Tech-invite3GPPspaceIETFspace
96959493929190898887868584838281807978777675747372717069686766656463626160595857565554535251504948474645444342414039383736353433323130292827262524232221201918171615141312111009080706050403020100
in Index   Prev   Next

RFC 5415

Control And Provisioning of Wireless Access Points (CAPWAP) Protocol Specification

Pages: 155
Proposed Standard
Errata
Obsoletes:  5414
Updated by:  85538996
Part 1 of 6 – Pages 1 to 11
None   None   Next

Top   ToC   RFC5415 - Page 1
Network Working Group                                    P. Calhoun, Ed.
Request for Comments: 5415                           Cisco Systems, Inc.
Category: Standards Track                             M. Montemurro, Ed.
                                                      Research In Motion
                                                         D. Stanley, Ed.
                                                          Aruba Networks
                                                              March 2009


      Control And Provisioning of Wireless Access Points (CAPWAP)
                         Protocol Specification

Status of This Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (c) 2009 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents in effect on the date of
   publication of this document (http://trustee.ietf.org/license-info).
   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.

   This document may contain material from IETF Documents or IETF
   Contributions published or made publicly available before November
   10, 2008.  The person(s) controlling the copyright in some of this
   material may not have granted the IETF Trust the right to allow
   modifications of such material outside the IETF Standards Process.
   Without obtaining an adequate license from the person(s) controlling
   the copyright in such materials, this document may not be modified
   outside the IETF Standards Process, and derivative works of it may
   not be created outside the IETF Standards Process, except to format
   it for publication as an RFC or to translate it into languages other
   than English.
Top   ToC   RFC5415 - Page 2

Abstract

This specification defines the Control And Provisioning of Wireless Access Points (CAPWAP) Protocol, meeting the objectives defined by the CAPWAP Working Group in RFC 4564. The CAPWAP protocol is designed to be flexible, allowing it to be used for a variety of wireless technologies. This document describes the base CAPWAP protocol, while separate binding extensions will enable its use with additional wireless technologies.

Table of Contents

1. Introduction ....................................................7 1.1. Goals ......................................................8 1.2. Conventions Used in This Document ..........................9 1.3. Contributing Authors .......................................9 1.4. Terminology ...............................................10 2. Protocol Overview ..............................................11 2.1. Wireless Binding Definition ...............................12 2.2. CAPWAP Session Establishment Overview .....................13 2.3. CAPWAP State Machine Definition ...........................15 2.3.1. CAPWAP Protocol State Transitions ..................17 2.3.2. CAPWAP/DTLS Interface ..............................31 2.4. Use of DTLS in the CAPWAP Protocol ........................33 2.4.1. DTLS Handshake Processing ..........................33 2.4.2. DTLS Session Establishment .........................35 2.4.3. DTLS Error Handling ................................35 2.4.4. DTLS Endpoint Authentication and Authorization .....36 3. CAPWAP Transport ...............................................40 3.1. UDP Transport .............................................40 3.2. UDP-Lite Transport ........................................41 3.3. AC Discovery ..............................................41 3.4. Fragmentation/Reassembly ..................................42 3.5. MTU Discovery .............................................43 4. CAPWAP Packet Formats ..........................................43 4.1. CAPWAP Preamble ...........................................46 4.2. CAPWAP DTLS Header ........................................46 4.3. CAPWAP Header .............................................47 4.4. CAPWAP Data Messages ......................................50 4.4.1. CAPWAP Data Channel Keep-Alive .....................51 4.4.2. Data Payload .......................................52 4.4.3. Establishment of a DTLS Data Channel ...............52 4.5. CAPWAP Control Messages ...................................52 4.5.1. Control Message Format .............................53 4.5.2. Quality of Service .................................56 4.5.3. Retransmissions ....................................57 4.6. CAPWAP Protocol Message Elements ..........................58 4.6.1. AC Descriptor ......................................61
Top   ToC   RFC5415 - Page 3
           4.6.2. AC IPv4 List .......................................64
           4.6.3. AC IPv6 List .......................................64
           4.6.4. AC Name ............................................65
           4.6.5. AC Name with Priority ..............................65
           4.6.6. AC Timestamp .......................................66
           4.6.7. Add MAC ACL Entry ..................................66
           4.6.8. Add Station ........................................67
           4.6.9. CAPWAP Control IPv4 Address ........................68
           4.6.10. CAPWAP Control IPv6 Address .......................68
           4.6.11. CAPWAP Local IPv4 Address .........................69
           4.6.12. CAPWAP Local IPv6 Address .........................69
           4.6.13. CAPWAP Timers .....................................70
           4.6.14. CAPWAP Transport Protocol .........................71
           4.6.15. Data Transfer Data ................................72
           4.6.16. Data Transfer Mode ................................73
           4.6.17. Decryption Error Report ...........................73
           4.6.18. Decryption Error Report Period ....................74
           4.6.19. Delete MAC ACL Entry ..............................74
           4.6.20. Delete Station ....................................75
           4.6.21. Discovery Type ....................................75
           4.6.22. Duplicate IPv4 Address ............................76
           4.6.23. Duplicate IPv6 Address ............................77
           4.6.24. Idle Timeout ......................................78
           4.6.25. ECN Support .......................................78
           4.6.26. Image Data ........................................79
           4.6.27. Image Identifier ..................................79
           4.6.28. Image Information .................................80
           4.6.29. Initiate Download .................................81
           4.6.30. Location Data .....................................81
           4.6.31. Maximum Message Length ............................81
           4.6.32. MTU Discovery Padding .............................82
           4.6.33. Radio Administrative State ........................82
           4.6.34. Radio Operational State ...........................83
           4.6.35. Result Code .......................................84
           4.6.36. Returned Message Element ..........................85
           4.6.37. Session ID ........................................86
           4.6.38. Statistics Timer ..................................87
           4.6.39. Vendor Specific Payload ...........................87
           4.6.40. WTP Board Data ....................................88
           4.6.41. WTP Descriptor ....................................89
           4.6.42. WTP Fallback ......................................92
           4.6.43. WTP Frame Tunnel Mode .............................92
           4.6.44. WTP MAC Type ......................................93
           4.6.45. WTP Name ..........................................94
           4.6.46. WTP Radio Statistics ..............................94
           4.6.47. WTP Reboot Statistics .............................96
           4.6.48. WTP Static IP Address Information .................97
      4.7. CAPWAP Protocol Timers ....................................98
Top   ToC   RFC5415 - Page 4
           4.7.1. ChangeStatePendingTimer ............................98
           4.7.2. DataChannelKeepAlive ...............................98
           4.7.3. DataChannelDeadInterval ............................99
           4.7.4. DataCheckTimer .....................................99
           4.7.5. DiscoveryInterval ..................................99
           4.7.6. DTLSSessionDelete ..................................99
           4.7.7. EchoInterval .......................................99
           4.7.8. IdleTimeout ........................................99
           4.7.9. ImageDataStartTimer ...............................100
           4.7.10. MaxDiscoveryInterval .............................100
           4.7.11. ReportInterval ...................................100
           4.7.12. RetransmitInterval ...............................100
           4.7.13. SilentInterval ...................................100
           4.7.14. StatisticsTimer ..................................100
           4.7.15. WaitDTLS .........................................101
           4.7.16. WaitJoin .........................................101
      4.8. CAPWAP Protocol Variables ................................101
           4.8.1. AdminState ........................................101
           4.8.2. DiscoveryCount ....................................101
           4.8.3. FailedDTLSAuthFailCount ...........................101
           4.8.4. FailedDTLSSessionCount ............................101
           4.8.5. MaxDiscoveries ....................................102
           4.8.6. MaxFailedDTLSSessionRetry .........................102
           4.8.7. MaxRetransmit .....................................102
           4.8.8. RetransmitCount ...................................102
           4.8.9. WTPFallBack .......................................102
      4.9. WTP Saved Variables ......................................102
           4.9.1. AdminRebootCount ..................................102
           4.9.2. FrameEncapType ....................................102
           4.9.3. LastRebootReason ..................................103
           4.9.4. MacType ...........................................103
           4.9.5. PreferredACs ......................................103
           4.9.6. RebootCount .......................................103
           4.9.7. Static IP Address .................................103
           4.9.8. WTPLinkFailureCount ...............................103
           4.9.9. WTPLocation .......................................103
           4.9.10. WTPName ..........................................103
   5. CAPWAP Discovery Operations ...................................103
      5.1. Discovery Request Message ................................103
      5.2. Discovery Response Message ...............................105
      5.3. Primary Discovery Request Message ........................106
      5.4. Primary Discovery Response ...............................107
   6. CAPWAP Join Operations ........................................108
      6.1. Join Request .............................................108
      6.2. Join Response ............................................110
   7. Control Channel Management ....................................111
      7.1. Echo Request .............................................111
      7.2. Echo Response ............................................112
Top   ToC   RFC5415 - Page 5
   8. WTP Configuration Management ..................................112
      8.1. Configuration Consistency ................................112
           8.1.1. Configuration Flexibility .........................113
      8.2. Configuration Status Request .............................114
      8.3. Configuration Status Response ............................115
      8.4. Configuration Update Request .............................116
      8.5. Configuration Update Response ............................117
      8.6. Change State Event Request ...............................117
      8.7. Change State Event Response ..............................118
      8.8. Clear Configuration Request ..............................119
      8.9. Clear Configuration Response .............................119
   9. Device Management Operations ..................................120
      9.1. Firmware Management ......................................120
           9.1.1. Image Data Request ................................124
           9.1.2. Image Data Response ...............................125
      9.2. Reset Request ............................................126
      9.3. Reset Response ...........................................127
      9.4. WTP Event Request ........................................127
      9.5. WTP Event Response .......................................128
      9.6. Data Transfer ............................................128
           9.6.1. Data Transfer Request .............................130
           9.6.2. Data Transfer Response ............................131
   10. Station Session Management ...................................131
      10.1. Station Configuration Request ...........................131
      10.2. Station Configuration Response ..........................132
   11. NAT Considerations ...........................................132
   12. Security Considerations ......................................134
      12.1. CAPWAP Security .........................................134
           12.1.1. Converting Protected Data into Unprotected Data ..135
           12.1.2. Converting Unprotected Data into
                   Protected Data (Insertion) .......................135
           12.1.3. Deletion of Protected Records ....................135
           12.1.4. Insertion of Unprotected Records .................135
           12.1.5. Use of MD5 .......................................136
           12.1.6. CAPWAP Fragmentation .............................136
      12.2. Session ID Security .....................................136
      12.3. Discovery or DTLS Setup Attacks .........................137
      12.4. Interference with a DTLS Session ........................137
      12.5. CAPWAP Pre-Provisioning .................................138
      12.6. Use of Pre-Shared Keys in CAPWAP ........................139
      12.7. Use of Certificates in CAPWAP ...........................140
      12.8. Use of MAC Address in CN Field ..........................140
      12.9. AAA Security ............................................141
      12.10. WTP Firmware ...........................................141
   13. Operational Considerations ...................................141
   14. Transport Considerations .....................................142
   15. IANA Considerations ..........................................143
      15.1. IPv4 Multicast Address ..................................143
Top   ToC   RFC5415 - Page 6
      15.2. IPv6 Multicast Address ..................................144
      15.3. UDP Port ................................................144
      15.4. CAPWAP Message Types ....................................144
      15.5. CAPWAP Header Flags .....................................144
      15.6. CAPWAP Control Message Flags ............................145
      15.7. CAPWAP Message Element Type .............................145
      15.8. CAPWAP Wireless Binding Identifiers .....................145
      15.9. AC Security Types .......................................146
      15.10. AC DTLS Policy .........................................146
      15.11. AC Information Type ....................................146
      15.12. CAPWAP Transport Protocol Types ........................146
      15.13. Data Transfer Type .....................................147
      15.14. Data Transfer Mode .....................................147
      15.15. Discovery Types ........................................147
      15.16. ECN Support ............................................148
      15.17. Radio Admin State ......................................148
      15.18. Radio Operational State ................................148
      15.19. Radio Failure Causes ...................................148
      15.20. Result Code ............................................149
      15.21. Returned Message Element Reason ........................149
      15.22. WTP Board Data Type ....................................149
      15.23. WTP Descriptor Type ....................................149
      15.24. WTP Fallback Mode ......................................150
      15.25. WTP Frame Tunnel Mode ..................................150
      15.26. WTP MAC Type ...........................................150
      15.27. WTP Radio Stats Failure Type ...........................151
      15.28. WTP Reboot Stats Failure Type ..........................151
   16. Acknowledgments ..............................................151
   17. References ...................................................151
      17.1. Normative References ....................................151
      17.2. Informative References ..................................153
Top   ToC   RFC5415 - Page 7

1. Introduction

This document describes the CAPWAP protocol, a standard, interoperable protocol that enables an Access Controller (AC) to manage a collection of Wireless Termination Points (WTPs). The CAPWAP protocol is defined to be independent of Layer 2 (L2) technology, and meets the objectives in "Objectives for Control and Provisioning of Wireless Access Points (CAPWAP)" [RFC4564]. The emergence of centralized IEEE 802.11 Wireless Local Area Network (WLAN) architectures, in which simple IEEE 802.11 WTPs are managed by an Access Controller (AC), suggested that a standards-based, interoperable protocol could radically simplify the deployment and management of wireless networks. WTPs require a set of dynamic management and control functions related to their primary task of connecting the wireless and wired mediums. Traditional protocols for managing WTPs are either manual static configuration via HTTP, proprietary Layer 2-specific or non-existent (if the WTPs are self- contained). An IEEE 802.11 binding is defined in [RFC5416] to support use of the CAPWAP protocol with IEEE 802.11 WLAN networks. CAPWAP assumes a network configuration consisting of multiple WTPs communicating via the Internet Protocol (IP) to an AC. WTPs are viewed as remote radio frequency (RF) interfaces controlled by the AC. The CAPWAP protocol supports two modes of operation: Split and Local MAC (medium access control). In Split MAC mode, all L2 wireless data and management frames are encapsulated via the CAPWAP protocol and exchanged between the AC and the WTP. As shown in Figure 1, the wireless frames received from a mobile device, which is referred to in this specification as a Station (STA), are directly encapsulated by the WTP and forwarded to the AC. +-+ wireless frames +-+ | |--------------------------------| | | | +-+ | | | |--------------| |---------------| | | |wireless PHY/ | | CAPWAP | | | | MAC sublayer | | | | +-+ +-+ +-+ STA WTP AC Figure 1: Representative CAPWAP Architecture for Split MAC The Local MAC mode of operation allows for the data frames to be either locally bridged or tunneled as 802.3 frames. The latter implies that the WTP performs the 802.11 Integration function. In either case, the L2 wireless management frames are processed locally
Top   ToC   RFC5415 - Page 8
   by the WTP and then forwarded to the AC.  Figure 2 shows the Local
   MAC mode, in which a station transmits a wireless frame that is
   encapsulated in an 802.3 frame and forwarded to the AC.

              +-+wireless frames +-+ 802.3 frames +-+
              | |----------------| |--------------| |
              | |                | |              | |
              | |----------------| |--------------| |
              | |wireless PHY/   | |     CAPWAP   | |
              | | MAC sublayer   | |              | |
              +-+                +-+              +-+
              STA                WTP               AC

        Figure 2: Representative CAPWAP Architecture for Local MAC

   Provisioning WTPs with security credentials and managing which WTPs
   are authorized to provide service are traditionally handled by
   proprietary solutions.  Allowing these functions to be performed from
   a centralized AC in an interoperable fashion increases manageability
   and allows network operators to more tightly control their wireless
   network infrastructure.

1.1. Goals

The goals for the CAPWAP protocol are listed below: 1. To centralize the authentication and policy enforcement functions for a wireless network. The AC may also provide centralized bridging, forwarding, and encryption of user traffic. Centralization of these functions will enable reduced cost and higher efficiency by applying the capabilities of network processing silicon to the wireless network, as in wired LANs. 2. To enable shifting of the higher-level protocol processing from the WTP. This leaves the time-critical applications of wireless control and access in the WTP, making efficient use of the computing power available in WTPs, which are subject to severe cost pressure. 3. To provide an extensible protocol that is not bound to a specific wireless technology. Extensibility is provided via a generic encapsulation and transport mechanism, enabling the CAPWAP protocol to be applied to many access point types in the future, via a specific wireless binding. The CAPWAP protocol concerns itself solely with the interface between the WTP and the AC. Inter-AC and station-to-AC communication are strictly outside the scope of this document.
Top   ToC   RFC5415 - Page 9

1.2. Conventions Used in This Document

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119].

1.3. Contributing Authors

This section lists and acknowledges the authors of significant text and concepts included in this specification. The CAPWAP Working Group selected the Lightweight Access Point Protocol (LWAPP) [LWAPP] to be used as the basis of the CAPWAP protocol specification. The following people are authors of the LWAPP document: Bob O'Hara Email: bob.ohara@computer.org Pat Calhoun, Cisco Systems, Inc. 170 West Tasman Drive, San Jose, CA 95134 Phone: +1 408-902-3240, Email: pcalhoun@cisco.com Rohit Suri, Cisco Systems, Inc. 170 West Tasman Drive, San Jose, CA 95134 Phone: +1 408-853-5548, Email: rsuri@cisco.com Nancy Cam Winget, Cisco Systems, Inc. 170 West Tasman Drive, San Jose, CA 95134 Phone: +1 408-853-0532, Email: ncamwing@cisco.com Scott Kelly, Aruba Networks 1322 Crossman Ave, Sunnyvale, CA 94089 Phone: +1 408-754-8408, Email: skelly@arubanetworks.com Michael Glenn Williams, Nokia, Inc. 313 Fairchild Drive, Mountain View, CA 94043 Phone: +1 650-714-7758, Email: Michael.G.Williams@Nokia.com Sue Hares, Green Hills Software 825 Victors Way, Suite 100, Ann Arbor, MI 48108 Phone: +1 734 222 1610, Email: shares@ndzh.com Datagram Transport Layer Security (DTLS) [RFC4347] is used as the security solution for the CAPWAP protocol. The following people are authors of significant DTLS-related text included in this document:
Top   ToC   RFC5415 - Page 10
      Scott Kelly, Aruba Networks
      1322 Crossman Ave, Sunnyvale, CA 94089
      Phone: +1  408-754-8408
      Email: skelly@arubanetworks.com

      Eric Rescorla, Network Resonance
      2483 El Camino Real, #212,Palo Alto CA, 94303
      Email: ekr@networkresonance.com

   The concept of using DTLS to secure the CAPWAP protocol was part of
   the Secure Light Access Point Protocol (SLAPP) proposal [SLAPP].  The
   following people are authors of the SLAPP proposal:

      Partha Narasimhan, Aruba Networks
      1322 Crossman Ave, Sunnyvale, CA  94089
      Phone: +1 408-480-4716
      Email: partha@arubanetworks.com

      Dan Harkins
      Trapeze Networks
      5753 W. Las Positas Blvd, Pleasanton, CA  94588
      Phone: +1-925-474-2212
      EMail: dharkins@trpz.com

      Subbu Ponnuswamy, Aruba Networks
      1322 Crossman Ave, Sunnyvale, CA  94089
      Phone: +1 408-754-1213
      Email: subbu@arubanetworks.com

   The following individuals contributed significant security-related
   text to the document [RFC5418]:

      T. Charles Clancy, Laboratory for Telecommunications Sciences,
      8080 Greenmead Drive, College Park, MD 20740
      Phone: +1 240-373-5069, Email: clancy@ltsnet.net

      Scott Kelly, Aruba Networks
      1322 Crossman Ave, Sunnyvale, CA 94089
      Phone: +1  408-754-8408, Email: scott@hyperthought.com

1.4. Terminology

Access Controller (AC): The network entity that provides WTP access to the network infrastructure in the data plane, control plane, management plane, or a combination therein.
Top   ToC   RFC5415 - Page 11
   CAPWAP Control Channel: A bi-directional flow defined by the AC IP
   Address, WTP IP Address, AC control port, WTP control port, and the
   transport-layer protocol (UDP or UDP-Lite) over which CAPWAP Control
   packets are sent and received.

   CAPWAP Data Channel: A bi-directional flow defined by the AC IP
   Address, WTP IP Address, AC data port, WTP data port, and the
   transport-layer protocol (UDP or UDP-Lite) over which CAPWAP Data
   packets are sent and received.

   Station (STA): A device that contains an interface to a wireless
   medium (WM).

   Wireless Termination Point (WTP): The physical or network entity that
   contains an RF antenna and wireless Physical Layer (PHY) to transmit
   and receive station traffic for wireless access networks.

   This document uses additional terminology defined in [RFC3753].



(page 11 continued on part 2)

Next Section