Doc.: IEEE 802.11-04/0377r1 Submission March 2004 Areg Alimian CMC, Bernard Aboba MicrosoftSlide 1 Analysis of Roaming Techniques Areg Alimian Communication.

March 2004

Areg Alimian CMC, Bernard Aboba Microsoft

Slide 1

doc.: IEEE 802.11-04/0377r1

Submission

Analysis of Roaming Techniques

Areg AlimianCommunication Machinery Corporation

[email protected]

Bernard AbobaMicrosoft

[email protected]

March 2004


Slide 2

doc.: IEEE 802.11-04/0377r1

Submission

Outline

• Roaming Definition & Phases• Test Configurations for roaming measurements• Contributors to handoff latency• Existing and emerging solutions for fast handoff• Conclusions

March 2004


Slide 3

doc.: IEEE 802.11-04/0377r1

Submission

How do we define roaming?• Roaming latency

– “The period from when the STA last receives data traffic via its old AP and when it receives data from the new AP is often referred to as the handoff latency or handoff delay”.

• Triggering roaming– When the STA moves away from its current AP, the signal quality of the

messages from the above AP will decrease.– At some (configurable) signal quality threshold, or after a number of failed

retransmission attempts, the STA starts looking for a ‘better” AP to reassociate with, triggering a handover procedure.

March 2004


Slide 4

doc.: IEEE 802.11-04/0377r1

Submission

Handoff Scenario

Channel 6Channel 11

AP AAP B STA

v

c

D

c ~ 10-20 ftD ~ 100-300 ft

Latency Contributors

802.11 scan802.1X authentication4-way handshakeMovement detectionAddress assignment Duplicate detection IKE renegotiationMIP signallingTCP adjustment period

March 2004


Slide 5

doc.: IEEE 802.11-04/0377r1

Submission

Latency Budget

Layer ItemIPv4 Best Case (ms)

IPv4 Worst Case (ms)

IPv6 Best Case (ms) IPv6 Worst Case (ms)

L2 802.11 scan (passive) 0 (cached) 1 sec (wait for Beacon) 0 (cached) 1 sec (wait for Beacon)

L2 802.11 scan (active) 20 300 20 300

L2802.11 assoc/reassoc (no IAPP) 4 20 4 20

L2802.11 assoc/reassoc (w/ IAPP) 20 80 20 80

L2802.1X authentication (full) 750 1200 750 1200

L2 802.1X Fast resume 150 300 150 300

L2Fast handoff (4-way handshake only) 10 80 10 80

L3DHCPv4 (6to4 scenario only) 200 500 0 0

L3 IPv4 DAD 0 (DNA) 3000 0 0

L3 Initial RS/RA 0 0 5 10

L3 Wait for more RAs 0 0 0 1500

L3 IPv6 DAD 0 0 0 (Optimistic DAD) 1000

L3 MN-HA BU 0 200 0 200

L3 MN-CN BU 100 200 100 200

L4 TCP adjustment 0 Varies 0 Varies

March 2004


Slide 6

doc.: IEEE 802.11-04/0377r1

Submission

Logical Steps/Phases in Handoff• Detection/Rate adaptation

– Mobile station starts adjusting the traffic rate all the way down to the minimum for its PHY (rate fallback ).

– The signal strength and the signal-to-noise ratio of the signal from a station’s current AP degrade and the station retransmits without a response.

• Scanning– Mobile station initiates active scanning to probe for nearby APs.

• Association/Reassociation• 802.1X (re-)authentication

– STA attempts (re)authentication with the new AP. With PMK Caching/SAs the EAP authentication phase with a back-end server is not necessary.

• IEEE 802.11 AKM• IP Layer Configuration

– Acquiring a valid IP address– Duplicate Address Detection (DAD)– Mobile IP signaling– IKE signaling (if required)

• Transport layer adjustment– TCP adjustment period

March 2004


Slide 7

doc.: IEEE 802.11-04/0377r1

Submission

802.11 Handoff Problem Space

Station VelocityStationary Pedestrian Vehicular

T/B

Scan + Radio tuning

Scan + Pre-auth viaOld AP

c TPA

D TReassoc

Association not possible

High Speed

D TFH

4-way handshake, no 802.1X

3-way handshake, no 802.1X

D TPA

Pre-Auth + Neighbor graph

March 2004


Slide 8

doc.: IEEE 802.11-04/0377r1

Submission

Handoff Test Metrics Summary• Rate adaptation

– Rate adaptation time– Packet loss during rate adaptation

• (Re)authentication– (Re)authentication (AKM) without prior security Association states.– (Re)authentication (AKM) without prior security State.– (Re)authentication with IAPP.

• Roaming– Handoff Interval– Downstream loss during handover– Session continuity during handover– Upstream delay

• Scanning– Passive Scanning– Active Scanning

• Behavioral– Roaming hysteresis– Rate adaptation hysteresis

• Network Connectivity resumption– Valid IP address acquisition/ IP configuration– Transport adaptation

March 2004


Slide 9

doc.: IEEE 802.11-04/0377r1

Submission

Test Scenarios for Handoff Performance

• Handoff Triggering Mechanisms– The power to the current AP is switched off– Decreasing the Tx power of current AP– Changing the load on the current AP

• Injecting Traffic Patterns during handoff– Unidirectional upstream traffic from STA to a host on the

LAN– Unidirectional downstream traffic from LAN host to STA.– Bidirectional traffic between STA and LAN host.– 2nd STA at the new AP competing for media access.

March 2004


Slide 10

doc.: IEEE 802.11-04/0377r1

Submission

General Observations Based on Test Data

• Handoff triggering mechanism (power off vs. Tx Power reduction) affects movement “detection” time.

• Traffic pattern during roam affects overall handoff latency and packet loss during roam.

• Handoff latency varies significantly based on specific equipment, especially STAs.

March 2004


Slide 11

doc.: IEEE 802.11-04/0377r1

Submission

Handover Latency Summary

• Detection and active scanning probe phase can be too long, therefore increasing overall roaming latency.

• Rate adaptation down to 1 or 2 Mbps can take significant time and affects the throughput of other STAs if one or more STA are connected at the lower rate.

• Significant delays at L3 – IP address assignment (when DHCP server is far from host)– Duplicate Address Detection (DAD) – Mobile IP signaling

• Significant delays at L4 in some scenarios– Movement from high bw/low delay network to low bw/high delay

network

March 2004


Slide 12

doc.: IEEE 802.11-04/0377r1

Submission

The current 802.11 probe function

The probe function is the IEEE 802.11 MAC active scan function And the standard specifies a scanning procedure as follows:

For each channel to be scanned,

• 1. STA sends a probe request with broadcast destination, SSID, and broadcast BSSID.

• 2. STA starts a ProbeTimer.

• 3. If medium is not busy before the ProbeTimer reachesMinChannelTime, scan the next channel, else whenProbeTimer reaches MaxChannelTime, process all receivedprobe responses and proceed to next channel.

March 2004


Slide 13

doc.: IEEE 802.11-04/0377r1

Submission

Existing Techniques for Handover Optimization

• Limiting Rate adaptation range– Allowing negotiation of 1 and 2 Mbps rates is very time consuming.

– If there are one or more stations associated at lower rates, this will

limit the throughput of stations associated at higher rates. • AP Initiated Handoff

– At the PHY Layer• Optimized Active Scanning

– Scan most likely channels first.– Obtain channel list from the AP. – Fast Active Scanning.

• Sending a probe request to a specific AP on its operation channel designating as the sole responder. Designated AP sends probe response after SIFS deferral.

March 2004


Slide 14

doc.: IEEE 802.11-04/0377r1

Submission

Existing Techniques for Handover Optimization - 2

• Providing “Candidate Lists” to roaming STA– Roaming Station can request a candidate list from the AP to obtain

relevant information about neighborhood STAs.– A “Site Report” is not necessarily the same as a “candidate list”– Difference: The list of all neighbors vs. the list of authorized,

functional neighbors• Optimized IP Layer configuration

– Significant delays in Layer 3 due to Duplicate Address Detection (DAD) and IP address assignment

• IPv4: significant delay in DHCP where the DHCP server is far away from the host.

• IPv6: delays due to movement detection constants– DNA reduces IP address assignment delays for intra-subnet

roaming, provided there are reliable “hints” from L2– Optimistic DAD (IPv6 only) reduces DAD delays

March 2004


Slide 15

doc.: IEEE 802.11-04/0377r1

Submission

Detection of Network Attachment (DNA)

• The time required to detect movement (or lack of movement) between subnets, and to obtain (or continue to use) a valid IP address may be significant as a fraction of the total delay in moving between points of attachment. As a result, optimizing detection of network attachment is important for mobile hosts.

• Detection of Network Attachment follows the principles below:

– Treatment of Link-Up indications from the Link Layer– Link-Local addressing as a mechanism of last resort – Utilization of hints from the Link Layer on current Subnet– Performing reachability test instead address acquisition where a valid IP

address exists on the “most likely” point of attachment– Sending a DHCPDISCOVER instead of a DHCPREQUEST if the

subnet is likely to have changed.

March 2004


Slide 16

doc.: IEEE 802.11-04/0377r1

Submission

Issues with DNA

• Today, there are no reliable “hints” of subnet attachment

• SSID is not a reliable “hint” of subnet attachment– “Default” SSIDs are common; can disambiguate w/BSSID– STA may change prefix within same SSID– STA may keep same prefix when changing SSIDs (less likely)

• DNA will not optimize the IP configuration phase significantly without reliable link layer hints

March 2004


Slide 17

doc.: IEEE 802.11-04/0377r1

Submission

Factors Affecting STA Roam Decision

• Factors that may affect the quality of the connection between the AP and the STA include:- Received Signal Power- Retransmissions

• Factors that affect which AP, currently, would be the best choice for a STA to (re)associate with to maintain the upper layer connection include the above considerations plus:– Loading/Load Balancing Considerations– Capability matching– SNR– Received Signal Strength– Security– SSID

March 2004


Slide 18

doc.: IEEE 802.11-04/0377r1

Submission

Using Candidate List Reports

• A “candidate list report” contains information on APs that are valid handoff candidates for a STA

– Valid = not a rogue, connected to the DS, forwarding frames, etc.

• In response to a “candidate list request”, AP in response will send

– Candidate list report for the ESS specified. – If the SSID IE is not present it will send a Candidate List Report

for the SSID for the current ESS.– If the AP has no information on the ESS of which the SSID has

been requested it will send a Candidate List Response with a length of zero.

March 2004


Slide 19

doc.: IEEE 802.11-04/0377r1

Submission

Issues with the “Site Report”• “Site report” may or may not be equivalent to a

“candidate list report”– Is purpose of “site report” to obtain a list of all APs, or just valid roaming

candidates? • Site Report Response uses mgmt action frames which are

not secured in the current specification.• Even if the STA has the BSSID of the AP to pre-

authenticate to, it needs to be within the AP’s coverage area to reassociate.

• The site report may not narrow the roaming candidates– “Site Report” may contain unsuitable roaming candidates– SNR is necessary to choose between roaming candidates– Using a “site report” as a “candidate list report” may cause the station to pre-

authenticate to more APs, increasing load.

March 2004


Slide 20

doc.: IEEE 802.11-04/0377r1

Submission

Alternative Approaches

• Obtain neighbor information only after completion of authenticated key management (AKM)– Neighbor information obtained only from authenticated APs– “Candidate list” exchange is authenticated via a unicast key,

not a group key– Semantics provide a “candidate list” not a “site report”

March 2004


Slide 21

doc.: IEEE 802.11-04/0377r1

Submission

Handoff – Alternative Approach• AP-Initiated handoff

– WLAN switch approach• PMKs made available to “dumb APs” by WLAN switch

– IAPP approach• PMKs propagated between APs

– PHY layer approach• Same SSID, same BSSID, same channel.• STA does not know that it is roaming.• Result is very small handoff latency.

• Realities– This approach is now ubiquitous (but non-interoperable). – Standardizing AP-initiated handoff is not a worthwhile activity– Probably more profitable to focus on other issues

March 2004


Slide 22

doc.: IEEE 802.11-04/0377r1

Submission

Related Work

• Papers on this topic include:• http://www.ieee802.org/11/Documents/DocumentHolder/3-417.zip• http://www.ieee802.org/11/Documents/DocumentHolder/3-416.zip• http://www.it.kth.se/~vatn/research/handover-perf.pdf• http://www.drizzle.com/~aboba/IEEE/692.zip• http://www.cs.umd.edu/~waa/pubs/handoff-lat-acm.pdf• http://www.it.kth.se/~hvelayos/papers/TRITA-IMIT-LCN%20R%2003-

02%20Handover%20in%20IEEE%20802.pdf• http://www.cs.cmu.edu/~glennj/scp/FixingAPSelection.html• 11-04-0086-02-frfh-measurement-802-11-roaming-intervals.ppt (on

www.802wirelessworld.com)

March 2004


Slide 23

doc.: IEEE 802.11-04/0377r1

Submission

Conclusions

• Biggest challenges occur prior to authentication– Detection algorithms (when to roam)– Rate adaptation algorithms– Scanning latency (particularly for 802.11a/b/g devices)

• Potential solutions are available– Channel maps– Roaming Candidate lists– Active scan optimizations– Rate adaptation limits– DNA– Optimistic DAD

• Key management techniques not a high priority– TGi pre-authentication, PMK caching enables working

systems today• Fitting within 50ms VOIP budget is possible….

– And involves hard implementation work, not rocket science.

March 2004


Slide 24

doc.: IEEE 802.11-04/0377r1

Submission

Feedback?