- Voice Personal: Relates with QoS requirements for voice on single access point so as voice can have low latency and low jitter.
- Voice Enterprise: Relates to voice performance on multiple access points especially station movement from one access point to another.
- BSS Transition: Movement of client from one BSS to another under the same ESS. Each BSS can be under same or different sub-net.
- Mobility Domain: Group of access points across which a station can quickly roam. These access points can be under same or different sub-net.
- Layer 2 Roaming: When a client moves from one BSS to another (with in the same sub-net).
- Layer 3 [IP] Roaming: When a client moves from one BSS to another (each in different sub-net). Moving from one sub-net to another normally involves IP change. Hence, layer 3 roaming is trickier than layer 2 roaming. Vendors either implement proprietary tunneling methods or Mobile IP to preserve the IP.
- Inter AP handover: Roaming often involves data exchange from one access point to another. However, communication between different access points is not defined in 802.11 standard. Vendors are free to implement their own mechanisms.
- For layer 2 roaming, this can be simple broadcast message or a layer 2 uni-cast packet.
- For layer 3 roaming, it has to a uni-cast message from one access point to another.
- Mobility Domain is the group of access points which knows the IP (or MAC or both) of other access points in that group.
- Inter access point communication should be secure.
When a VoIP phone moves from one access point during a call there is layer 2 connectivity transfer which leads to frame loss depending on time it takes for connectivity transfer. Large time can lead to call drop. In order to avoid call drop, connectivity transfer (roaming) time should be less than 50 msecs. However, when WPA2-enterprise level security is used then it generally takes 700 msecs for the station to authenticate and connect (that too when authentication server is on LAN). To overcome this large roaming time while using robust security mechanisms becomes the objective of roaming techniques.
- Pre-authentication (recommended in 802.11i)
- PMKSA Caching (recommended in 802.11i, also called fast secure roam-back)
- Opportunistic Key Caching (OKC) or Proactive Key Caching (PKC)
- Cisco Centralized Key Management (CCKM)
- Fast BSS Transition (FT) or 802.11r
- Single Channel Architecture Roaming (as done by Meraki)
PMK vs PMKSA vs PMKID
- PMK: Refer to this post to check how PMK is generated.
- PMKSA: Componenets of PMKSA includes the following:
- Authenticator MAC: This makes PMKSA specific to a given AP. Hence, PMKSA cached at one AP cannot be used by other AP.
- AKMP: Authentication & Key management protocol
- Authorization Parameters: Any parameters specified by the authorization server.
- PMKID: Each PMKSA has one ID which is used in Re-association request.
- Roaming on Mobile phones happen at higher RSSI than laptops.
- Apple roaming thresholds
- Apple devices roaming support
In future posts, we will discuss some more details about specific roaming techniques.