Analysis of Roaming Techniques

1
Analysis of Roaming Techniques

• Areg Alimian
• Communication Machinery Corporation
• aalimian_at_cmc.com
• Bernard Aboba
• Microsoft
• bernarda_at_microsoft.com

2
Outline

• Roaming Definition Phases
• Test Configurations for roaming measurements
• Contributors to handoff latency
• Existing and emerging solutions for fast handoff
• Conclusions

3
How do we define roaming?

• Roaming latency
• The period from when the STA last receives data
  traffic via its old AP and when it receives data
  from the new AP is often referred to as the
  handoff latency or handoff delay.
• Triggering roaming
• When the STA moves away from its current AP, the
  signal quality of the messages from the above AP
  will decrease.
• At some (configurable) signal quality threshold,
  or after a number of failed retransmission
  attempts, the STA starts looking for a better
  AP to reassociate with, triggering a handover
  procedure.

4
Handoff Scenario
Latency Contributors 802.11 scan 802.1X
authentication 4-way handshake Movement
detection Address assignment Duplicate detection
IKE renegotiation MIP signalling TCP adjustment
period
Channel 11
Channel 6
c
v
D
AP B
AP A
STA
c 10-20 ft D 100-300 ft
5
Latency Budget
6
Logical Steps/Phases in Handoff

• Detection/Rate adaptation
• Mobile station starts adjusting the traffic rate
  all the way down to the minimum for its PHY (rate
  fallback ).
• The signal strength and the signal-to-noise ratio
  of the signal from a stations current AP degrade
  and the station retransmits without a response.
• Scanning
• Mobile station initiates active scanning to probe
  for nearby APs.
• Association/Reassociation
• 802.1X (re-)authentication
• STA attempts (re)authentication with the new AP.
  With PMK Caching/SAs the EAP authentication phase
  with a back-end server is not necessary.
• IEEE 802.11 AKM
• IP Layer Configuration
• Acquiring a valid IP address
• Duplicate Address Detection (DAD)
• Mobile IP signaling
• IKE signaling (if required)
• Transport layer adjustment
• TCP adjustment period

7
802.11 Handoff Problem Space
Scan Pre-auth via Old AP
Pre-Auth Neighbor graph
Association not possible
4-way handshake, no 802.1X
3-way handshake, no 802.1X
DT/B
Scan Radio tuning
c DTPA
D DTReassoc
D DTFH
D DTPA
Stationary
Pedestrian
Vehicular
High Speed
Station Velocity
8
Handoff Test Metrics Summary

• Rate adaptation
• Rate adaptation time
• Packet loss during rate adaptation
• (Re)authentication
• (Re)authentication (AKM) without prior security
  Association states.
• (Re)authentication (AKM) without prior security
  State.
• (Re)authentication with IAPP.
• Roaming
• Handoff Interval
• Downstream loss during handover
• Session continuity during handover
• Upstream delay
• Scanning
• Passive Scanning
• Active Scanning
• Behavioral
• Roaming hysteresis
• Rate adaptation hysteresis
• Network Connectivity resumption

9
Test Scenarios for Handoff Performance

• Handoff Triggering Mechanisms
• The power to the current AP is switched off
• Decreasing the Tx power of current AP
• Changing the load on the current AP
• Injecting Traffic Patterns during handoff
• Unidirectional upstream traffic from STA to a
  host on the LAN
• Unidirectional downstream traffic from LAN host
  to STA.
• Bidirectional traffic between STA and LAN host.
• 2nd STA at the new AP competing for media access.

10
General Observations Based on Test Data

• Handoff triggering mechanism (power off vs. Tx
  Power reduction) affects movement detection
  time.
• Traffic pattern during roam affects overall
  handoff latency and packet loss during roam.
• Handoff latency varies significantly based on
  specific equipment, especially STAs.

11
Handover Latency Summary

• Detection and active scanning probe phase can be
  too long, therefore increasing overall roaming
  latency.
• Rate adaptation down to 1 or 2 Mbps can take
  significant time and affects the throughput of
  other STAs if one or more STA are connected at
  the lower rate.
• Significant delays at L3
• IP address assignment (when DHCP server is far
  from host)
• Duplicate Address Detection (DAD)
• Mobile IP signaling
• Significant delays at L4 in some scenarios
• Movement from high bw/low delay network to low
  bw/high delay network

12
The current 802.11 probe function

• The probe function is the IEEE 802.11 MAC active
  scan function
• And the standard specifies a scanning procedure
  as follows
• For each channel to be scanned,
• 1. STA sends a probe request with broadcast
  destination,
• SSID, and broadcast BSSID.
• 2. STA starts a ProbeTimer.
• 3. If medium is not busy before the ProbeTimer
  reaches
• MinChannelTime, scan the next channel, else when
• ProbeTimer reaches MaxChannelTime, process all
  received
• probe responses and proceed to next channel.

13
Existing Techniques for Handover Optimization

• Limiting Rate adaptation range
• Allowing negotiation of 1 and 2 Mbps rates is
  very time consuming.  
• If there are one or more stations associated at
  lower rates, this will limit the throughput of
  stations associated at higher rates. 
• AP Initiated Handoff
• At the PHY Layer
• Optimized Active Scanning
• Scan most likely channels first.
• Obtain channel list from the AP.
• Fast Active Scanning.
• Sending a probe request to a specific AP on its
  operation channel designating as the sole
  responder. Designated AP sends probe response
  after SIFS deferral.

14
Existing Techniques for Handover Optimization - 2

• Providing Candidate Lists to roaming STA
• Roaming Station can request a candidate list from
  the AP to obtain relevant information about
  neighborhood STAs.
• A Site Report is not necessarily the same as a
  candidate list
• Difference The list of all neighbors vs. the
  list of authorized, functional neighbors
• Optimized IP Layer configuration
• Significant delays in Layer 3 due to Duplicate
  Address Detection (DAD) and IP address assignment
• IPv4 significant delay in DHCP where the DHCP
  server is far away from the host.
• IPv6 delays due to movement detection constants
• DNA reduces IP address assignment delays for
  intra-subnet roaming, provided there are reliable
  hints from L2
• Optimistic DAD (IPv6 only) reduces DAD delays

15
Detection of Network Attachment (DNA)

• The time required to detect movement (or lack of
  movement) between subnets, and to obtain (or
  continue to use) a valid IP address may be
  significant as a fraction of the total delay in
  moving between points of attachment. As a result,
  optimizing detection of network attachment is
  important for mobile hosts.
• Detection of Network Attachment follows the
  principles below
• Treatment of Link-Up indications from the Link
  Layer
• Link-Local addressing as a mechanism of last
  resort
• Utilization of hints from the Link Layer on
  current Subnet
• Performing reachability test instead address
  acquisition where a valid IP address exists on
  the most likely point of attachment
• Sending a DHCPDISCOVER instead of a DHCPREQUEST
  if the subnet is likely to have changed.

16
Issues with DNA

• Today, there are no reliable hints of subnet
  attachment
• SSID is not a reliable hint of subnet
  attachment
• Default SSIDs are common can disambiguate
  w/BSSID
• STA may change prefix within same SSID
• STA may keep same prefix when changing SSIDs
  (less likely)
• DNA will not optimize the IP configuration phase
  significantly without reliable link layer hints

17
Factors Affecting STA Roam Decision

• Factors that may affect the quality of the
  connection between the AP and the STA include
• - Received Signal Power
• - Retransmissions
• Factors that affect which AP, currently, would be
  the best choice for a STA to (re)associate with
  to maintain the upper layer connection include
  the above considerations plus
• Loading/Load Balancing Considerations
• Capability matching
• SNR
• Received Signal Strength
• Security
• SSID

18
Using Candidate List Reports

• A candidate list report contains information on
  APs that are valid handoff candidates for a STA
• Valid not a rogue, connected to the DS,
  forwarding frames, etc.
• In response to a candidate list request, AP in
  response will send
• Candidate list report for the ESS specified.
• If the SSID IE is not present it will send a
  Candidate List Report for the SSID for the
  current ESS.
• If the AP has no information on the ESS of which
  the SSID has been requested it will send a
  Candidate List Response with a length of zero.

19
Issues with the Site Report

• Site report may or may not be equivalent to a
  candidate list report
• Is purpose of site report to obtain a list of
  all APs, or just valid roaming candidates?
• Site Report Response uses mgmt action frames
  which are not secured in the current
  specification.
• Even if the STA has the BSSID of the AP to
  pre-authenticate to, it needs to be within the
  APs coverage area to reassociate.
• The site report may not narrow the roaming
  candidates
• Site Report may contain unsuitable roaming
  candidates
• SNR is necessary to choose between roaming
  candidates
• Using a site report as a candidate list
  report may cause the station to pre-authenticate
  to more APs, increasing load.

20
Alternative Approaches

• Obtain neighbor information only after completion
  of authenticated key management (AKM)
• Neighbor information obtained only from
  authenticated APs
• Candidate list exchange is authenticated via a
  unicast key, not a group key
• Semantics provide a candidate list not a site
  report

21
Handoff Alternative Approach

• AP-Initiated handoff
• WLAN switch approach
• PMKs made available to dumb APs by WLAN switch
• IAPP approach
• PMKs propagated between APs
• PHY layer approach
• Same SSID, same BSSID, same channel.
• STA does not know that it is roaming.
• Result is very small handoff latency.
• Realities
• This approach is now ubiquitous (but
  non-interoperable).
• Standardizing AP-initiated handoff is not a
  worthwhile activity
• Probably more profitable to focus on other issues

22
Related Work

• Papers on this topic include
• http//www.ieee802.org/11/Documents/DocumentHolder
  /3-417.zip
• http//www.ieee802.org/11/Documents/DocumentHolder
  /3-416.zip
• http//www.it.kth.se/vatn/research/handover-perf.
  pdf
• http//www.drizzle.com/aboba/IEEE/692.zip
• http//www.cs.umd.edu/waa/pubs/handoff-lat-acm.pd
  f
• http//www.it.kth.se/hvelayos/papers/TRITA-IMIT-L
  CN20R2003-0220Handover20in20IEEE20802.pdf
• http//www.cs.cmu.edu/glennj/scp/FixingAPSelectio
  n.html
• 11-04-0086-02-frfh-measurement-802-11-roaming-inte
  rvals.ppt (on www.802wirelessworld.com)

23
Conclusions

• Biggest challenges occur prior to authentication
• Detection algorithms (when to roam)
• Rate adaptation algorithms
• Scanning latency (particularly for 802.11a/b/g
  devices)
• Potential solutions are available
• Channel maps
• Roaming Candidate lists
• Active scan optimizations
• Rate adaptation limits
• DNA
• Optimistic DAD
• Key management techniques not a high priority
• TGi pre-authentication, PMK caching enables
  working systems today
• Fitting within 50ms VOIP budget is possible.
• And involves hard implementation work, not rocket
  science.

24
Feedback?