Wireless mesh networks are becoming common, e.g., in an outdoor environment for providing so-called hot spots for wireless local area networks (WLANs) conforming to the IEEE 802.11 standard. In a wireless mesh network, a set of mesh points are coupled by a backhaul network that typically forms a tree topology, at least one mesh point being the root of the tree topology, and coupled to a wired network that, for example, is coupled to the Internet. Some mesh points may also act as an access point (AP) so that one or more client stations may associate with them, and such a mesh point is called a mesh AP (MAP). Without loss of generality, each mesh point can be called a mesh AP. A non-AP mesh point, e.g., one that acts as a relay in the backhaul network, can simply be thought of as a mesh AP with the mesh AP functionality turned off, or without having the AP capability. In each tree structure of the backhaul network, one mesh AP is the root mesh point, and such a mesh point is called the root AP (RAP) herein.
Suppose a mesh AP wishes to join a mesh network as the child mesh AP of some parent mesh AP. Securing such a child mesh AP includes discovery wherein the child mesh AP receives advertisements from potential parent mesh APs and selects a parent mesh AP to join, association wherein the child mesh AP associates with the parent mesh AP, authentication wherein the child mesh AP undergoes an authentication, e.g., a shared-key authentication, or a certificate-based backend mutual authentication such as an IEEE 802.11x Extensible Authentication Protocol (EAP) authentication with an authentication server to obtain pairwise master keys (PMKs), followed by an 802.11i 4-way handshake using the PMK to obtain a pairwise transient key (PTK) for the child mesh AP to use to communicate with the parent mesh AP at L2. In the case that the AP functionalities of the mesh points is controlled by a controller using a protocol, securing the link includes the new child mesh AP joining the controller by forming a secure link, e.g., a secure tunnel to the controller so that the child mesh AP can function as an AP. It is desirable to provide for rapid roaming, so that when a connected mesh AP wishes to change its parent mesh AP, it need not undergo a complete authentication phase, e.g., a full IEEE 802.1x EAP authentication with an authenticator.
Multiple links (or “multilinks”) and multiple paths (or “multipaths”) are used for redundancy and load balancing purposes in a mesh network. Using Multilinks and multipaths are methods aimed at increasing mesh backhaul capacity. As one example of multilink, suppose a mesh AP includes two radios, and suppose one of the radios is used to connect to a parent mesh AP in the backhaul. Suppose the radio that forms such a primary link to the parent mesh AP in the backhaul cannot operate or there is a need to move to a different channel. One mechanism that provides a backup is to allow the second radio to form a secondary link to the parent mesh AP as an alternate link to the primary link. The backhaul is formed on one or the other link. While the secondary link can be secured in exactly the same way as the primary link using full authentication, e.g., mutual certificate-based authentication using an 802.1x EAP authentication followed by an 802.11i 4-way handshake to provide the pairwise transient key, it would be advantageous to have a mechanism that allows both the primary and secondary link to be secured at the same time, and that allows a change from primary to secondary link without having to undergo a full authentication.
As an example of multipath, suppose as another situation a mesh AP has more than one parent so that on the upstream there are two alternate paths to the root AP. Such a mechanism may be used for load balancing or to provide alternate paths to cover the case when a primary link on the path to the root AP may be down or unavailable. Having a secondary parent link and associate path to the root allows minimal downtime; no rediscovery of a new parent needs to occur. When such a second path is used, it is desirable to secure the secondary path to a second parent without having to carry out a complete authentication with an authenticator.
It also is possible to have multiple links and multiple paths simultaneously. That is, for example, a child mesh AP with two radios may have a primary and secondary link with a first parent, and as an alternate path, a primary and secondary link with a second parent.
Securing multiple links and paths in a mesh network is therefore important.