--- 1/draft-ietf-opsawg-capwap-hybridmac-07.txt 2014-12-18 10:14:49.325756893 -0800 +++ 2/draft-ietf-opsawg-capwap-hybridmac-08.txt 2014-12-18 10:14:49.349757486 -0800 @@ -1,97 +1,90 @@ Network Working Group C. Shao Internet-Draft H. Deng Intended status: Standards Track China Mobile -Expires: June 6, 2015 R. Pazhyannur +Expires: June 21, 2015 R. Pazhyannur Cisco Systems F. Bari AT&T R. Zhang China Telecom S. Matsushima SoftBank Telecom - December 3, 2014 + December 18, 2014 IEEE 802.11 MAC Profile for CAPWAP - draft-ietf-opsawg-capwap-hybridmac-07 + draft-ietf-opsawg-capwap-hybridmac-08 Abstract - The Control And Provisioning of Wireless Access Points (CAPWAP) - protocol defines two entities: a Wireless Transmission Point (WTP) - and an Access Controller (AC). The CAPWAP protocol binding for IEEE - 802.11 defines two MAC (Medium Access Control) modes for IEEE 802.11 - WTP: Split and Local MAC, and describes the required functionality - split between the WTP and AC for each mode. However, in the Split - MAC mode, the partitioning of encryption/decryption functions are not - clearly defined. In the Split MAC mode description, IEEE 802.11 - encryption is specified as located in either at the AC or the WTP, - with no clear way for the AC to inform the WTP of where the - encryption functionality should be located. This lack of - specification leads to interoperability issues, especially when the - AC and WTP come from different vendors. To prevent interoperability - issues, this specification defines an IEEE 802.11 MAC profile message - element in which each profile specifies an unambiguous division of - encryption functionality between the WTP and AC. The IEEE 802.11 MAC - profile is used as follows: the WTP informs the AC of the supported - profiles during the discovery or join process and the AC configures - the WTP with one of the supported profiles when configuring the WLAN. + The CAPWAP protocol binding for IEEE 802.11 defines two MAC (Medium + Access Control) modes for IEEE 802.11 WTP (Wireless Transmission + Point): Split and Local MAC. In the Split MAC mode, the partitioning + of encryption/decryption functions are not clearly defined. In the + Split MAC mode description, IEEE 802.11 encryption is specified as + located in either the AC (Access Controller) or the WTP, with no + clear way for the AC to inform the WTP of where the encryption + functionality should be located. This leads to interoperability + issues, especially when the AC and WTP come from different vendors. + To prevent interoperability issues, this specification defines an + IEEE 802.11 MAC profile message element in which each profile + specifies an unambiguous division of encryption functionality between + the WTP and AC. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - - This Internet-Draft will expire on June 6, 2015. + This Internet-Draft will expire on June 21, 2015. Copyright Notice Copyright (c) 2014 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. IEEE MAC Profile Descriptions . . . . . . . . . . . . . . . . 4 - 2.1. Split MAC with WTP encryption . . . . . . . . . . . . . . 5 - 2.2. Split MAC with AC encryption . . . . . . . . . . . . . . 6 - 2.3. IEEE 802.11 MAC Profile Frame Exchange . . . . . . . . . 7 - 3. MAC Profile Message Element Definitions . . . . . . . . . . . 8 - 3.1. IEEE 802.11 Supported MAC Profiles . . . . . . . . . . . 8 - 3.2. IEEE 802.11 MAC Profile . . . . . . . . . . . . . . . . . 9 - 4. Security Considerations . . . . . . . . . . . . . . . . . . . 9 - 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 - 6. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 10 - 7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 10 - 8. Normative References . . . . . . . . . . . . . . . . . . . . 10 - Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 10 + 2.1. Split MAC with WTP encryption . . . . . . . . . . . . . . 4 + 2.2. Split MAC with AC encryption . . . . . . . . . . . . . . 5 + 2.3. IEEE 802.11 MAC Profile Frame Exchange . . . . . . . . . 6 + 3. MAC Profile Message Element Definitions . . . . . . . . . . . 7 + 3.1. IEEE 802.11 Supported MAC Profiles . . . . . . . . . . . 7 + 3.2. IEEE 802.11 MAC Profile . . . . . . . . . . . . . . . . . 8 + 4. Security Considerations . . . . . . . . . . . . . . . . . . . 8 + 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 + 6. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 9 + 7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 9 + 8. Normative References . . . . . . . . . . . . . . . . . . . . 9 + Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 9 1. Introduction The CAPWAP protocol supports two MAC modes of operation: Split and Local MAC, as described in [RFC5415], [RFC5416]. However, there are MAC functions that have not been clearly defined. For example IEEE 802.11 encryption is specified as located in either in the AC or the WTP with no clear way to negotiate where it should be located. Because different vendors have different definitions of the MAC mode, many MAC layer functions are mapped differently to either the WTP or @@ -100,21 +93,21 @@ configurations based on implementation of the two modes by their vendor. If there is no clear specification, then operators will experience interoperability issues with WTPs and ACs from different vendors. Figure 1 from [RFC5416], illustrates how some functions are processed in different places in the Local MAC and Split MAC mode. Specifically, note that in the Split MAC mode the IEEE 802.11 encryption/decryption is specified as WTP/AC implying that it could be at either location. This is not an issue with Local MAC because - encryption is always at the Access Controller. + encryption is always at the WTP. +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Functions | Local MAC | Split MAC | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |Distribution Service | WTP/AC | AC | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |Integration Service | WTP | AC | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |Beacon Generation | WTP | WTP | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ @@ -314,24 +307,25 @@ o Type: TBD for IEEE 802.11 MAC Profile o Profile: The profile is identified by a value as given below * 0: This refers to the Split MAC Profile with WTP encryption * 1: This refers to the Split MAC Profile with AC encryption 4. Security Considerations This document does not introduce any new security risks compared to - [RFC5416]. The negotiation between the WTP and AC is encrypted and - as a result an attacker cannot interfere with it to force a less - secure mode choice. The security considerations described in - [RFC5416] apply here as well. + [RFC5416]. The negotiation messages between the WTP and AC have + origin authentication and data integrity. As a result an attacker + cannot interfere with the messages to force a less secure mode + choice. The security considerations described in [RFC5416] apply + here as well. 5. IANA Considerations This document requires the following IANA actions: o This specification defines two new message elements, IEEE 802.11 Supported MAC Profiles (described in Section 3.1) and IEEE 802.11 MAC Profile (described in Section 3.2). These elements needs to be registered in the existing CAPWAP Message Element Type registry, defined in [RFC5415]. The values for these elements @@ -342,22 +336,24 @@ IEEE 802.11 MAC Profile TBD2 o The IEEE 802.11 Supported MAC Profiles message element and IEEE 802.11 MAC Profile message element include a Profile Field (as defined in Section 3.2). The Profile field in the IEEE 802.11 Supported MAC Profiles denotes the MAC profiles supported by the WTP. The profile field in the IEEE MAC profile denotes MAC profile assigned to the WTP. The namespace for the field is 8 bits (0-255). This specification defines two values, zero (0) and one (1) as described below. The remaining values (2-255) are controlled and maintained by IANA and require an Expert Review. - IANA needs to create a registry called CAPWAP IEEE 802.11 Split - MAC Profile. The registry format is given below. + IANA needs to create a new sub-registry called IEEE 802.11 Split + MAC Profile and add the new sub-registry to the existing registry + "Control And Provisioning of Wireless Access Points (CAPWAP) + Parameters". The registry format is given below. Profile Type Value Reference Split MAC with WTP encryption 0 Split MAC with AC encryption 1 6. Contributors Yifan Chen chenyifan@chinamobile.com Naibao Zhou zhounaibao@chinamobile.com