Network Working Group R. Zhang Internet-Draft China Telecom Intended status: Standards Track Z. Cao Expires: April 25, 2014 H. Deng China Mobile R. Pazhyannur S. Gundavelli Cisco October 22, 2013 Alternate Tunnel Encapsulation for Data Frames in CAPWAP draft-zhang-opsawg-capwap-cds-01 Abstract CAPWAP ([RFC5416]) defines two tunneling modes for encapsulating data frames from stations associated with WLAN: 802.3 Tunnel and 802.11 Tunnel modes. This document provides for an alternate tunnel encapsulation. The alternate tunnel encapsulation allows 1) the WTP to tunnel non-management data frames to an endpoint different from the AC and 2) allows the WTP to tunnel using one of many known encapsulation types such as IP-IP, IP-GRE, CAPWAP. The WTP may advertise support for Alternate Tunnel encapsulation during the discovery process and AC may select one of the supported Alternate Tunnel encapsulate types during the WTP configuration. Further, the AC may configure WTP to enable the alternate tunnel encapsulation. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on April 25, 2014. Copyright Notice Zhang, et al. Expires April 25, 2014 [Page 1] Internet-Draft Alternate Tunnel October 2013 Copyright (c) 2013 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1.1. Conventions used in this document . . . . . . . . . . . . 4 1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 4 2. Alternate Tunnel Encapsulation . . . . . . . . . . . . . . . 5 2.1. Supported Alternate Tunnel Encpsulation . . . . . . . . . 5 2.2. Alternate Tunnel Encapsulation . . . . . . . . . . . . . 5 3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 4. Security Considerations . . . . . . . . . . . . . . . . . . . 6 5. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 6 6. References . . . . . . . . . . . . . . . . . . . . . . . . . 6 6.1. Normative References . . . . . . . . . . . . . . . . . . 6 6.2. Informative References . . . . . . . . . . . . . . . . . 6 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 7 1. Introduction CAPWAP ([RFC5415], [RFC5416]) defines a tunnel mode that specifies the frame tunneling type to be used for 802.11 data frames from all stations associated with the WLAN. The following types are supported: o Local Bridging: All user traffic is to be locally bridged. o 802.3 Tunnel: All user traffic is to be tunneled to the AC in 802.3 format. o 802.11 Tunnel: All user traffic is to be tunneled to the AC in 802.11 format. There are two shortcomings with currently specified tunneled modes: 1) it does not allow the WTP to tunnel data frames to an endpoint different from the AC and 2) it does not allow the WTP to tunnel data frames using any encapsulation other than CAPWAP (as specified in Section 4.4.2 of [RFC5415]). Next, we describe what is driving the above mentioned two requirements. Zhang, et al. Expires April 25, 2014 [Page 2] Internet-Draft Alternate Tunnel October 2013 Some operators deploying large number of Access Points prefer to centralize the management and control of Access Points (AP) while distributing the handling of data traffic to increase scaling. This motivates an architecture as shown in Figure 1 that has the Access Controller in a centralized location and one or more tunnel gateways (or Access Routers) that terminate the data tunnels from the various WTPs. central data center. This split architecture has two benefits over an architecture where data traffic is aggregated at the AC: 1) reduces the scale requriement on data traffic handling capability of the AR and 2) leads to more efficient/optimal routing of data traffic. +-----+ DATA +----------------+ | WTP |==========| Access Router | +-----+ +----------------+ \\ \\ CTL(CAPWAP) +--------+ ++======================+ AC | // +--------+ // +-----+// DATA +----------------+ | WTP |===========| Access Router | +=====+ +----------------+ Figure 1: Centralized Control with Distributed Data The above system (shown in Figure 1) could be achieved by setting the tunnel mode to Local bridging. In such a case the AC would handle control of WTPs as well as handle the management traffic to/from the stations. The data frames (non-management) from the stations would be handled by the local Access Router. However, in many deployments the operator managing the WTPs/AC may be different from the operator providing the internet connectivity to the WTPs. Further, the WTP operator may want (or be required by legal/regulatory requirements) to tunnel the traffic back to an Access Router in its network as shown in Figure 2. The tunneling requirement may be driven by the need to apply policy at the Access Router or a legal requirement to support lawful intercept of user traffic. This motivates the need for the WTP to support an alternate Tunnel encapsulation support where the data tunnels from the WTP are terminated at an AR (and more specifically at an end point different from the AC). _________ +-----+ ( ) +----------------+ | WTP |======+Internet +==============| Access Router | +-----+ (_________} +----------------+ Zhang, et al. Expires April 25, 2014 [Page 3] Internet-Draft Alternate Tunnel October 2013 \\ ________ \\ ( ) CAPWAP(CNTL) +--------+ ++==Internet+===============| AC | // ( ) +--------+ // ________ +-----+// ( ) +----------------+ | WTP |====+Internet +================| Access Router | +=====+ (_________} +----------------+ Figure 2: Centralized Control with Distributed Data In the case where the WTP is tunneling data frames to an AR (and not the AC), the choice of tunnel encapsulation need not be restricted only to CAPWAP (as described in Section 4.4.2 of [RFC5415]). In fact, the WTP may additionally support other widely used encapsulation types such as L2TP, L2TPv3, IP-in-IP, IP/GRE, etc. The WTP may advertise the different alterante tunnel encapsulation types supported and the AC can select one of the supported encapsulation types. 1.1. Conventions used in this document The key words "MUST", "MUST NOT", "REQUIRED", "SHALL","SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119] 1.2. Terminology Access Controller (AC): The network entity that provides WTP access to the network infrastructure in the data plane, control plane, management plane, or a combination therein. Access Point (AP): the same with Wireless Termination Point (WTP), The physical or network entity that contains an RF antenna and wireless Physical Layer (PHY) to transmit and receive station traffic for wireless access networks. CAPWAP Control Plane: A bi-directional flow over which CAPWAP Control packets are sent and received. CAPWAP Data Plane: A bi-directional flow over which CAPWAP Data frames are sent and received. EAP: Extensible Authentication Protocol, the EAP framework is specified in [RFC3748]. Zhang, et al. Expires April 25, 2014 [Page 4] Internet-Draft Alternate Tunnel October 2013 2. Alternate Tunnel Encapsulation 2.1. Supported Alternate Tunnel Encpsulation The IEEE 802.11 Supported Alternate Tunnel Encapsulations message element allow the WTP to communicate the supported tunnels. The Discovery Request message, Primary Discovery Request message, and Join Request message may include one such message element 0 1 2 3 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 +=+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- | Num_Tunnels | Tunnel_1 | Tunnel_[2..N].. +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- Figure 3: IEEE 802.11 Supported Tunnels Encapsulations o Type: TBD for IEEE 802.11 Supported MAC Profiles o Num_Tunnels >=1: This refers to number of profiles presnt in this messaage element. There must be at least one profile. o Tunnel: Each Tunnel is idnentified by a value given in Section 2.2 2.2. Alternate Tunnel Encapsulation The IEEE 802.11 Alternate Tunnel Encapsulation message element allows the AC to select the profile. This messsage element may be provided along with the IEEE 802.11 ADD WLAN message element while configuring a WLAN on the WTP. 0 1 2 3 4 5 6 7 +=+-+-+-+-+-+-+-+ | Tunnel Encap | | Type | +-+-+-+-+-+-+-+-+ Figure 4: IEEE 802.11 MAC Profile o Type: TBD for IEEE 802.11 MAC Profile o Tunnel Encap Type: The profile is idnentified by a value as given below * 0: CAPWAP data channel as described in [RFC5415][RFC5416] * 1: L2TP * 2: L2TPv3 * 3: IP-in-IP * 4: IP/GRE Zhang, et al. Expires April 25, 2014 [Page 5] Internet-Draft Alternate Tunnel October 2013 3. IANA Considerations To be specified. 4. Security Considerations Security considerations for the CAPWAP protocol has been analyzed in Section 12 of [RFC5415]. This document does not introduce other security issues besides what has been analyzed in RFC5415. 5. Contributors This document stems from the joint work of Hong Liu, Yifan Chen, Chunju Shao from China Mobile Research. Thank all the contributors of this document. 6. References 6.1. Normative References [RFC5415] Calhoun, P., Montemurro, M., and D. Stanley, "Control And Provisioning of Wireless Access Points (CAPWAP) Protocol Specification", RFC 5415, March 2009. 6.2. Informative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC3118] Droms, R. and W. Arbaugh, "Authentication for DHCP Messages", RFC 3118, June 2001. [RFC3748] Aboba, B., Blunk, L., Vollbrecht, J., Carlson, J., and H. Levkowetz, "Extensible Authentication Protocol (EAP)", RFC 3748, June 2004. [RFC4564] Govindan, S., Cheng, H., Yao, ZH., Zhou, WH., and L. Yang, "Objectives for Control and Provisioning of Wireless Access Points (CAPWAP)", RFC 4564, July 2006. [RFC5416] Calhoun, P., Montemurro, M., and D. Stanley, "Control and Provisioning of Wireless Access Points (CAPWAP) Protocol Binding for IEEE 802.11", RFC 5416, March 2009. [RFC5417] Calhoun, P., "Control And Provisioning of Wireless Access Points (CAPWAP) Access Controller DHCP Option", RFC 5417, March 2009. Zhang, et al. Expires April 25, 2014 [Page 6] Internet-Draft Alternate Tunnel October 2013 Authors' Addresses Rong Zhang China Telecom No.109 Zhongshandadao avenue Guangzhou 510630 China Email: zhangr@gsta.com Zhen Cao China Mobile Xuanwumenxi Ave. No. 32 Beijing 100871 China Phone: +86-10-52686688 Email: zehn.cao@gmail.com, caozhen@chinamobile.com Hui Deng China Mobile No.32 Xuanwumen West Street Beijing 100053 China Email: denghui@chinamobile.com Rajesh S. Pazhyannur Cisco 170 West Tasman Drive San Jose, CA 95134 USA Email: rpazhyan@cisco.com Sri Gundavelli Cisco 170 West Tasman Drive San Jose, CA 95134 USA Email: sgundave@cisco.com Zhang, et al. Expires April 25, 2014 [Page 7]