Network Working Group P. McCann
Request for Comments: 4260 Lucent Technologies
Category: Informational November 2005
Network Working Group P. McCann
Request for Comments: 4260 Lucent Technologies
Category: Informational November 2005
Mobile IPv6 Fast Handovers for 802.11 Networks
用于802.11网络的移动IPv6快速切换
Status of This Memo
关于下段备忘
This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited.
本备忘录为互联网社区提供信息。它没有规定任何类型的互联网标准。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The Internet Society (2005).
版权所有(C)互联网协会(2005年)。
Abstract
摘要
This document describes how a Mobile IPv6 Fast Handover could be implemented on link layers conforming to the 802.11 suite of specifications.
本文档描述了如何在符合802.11规范套件的链路层上实现移动IPv6快速切换。
Table of Contents
目录
1. Introduction ....................................................2
1.1. Conventions Used in This Document ..........................2
2. Terminology .....................................................2
3. Deployment Architectures for Mobile IPv6 on 802.11 ..............3
4. 802.11 Handovers in Detail ......................................5
5. FMIPv6 Message Exchanges ........................................7
6. Beacon Scanning and NAR Discovery ...............................8
7. Scenarios .......................................................9
7.1. Scenario 1abcdef23456g .....................................9
7.2. Scenario ab123456cdefg ....................................10
7.3. Scenario 123456abcdefg ....................................10
8. Security Considerations ........................................10
9. Conclusions ....................................................12
10. References ....................................................13
10.1. Normative References .....................................13
10.2. Informative References ...................................13
11. Acknowledgements ..............................................13
1. Introduction ....................................................2
1.1. Conventions Used in This Document ..........................2
2. Terminology .....................................................2
3. Deployment Architectures for Mobile IPv6 on 802.11 ..............3
4. 802.11 Handovers in Detail ......................................5
5. FMIPv6 Message Exchanges ........................................7
6. Beacon Scanning and NAR Discovery ...............................8
7. Scenarios .......................................................9
7.1. Scenario 1abcdef23456g .....................................9
7.2. Scenario ab123456cdefg ....................................10
7.3. Scenario 123456abcdefg ....................................10
8. Security Considerations ........................................10
9. Conclusions ....................................................12
10. References ....................................................13
10.1. Normative References .....................................13
10.2. Informative References ...................................13
11. Acknowledgements ..............................................13
The Mobile IPv6 Fast Handover protocol [2] has been proposed as a way to minimize the interruption in service experienced by a Mobile IPv6 node as it changes its point of attachment to the Internet. Without such a mechanism, a mobile node cannot send or receive packets from the time that it disconnects from one point of attachment in one subnet to the time it registers a new care-of address from the new point of attachment in a new subnet. Such an interruption would be unacceptable for real-time services such as Voice-over-IP.
移动IPv6快速切换协议[2]被提出作为一种方式,以最大限度地减少移动IPv6节点在更改其连接到Internet的点时所经历的服务中断。如果没有这样的机制,移动节点就无法从一个子网中的一个连接点断开连接到从新子网中的新连接点注册新转交地址之间发送或接收数据包。这种中断对于IP语音等实时服务来说是不可接受的。
The basic idea behind a Mobile IPv6 fast handover is to leverage information from the link-layer technology to either predict or rapidly respond to a handover event. This allows IP connectivity to be restored at the new point of attachment sooner than would otherwise be possible. By tunneling data between the old and new access routers, it is possible to provide IP connectivity in advance of actual Mobile IP registration with the home agent or correspondent node. This allows real-time services to be reestablished without waiting for such Mobile IP registration to complete. Because Mobile IP registration involves time-consuming Internet round-trips, the Mobile IPv6 fast handover can provide for a smaller interruption in real-time services than an ordinary Mobile IP handover.
移动IPv6快速切换背后的基本思想是利用来自链路层技术的信息来预测或快速响应切换事件。这使得IP连接能够在新的连接点比其他方式更快地恢复。通过在新旧接入路由器之间隧道传输数据,可以在向归属代理或对应节点进行实际移动IP注册之前提供IP连接。这允许在不等待移动IP注册完成的情况下重新建立实时服务。由于移动IP注册涉及耗时的互联网往返,因此移动IPv6快速切换可以提供比普通移动IP切换更小的实时服务中断。
The particular link-layer information available, as well as the timing of its availability (before, during, or after a handover has occurred), differs according to the particular link-layer technology in use. This document gives a set of deployment examples for Mobile IPv6 Fast Handovers on 802.11 networks. We begin with a brief overview of relevant aspects of basic 802.11 [3]. We examine how and when handover information might become available to the IP layers that implement Fast Handover, both in the network infrastructure and on the mobile node. Finally, we trace the protocol steps for Mobile IPv6 Fast Handover in this environment.
可用的特定链路层信息以及其可用性的定时(在发生切换之前、期间或之后)根据所使用的特定链路层技术而不同。本文档提供了一组802.11网络上移动IPv6快速切换的部署示例。我们首先简要概述基本802.11[3]的相关方面。我们研究了在网络基础设施和移动节点上实现快速切换的IP层如何以及何时可以获得切换信息。最后,我们跟踪了在这种环境下移动IPv6快速切换的协议步骤。
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [1].
本文件中的关键词“必须”、“不得”、“要求”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照RFC 2119[1]中所述进行解释。
This document borrows all of the terminology from Mobile IPv6 Fast Handovers [2], with the following additional terms from the 802.11 specification [3] (some definitions slightly modified for clarity):
本文档借用了移动IPv6快速切换[2]中的所有术语,以及802.11规范[3]中的以下附加术语(为清晰起见,一些定义稍作修改):
Access Point (AP): Any entity that has station functionality and provides access to the distribution services, via the wireless medium (WM) for associated stations.
接入点(AP):具有站点功能并通过相关站点的无线媒体(WM)提供对分发服务的访问的任何实体。
Association: The service used to establish access point/station (AP/STA) mapping and enable STA access to the Distribution System.
关联:用于建立接入点/站(AP/STA)映射并启用STA对配电系统的访问的服务。
Basic Service Set (BSS): A set of stations controlled by a single coordination function, where the coordination function may be centralized (e.g., in a single AP) or distributed (e.g., for an ad hoc network). The BSS can be thought of as the coverage area of a single AP.
基本服务集(BSS):由单个协调功能控制的一组站点,其中协调功能可以是集中的(例如,在单个AP中)或分布式的(例如,对于自组织网络)。BSS可以被认为是单个AP的覆盖区域。
Distribution System (DS): A system used to interconnect a set of basic service sets (BSSs) and integrated local area networks (LANs) to create an extended service set (ESS).
配电系统(DS):用于互连一组基本服务集(BSS)和集成局域网(LAN)以创建扩展服务集(ESS)的系统。
Extended Service Set (ESS): A set of one or more interconnected basic service sets (BSSs) and integrated local area networks (LANs) that appears as a single BSS to the logical link control layer at any station associated with one of those BSSs. The ESS can be thought of as the coverage area provided by a collection of APs all interconnected by the Distribution System. It may consist of one or more IP subnets.
扩展服务集(ESS):由一个或多个相互连接的基本服务集(BSS)和集成局域网(LAN)组成的一组,在与其中一个BSS关联的任何站点的逻辑链路控制层上显示为单个BSS。ESS可以被认为是由配电系统互连的AP集合提供的覆盖区域。它可能由一个或多个IP子网组成。
Station (STA): Any device that contains an IEEE 802.11 conformant medium access control (MAC) and physical layer (PHY) interface to the wireless medium (WM).
站点(STA):包含符合IEEE 802.11的媒体访问控制(MAC)和无线媒体(WM)物理层(PHY)接口的任何设备。
In this section, we describe the two most likely relationships between Access Points (APs), Access Routers (ARs), and IP subnets that are possible in an 802.11 network deployment. In this document, our focus is mainly on the infrastructure mode [3] of 802.11. Usually, a given STA is associated with one and only one AP at any given instant; however, implementations are possible [4] where multiple associations per STA may be maintained as long as the APs are connected to disjoint DSs. An STA may be in communication with an AP only when radio propagation conditions permit. Note that, as with any layer-2 technology, handover from one layer-2 point of attachment (AP) to another does not necessarily mean a change of AR or subnet.
在本节中,我们将描述在802.11网络部署中可能出现的接入点(AP)、接入路由器(AR)和IP子网之间的两种最可能的关系。在本文档中,我们主要关注802.11的基础架构模式[3]。通常,给定STA在任何给定时刻与一个且仅一个AP相关联;然而,实现是可能的[4],其中只要AP连接到不相交的DSs,每个STA就可以保持多个关联。STA只能在无线传播条件允许时与AP通信。请注意,与任何第2层技术一样,从一个第2层连接点(AP)切换到另一个并不一定意味着AR或子网的更改。
AR AR
AR | AR AR | AR
\ | / \ | /
Subnet 1 Subnet 2
/ / | \ \ / / | \ \
/ / | \ \ / / | \ \
/ | | | \ / | | | \
AP1 AP2 AP3 AP4 AP5 AP6 AP7 AP8 AP9 AP10
AR AR
AR | AR AR | AR
\ | / \ | /
Subnet 1 Subnet 2
/ / | \ \ / / | \ \
/ / | \ \ / / | \ \
/ | | | \ / | | | \
AP1 AP2 AP3 AP4 AP5 AP6 AP7 AP8 AP9 AP10
Figure 1. An 802.11 deployment with relay APs.
图1。带有中继AP的802.11部署。
Figure 1 depicts a typical 802.11 deployment with two IP subnets, each with three Access Routers and five Access Points. Note that the APs in this figure are acting as link-layer relays, which means that they transport Ethernet-layer frames between the wireless medium and the subnet. Note that APs do not generally implement any particular spanning tree algorithm, yet are more sophisticated than simple bridges that would relay all traffic; only traffic addressed to STAs known to be associated on a given AP would be forwarded. Each subnet is on top of a single LAN or VLAN, and we assume in this example that APs 6-10 cannot reach the VLAN on which Subnet 1 is implemented. Note that a handover from AP1 to AP2 does not require a change of AR (here we assume the STA will be placed on the same VLAN during such a handoff) because all three ARs are link-layer reachable from an STA connected to any AP1-5. Therefore, such handoffs would not require IP-layer mobility management, although some IP-layer signaling may be required to determine that connectivity to the existing AR is still available. However, a handover from AP5 to AP6 would require a change of AR, because AP6 cannot reach the VLAN on which Subnet 1 is implemented and therefore the STA would be attaching to a different subnet. An IP-layer handover mechanism would need to be invoked in order to provide low-interruption handover between the two ARs.
图1描述了具有两个IP子网的典型802.11部署,每个子网具有三个接入路由器和五个接入点。请注意,此图中的AP充当链路层中继,这意味着它们在无线媒体和子网之间传输以太网层帧。注意,AP通常不实现任何特定的生成树算法,但比中继所有流量的简单网桥更复杂;只有发送到已知与给定AP关联的STA的流量才会被转发。每个子网都位于单个LAN或VLAN之上,在本例中,我们假设APs 6-10无法到达实现子网1的VLAN。请注意,从AP1到AP2的切换不需要AR的更改(这里我们假设STA在这种切换期间将被放置在同一VLAN上),因为所有三个AR都可以从连接到任何AP1-5的STA访问链路层。因此,这种切换将不需要IP层移动性管理,尽管可能需要一些IP层信令来确定到现有AR的连接仍然可用。但是,从AP5到AP6的切换需要AR的更改,因为AP6无法到达实施子网1的VLAN,因此STA将连接到不同的子网。需要调用IP层切换机制,以便在两个AR之间提供低中断切换。
Internet
/ | \
/ | \
/ | \
AR AR AR
AP1 AP2 AP3
Internet
/ | \
/ | \
/ | \
AR AR AR
AP1 AP2 AP3
Figure 2. An 802.11 deployment with integrated APs/ARs.
图2。具有集成AP/AR的802.11部署。
Figure 2 depicts an alternative 802.11 deployment where each AP is integrated with exactly one AR on a disjoint VLAN. In this case, every change of AP would result in a necessary change of AR, which
图2描述了一种可选的802.11部署,其中每个AP在一个不相交的VLAN上与一个AR集成。在这种情况下,AP的每次变化都会导致AR的必要变化,这
would require some IP-layer handover mechanism to provide for low-interruption handover between the ARs. Also, the AR shares a MAC-layer identifier with its attached AP.
需要一些IP层切换机制来提供ARs之间的低中断切换。此外,AR与其连接的AP共享MAC层标识符。
In the next section, we examine the steps involved in any 802.11 handover. Subsequent sections discuss how these steps could be integrated with an IP-layer handover mechanism in each of the above deployment scenarios.
在下一节中,我们将研究任何802.11切换中涉及的步骤。后续章节将讨论如何在上述每个部署场景中将这些步骤与IP层切换机制集成。
An 802.11 handover takes place when an STA changes its association from one AP to another ("re-association"). This process consists of the following steps:
当STA将其关联从一个AP更改为另一个AP(“重新关联”)时,802.11切换发生。此过程包括以下步骤:
0. The STA realizes that a handoff is necessary due to degrading radio transmission environment for the current AP.
0. STA意识到由于当前AP的无线传输环境恶化,切换是必要的。
1. The STA performs a scan to see what APs are available. The result of the scan is a list of APs together with physical layer information, such as signal strength.
1. STA执行扫描以查看哪些AP可用。扫描的结果是AP列表以及物理层信息,如信号强度。
2. The STA chooses one of the APs and performs a join to synchronize its physical and MAC-layer timing parameters with the selected AP.
2. STA选择AP中的一个,并执行连接以使其物理和MAC层定时参数与所选AP同步。
3. The STA requests authentication with the new AP. For an "Open System", such authentication is a single round-trip message exchange with null authentication.
3. STA请求与新AP进行身份验证。对于“开放系统”,这种身份验证是带有空身份验证的单次往返消息交换。
4. The STA requests association or re-association with the new AP. A re-association request contains the MAC-layer address of the old AP, while a plain association request does not.
4. STA请求与新AP关联或重新关联。重新关联请求包含旧AP的MAC层地址,而普通关联请求不包含。
5. If operating in accordance with 802.11i [6], the STA and AP would execute 802.1X EAP-on-LAN procedures to authenticate the association (step 3 would have executed in "Open System" mode).
5. 如果按照802.11i[6]操作,STA和AP将在LAN上执行802.1X EAP过程以认证关联(步骤3将在“开放系统”模式下执行)。
6. The new AP sends a Layer 2 Update frame on the local LAN segment to update the learning tables of any connected Ethernet bridges.
6. 新AP在本地LAN段上发送第2层更新帧,以更新任何连接的以太网网桥的学习表。
Although we preface step 1 with step 0 for illustration purposes, there is no standardized trigger for step 1. It may be performed as a result of decaying radio conditions on the current AP or at other times as determined by local implementation decisions. Some network interface cards (NICs) may do scanning in the background, interleaving scans between data packets. This decreases the time required to roam if the performance of the current AP proves
尽管为了便于说明,我们在步骤1之前加入了步骤0,但步骤1没有标准化的触发器。它可以作为当前AP上的无线电条件衰减的结果或者在由本地实现决定确定的其他时间执行。一些网络接口卡(NIC)可以在后台进行扫描,在数据包之间交错扫描。如果当前AP的性能得到验证,这将减少漫游所需的时间
unsatisfactory, but it imposes more of a burden on the AP, since typically the STA places it in power-save mode prior to the scan, then once the scan is complete, returns to the AP channel in order to pick up queued packets. This can result in buffer exhaustion on the AP and attendant packet loss.
不令人满意,但它给AP带来了更大的负担,因为STA通常在扫描之前将其置于省电模式,然后扫描完成后,返回AP通道以拾取排队的数据包。这可能导致AP上的缓冲区耗尽和伴随数据包丢失。
During step 2, the STA performs rate adjustment where it chooses the best available transmission rate. Rate adjustment can be quite time-consuming as well as unpredictable.
在步骤2期间,STA在选择最佳可用传输速率的位置执行速率调整。利率调整既费时又不可预测。
Note that in some existing 802.11 implementations, steps 1-4 are performed by firmware in rapid succession (note that even in these implementations step 3 is sometimes performed in a host driver, especially for newer implementations). This might make it impossible for the host to take any actions (including sending or receiving IP packets) before the handover is complete. In other 802.11 implementations, it is possible to invoke the scan (step 1) and join (step 2) operations independently. This would make it possible to, e.g., perform step 1 far in advance of the handover and perhaps in advance of any real-time traffic. This could substantially reduce the handover latency, as one study has concluded that the 802.11 beacon scanning function may take several hundred milliseconds to complete [8], during which time sending and receiving IP packets is not possible. However, scanning too far in advance may make the information out-of-date by the time of handover, which would cause the subsequent joint operation to fail if radio conditions have changed so much in the interim that the target AP is no longer reachable. So, a host may choose to do scanning based on, among other considerations, the age of the previously scanned information. In general, performing such subsequent scans is a policy issue that a given implementation of FMIPv6 over 802.11 must consider carefully.
请注意,在一些现有的802.11实现中,步骤1-4由固件快速连续执行(请注意,即使在这些实现中,步骤3有时也在主机驱动程序中执行,尤其是对于较新的实现)。这可能使主机无法在切换完成之前采取任何操作(包括发送或接收IP数据包)。在其他802.11实现中,可以单独调用扫描(步骤1)和加入(步骤2)操作。这将使得能够例如在切换之前、并且可能在任何实时业务之前执行步骤1。这可以大大减少切换延迟,因为一项研究得出结论,802.11信标扫描功能可能需要几百毫秒才能完成[8],在此期间发送和接收IP数据包是不可能的。然而,提前扫描过远可能会使信息在移交时过时,如果在此期间无线电条件发生了很大变化,以致无法再到达目标AP,则会导致后续联合操作失败。因此,主机可以根据先前扫描的信息的年龄等因素选择进行扫描。一般来说,执行这样的后续扫描是一个政策问题,一个给定的实施FMIPv6超过802.11必须仔细考虑。
Even if steps 1 and 2 are performed in rapid succession, there is no guarantee that an AP found during step 1 will be available during step 2 because radio conditions can change dramatically from moment to moment. The STA may then decide to associate with a completely different AP. Often, this decision is implemented in firmware and the attached host would have no control over which AP is chosen. However, tools such as the host AP driver [10] offer full control over when and to which AP the host needs to associate. Operation as an Independent BSS (IBSS) or "ad-hoc mode" [3] may also permit the necessary control, although in this latter case attachment to an infrastructure AP would be impossible. Implementers can make use of such tools to obtain the best combination of flexibility and performance.
即使快速连续执行步骤1和步骤2,也不能保证在步骤1中找到的AP在步骤2中可用,因为无线电条件随时可能发生剧烈变化。STA然后可以决定与完全不同的AP相关联。通常,此决定在固件中实现,连接的主机无法控制选择哪个AP。但是,诸如主机AP驱动程序[10]之类的工具可以完全控制主机需要关联的AP的时间和关联对象。作为独立BSS(IBS)或“特别模式”[3]的操作也可能允许进行必要的控制,尽管在后一种情况下,不可能连接到基础设施AP。实现者可以利用这些工具来获得灵活性和性能的最佳组合。
The coverage area of a single AP is known as a Basic Service Set (BSS). An Extended Service Set (ESS) is formed from a collection of APs that all broadcast the same ESSID. Note that an STA would send a re-association (which includes both the old and new AP addresses) only if the ESSID of the old and new APs are the same.
单个AP的覆盖区域称为基本服务集(BSS)。扩展服务集(ESS)由全部广播相同ESSID的AP集合形成。请注意,只有当新旧AP的ESSID相同时,STA才会发送重新关联(包括新旧AP地址)。
A change of BSS within an ESS may or may not require an IP-layer handover, depending on whether the APs can send packets to the same IP subnets. If an IP-layer handover is required, then FMIPv6 can decrease the overall latency of the handover. The main goal of this document is to describe the most reasonable scenarios for how the events of an 802.11 handover may interleave with the message exchanges in FMIPv6.
ESS内BSS的改变可能需要也可能不需要IP层切换,这取决于AP是否可以向相同的IP子网发送数据包。如果需要IP层切换,则FMIPv6可以减少切换的总体延迟。本文档的主要目标是描述802.11切换事件如何与FMIPv6中的消息交换交织的最合理场景。
An FMIPv6 handover nominally consists of the following messages:
FMIPv6切换名义上包括以下消息:
a. The mobile node (MN) sends a Router Solicitation for Proxy (RtSolPr) to find out about neighboring ARs.
a. 移动节点(MN)发送路由器请求代理(RtSolPr)以查找有关相邻AR的信息。
b. The MN receives a Proxy Router Advertisement (PrRtAdv) containing one or more [AP-ID, AR-Info] tuples.
b. MN接收包含一个或多个[AP-ID,AR-Info]元组的代理路由器广告(PrRtAdv)。
c. The MN sends a Fast Binding Update (FBU) to the Previous Access Router (PAR).
c. MN向先前的接入路由器(PAR)发送快速绑定更新(FBU)。
d. The PAR sends a Handover Initiate (HI) message to the New Access Router (NAR).
d. PAR向新接入路由器(NAR)发送切换发起(HI)消息。
e. The NAR sends a Handover Acknowledge (HAck) message to the PAR.
e. NAR向PAR发送切换确认(HACK)消息。
f. The PAR sends a Fast Binding Acknowledgement (FBack) message to the MS on the new link. The FBack is also optionally sent on the previous link if the FBU was sent from there.
f. PAR向新链路上的MS发送快速绑定确认(FBACK)消息。如果FBU是从上一链路发送的,则FBack也可以选择在上一链路上发送。
g. The MN sends Fast Neighbor Advertisement (FNA) to the NAR after attaching to it.
g. MN在连接到NAR后向其发送快速邻居公告(FNA)。
The MN may connect to the NAR prior to sending the FBU if the handover is unanticipated. In this case, the FNA (step g) would contain the FBU (listed as step c above) and then steps d, e, and f would take place from there.
如果切换是意外的,则MN可以在发送FBU之前连接到NAR。在这种情况下,FNA(步骤g)将包含FBU(列为上面的步骤c),然后从那里开始执行步骤d、e和f。
The RtSolPr message is used to request information about the router(s) connected to one or more APs. The APs are specified in the New Access Point Link-Layer Address option in the RtSolPr and associated IP-layer information is returned in the IP Address Option of the PrRtAdv [2]. In the case of an 802.11 link, the link-layer address is the BSSID of some AP.
RtSolPr消息用于请求有关连接到一个或多个AP的路由器的信息。AP在RtSolPr的新接入点链路层地址选项中指定,相关的IP层信息在PrRtAdv的IP地址选项中返回[2]。在802.11链路的情况下,链路层地址是某些AP的BSSID。
Beacon scanning (step 1 from Section 4) produces a list of available APs along with signal strength information for each. This list would supply the necessary addresses for the New Access Point Link-Layer Address option(s) in the RtSolPr messages. To obtain this list, the host needs to invoke the MLME-SCAN.request primitive (see Section 10.3.2.1 of the 802.11 specification [3]). The BSSIDs returned by this primitive are the link-layer addresses of the available APs.
信标扫描(第4节中的步骤1)生成可用AP的列表以及每个AP的信号强度信息。此列表将为RtSolPr消息中的新接入点链路层地址选项提供必要的地址。要获得此列表,主机需要调用MLME-SCAN.request原语(请参阅802.11规范第10.3.2.1节[3])。此原语返回的BSSID是可用AP的链路层地址。
Because beacon scanning takes on the order of a few hundred milliseconds to complete, and because it is generally not possible to send and receive IP packets during this time, the MN needs to schedule these events with care so that they do not disrupt ongoing real-time services. For example, the scan could be performed at the time the MN attaches to the network prior to any real-time traffic. However, if the interval between scanning and handover is too long, the neighbor list may be out of date. For example, the signal strengths of neighboring APs may have dramatically changed, and a handover directed to the apparently best AP from the old list may fail. If the handover is executed in firmware, the STA may even choose a new target AP that is entirely missing from the old list (after performing its own scan). Both cases would limit the ability of the MN to choose the correct NAR for the FBU in step c during an anticipated handover. Ongoing work in the IEEE 802.11k task group may address extensions that allow interleaving beacon scanning with data transmission/reception along with buffering at APs to minimize packet loss.
由于信标扫描需要几百毫秒才能完成,并且由于在这段时间内通常不可能发送和接收IP分组,因此MN需要小心地调度这些事件,以便它们不会中断正在进行的实时服务。例如,可以在MN在任何实时业务之前连接到网络时执行扫描。但是,如果扫描和切换之间的间隔太长,则邻居列表可能已过期。例如,相邻AP的信号强度可能已经显著改变,并且从旧列表中定向到显然最好的AP的切换可能失败。如果在固件中执行切换,STA甚至可以选择从旧列表中完全丢失的新目标AP(在执行其自己的扫描之后)。这两种情况都会限制MN在预期移交期间为步骤c中的FBU选择正确NAR的能力。IEEE 802.11k任务组中正在进行的工作可以解决允许在ap处使用数据传输/接收以及缓冲进行交叉信标扫描以最小化分组丢失的扩展。
Note that, aside from physical layer parameters such as signal strength, it may be possible to obtain all necessary information about neighboring APs by using the wildcard form of the RtSolPr message. This would cause the current access router to return a list of neighboring APs and would not interrupt ongoing communication with the current AP. This request could be made at the time the MN first attaches to the access router and periodically thereafter. This would enable the MN to cache the necessary [AP-ID, AR-Info] tuples and might enable it to react more quickly when a handover becomes necessary due to a changing radio environment. However, because the information does not include up-to-date signal strength, it would not enable the MN to predict accurately the next AP prior to a handover.
注意,除了诸如信号强度之类的物理层参数之外,还可以通过使用RtSolPr消息的通配符形式来获得关于相邻ap的所有必要信息。这将导致当前接入路由器返回相邻AP的列表,并且不会中断与当前AP的持续通信。该请求可以在MN第一次连接到接入路由器时提出,并在此后定期提出。这将使MN能够缓存必要的[AP-ID,AR-Info]元组,并且可能使其能够在由于无线电环境的变化而需要切换时更快地作出反应。然而,由于该信息不包括最新的信号强度,因此它不能使MN在切换之前准确地预测下一个AP。
Also, if the scale of the network is such that a given access router is attached to many APs, then it is possible that there may not be room to list all APs in the PrRtAdv.
此外,如果网络的规模使得给定的接入路由器连接到许多ap,则可能没有空间列出PrRtAdv中的所有ap。
The time taken to scan for beacons is significant because it involves iteration through all 802.11 channels and listening on each one for active beacons. A more targeted approach would allow the STA to scan, e.g., only one or two channels of interest, which would provide for much shorter interruption of real-time traffic. However, such optimizations are currently outside the scope of 802.11 specifications.
扫描信标所需的时间非常重要,因为它涉及到所有802.11通道的迭代,并在每个通道上侦听活动信标。更有针对性的方法将允许STA扫描,例如,仅扫描一个或两个感兴趣的信道,这将提供更短的实时业务中断。但是,此类优化目前不在802.11规范的范围内。
In this section, we look at a few of the possible scenarios for using FMIPv6 in an 802.11 context. Each scenario is labeled by the sequence of events that take place, where the numbered events are from Section 4 and the lettered events are from Section 5. For example, "1abcde23456fg" represents step 1 from Section 4 followed by steps a-e from Section 5 followed by steps 2-6 from Section 4 followed by steps f and g from Section 5. This is the sequence where the MN performs a scan, then the MN executes the FMIPv6 messaging to obtain NAR information and send a binding update, then the PAR initiates HI/HAck exchange, then the 802.11 handover completes, and finally the HAck is received at the PAR and the MN sends an FNA.
在本节中,我们将介绍在802.11环境中使用FMIPv6的几种可能方案。每个场景都由发生的事件序列标记,其中编号的事件来自第4节,字母的事件来自第5节。例如,“1abcde23456fg”表示第4节中的步骤1,接着是第5节中的步骤a-e,接着是第4节中的步骤2-6,接着是第5节中的步骤f和g。这是MN执行扫描的序列,然后MN执行FMIPv6消息传递以获得NAR信息并发送绑定更新,然后PAR发起H/HACK交换,然后802.11切换完成,最后在PAR接收到HACK,MN发送FNA。
Each scenario is followed by a brief description and discussion of the benefits and drawbacks.
每个场景后面都有一个简短的描述,并讨论其优缺点。
This scenario is the predictive mode of operation from the FMIPv6 specification. In this scenario, the host executes the scan sometime prior to the handover and is able to send the FBU prior to handover. Only the FNA is sent after the handover. This mode of operation requires that the scan and join operations (steps 1 and 2) can be performed separately and under host control, so that steps a-f can be inserted between 1 and 2. As mentioned previously, such control may be possible in some implementations [10] but not in others.
此场景是FMIPv6规范中的预测操作模式。在这种情况下,主机在切换前的某个时间执行扫描,并且能够在切换前发送FBU。移交后仅发送FNA。此操作模式要求扫描和连接操作(步骤1和2)可以在主机控制下单独执行,以便步骤a-f可以插入1和2之间。如前所述,这种控制可能在某些实现中实现[10],但在其他实现中不可能。
Steps 1ab may be executed far in advance of the handover, which would remove them from the critical path. This would minimize the service interruption from beacon scanning and allow at least one RtSolPr/PrRtAdv exchange to complete so that the host has link-layer information about some NARs. Note that if steps ab were delayed until handover is imminent, there would be no guarantee that the RtSolPr/PrRtAdv exchange would complete especially in a radio environment where the connection to the old AP is deteriorating
步骤1ab可在移交之前执行,这将使其从关键路径中移除。这将最小化信标扫描造成的服务中断,并允许至少完成一次RtSolPr/PrRtAdv交换,以便主机具有关于某些NAR的链路层信息。注意,如果步骤ab延迟到即将移交,则无法保证RtSolPr/PrRtAdv交换将完成,尤其是在与旧AP的连接正在恶化的无线电环境中
rapidly. However, if there were a long interval between the scan and the handover, then the FBU (step c) would be created with out-of-date information. There is no guarantee that the MN will actually attach to the desired new AP after it has sent the FBU to the oAR, because changing radio conditions may cause NAR to be suddenly unreachable. If this were the case, then the handover would need to devolve into one of the reactive cases given below.
迅速地但是,如果在扫描和移交之间有很长的间隔,那么将创建带有过期信息的FBU(步骤c)。无法保证MN在将FBU发送到oAR后将实际连接到所需的新AP,因为无线电条件的变化可能会导致NAR突然无法到达。如果是这种情况,那么移交将需要转移到下面给出的一种被动情况中。
This is the reactive mode of operation from the FMIPv6 specification. This scenario does not require host intervention between steps 1 and 2.
这是FMIPv6规范中的反应式操作模式。此场景在步骤1和步骤2之间不需要主机干预。
However, it does require that the MN obtain the link-layer address of NAR prior to handover, so that it has a link-layer destination address for outgoing packets (default router information). This would then be used for sending the FNA (with encapsulated FBU) when it reaches the new subnet.
然而,它确实要求MN在切换之前获得NAR的链路层地址,以便它具有用于传出分组的链路层目的地地址(默认路由器信息)。当FNA到达新的子网时,这将用于发送FNA(带有封装的FBU)。
In this scenario, the MN does not obtain any information about the NAR prior to executing the handover. It is completely reactive and consists of soliciting a router advertisement after handover and then sending an FNA with encapsulated FBU immediately.
在该场景中,MN在执行切换之前不获取关于NAR的任何信息。它是完全被动的,包括在切换后请求路由器广告,然后立即发送带有封装FBU的FNA。
This scenario may be appropriate when it is difficult to learn the link-layer address of the NAR prior to handover. This may be the case, e.g., if the scan primitive is not available to the host and the wildcard PrRtAdv form returns too many results. It may be possible to skip the router advertisement/solicitation steps (ab) in some cases, if it is possible to learn the NAR's link-layer address through some other means. In the deployment illustrated in Figure 2, this would be exactly the new AP's MAC-layer address, which can be learned from the link-layer handover messages. However, in the case of Figure 1, this information must be learned through router discovery of some form. Also note that even in the case of Figure 2, the MN must somehow be made aware that it is in fact operating in a Figure 2 network and not a Figure 1 network.
当在切换之前很难了解NAR的链路层地址时,这种情况可能是合适的。例如,如果主机无法使用扫描原语,并且通配符PrRtAdv表单返回的结果太多,则可能会出现这种情况。在某些情况下,如果可以通过一些其他方式了解NAR的链路层地址,则可以跳过路由器广告/请求步骤(ab)。在图2所示的部署中,这正是新AP的MAC层地址,可以从链路层切换消息中了解到。然而,在图1中,必须通过某种形式的路由器发现来了解这些信息。还要注意,即使在图2的情况下,MN也必须以某种方式意识到它实际上在图2网络而不是图1网络中运行。
The security considerations applicable to FMIPv6 are described in the base FMIPv6 specification [2]. In particular, the PAR must be assured of the authenticity of the FBU before it begins to redirect user traffic. However, if the association with the new AP is not
基本FMIPv6规范[2]中描述了适用于FMIPv6的安全注意事项。特别是,PAR必须保证FBU的真实性,然后才开始重定向用户流量。但是,如果与新AP的关联不存在
protected using mutual authentication, it may be possible for a rogue AP to fool the MN into sending an FBU to the PAR when it is not in its best interest to do so.
使用相互认证保护,可能有欺诈性AP欺骗MN发送FBU到PAR,当它不尽其最大利益这样做时。
Note that step 6 from Section 4 installs layer-2 forwarding state that can redirect user traffic and cause disruption of service if it can be triggered by a malicious node.
请注意,第4节中的步骤6安装了第2层转发状态,该状态可重定向用户流量,并在恶意节点触发时导致服务中断。
Note that step 3 from Section 4 could potentially provide some security; however, due to the identified weaknesses in Wired Equivalent Privacy (WEP) shared key security [9] this should not be relied upon. Instead, the Robust Security Network [6] will require the STA to undergo 802.1X Port-Based Network Access Control [5] before proceeding to steps 5 or 6. 802.1X defines a way to encapsulate Extensible Authentication Protocol (EAP) on 802 networks (EAPOL, for "EAP over LANs"). With this method, the client and AP participate in an EAP exchange that itself can encapsulate any of the various EAP authentication methods. The EAPOL exchange can output a Master Session Key (MSK) and Extended Master Session Key (EMSK), which can then be used to derive transient keys, which in turn can be used to encrypt/authenticate subsequent traffic. It is possible to use 802.1X pre-authentication [6] between an STA and a target AP while the STA is associated with another AP; this would enable authentication to be done in advance of handover, which would allow faster resumption of service after roaming. However, because EAPOL frames carry only MAC-layer instead of IP-layer addresses, this is currently only specified to work within a single VLAN, where IP-layer handover mechanisms are not necessarily needed anyway. In the most interesting case for FMIPv6 (roaming across subnet boundaries), the 802.1X exchange would need to be performed after handover to the new AP. This would introduce additional handover delay while the 802.1X exchange takes place, which may also involve round-trips to RADIUS or Diameter servers. The EAP exchange could be avoided if a preexisting Pairwise Master Key (PMK) is found between the STA and the AP, which may be the case if the STA has previously visited that AP or one that shares a common back-end infrastructure.
注意,第4节中的步骤3可能提供一些安全性;但是,由于有线等效隐私(WEP)共享密钥安全[9]中存在已识别的弱点,因此不应依赖于此。相反,健壮的安全网络[6]将要求STA在继续执行步骤5或6之前接受基于802.1X端口的网络访问控制[5]。802.1X定义了一种在802网络上封装可扩展身份验证协议(EAP)的方法(EAPOL,用于“局域网上的EAP”)。使用此方法,客户端和AP参与EAP交换,该交换本身可以封装各种EAP身份验证方法中的任何一种。EAPOL交换可输出主会话密钥(MSK)和扩展主会话密钥(EMSK),然后可用于派生临时密钥,进而可用于加密/验证后续通信。当STA与另一AP关联时,可以在STA与目标AP之间使用802.1X预认证[6];这将使身份验证能够在切换之前完成,这将允许漫游后更快地恢复服务。然而,由于EAPOL帧只携带MAC层而不是IP层地址,因此目前仅指定在单个VLAN内工作,在该VLAN中不一定需要IP层切换机制。在FMIPv6(跨子网边界漫游)最有趣的情况下,需要在切换到新AP后执行802.1X交换。这将在802.1X交换发生时引入额外的切换延迟,这也可能涉及到到RADIUS或Diameter服务器的往返。如果在STA和AP之间找到先前存在的成对主密钥(PMK),则可以避免EAP交换,如果STA先前访问过该AP或共享公共后端基础设施的AP,则可能会出现这种情况。
Perhaps faster cross-subnet authentication could be achieved with the use of pre-authentication using an IP-layer mechanism that could cross subnet boundaries. To our knowledge, this sort of work is not currently under way in the IEEE. The security considerations of these new approaches would need to be carefully studied.
通过使用可以跨越子网边界的IP层机制,使用预认证,或许可以实现更快的跨子网认证。据我们所知,IEEE目前尚未开展此类工作。需要仔细研究这些新方法的安全考虑。
The Mobile IPv6 Fast Handover specification presents a protocol for shortening the period of service interruption during a change in link-layer point of attachment. This document attempts to show how this protocol may be applied in the context of 802.11 access networks.
移动IPv6快速切换规范提供了一种协议,用于缩短链路层连接点变化期间的服务中断时间。本文档试图说明如何在802.11接入网络的上下文中应用此协议。
Implementation of FMIPv6 must be done in the context of a particular link-layer implementation, which must provide the triggers for the FMIPv6 message flows. For example, the host must be notified of such events as degradation of signal strength or attachment to a new AP.
FMIPv6的实现必须在特定链路层实现的上下文中完成,该链路层实现必须为FMIPv6消息流提供触发器。例如,必须将诸如信号强度降低或连接到新AP之类的事件通知主机。
The particular implementation of the 802.11 hardware and firmware may dictate how FMIPv6 is able to operate. For example, to execute a predictive handover, the scan request primitive must be available to the host and the firmware must execute join operations only under host control [10], not autonomously in response to its own handover criteria. Obtaining the desired PrRtAdv and sending an FBU immediately prior to handover requires that messages be exchanged over the wireless link during a period when connectivity is degrading. In some cases, the scenario given in Section 7.1 may not complete successfully or the FBU may redirect traffic to the wrong NAR. However, in these cases the handover may devolve to the scenario from Section 7.2 or the scenario from Section 7.3. Ultimately, falling back to basic Mobile IPv6 operation [7] and sending a Binding Update directly to the Home Agent can be used to recover from any failure of the FMIPv6 protocol.
802.11硬件和固件的特定实现可能决定FMIPv6的运行方式。例如,为了执行预测性切换,扫描请求原语必须对主机可用,并且固件必须仅在主机控制下执行连接操作[10],而不是自动响应其自身的切换标准。要获得所需的PrRtAdv并在切换前立即发送FBU,需要在连接降级期间通过无线链路交换消息。在某些情况下,第7.1节中给出的场景可能无法成功完成,或者FBU可能会将流量重定向到错误的NAR。但是,在这些情况下,移交可能会转移到第7.2节中的场景或第7.3节中的场景。最终,退回到基本移动IPv6操作[7]并直接向归属代理发送绑定更新可用于从FMIPv6协议的任何故障中恢复。
[1] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[1] Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。
[2] Koodli, R., "Fast Handovers for Mobile IPv6", RFC 4068, July 2005.
[2] Koodli,R.,“移动IPv6的快速切换”,RFC 4068,2005年7月。
[3] "Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications", ANSI/IEEE Std 802.11, 1999 Edition.
[3] “无线局域网介质访问控制(MAC)和物理层(PHY)规范”,ANSI/IEEE标准802.111999年版。
[4] Bahl, P., Bahl, P., and Chandra, R., "MultiNet: Enabling Simultaneous Connections to Multiple Wireless Networks Using a Single Radio", Microsoft Tech Report, MSR-TR-2003-46, June 2003.
[4] Bahl,P.,Bahl,P.,和Chandra,R.,“多网:使用一个无线电同时连接到多个无线网络”,微软技术报告,MSR-TR-2003-462003年6月。
[5] "Port-Based Network Access Control", IEEE Std 802.1X-2004, July 2004.
[5] “基于端口的网络访问控制”,IEEE标准802.1X-2004,2004年7月。
[6] "Medium Access Control (MAC) Security Enhancements", IEEE Std 802.11i-2004, July 2004.
[6] “媒体访问控制(MAC)安全增强”,IEEE标准802.11i-2004,2004年7月。
[7] Johnson, D., Perkins, C., and J. Arkko, "Mobility Support in IPv6", RFC 3775, June 2004.
[7] Johnson,D.,Perkins,C.,和J.Arkko,“IPv6中的移动支持”,RFC 37752004年6月。
[8] Mitra, A., Shin, M., and Arbaugh, W., "An Empirical Analysis of the IEEE 802.11 MAC Layer Handoff Process", CS-TR-4395, University of Maryland Department of Computer Science, September 2002.
[8] MITRA,A,Shin,M,和阿博,W,“对IEEE 802.11 MAC层切换过程的实证分析”,CS-TR 4395,马里兰大学计算机科学系,2002年9月。
[9] Borisov, N., Goldberg, I., and Wagner, D., "Intercepting Mobile Communications: The Insecurity of 802.11", Proceedings of the Seventh Annual International Conference on Mobile Computing and Networking, July 2001, pp. 180-188.
[9] Borisov,N.,Goldberg,I.,和Wagner,D.,“拦截移动通信:802.11的不安全性”,第七届移动计算和网络国际年会论文集,2001年7月,第180-188页。
[10] Malinen, J., "Host AP driver for Intersil Prism2/2.5/3 and WPA Supplicant", http://hostap.epitest.fi/, July 2004.
[10] Malinen,J.,“Intersil Prism2/2.5/3和WPA请求者的主机AP驱动程序”,http://hostap.epitest.fi/,2004年7月。
Thanks to Bob O'Hara for providing explanation and insight on the 802.11 standards. Thanks to James Kempf, Erik Anderlind, Rajeev Koodli, and Bernard Aboba for providing comments on earlier versions.
感谢Bob O'Hara对802.11标准的解释和见解。感谢James Kempf、Erik Anderlind、Rajeev Koodli和Bernard Aboba对早期版本的评论。
Author's Address
作者地址
Pete McCann Lucent Technologies Rm 9C-226R 1960 Lucent Lane Naperville, IL 60563
皮特·麦肯·朗讯科技公司,地址:伊利诺伊州纳珀维尔朗讯巷1960号9C-226R室,邮编:60563
Phone: +1 630 713 9359
Fax: +1 630 713 1921
EMail: mccap@lucent.com
Phone: +1 630 713 9359
Fax: +1 630 713 1921
EMail: mccap@lucent.com
Full Copyright Statement
完整版权声明
Copyright (C) The Internet Society (2005).
版权所有(C)互联网协会(2005年)。
This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights.
本文件受BCP 78中包含的权利、许可和限制的约束,除其中规定外,作者保留其所有权利。
This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件及其包含的信息是按“原样”提供的,贡献者、他/她所代表或赞助的组织(如有)、互联网协会和互联网工程任务组不承担任何明示或暗示的担保,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。
Intellectual Property
知识产权
The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79.
IETF对可能声称与本文件所述技术的实施或使用有关的任何知识产权或其他权利的有效性或范围,或此类权利下的任何许可可能或可能不可用的程度,不采取任何立场;它也不表示它已作出任何独立努力来确定任何此类权利。有关RFC文件中权利的程序信息,请参见BCP 78和BCP 79。
Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr.
向IETF秘书处披露的知识产权副本和任何许可证保证,或本规范实施者或用户试图获得使用此类专有权利的一般许可证或许可的结果,可从IETF在线知识产权存储库获取,网址为http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org.
IETF邀请任何相关方提请其注意任何版权、专利或专利申请,或其他可能涵盖实施本标准所需技术的专有权利。请将信息发送至IETF的IETF-ipr@ietf.org.
Acknowledgement
确认
Funding for the RFC Editor function is currently provided by the Internet Society.
RFC编辑功能的资金目前由互联网协会提供。