Institute of Electrical and Electronics Engineers (IEEE) 802.11s is an international wireless LAN (WLAN) standard that describes a mesh network. WLAN devices in a mesh network are referred to as mesh points (MP). The MPs form mesh links with one another, over which mesh paths can be established using a routing protocol. The MPs have relay functions for wirelessly communicating directly with each other, instead of going through centralized control equipment such as a base station.
In a mesh network, data transmitted from one device may arrive at a destination via a sequence of MPs resulting in a multi-hop wireless network configuration. The mesh network of interconnected wireless links between the MPs enables automatic topology learning and dynamic path configuration/reconfiguration around inoperable paths by hopping from MP to MP until the destination is reached.
Communication between different MPs is controlled primarily through a Medium Access Control (MAC) protocol that uses IEEE 802.11 MAC/PHY layers to determine routes through the mesh network. In the MAC routing protocol, each MP learns about neighboring MPs and their current security modes using a neighbor discovery protocol based on received beacons or responses (alternatively, neighboring MPs may be discovered using some other external protocol). The neighbor discovery protocol calls for each MP to advertise its security capability and current security mode in mesh beacon and probe response management frames. Neighbors and neighbor's neighbors information is provided within the beacon management frames. Therefore, each MP can rapidly discover mesh points up to two hops away. Upon discovering the neighboring MPs, each MP records the current security modes of its neighboring MPs in an internal neighborhood routing table.
The MPs in a mesh network support two security modes, open and secure. In an open mesh network, no security mechanism is supported by each of the MPs, which are referred to as open MPs (O-MP). Alternatively, an open MP may refer to an MP that does support a security mode, but runs with security mode turned-off. All data frame exchanges between O-MPs are typically unencrypted.
In contrast, a secure mesh network typically only contains secure MPs (S-MPs) that only communicate with other S-MPs. Each S-MP supports a security mode in which all the frames exchanged between the S-MPs are encrypted. However, a requirement that S-MPs can only communicate with other S-MPs limits the use of S-MPs to an all secure network, such that O-MPs can neither talk to S-MPs nor use S-MPs as forwarders.
In general, mesh networks are often deployed in an ad-hoc manner and in a resource constrained environment. There may be some environments, however, where MPs may need to participate in a secure mesh network in the presence of O-MPs that do not support security.