1. Technical Field
The present invention relates generally to wireless device networking and in particular to a method for fast roaming across subnets in a wireless network.
2. Background of the Related Art
Wireless local area network (WLAN) technologies and services are well-known. WLAN is based on IEEE 802.11 standards. Users access the WLAN using mobile devices (e.g., dual-mode cell phones, laptops, PDAs with a Wi-Fi NIC cards, or the like). A Wi-Fi infrastructure typically comprises one or more access points (APs) located in proximity to one another, and each AP provides a wireless service in a given area. An access control function typically is based in a bridge interface that aggregates (at a central point) traffic coming from various interfaces. A bridge (which may be implemented in software) serves the purpose of aggregating traffic from multiple interfaces and forwarding it to appropriate locations based on Layer 2 (L2) knowledge. Layer 2 refers to the Data Link layer of the commonly referenced multi-layered communication model, Open Systems Interconnection (OSI). The Data Link layer contains the address inspected by a bridge or switch. L2 messages are delivered as “frames.” In contrast, Layer 3 (L3) refers to the third or Network layer of the OSI model, which is used to route data to different LANs and WANs based on network addresses. L3 messages are delivered as “packets” (as opposed to frames)
FIG. 1 depicts a bridge 100 having a central interface connecting together a set of interfaces 102a-c. When multiple interfaces are interconnected in this manner using a bridge structure, each packet coming in from an interface for forwarding is inspected and analyzed at the L2 level. This process is also referred to as “promiscuous mode,” during which the bridge interface captures and analyzes all network packets received by its underlying managed interfaces. From there, an access point decides whether to forward the traffic further on, or to discard it, e.g., based on the different security features that must apply for a specific user.
Each time a packet enters the bridge interface, the internal bridge mechanism learns from it. In particular, the mechanism typically extracts given information, such as the source Medium Access Control (MAC) address, as well as the local interface from which the packet came. From this information, an internal database is populated, and the MAC address becomes the key of the database. This information is continuously refreshed, typically by every single packet that enters the bridge interface. FIG. 2 illustrates a representative bridge forwarding database. As a result of this inspection process, the bridge is very sensitive to any packet it sees at the L2 level. Thus, for example, every Address Resolution Protocol (ARP) or Internet Protocol (IP) packet encapsulated into an Ethernet frame affects the bridge table. A typical bridge forwarding database such as shown in FIG. 2 is the result of a learning phase for the bridge structure (such as shown in FIG. 1). The learning phase is a prerequisite for a successful and efficient forwarding phase. When a packet comes into the bridge structure and the learning processing is done, the packet is inspected again in the forwarding phase. In this phase, the bridge retrieves the destination MAC address from the packet and seeks a corresponding entry in the database. If an entry is found, the packet is forwarded to the corresponding interface that takes care of sending it over the network. If no entry is found, however, the packet is duplicated and forwarded on every bridge interface excluding the one where the packet was received.
With the recent introduction of WLAN service controller (SC) devices, it is now possible to support much more complex wireless infrastructures. As illustrated in FIG. 3a, for example, a Wi-Fi infrastructure comprises a set of access points 302a-b connected to a service controller (SC) 304 through a L2 switch 306. In this example, the service controller 304 is associated with a subnet and manages the access points that are connected thereto. In particular, each AP connected to the SC reports its status and the identity of the connected clients. The L2 switch 306 includes a bridge, typically implemented in software. In this case, a VAP user (a mobile device) 308 is forwarded to a central device (such as a server that performs RADIUS-compliant AAA services) for authentication and authorization. FIG. 3b illustrates the client 308 roaming from access point 302a to access point 302b in the same subnet. This is distributed L2 roaming.
As topologies increase in size, however, there is a need to seamlessly support and manage clients as they roam between access points across multiple subnets, including without limitation with respect to subnets that are managed by different service controller devices. Note that the term “roam” (or “roaming”) in this context (and in the context of the invention) is sometimes referred to as a “handover.” As seen in FIG. 4, in this scenario, it is assumed that there are four (4) basic entities: a home AP 400, a home SC 402, a foreign AP 404, and a foreign SC 406. The home AP 400 is an access point in the home subnet of a wireless client where the client device usually is hosted. The home SC 402 is the device controlling the home AP for a roaming client (in this case client 408). The home service controller 402 may or may not be in the same subnet as the home AP. The foreign AP 404 is an access point with which a client connects while roaming outside of its home subnet. The foreign SC 406 is the service controller that controls the foreign AP.
In the prior art, it has not been possible to provide seamless handover (e.g., sub-50 millisecond roaming delay) as a client moves from a home subnet to a foreign subnet being managed by multiple service controllers such as shown in FIG. 4. This creates a potential performance issue, because the client device needs to preserve its current IP address at all times, which means that the access point in the foreign subnet cannot simply operate as a L2 bridge. In particular, when a user roams from an original subnet location to a foreign subnet, the foreign AP is the first device that detects the roaming. This detection is necessary for the AP to decide whether to handle the user locally or to force the user traffic to follow some other path (e.g., a dedicated path to the subnet master SC) for further action. Fundamentally, the AP is a wireless bridge and it functions at the L2 level. One way for the foreign AP to handle a new incomer (to the subnet) is to already know locally what to do with the traffic prior to its arrival. This type of solution requires management exchanges between all the devices (SCs and APs) that would have to configure the different network elements prior to the arrival of a roaming user. It also requires that all the MAC addresses learned by the bridge be approved by the SC before being used to pass traffic. Although L2 awareness and propagation inside the bridge tables is a solution that preserves the L2 nature of the bridge, it requires a synchronization of the devices throughout the network, significantly increasing processing time of a roaming user. This translates into the fact that user traffic must be blocked at the foreign AP until the knowledge of the user is in its bridge tables. This inconvenience is unacceptable in the context of fast roaming especially when supporting voice over IP (VoIP) phones or other such applications requiring a high quality of service (QoS) level.
The present invention addresses this need in the art.