wireless environments.
Jari Vikstedt from ETS-Lindgren talks about what he sees rolling out in 5G
In This Episode:
We answer this question sent in by Alex:
How do I get my hands on wireless software tools like AirMagnet? I am just getting started in running a small consulting and integration business. The cost of getting some of these software tools can get pretty daunting
Also, Keith takes us behind the scenes at Ekahau, getting to know some of the behind-the-scenes players who made the new Ekahau Connect launch possible.