Upload
madlyn-randall
View
215
Download
3
Embed Size (px)
Citation preview
Omniran-13-0064-00-0000
1
PtP Links across IEEE 802 Bridged InfrastructureDate: 2013-08-28
Authors:Name Affiliation Phone Email
Max Riegel NSN +491732938240 [email protected]
Notice:This document does not represent the agreed view of the OmniRAN EC SG. It represents only the views of the participants listed in the ‘Authors:’ field above. It is offered as a basis for discussion. It is not binding on the contributor, who reserve the right to add, amend or withdraw material contained herein.
Copyright policy:The contributor is familiar with the IEEE-SA Copyright Policy <http://standards.ieee.org/IPR/copyrightpolicy.html>.
Patent policy:The contributor is familiar with the IEEE-SA Patent Policy and Procedures:<http://standards.ieee.org/guides/bylaws/sect6-7.html#6> and <http://standards.ieee.org/guides/opman/sect6.html#6.3>.
Abstract
The presentation introduces the requirements of point-to-point links across bridged infrastructures and provides initial thoughts on potential solutions.
Omniran-13-0064-00-0000
2
Point-to-Point Links across IEEE 802 bridged infrastructure
(OmniRAN Gap Analysis)Max Riegel
NSN
Omniran-13-0064-00-0000
3
ToC
• Access Network Scenario– Further considerations
• References for Link Requirements• Bridged Access Network Solutions
– PtP Link Solution Approaches• MAC-in-MAC• MACsec• Control Plane issues
– Link Management during a session• Conclusion
Omniran-13-0064-00-0000
4
Access Network Szenario
• Point-to-point link behavior is required to– Enforce all traffic passing through the SSPN– Isolate terminal communication in a shared infrastructure
• Mobility support is required in the bridged infrastructure– Without impacting IP connectivity, i.e. IP session has to be maintained while moving
• Point-to-point link state signalling required towards SSPN
SSPN
A
SSPN
B
SSPN = Subscription Service Provider Network
Omniran-13-0064-00-0000
5
Further Considerations
• An access network may be deployed by multiple SSPNs– Making use of VLAN tag to
segregate access domains• An SSPN may deploy VLANs
to differentiate services– E.g. setting up dedicated VLANs for data, guest and voice terminals
• Terminals being either end-stations or bridges eventually deploying (C-)VLAN– C-VLAN tag may be carried over to terminals
• Access network may be spotty and being spread across large areas– Making use of provider bridging to connect together disjunct access
areas
SSPN
A
SSPN
B
Omniran-13-0064-00-0000
6
References for Link Requirements
• 3GPP Trusted WLAN Access to EPC TS 23.402 V11.6.0 (2013-03)– Support for non-seamless WLAN offload
(NSWO) or single PDN connection into EPC– Definition of a
• WLAN Access Network,• Trusted WLAN AAA Proxy• Trusted WLAN Access Gateway
– Requiring a point-to-point link between UE and Trusted WLAN Access Gateway across WLAN Access Network
– Requiring also link state signaling of WLAN Access Network towards Trusted WLAN Access Gateway
• Very similar requirements exist also in other access networks carrying Ethernet frames between terminal and access router– E.g. WiMAX
Omniran-13-0064-00-0000
7
Bridged Access Network Solutionssupporting point-to-point link behavior
STA AR/CtrlAP/BS
PHY PHY PHY PHY PHY PHYDLL DLL DLL DLL DLL DLLIP IP
Access Network Model – desired solution
PHY PHY
PHY PHY
DLL DLL
ETH ETH
IP
IP IPGRE GREETH ETH
Access Network Model – nowadays real world solution
PHY PHYETH ETH
IP
PHY PHYDLL DLL
PHY PHYETH ETH
STA AR/CtrlGWAP/BS
Omniran-13-0064-00-0000
8
PtP Link Solution Approaches
• Establish dedicated VLAN for each terminal– Q-in-Q
• Scalability issue, max 4094 ptp links may not be enough
– MAC-in-MAC• Seems to be feasible, for further study
• Establish secured connection for each terminal across bridged infrastructure– MACsec
• Seems to be feasible, for further study
Omniran-13-0064-00-0000
9
MAC-in-MAC (Provider Backbone Bridging)Some Thoughts
• AP/BS effectively representing ‘BEB’• Link identified by B-SA + I-SID
– B-SA uniquely correlated to terminal MAC address• Would it work using terminal MAC as B-SA (C-SA = B-SA)?
– B-DA represents access router peer– I-SID for further study;
• Mobility support by learning B-bridges• How would link establishment be done?
– Which protocol to use to dynamically configure PBBN?• Link state signaling?• Security threats by dangling entries in filtering database in
B-bridge?
Omniran-13-0064-00-0000
10
MACsecSome Thoughts
• MACsec establishes single hop across multiple bridges• MACsec peers are terminal specific port in AP/BS and access
router at the border of the access network• Control protocol by 802.1X
– EAP based establishment of security association• How to tie with EAP based access authentication
– Well defined link state management• Mobility support?
– Wouldn’t be a kind of 802.11r applicable to MAC sec ptp links?• Scalability and performance issues
– MACsec Ys well distributed on AP/BS side, however the entity at the access router peer may have to handle a huge number of sessions.
– MACsec without confidentiality to keep performance requirements low?
Omniran-13-0064-00-0000
11Scope of IEEE 802
Medium Medium
Dynamic PtP Link management adds to the Control Plane
Data Link
Physical
Network
Transport
Application
Data LinkPhysical
Access Network Terminal
Data LinkPhysical
Data Link
Physical
Network
Transport
Application
NetworkNetwork
Medium Medium
Core Service
Data LinkPhysical
Data LinkPhysical
Data Link
Physical
Data Link
Physical
ScanningNetwork Selection
AssociationAuthentication
Host ConfigurationApplication
User Plane
Control Plane
Link Establishment
Omniran-13-0064-00-0000
12
Link Management during a session
AAAPolicy
Configuration
DHCP ApplicationANQP
Access Technology Control I/f
Access Network
Network Selection
Accounting
Disassociation
Host Configuration
Application
Policy Control
Application
Host Config Release
Accounting
AuthenticationAuthorization
Association
Scanning
Link Establishment
Link Mobility
Link Teardown
Omniran-13-0064-00-0000
13
Conclusion
• Point-to-point links across bridged infrastructures are feasible
• MACsec seems to provide the more promising approach for realization of ptp links– Well suited control protocol available by 802.1X– Works across any bridged infrastructure
• Creates single hop over multiple bridges
– Well defined link state signaling and management– Further investigations necessary regards mobility support.
• Proposed next step: create a detailed functional description based on MACsec