idnits 2.17.1 

draft-ietf-capwap-problem-statement-01.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

  ** Looks like you're using RFC 2026 boilerplate.  This must be updated to
     follow RFC 3978/3979, as updated by RFC 4748.


  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

  == No 'Intended status' indicated for this document; assuming Proposed
     Standard


  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

  ** The document seems to lack an IANA Considerations section.  (See Section
     2.2 of https://www.ietf.org/id-info/checklist for how to handle the case
     when there are no actions for IANA.)

  ** The document seems to lack separate sections for Informative/Normative
     References.  All references will be assumed normative when checking for
     downward references.


  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not
     match the current year

  -- The document seems to lack a disclaimer for pre-RFC5378 work, but may
     have content which was first submitted before 10 November 2008.  If you
     have contacted all the original authors and they are all willing to grant
     the BCP78 rights to the IETF Trust, then this is fine, and you can ignore
     this comment.  If not, you may need to add the pre-RFC5378 disclaimer. 
     (See the Legal Provisions document at
     https://trustee.ietf.org/license-info for more information.)

  -- The document date (May 10, 2004) is 7291 days in the past.  Is this
     intentional?


  Checking references for intended status: Proposed Standard
  ----------------------------------------------------------------------------

     (See RFCs 3967 and 4897 for information about using normative references
     to lower-maturity documents in RFCs)

     No issues found here.

     Summary: 3 errors (**), 0 flaws (~~), 2 warnings (==), 2 comments (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.

--------------------------------------------------------------------------------


2	CAPWAP Working Group                                          P. Calhoun
3	Internet-Draft                                                 B. O'Hara
4	Expires: November 8, 2004                                      Airespace
5	                                                                J. Kempf
6	                                                         Docomo Labs USA
7	                                                            May 10, 2004

9	                        CAPWAP Problem Statement
10	                 draft-ietf-capwap-problem-statement-01

12	Status of this Memo

14	   This document is an Internet-Draft and is in full conformance with
15	   all provisions of Section 10 of RFC2026.

17	   Internet-Drafts are working documents of the Internet Engineering
18	   Task Force (IETF), its areas, and its working groups.  Note that
19	   other groups may also distribute working documents as
20	   Internet-Drafts.

22	   Internet-Drafts are draft documents valid for a maximum of six months
23	   and may be updated, replaced, or obsoleted by other documents at any
24	   time.  It is inappropriate to use Internet-Drafts as reference
25	   material or to cite them other than as "work in progress."

27	   The list of current Internet-Drafts can be accessed at
28	   http://www.ietf.org/ietf/1id-abstracts.txt.

30	   The list of Internet-Draft Shadow Directories can be accessed at
31	   http://www.ietf.org/shadow.html.

33	   This Internet-Draft will expire on November 8, 2004.

35	Copyright Notice

37	   Copyright (C) The Internet Society (2004).  All Rights Reserved.

39	Abstract

41	   This document describes the Configuration and Provisioning for
42	   Wireless Access Points (CAPWAP) problem statement.

44	Table of Contents

46	   1.   Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
47	   2.   Problem Statement  . . . . . . . . . . . . . . . . . . . . . . 4
48	   3.   Security Considerations  . . . . . . . . . . . . . . . . . . . 6
49	   4.   References . . . . . . . . . . . . . . . . . . . . . . . . . . 6
50	        Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 6
51	        Intellectual Property and Copyright Statements . . . . . . . . 8

53	1.  Introduction

55	   With the approval of the 802.11 standard by the IEEE in 1997,
56	   wireless LANs (WLANs) began a slow entry into enterprise networks.
57	   The limited data rates of the original 802.11 standard, only 1- and
58	   2-Mbps, limited widespread adoption of the technology.  802.11 found
59	   wide deployment in vertical applications, such as inventory
60	   management, point of sale, and transportation management.  Pioneering
61	   enterprises began to deploy 802.11, mostly for experimentation.

63	   In 1999, the IEEE approved the 802.11a and 802.11b amendments to the
64	   base standard, increasing the available data rate to 54- and 11-Mbps,
65	   respectively, and expanding to a new radio band.  This removed one of
66	   the significant factors holding back adoption of 802.11 in large,
67	   enterprise networks.  These large deployments were bound by the
68	   definition and functionality of an 802.11 Access Point (AP), as
69	   described in the 802.11 standard.  The techniques required extensive
70	   use of layer 2 bridging and widespread VLANs to ensure the proper
71	   operation of higher layer protocols.  Deployments of 802.11 WLANs as
72	   large as several thousand APs have been described.

74	   Large deployments of 802.11 WLANs have introduced several problems
75	   that require solutions.  The limitations on the scalability of
76	   bridging should come as no suprise to the networking community, since
77	   similar limitations arose in the early 1980's for wired network
78	   bridging during the expansion and interconnection of wired local area
79	   networks.  This document will describe the problems introduced by the
80	   large scale deployment of 802.11 WLANs in enterprise networks.

82	2.  Problem Statement

84	   The first problem introduced by large WLAN deployments is that each
85	   AP is an IP-addressable device requiring management, monitoring, and
86	   control.  Deployment of a large WLAN will typically double the number
87	   of network infrastructure devices that require management, over the
88	   devices in the network prior to the addition of the WLAN.  This
89	   presents a significant additional burden to the network
90	   administration resources and is often a hurdle to adoption of
91	   wireless technologies, particularly because the configuration of each
92	   access point is nearly identical to the next.  This near-sameness of
93	   configuration from one AP to the next often leads to misconfiguration
94	   and improper operation of the WLAN.

96	   A second problem introduced by large WLAN deployments is distributing
97	   and maintaining a consistent configuration throughout the entire set
98	   of access points in the WLAN.  Access point configuration consists of
99	   both long-term static information, such as addressing and hardware
100	   settings, and more dynamic provisioning information, such as
101	   individual WLAN settings and security parameters.  Large WLAN
102	   installations that need to update dyanmic provisioning information in
103	   all the APs in the WLAN require a prolonged phase-over time, while
104	   each AP is updated and the WLAN does not have a single, consistent,
105	   configuration.

107	   A third problem introduced by large WLAN deployments is the
108	   difficulty in dealing effectively with the dynamic nature of the WLAN
109	   medium, itself.  Due to the shared nature of the wireless medium,
110	   shared with APs in the same WLAN, with APs in other WLANs, and with
111	   devices that are not APs at all, parameters controlling the wireless
112	   medium on each AP must be monitored frequently and modified in a
113	   coordinated fashion to maximize performance for the WLAN to utilize
114	   the wireless medium efficiently.  This must be coordinated among all
115	   the access points, to minimize the interference of one access point
116	   with its neighbors.  Manually monitoring these metrics and
117	   determining a new, optimum configuration for the parameters related
118	   to the wireless medium is a task that takes a significant amount of
119	   time and effort.

121	   A fourth problem introduced by large WLAN deployments is securing
122	   access to the network and preventing installation of unauthorized
123	   access points.  Access points are often difficult to physically
124	   secure, since their location must often be outside of a locked
125	   network closet or server room.  Theft of an access point, with its
126	   embedded secrets, allows the thief to obtain access to the resources
127	   secured by those secrets.

129	   Recently, multiple vendors have begun offering proprietary solutions
130	   that combine aspects of network switching, centralized control and
131	   management, and distributed wireless access in a variety of new
132	   architectures to adress some, or all, of the above mentioned
133	   problems.  Since interoperable solutions allow enterprises and
134	   service providers a broader choice, a standardized, interoperable
135	   interface between access points and a centralized controller
136	   addressing the above mentioned problems seems desirable.

138	   The physical portions of this network system, in currently fielded
139	   devices, are one or more 802.11 access points (APs) and one or more
140	   central control devices, alternatively described as controllers (or
141	   access controllers, ACs).  Ideally, a network designer would be able
142	   to choose one or more vendors for the APs and one or more vendors for
143	   the central control devices in sufficient numbers to design a network
144	   with 802.11 wireless access to meet the designer's requirements.

146	   Current implementations are proprietary and not interoperable.  This
147	   is due to a number of factors, including the disparate architectural
148	   choices made by the various manufacturers.  A taxonomy of the
149	   architectures employed in the existing products in the market will
150	   provide the basis of an output document to be provided to the IEEE
151	   802.11 Working Group.  This taxonomy will be utilized by the 802.11
152	   Working Group as input to their task of defining the functional
153	   architecture of an access point.  The functional architecture,
154	   including description of detailed functional blocks, interfaces, and
155	   information flow, will be reviewed by CAPWAP to determine if further
156	   work is needed to apply or develop standard protocols providing for
157	   multi-vendor interoperable implementations of WLANs built from
158	   devices that adhere to the newly appearing hierarchical architecture
159	   utilizing a functional split between an access point and an access
160	   controller.

162	3.  Security Considerations

164	   The devices used in WLANs control the access to networks and provide
165	   for the delivery of packets between hosts using the WLAN and other
166	   hosts on the WLAN or elsewhere on the internet.  The functions for
167	   control and provisioning of wireless access points, therefore require
168	   protection to prevent misuse of the devices.

170	   Requirements for central management, monitoring, and control of
171	   wireless access points that should be addressed include
172	   confidentiality, integrity, and authenticity.  Once an AP and AC have
173	   been authenticated to each other, it may not be sufficient that a
174	   single level of authorization allows monitoring, as well as control
175	   and provisioning.  The requirement for more than a single level of
176	   authorization should be determined.  Physical security should also be
177	   addressed, for those devices that contain security parameters that
178	   are sensitive and might compromise the security of the system, if
179	   those parameters were to fall into the hands of an attacker.

181	4  References

183	Authors' Addresses

185	   Pat R. Calhoun
186	   Airespace
187	   110 Nortech Parkway
188	   San Jose, CA  95134

190	   Phone: +1 408-635-2000
191	   EMail: pcalhoun@airespace.com

193	   Bob O'Hara
194	   Airespace
195	   110 Nortech Parkway
196	   San Jose, CA  95134

198	   Phone: +1 408-635-2025
199	   EMail: bob@airespace.com
200	   James Kempf
201	   Docomo Labs USA
202	   181 Metro Drive, Suite 300
203	   San Jose, CA  95110

205	   Phone: +1 408 451 4711
206	   EMail: kempf@docomolabs-usa.com

208	Intellectual Property Statement

210	   The IETF takes no position regarding the validity or scope of any
211	   intellectual property or other rights that might be claimed to
212	   pertain to the implementation or use of the technology described in
213	   this document or the extent to which any license under such rights
214	   might or might not be available; neither does it represent that it
215	   has made any effort to identify any such rights.  Information on the
216	   IETF's procedures with respect to rights in standards-track and
217	   standards-related documentation can be found in BCP-11.  Copies of
218	   claims of rights made available for publication and any assurances of
219	   licenses to be made available, or the result of an attempt made to
220	   obtain a general license or permission for the use of such
221	   proprietary rights by implementors or users of this specification can
222	   be obtained from the IETF Secretariat.

224	   The IETF invites any interested party to bring to its attention any
225	   copyrights, patents or patent applications, or other proprietary
226	   rights which may cover technology that may be required to practice
227	   this standard.  Please address the information to the IETF Executive
228	   Director.

230	Full Copyright Statement

232	   Copyright (C) The Internet Society (2004).  All Rights Reserved.

234	   This document and translations of it may be copied and furnished to
235	   others, and derivative works that comment on or otherwise explain it
236	   or assist in its implementation may be prepared, copied, published
237	   and distributed, in whole or in part, without restriction of any
238	   kind, provided that the above copyright notice and this paragraph are
239	   included on all such copies and derivative works.  However, this
240	   document itself may not be modified in any way, such as by removing
241	   the copyright notice or references to the Internet Society or other
242	   Internet organizations, except as needed for the purpose of
243	   developing Internet standards in which case the procedures for
244	   copyrights defined in the Internet Standards process must be
245	   followed, or as required to translate it into languages other than
246	   English.

248	   The limited permissions granted above are perpetual and will not be
249	   revoked by the Internet Society or its successors or assignees.

251	   This document and the information contained herein is provided on an
252	   "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
253	   TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
254	   BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
255	   HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
256	   MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

258	Acknowledgment

260	   Funding for the RFC Editor function is currently provided by the
261	   Internet Society.