Title: Analysis of Roaming Techniques
1Analysis of Roaming Techniques
- Areg Alimian
- Communication Machinery Corporation
- aalimian_at_cmc.com
- Bernard Aboba
- Microsoft
- bernarda_at_microsoft.com
2Outline
- Roaming Definition Phases
- Test Configurations for roaming measurements
- Contributors to handoff latency
- Existing and emerging solutions for fast handoff
- Conclusions
3How do we define roaming?
- Roaming latency
- The period from when the STA last receives data
traffic via its old AP and when it receives data
from the new AP is often referred to as the
handoff latency or handoff delay. - Triggering roaming
- When the STA moves away from its current AP, the
signal quality of the messages from the above AP
will decrease. - At some (configurable) signal quality threshold,
or after a number of failed retransmission
attempts, the STA starts looking for a better
AP to reassociate with, triggering a handover
procedure.
4Handoff Scenario
Latency Contributors 802.11 scan 802.1X
authentication 4-way handshake Movement
detection Address assignment Duplicate detection
IKE renegotiation MIP signalling TCP adjustment
period
Channel 11
Channel 6
c
v
D
AP B
AP A
STA
c 10-20 ft D 100-300 ft
5Latency Budget
6Logical Steps/Phases in Handoff
- Detection/Rate adaptation
- Mobile station starts adjusting the traffic rate
all the way down to the minimum for its PHY (rate
fallback ). - The signal strength and the signal-to-noise ratio
of the signal from a stations current AP degrade
and the station retransmits without a response. - Scanning
- Mobile station initiates active scanning to probe
for nearby APs. - Association/Reassociation
- 802.1X (re-)authentication
- STA attempts (re)authentication with the new AP.
With PMK Caching/SAs the EAP authentication phase
with a back-end server is not necessary. - IEEE 802.11 AKM
- IP Layer Configuration
- Acquiring a valid IP address
- Duplicate Address Detection (DAD)
- Mobile IP signaling
- IKE signaling (if required)
- Transport layer adjustment
- TCP adjustment period
7802.11 Handoff Problem Space
Scan Pre-auth via Old AP
Pre-Auth Neighbor graph
Association not possible
4-way handshake, no 802.1X
3-way handshake, no 802.1X
DT/B
Scan Radio tuning
c DTPA
D DTReassoc
D DTFH
D DTPA
Stationary
Pedestrian
Vehicular
High Speed
Station Velocity
8Handoff Test Metrics Summary
- Rate adaptation
- Rate adaptation time
- Packet loss during rate adaptation
- (Re)authentication
- (Re)authentication (AKM) without prior security
Association states. - (Re)authentication (AKM) without prior security
State. - (Re)authentication with IAPP.
- Roaming
- Handoff Interval
- Downstream loss during handover
- Session continuity during handover
- Upstream delay
- Scanning
- Passive Scanning
- Active Scanning
- Behavioral
- Roaming hysteresis
- Rate adaptation hysteresis
- Network Connectivity resumption
9Test Scenarios for Handoff Performance
- Handoff Triggering Mechanisms
- The power to the current AP is switched off
- Decreasing the Tx power of current AP
- Changing the load on the current AP
- Injecting Traffic Patterns during handoff
- Unidirectional upstream traffic from STA to a
host on the LAN - Unidirectional downstream traffic from LAN host
to STA. - Bidirectional traffic between STA and LAN host.
- 2nd STA at the new AP competing for media access.
10General Observations Based on Test Data
- Handoff triggering mechanism (power off vs. Tx
Power reduction) affects movement detection
time. - Traffic pattern during roam affects overall
handoff latency and packet loss during roam. - Handoff latency varies significantly based on
specific equipment, especially STAs.
11Handover Latency Summary
- Detection and active scanning probe phase can be
too long, therefore increasing overall roaming
latency. - Rate adaptation down to 1 or 2 Mbps can take
significant time and affects the throughput of
other STAs if one or more STA are connected at
the lower rate. - Significant delays at L3
- IP address assignment (when DHCP server is far
from host) - Duplicate Address Detection (DAD)
- Mobile IP signaling
- Significant delays at L4 in some scenarios
- Movement from high bw/low delay network to low
bw/high delay network
12The current 802.11 probe function
- The probe function is the IEEE 802.11 MAC active
scan function - And the standard specifies a scanning procedure
as follows - For each channel to be scanned,
- 1. STA sends a probe request with broadcast
destination, - SSID, and broadcast BSSID.
- 2. STA starts a ProbeTimer.
- 3. If medium is not busy before the ProbeTimer
reaches - MinChannelTime, scan the next channel, else when
- ProbeTimer reaches MaxChannelTime, process all
received - probe responses and proceed to next channel.
13Existing Techniques for Handover Optimization
- Limiting Rate adaptation range
- Allowing negotiation of 1 and 2 Mbps rates is
very time consuming. Â - If there are one or more stations associated at
lower rates, this will limit the throughput of
stations associated at higher rates. - AP Initiated Handoff
- At the PHY Layer
- Optimized Active Scanning
- Scan most likely channels first.
- Obtain channel list from the AP.
- Fast Active Scanning.
- Sending a probe request to a specific AP on its
operation channel designating as the sole
responder. Designated AP sends probe response
after SIFS deferral.
14Existing Techniques for Handover Optimization - 2
- Providing Candidate Lists to roaming STA
- Roaming Station can request a candidate list from
the AP to obtain relevant information about
neighborhood STAs. - A Site Report is not necessarily the same as a
candidate list - Difference The list of all neighbors vs. the
list of authorized, functional neighbors - Optimized IP Layer configuration
- Significant delays in Layer 3 due to Duplicate
Address Detection (DAD) and IP address assignment - IPv4 significant delay in DHCP where the DHCP
server is far away from the host. - IPv6 delays due to movement detection constants
- DNA reduces IP address assignment delays for
intra-subnet roaming, provided there are reliable
hints from L2 - Optimistic DAD (IPv6 only) reduces DAD delays
15Detection of Network Attachment (DNA)
- The time required to detect movement (or lack of
movement) between subnets, and to obtain (or
continue to use) a valid IP address may be
significant as a fraction of the total delay in
moving between points of attachment. As a result,
optimizing detection of network attachment is
important for mobile hosts. - Detection of Network Attachment follows the
principles below - Treatment of Link-Up indications from the Link
Layer - Link-Local addressing as a mechanism of last
resort - Utilization of hints from the Link Layer on
current Subnet - Performing reachability test instead address
acquisition where a valid IP address exists on
the most likely point of attachment - Sending a DHCPDISCOVER instead of a DHCPREQUEST
if the subnet is likely to have changed.
16Issues with DNA
- Today, there are no reliable hints of subnet
attachment - SSID is not a reliable hint of subnet
attachment - Default SSIDs are common can disambiguate
w/BSSID - STA may change prefix within same SSID
- STA may keep same prefix when changing SSIDs
(less likely) - DNA will not optimize the IP configuration phase
significantly without reliable link layer hints
17Factors Affecting STA Roam Decision
- Factors that may affect the quality of the
connection between the AP and the STA include - - Received Signal Power
- - Retransmissions
- Factors that affect which AP, currently, would be
the best choice for a STA to (re)associate with
to maintain the upper layer connection include
the above considerations plus - Loading/Load Balancing Considerations
- Capability matching
- SNR
- Received Signal Strength
- Security
- SSID
18Using Candidate List Reports
- A candidate list report contains information on
APs that are valid handoff candidates for a STA - Valid not a rogue, connected to the DS,
forwarding frames, etc. - In response to a candidate list request, AP in
response will send - Candidate list report for the ESS specified.
- If the SSID IE is not present it will send a
Candidate List Report for the SSID for the
current ESS. - If the AP has no information on the ESS of which
the SSID has been requested it will send a
Candidate List Response with a length of zero.
19Issues with the Site Report
- Site report may or may not be equivalent to a
candidate list report - Is purpose of site report to obtain a list of
all APs, or just valid roaming candidates? - Site Report Response uses mgmt action frames
which are not secured in the current
specification. - Even if the STA has the BSSID of the AP to
pre-authenticate to, it needs to be within the
APs coverage area to reassociate. - The site report may not narrow the roaming
candidates - Site Report may contain unsuitable roaming
candidates - SNR is necessary to choose between roaming
candidates - Using a site report as a candidate list
report may cause the station to pre-authenticate
to more APs, increasing load.
20Alternative Approaches
- Obtain neighbor information only after completion
of authenticated key management (AKM) - Neighbor information obtained only from
authenticated APs - Candidate list exchange is authenticated via a
unicast key, not a group key - Semantics provide a candidate list not a site
report
21Handoff Alternative Approach
- AP-Initiated handoff
- WLAN switch approach
- PMKs made available to dumb APs by WLAN switch
- IAPP approach
- PMKs propagated between APs
- PHY layer approach
- Same SSID, same BSSID, same channel.
- STA does not know that it is roaming.
- Result is very small handoff latency.
- Realities
- This approach is now ubiquitous (but
non-interoperable). - Standardizing AP-initiated handoff is not a
worthwhile activity - Probably more profitable to focus on other issues
22Related Work
- Papers on this topic include
- http//www.ieee802.org/11/Documents/DocumentHolder
/3-417.zip - http//www.ieee802.org/11/Documents/DocumentHolder
/3-416.zip - http//www.it.kth.se/vatn/research/handover-perf.
pdf - http//www.drizzle.com/aboba/IEEE/692.zip
- http//www.cs.umd.edu/waa/pubs/handoff-lat-acm.pd
f - http//www.it.kth.se/hvelayos/papers/TRITA-IMIT-L
CN20R2003-0220Handover20in20IEEE20802.pdf - http//www.cs.cmu.edu/glennj/scp/FixingAPSelectio
n.html - 11-04-0086-02-frfh-measurement-802-11-roaming-inte
rvals.ppt (on www.802wirelessworld.com)
23Conclusions
- Biggest challenges occur prior to authentication
- Detection algorithms (when to roam)
- Rate adaptation algorithms
- Scanning latency (particularly for 802.11a/b/g
devices) - Potential solutions are available
- Channel maps
- Roaming Candidate lists
- Active scan optimizations
- Rate adaptation limits
- DNA
- Optimistic DAD
- Key management techniques not a high priority
- TGi pre-authentication, PMK caching enables
working systems today - Fitting within 50ms VOIP budget is possible.
- And involves hard implementation work, not rocket
science.
24Feedback?