Network Working GroupInternet Engineering Task Force (IETF) C. ShaoInternet-DraftRequest for Comments: 7494 H. DengIntended status:Category: Standards Track China MobileExpires: June 21, 2015ISSN: 2070-1721 R. Pazhyannur Cisco Systems F. Bari AT&T R. Zhang China Telecom S. Matsushima SoftBank TelecomDecember 18, 2014March 2015 IEEE 802.11MACMedium Access Control (MAC) Profile forCAPWAP draft-ietf-opsawg-capwap-hybridmac-08Control and Provisioning of Wireless Access Points (CAPWAP) Abstract TheCAPWAPControl and Provisioning of Wireless Access Points (CAPWAP) protocol binding for IEEE 802.11 defines twoMAC (MediumMedium AccessControl)Control (MAC) modes for IEEE 802.11WTP (WirelessWireless TransmissionPoint):Points (WTPs): Split and Local MAC. In the Split MAC mode, the partitioning of encryption/decryption functionsareis not clearly defined. In the Split MAC mode description, IEEE 802.11 encryption is specified as located in either theAC (Access Controller)Access Controller (AC) or the WTP, with no clear way for the AC to inform the WTP of where the encryption functionality should be located. This leads to interoperability issues, especially when the AC and WTP come from different vendors. To prevent interoperability issues, this specification defines an IEEE 802.11 MACprofileProfile message element in which each profile specifies an unambiguous division of encryption functionality between the WTP and AC. Status of This Memo ThisInternet-Draftissubmitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documentsan Internet Standards Track document. This document is a product of the Internet Engineering Task Force (IETF).Note that other groups may also distribute working documents as Internet-Drafts. The listIt represents the consensus ofcurrent Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents validthe IETF community. It has received public review and has been approved fora maximumpublication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 ofsix monthsRFC 5741. Information about the current status of this document, any errata, and how to provide feedback on it may beupdated, replaced, or obsoleted by other documentsobtained atany time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on June 21, 2015.http://www.rfc-editor.org/info/rfc7494. Copyright Notice Copyright (c)20142015 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. IEEE MAC Profile Descriptions . . . . . . . . . . . . . . . .45 2.1. Split MAC with WTPencryptionEncryption . . . . . . . . . . . . . .45 2.2. Split MAC with ACencryptionEncryption . . . . . . . . . . . . . .56 2.3. IEEE 802.11 MAC Profile Frame Exchange . . . . . . . . .67 3. MAC Profile Message Element Definitions . . . . . . . . . . .78 3.1. IEEE 802.11 Supported MAC Profiles . . . . . . . . . . .78 3.2. IEEE 802.11 MAC Profile . . . . . . . . . . . . . . . . .89 4. Security Considerations . . . . . . . . . . . . . . . . . . .89 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . .89 6.ContributorsReferences . . . . . . . . . . . . . . . . . . . . . . . .9 7.. 10 6.1. Normative References . . . . . . . . . . . . . . . . . . 10 6.2. Informative References . . . . . . . . . . . . . . . . . 10 Acknowledgments . . . . . . . . . . . . . . . . . . . . . . .9 8. Normative References. . 11 Contributors . . . . . . . . . . . . . . . . . .9. . . . . . . . 11 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . .911 1. Introduction The CAPWAP protocol supports two MAC modes of operation: Split and Local MAC, as described in[RFC5415],[RFC5415] and [RFC5416]. However, there are MAC functions that have not been clearly defined. Forexampleexample, IEEE 802.11 [IEEE.802.11] encryption is specified as located in eitherinthe AC or the WTP with no clear way to negotiate where it should be located. Because different vendors have different definitions of the MAC mode, manyMAC layerMAC-layer functions are mapped differently to either the WTP or the AC by different vendors. Therefore, depending upon the vendor, the operators in their deployments have to perform different configurations based on implementation of the two modes by their vendor. If there is no clear specification, then operators will experience interoperability issues with WTPs and ACs from different vendors. Figure 1 from[RFC5416],[RFC5416] illustrates how some functions are processed in different places in the Local MAC and Split MAC mode. Specifically, note that in the Split MACmodemode, the IEEE 802.11 encryption/decryption is specified asWTP/ACWTP/AC, implying that it could be at either location. This is not an issue with Local MAC because encryption is always at the WTP. +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Functions | Local MAC | Split MAC | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |Distribution Service | WTP/AC | AC | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |Integration Service | WTP | AC | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |Beacon Generation | WTP | WTP | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |Probe Response Generation| WTP | WTP | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Function |PowerMgmtMgmt/ | WTP | WTP | +|/Packet|Packet Buffering | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ||Fragmentation|Fragmentation/ | WTP | WTP/AC | +|/Defragmentation|Defragmentation | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |Assoc/Disassoc/Reassoc | WTP/AC | AC | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |Classifying | WTP | AC | + IEEE +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 802.11 QoS |Scheduling | WTP | WTP/AC | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |Queuing | WTP | WTP | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |IEEE 802.1X/EAP | AC | AC | + IEEE +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 802.11 RSN |RSNA Key Management | AC | AC | + (WPA2) +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |IEEE 802.11 | WTP | WTP/AC | + |Encryption/Decryption | | | |-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Note: RSN - Robust Security Network RSNA - Robust Security Network Association WPA2 - Wi-Fi Protected Access 2 Figure 1: Functions in Local MAC and Split MAC To solve this problem, this specification introduces the IEEE 802.11 MACprofile.Profile. The IEEE 802.11 MACprofileProfile unambiguously specifies where the various MACfunctionalityfunctionalities should be located. 2. IEEE MAC Profile Descriptions A IEEE 802.11 MAC Profile refers to a description of how the MAC functionality is split between the WTP and AC shown in Figure 1. 2.1. Split MAC with WTPencryptionEncryption The functional split for the Split MAC with WTP encryption is provided in Figure 2. This profile is similar to the Split MAC description in [RFC5416], except that IEEE 802.11 encryption/ decryption is at the WTP. Note that fragmentation is always done at the same entity as the encryption. Consequently, in this profile fragmentation/defragmentation is also done only at the WTP. Note that scheduling functionality is denoted as WTP/AC. As explained in [RFC5416], this means that the admission control component of IEEE 802.11 resides on theAC,AC; the real-time scheduling and queuing functions are on the WTP. +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Functions | Profile | | | 0 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |Distribution Service | AC | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |Integration Service | AC | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |Beacon Generation | WTP | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |Probe Response Generation| WTP | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Function |PowerMgmtMgmt/ | WTP | +|/Packet|Packet Buffering | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ||Fragmentation|Fragmentation/ | WTP | +|/Defragmentation|Defragmentation | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |Assoc/Disassoc/Reassoc | AC | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |Classifying | AC | + IEEE +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 802.11 QoS |Scheduling | WTP/AC | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |Queuing | WTP | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |IEEE 802.1X/EAP | AC | + IEEE +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 802.11 RSN |RSNA Key Management | AC | + (WPA2) +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |IEEE 802.11 | WTP | + |Encryption/Decryption | | |-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Note: EAP - Extensible Authentication Protocol Figure 2: Functions in Split MAC with WTP Encryption 2.2. Split MAC with ACencryptionEncryption The functional split for the Split MAC with AC encryption is provided in Figure 3. This profile is similar to the Split MAC in[RFC5416][RFC5416], except that IEEE 802.11 encryption/decryption is at the AC. Since fragmentation is always done at the same entity as the encryption, in this profile, AC does fragmentation/defragmentation. +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Functions | Profile | | | 1 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |Distribution Service | AC | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |Integration Service | AC | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |Beacon Generation | WTP | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |Probe Response Generation| WTP | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Function |PowerMgmtMgmt/ | WTP | +|/Packet|Packet Buffering | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ||Fragmentation|Fragmentation/ | AC | +|/Defragmentation|Defragmentation | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |Assoc/Disassoc/Reassoc | AC | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |Classifying | AC | + IEEE +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 802.11 QoS |Scheduling | WTP | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |Queuing | WTP | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |IEEE 802.1X/EAP | AC | + IEEE +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 802.11 RSN |RSNA Key Management | AC | + (WPA2) +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |IEEE 802.11 | AC | + |Encryption/Decryption | | |-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 3: Functions in Split MAC with AC encryption 2.3. IEEE 802.11 MAC Profile Frame Exchange An example of message exchange using the IEEE 802.11 MAC Profile message element is shown in Figure 4. The WTP informs the AC of the various MACprofilesProfiles it supports. This happenseitherin either a Discovery Request message or the Join Request message. The AC determines the appropriate profile and configures the WTP with the profile while configuring the WLAN. +-+-+-+-+-+-+ +-+-+-+-+-+-+ | WTP | | AC | +-+-+-+-+-+-+ +-+-+-+-+-+-+ |Join Request[Supported IEEE 802.11 | | MAC Profiles ] | |---------------------------------------->| | | |Join Response | |<----------------------------------------| | | |IEEE 802.11 WLAN Config. Request [ | | IEEE 802.11 Add WLAN, | | IEEE 802.11 MAC Profile | | ] | |<----------------------------------------| | | |IEEE 802.11 WLAN Config. Response | |---------------------------------------->| Figure 4: Message ExchangeForfor Negotiating MACProfileProfiles 3. MAC Profile Message Element Definitions 3.1. IEEE 802.11 Supported MAC Profiles The IEEE 802.11 Supported MAC Profile message element allows the WTP to communicate the profiles it supports. The Discovery Request message, Primary Discovery Request message, and Join Request message may include one such message element. 0 1 2 3 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 +=+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- | Num_Profiles | Profile_1 | Profile_[2..N].. +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- Figure 5: IEEE 802.11 Supported MAC Profiles o Type:TBD1060 for IEEE 802.11 Supported MAC Profiles o Num_Profiles >=1: This refers to the number of profiles present in this message element. There must be at least one profile. o Profile: Each profile is identified by a value specified in Section 3.2. 3.2. IEEE 802.11 MAC Profile The IEEE 802.11 MAC Profile message element allows the AC to select a profile. This message element may be provided along with the IEEE 802.11 ADD WLAN message element while configuring a WLAN on the WTP. 0 1 2 3 4 5 6 7 +=+-+-+-+-+-+-+-+ | Profile | +-+-+-+-+-+-+-+-+ Figure 6: IEEE 802.11 MAC Profile o Type:TBD1061 for IEEE 802.11 MAC Profile o Profile: The profile is identified by a value as given below * 0: This refers to the IEEE 802.11 Split MAC Profile with WTP encryption * 1: This refers to the IEEE 802.11 Split MAC Profile with AC encryption 4. Security Considerations This document does not introduce any new security risks compared to [RFC5416]. The negotiation messages between the WTP and AC have origin authentication and data integrity. As aresultresult, an attacker cannot interfere with the messages to force aless secureless-secure mode choice. The security considerations described in [RFC5416] apply here as well. 5. IANA ConsiderationsThis document requires theThe following IANAactions:actions have been completed. o This specification defines two new messageelements,elements: IEEE 802.11 Supported MAC Profiles (described in Section 3.1) and the IEEE 802.11 MAC Profile (described in Section 3.2). These elementsneeds to behave been registered in the existingCAPWAP"CAPWAP Message ElementTypeType" registry, defined in [RFC5415].The values for these elements needs to be between 1024 and 2047 (see Section 15.7 in [RFC5415]).CAPWAP Protocol Message Element Type Value IEEE 802.11 Supported MAC ProfilesTBD11060 IEEE 802.11 MAC ProfileTBD21061 o The IEEE 802.11 Supported MAC Profiles message element and IEEE 802.11 MAC Profile message element include a ProfileFieldfield (as defined in Section 3.2). The Profile field in the IEEE 802.11 Supported MAC Profiles denotes the MACprofilesProfiles supported by the WTP. TheprofileProfile field in the IEEE 802.11 MACprofileProfile denotes the MACprofileProfile assigned to the WTP. The namespace for the field is 8 bits (0-255). This specification defines twovalues,values: zero (0) and one (1) as described below. The remaining values (2-255) are controlled and maintained byIANAIANA, andrequire anthe registration procedure is ExpertReview.Review [RFC5226]. IANAneeds to createhas created a newsub-registrysubregistry calledIEEE"IEEE 802.11 Split MACProfile and add the new sub-registry toProfile" under the existing registry "Control And Provisioning of Wireless Access Points (CAPWAP) Parameters". The registry format is given below. Profile Type Value Reference Split MAC with WTP encryption 0 RFC 7494 Split MAC with AC encryption 1 RFC 7494 6.Contributors Yifan Chen chenyifan@chinamobile.com Naibao Zhou zhounaibao@chinamobile.com 7. Acknowledgments The authors are grateful for extremely valuable suggestions from Dorothy Stanley in developing this specification. Guidance from management team: Melinda Shore, Scott Bradner, Chris Liljenstolpe, Benoit Claise, Joel Jaeggli, Dan Romascanu are highly appreciated. 8.References 6.1. Normative References [IEEE.802.11] IEEE, "IEEE Standard for Information Technology - Telecommunications and information exchange between systems - Local and metropolitan area networks - Specific requirements Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications", IEEE Std 802.11-2012, March 2012, <http://standards.ieee.org/about/get/802/802.11.html>. [RFC5415] Calhoun, P., Ed., Montemurro, M., Ed., and D. Stanley, Ed., "Control And Provisioning of Wireless Access Points (CAPWAP) Protocol Specification", RFC 5415, March2009.2009, <http://www.rfc-editor.org/info/rfc5415>. [RFC5416] Calhoun, P., Ed., Montemurro, M., Ed., and D. Stanley, Ed., "Control and Provisioning of Wireless Access Points (CAPWAP) Protocol Binding for IEEE 802.11", RFC 5416, March2009.2009, <http://www.rfc-editor.org/info/rfc5416>. 6.2. Informative References [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 5226, May 2008, <http://www.rfc-editor.org/info/rfc5226>. Acknowledgments The authors are grateful for extremely valuable suggestions from Dorothy Stanley in developing this specification. Guidance from the management team -- Melinda Shore, Scott Bradner, Chris Liljenstolpe, Benoit Claise, Joel Jaeggli, and Dan Romascanu -- is highly appreciated. Contributors Yifan Chen <chenyifan@chinamobile.com> Naibao Zhou <zhounaibao@chinamobile.com> Authors' Addresses Chunju Shao China Mobile No.32 Xuanwumen West Street Beijing 100053 ChinaEmail:EMail: shaochunju@chinamobile.com Hui Deng China Mobile No.32 Xuanwumen West Street Beijing 100053 ChinaEmail:EMail: denghui@chinamobile.com Rajesh S. Pazhyannur Cisco Systems 170 West Tasman Drive San Jose, CA 95134USA Email:United States EMail: rpazhyan@cisco.com Farooq Bari AT&T 7277 164th Ave NERedmondRedmond, WA 98052USA Email:United States EMail: farooq.bari@att.com Rong Zhang China Telecom No.109 Zhongshandadao avenue Guangzhou 510630 ChinaEmail:EMail: zhangr@gsta.com Satoru Matsushima SoftBank Telecom 1-9-1 Higashi-Shinbashi, Munato-ku Tokyo JapanEmail:EMail: satoru.matsushima@g.softbank.co.jp