The present invention relates to wireless networks, and in particular, to a system and method for enabling secure and rapid roaming of mesh access points in a wireless mesh network.
Wireless Mesh Networks and the Need for Secure and Rapid Roaming
Wireless mesh networks have recently become popular. In particular, wireless mesh networks that operate under one of the IEEE 802.11 wireless local area network (WLAN) standards have recently become popular. An exemplary wireless mesh network is illustrated in FIG. 6, which shows wireless access points (APs) 603, 605, 607, and 609, e.g., used outdoors. The access points 603, 605, 607, and 609 also each act as mesh points of a wireless mesh network, e.g., using an additional radio transceiver for the mesh backbone connection to route traffic between the mesh points, called mesh APs 603, 605, 607, and 609, to that used for the AP functionality. Such mesh access points may be used, for example, to cover large metropolitan areas. The exemplary system uses the IEEE 802.11a standard for backhaul data transmission between the mesh points, and uses the IEEE 802.11b/g standard for client access. One client 611 of mesh AP 605 is shown. Also shown is an AP, e.g., an indoor AP 613 that connects via the 2.4 GHz link to mesh AP 607.
As shown in FIG. 6, the exemplary wireless mesh network 600 includes of two types of mesh points: a root access point (root AP, RAP) 603, shown here on the roof of a building, and a mesh access point (mesh AP, MAP) 605, 607, and 609 each shown here on a pole-top. Each of these also acts as an access point. A mesh point without the AP capability is simply called a mesh point, and in this description, mesh APs can act as mesh points when there are no client stations, or if the wireless AP capabilities are disabled.
Recently, there has been a move in wireless networks away from autonomous access points towards what are called “light-weight” access points that are centrally controlled by, and work together with an entity in the wired network called an “WLAN Controller” (WLC), or simply a Controller. The general goal has been to move most of the traditional wireless functionality such as access control (user authentication and authorization), mobility and radio management out of the access point into a centralized Controller. The operation of the access point is managed by messages between the WLAN Controller and the AP using a protocol called the Lightweight AP Protocol (LWAPP). See for example, “Lightweight Access Point Protocol,” Draft, IETF Working Group on Control And Provisioning of Wireless Access Points (capwap), available for download on Mar. 3, 2006 from URL <www3.ietf.org/proceedings/05nov/IDs/draft-ohara-capwap-lwapp-03.txt> and elsewhere. In that document, the lightweight AP is referred to as a wireless termination point (WTP). Those in the art will be familiar with the Lightweight Access Point Protocol, (LWAPP) as described in the above cited and readily available “capwap” IETF draft.
In the examples used herein, the access points 603, 605, 607, and 609 of FIG. 6 are assumed to be lightweight APs operating with a WLAN Controller 615 coupled to the root AP 603 by a network, shown here as a wired wide area network (WAN) 617. The Controller uses LWAPP to communicate with the mesh APs. For operation as an access point, a lightweight access point requires a link to a WLAN Controller such as Controller 615.
It is known to include security in LWAPP. Mesh security includes link-level security (“IEEE 802.11” security, “layer-2” security) for communication between a child mesh AP and a parent mesh AP, and tunnel security (“LWAPP tunnel” security, for communication between a child mesh AP and the Controller 615 via a secure tunnel established using LWAPP. See the above referenced capwap IETF draft. The secure tunnel provided for securely communication between an AP, e.g., a mesh AP and the Controller so that data from any client associated with the AP can securely communicate with the Controller.
There is a need in the art for new methods of securing a mesh network. There further is a need in the art for a method and mechanisms for a child mesh AP of a mesh to rapidly roam from one parent to another.
Note that the need for rapid roaming in wireless networks has long been recognized. For example, the IEEE 802.11 WLAN standards committee has formed a task group (Task Group “r”, so called TG-r) to establish a new standard, to be known as the IEEE 802.11r standard for rapid roaming within an IEEE basis service set. The rapid roaming methods being considered by TG-r deal with layer-2 aspects of client roaming. However, there still is a need for rapid mesh roaming to re-establish a secure LWAPP tunnel from a child mesh AP to the Controller. For example, the authorization, e.g. access control may change as a client moves from one AP to the other. Also, the accounting server needs to be appraised of the change that can happen at the time the controller tunnel is “re-established.”
Thus, there is a need in the art for extending the roaming capabilities provided by the current TG-r proposal to enable rapid roaming of mesh points, such as mesh APs, including rapidly re-establishing a secure LWAPP tunnel between a child mesh AP and a Controller.