August 2013
doc.: IEEE 11-13/0938r0
Service mapping between the ISS and 802.11
Date: 2013-08-01
Authors:
Name
Affiliations
Address
Phone
email
Norman Finn
Cisco Systems
170 W Tasman Dr.
San José CA 95134 USA
+1.408.526.4495
[email protected]
Submission
Slide 1
Norman Finn, Cisco Systems
August 2013
doc.: IEEE 11-13/0938r0
Abstract
The ISS services required by IEEE 802.1Q Bridges can
be mapped to the services offered by either the
infrastructure or non-AP station interfaces of
P802.11ak. This can be accomplished by defining a
new interface between P802.11ak and 802.1AC
consisting of a single instance of the ISS with an
associated port vector.
Submission
Slide 2
Norman Finn, Cisco Systems
A MAC Relay Entity that interconnects the Bridge’s Ports;
At least two Ports;
Higher layer entities, including at least a Spanning Tree Protocol Entity.
a)
b)
c)
doc.: IEEE 11-13/0938r0
The Virtual Bridge Architecture
The VLAN-aware Bridge architecture is illustrated in Figure 8-2. The MAC Relay Entity handles the media
access method independent functions of relaying frames among Bridge Ports, filtering frames, and learning
filtering information. It uses the Enhanced Internal Sublayer Service (EISS) (6.8, 6.9) provided by each
Bridge Port.
Bridge Port
Bridge Port
Higher Layer Entities
MS
MS
MAC Relay Entity
SS
EI
SS
EI
ISS
Media Access
Method
Independent
Functions (6.9)
ISS
Media Access
Method
Dependent
Convergence
Functions (6.7)
Media Access Method
Specific Functions
(IEEE Std 802.n)
LAN
LAN
NOTE—The notation “IEEE Std 802.n” in this figure indicates that the specifications for these functions can be
found in the relevant standard for the media access method concerned; for example, n would be 3 (IEEE Std 802.3)
in the case of Ethernet.
Figure 8-2—VLAN-aware Bridge architecture
IEEE Std 802.1Q-2011
Each Bridge Port also functions as an end station providing one or more instances of the MAC Service. Each
instance of the MAC Service is provided to a distinct LLC Entity that supports protocol identification,
multiplexing, and demultiplexing, for PDU transmission and reception by one or more higher layer entities.
Submission
NOTE 1—In most cases, each Port provides a single instance of the MAC Service, to an LLC Entity that supports all
A MAC Relay Entity that interconnects the Bridge’s Ports;
At least two Ports;
Higher layer entities, including at least a Spanning Tree Protocol Entity.
a)
b)
c)
doc.: IEEE 11-13/0938r0
The Virtual Bridge Architecture
The VLAN-aware Bridge architecture is illustrated in Figure 8-2. The MAC Relay Entity handles the media
access method independent functions of relaying frames among Bridge Ports, filtering frames, and learning
filtering information. It uses the Enhanced Internal Sublayer Service (EISS) (6.8, 6.9) provided by each
Bridge Port.
Bridge Port
Bridge Port
Higher Layer Entities
MS
MS
MAC Relay Entity
SS
EI
SS
EI
ISS
Media Access
Method
Independent
Functions (6.9)
ISS
Let’s zoom
in on this
Media Access
Method
Dependent
Convergence
Functions (6.7)
Media Access Method
Specific Functions
(IEEE Std 802.n)
LAN
LAN
NOTE—The notation “IEEE Std 802.n” in this figure indicates that the specifications for these functions can be
found in the relevant standard for the media access method concerned; for example, n would be 3 (IEEE Std 802.3)
in the case of Ethernet.
Figure 8-2—VLAN-aware Bridge architecture
IEEE Std 802.1Q-2011
Each Bridge Port also functions as an end station providing one or more instances of the MAC Service. Each
instance of the MAC Service is provided to a distinct LLC Entity that supports protocol identification,
multiplexing, and demultiplexing, for PDU transmission and reception by one or more higher layer entities.
Submission
NOTE 1—In most cases, each Port provides a single instance of the MAC Service, to an LLC Entity that supports all
Three methods for
doc.: IEEE 11-13/0938r0
connecting a Bridge to 802.11 media
Enhancements to Bridging of 802.11 Media
IEEE P802.1Qbz/D1.2
July 31, 2013
1
2
The Forwarding Process (8.6)
3
4
5
Support of
Support of Support of Support of
Support of
EISS
EISS
EISS
EISS
EISS
6
(6.9)
(6.9)
(6.9)
(6.9)
(6.9)
7
8
802.1AC TBD
IEEE 802.1AC Clause 12.1.2
802.1AC Clause TBD
non-AP
station
9
Infrastructure convergence
802.11 Portal convergence
convergence
10
11
IEEE Std 802.11ak
IEEE Std 802.11
IEEE Std 802.11ak
Non-AP
12
Portal and distribution system
Infrastructure access
station access
13
14
802.11
802.11
IEEE 802.11
IEEE Std 802.11
15
access point
access point
access point
non-AP station
16
17
18
802.11
802.11
802.11
802.11
19
medium
medium
medium
medium
20
Portal (G.4.1)
Infrastructure (G.4.2)
Non-AP station (G.4.3)
21
22
Figure G-2—Methods for Bridge access to IEEE 802.11 media
23
24
25
26
G.4.2 Infrastructure convergence
27
28
The infrastructure convergence function defined in IEEE 802.1AC Clause TBD provides a set of virtual
29
point-to-point instances of the 802.1AE MAC Security sublayer and the ISS, one to each station to which an
30 Submission
IEEE Std 802.11 access point is attached. The convergence function maps this set of ISS instances to a
1
DONE
2
3
NEW
NEW
P802.1Qbz Draft 1.2 (still in early Task Group balloting stage)
August 2013
doc.: IEEE 11-13/0938r0
INFRASTRUCTURE SIDE
Submission
Slide 6
Norman Finn, Cisco Systems
Convergence Functions for 2:doc.: IEEE 11-13/0938r0
802.11 infrastructure access
• For most media (e.g. 802.3, FDDI, MOST,
or the 802.11 Portal interface) it is a
relatively simple chore to map the ISS
parameters to the particular medium’s
parameters.
• For P802.1Qbz / P802.11ak, convergence
is more complex.
•
•
•
The security layer is necessarily down in
802.11, not above the ISS, because 802.11
secures fragments of frames.
There is one physical interface that can
send a multicast, theoretically sent on
multiple ports, with a single transmission.
This multiplexing involves the cooperation
of the AP and the non-AP station; the nonAP station must decode the port selection
encoded in the frame by the AP.
Submission
controlled
uncontrolled
(ISS)
controlled
uncontrolled
(ISS)
(ISS)
(ISS)
802.1AE
SecY
802.1AE
SecY
(ISS)
(ISS)
Media Access Method
Dependent Convergence
Functions
(802.11)
(Not strictly 802.1AE SecY,
but equivalent in terms of
usage and effect.)
802.1Q + 802.1AC
doc.: IEEE 11-13/0938r0
Convergence + 802.11ak infrastructure
C
(ISS)
UC
(ISS)
C
(ISS)
UC
(ISS)
SecY 1
SecY 2
(ISS)
(ISS)
C: controlled
UC: uncontrolled
C
(ISS)
UC
(ISS)
SecY m
…
(ISS)
802.1AC Media Access Method Dependent Convergence Functions
Many ISS  Infrastructure SAP + vector of ports
(Infrastructure SAP with port vector)
802.1ak Infrastructure access
Vector of ports  N frames with third MAC address and subset encoding
(802.11)
Submission
802.1Q + 802.1AC
doc.: IEEE 11-13/0938r0
Convergence + 802.11ak infrastructure
Eliminate the SecY. Attach both controlled and uncontrolled ports to the
convergence function. (This trick goes in 802.1Qbz.)
C
(ISS)
UC
(ISS)
1
C
(ISS)
UC
(ISS)
…
2
C
(ISS)
UC
(ISS)
m
802.1AC Media Access Method Dependent Convergence Functions
Many ISS  Infrastructure SAP + vector of ports
(Infrastructure SAP with port vector)
802.1ak Infrastructure access
Vector of ports  N frames with third MAC address and subset encoding
(802.11)
Submission
Infrastructure
802.1AC Convergence
C
(ISS)
UC
(ISS)
1
C
(ISS)
2
UC
(ISS)
doc.: IEEE 11-13/0938r0
…
C
(ISS)
m
UC
(ISS)
• All of the ports associated with a given AP (or BSS, in the
sense of a logical function) go through a single instance of the
convergence function.
• For .requests: The convergence function turns some number
of .requests presented “simultaneously” on some number of
its upper SAPs into a single .request and a vector indicating
on which SAPs it was presented.
• For .indications: The convergence function presents the
frame on the SAP(s) indicated by the vector. (It so happens
that this is always just one port.)
• (Infrastructure SAP with port vector)
Submission
Infrastructure
802.1AC Convergence
C
(ISS)
UC
(ISS)
1
C
(ISS)
2
UC
(ISS)
doc.: IEEE 11-13/0938r0
…
C
(ISS)
m
UC
(ISS)
• The creation and deletion of upper SAPs are handled by the
AP and its security layer. The signaling of these events is a
matter not visible outside the system, so may or may not be
standardized, at the choice of 802.11 TGak.
• Of course, the 802.1AC convergence function also performs
any minor mapping required between the ISS and 802.11
service definitions.
(Infrastructure SAP with port vector)
Submission
doc.: IEEE 11-13/0938r0
P802.11ak infrastructure access
(Infrastructure SAP with port vector)
• (Feel free to suggest better names for this function.)
• For .requests: The frame has only Destination and Source
addresses. Every frame has a Source and Transmitter
address both the AP’s MAC address. Using the port vector,
the infrastructure access function selects a
Destination/Receiver address (either a unicast to a non-AP
station or a broadcast to all) and encodes the station list
appropriately in the A-MSDU.
• For .indications: The Transmitter address and whether the
frame was encrypted determine the single-bit vector passed
up with the frame.
(802.11)
Submission
doc.: IEEE 11-13/0938r0
What about VLAN tag variances?
• As will be made clear in P802.1Qbz (and in P802.11ak, if TGak so
desires), the purpose of the architecture is to specify outcomes, not
internal processes.
• So, whether variances in VLAN tagging, VID mapping, or priority
mapping cause a frame to be replicated above 802.1AC
convergence function, or below the 802.11 infrastructure access
function, is irrelevant to IEEE Std 802.1Q or to IEEE Std 802.1AC.
• If TGak chooses to add such mapping functions to the A-MSDU
encoding, it will be documented in IEEE Std 802.11ak.
Submission
August 2013
doc.: IEEE 11-13/0938r0
NON-AP STATION SIDE
Submission
Slide 14
Norman Finn, Cisco Systems
802.1Q + 802.1AC
doc.: IEEE 11-13/0938r0
Convergence + 802.11ak Non-AP station
C
(ISS)
UC
(ISS)
(only two ports, controlled and uncontrolled)
802.1AC Media Access Method Dependent Convergence Functions
Many ISS  Infrastructure SAP + vector of ports
(Non-AP station SAP with port vector)
802.1ak Non-AP station
Vector of ports  1 frame with third MAC address and subset encoding
(802.11)
Submission
Non-AP station
802.1AC Convergence
C
(ISS)
doc.: IEEE 11-13/0938r0
UC
(ISS)
• The creation and deletion of upper SAPs are handled by the
station and its security layer. The signaling of these events is
a matter not visible outside the system, so may or may not be
standardized, at the choice of 802.11 TGak.
• Of course, the 802.1AC convergence function also performs
any minor mapping required between the ISS and 802.11
service definitions.
(Non-AP station SAP with port vector)
Submission
doc.: IEEE 11-13/0938r0
P802.11ak Non-AP station access
(Non-AP station SAP with port vector)
• For .requests: The frame has only Destination and Source
addresses. The port vector simply indicates whether the
frame is or is not encrypted. The outer Destination and
Receiver addresses are the AP, the Source/Transmitter
address the non-AP station. The A-MSDU does not carry any
subset encoding.
• For .indications: Whether or not the frame was encrypted
determines the single-bit vector passed up with the frame.
(802.11)
Submission
August 2013
doc.: IEEE 11-13/0938r0
A FINAL OPTION
Submission
Slide 18
Norman Finn, Cisco Systems
doc.: IEEE 11-13/0938r0
A final option
If preferred by TGak, it would be just as easy to make
separate controlled and uncontrolled ports at the 802.11
interface:
C
C
C
UC
UC
UC
…
…
(ISS)
(ISS)
(ISS)
(ISS)
(ISS)
(ISS)
1
2
m
1
2
m
Controlled 802.1AC
convergence function
Uncontrolled 802.1AC
convergence function
(Infrastruct. SAP w/ port vector)
(Infrastruct. SAP w/ port vector)
Controlled 802.1ak
infrastructure access
Uncontrolled 802.1ak
infrastructure access
C
(802.11)
UC
(802.11)
Submission
doc.: IEEE 11-13/0938r0
A final option
• Note that, because the non-AP station has only one SAP for the AP,
this effectively reduces the 802.1AC non-AP station convergence
function to be exactly the same as the current Portal convergence
function.
• Of course, the anti-reflection part of the subset solution is still
required.
Submission