2. The Problem?
• The topologist’s vision defect:
• can’t tell a coffee cup from a donut
• One look at WiFi and VLAN and one can see they looked remarkably similar.
• Both contain mulKple “layers” of the same rank over the same physical medium.
• MulKple VLANs over a single wired network
• MulKple WiFi networks in the same physical area share the same media
• WiFi especially has a PDU format that hints at 2 layers, e.g. the 4 addresses.
• Clearly creaKng a “logical Ethernet” over the physical
• Would a RINA characterizaKon of VLANs and WiFi:
• Be a significant simplificaKon or improvement over the current approach
• Provide capabiliKes not currently available.
• Increased Commonality should improve manageability
5. Why So Many Addresses?
BSS-id
Laptop Access
Point
Router/
Cable Modem
Sndr/Rcvr
“Ethernet” btwn SRC/DEST
IP
Laptop Access
Point
Access
Point
Router/
Cable Modem
Sndr/Rcvr Sndr/Rcvr
“Ethernet” btwn SRC/DEST
IP
• In the general case, there may be forwarding across access points. So the first two addresses would be SNDR/RCVR
• and would change at every hop.
• Over the top is a logical Ethernet that is continuous with the Wired Ethernet connecting the last Access Point to the Router.
• So it has SRC (laptop) and DEST (the next hop, the Router). Hence 4 addresses are necessary in general.
• However, the most common configuration is a Laptop wirelessly associated with an Access Point connected to a Router/Cable
Modem. In this case, the SRC and SNDR addresses are the same, so only 3 addresses are necessary.
• (Note that in the general case, on the first hop Src and Sndr are the same; and on the last hop Rcvr and Dest are the same. So
the 3-address form could be used. In between all of the addresses are all different, so 4 are necessary.)
8. DST MAC
6-bytes
C-SRC MAC
6-bytes
ETH TYPE
2-bytes
PAYLOAD
n-bytes
CRC
4-bytes
2.1 - Ethernet
2.1q - VLAN
DST MAC
6-bytes
C-SRC MAC
6-bytes
ETH TYPE
2-bytes
PAYLOAD
n-bytes
CRC
4-bytes
2.1ah – MAC in MAC
C-SRC
MAC
6-bytes
ETH TYPE
2-bytes
PAYLOAD
n-bytes
CRC
4-bytes
C-VLAN
TAG
4-bytes
S-VLAN
TAG
4-bytes
C-DST
MAC
-bytes
C-VLAN
TAG
4-bytes
2.1ad – Q in Q
DST MAC
6-bytes
C-SRC MAC
6-bytes
ETH TYPE
2-bytes
PAYLOAD
n-bytes
CRC
4-bytes
S-VLAN
TAG
4-bytes
C-VLAN
TAG
4-bytes
B-DST
MAC
-bytes
B-SRC
MAC
6-bytes
B-VLAN
TAG
4-bytes
TPID
2-bytes
I-TAG
4-bytes
802.1 Frame
This starts to get a bit
out of hand
9. Enrollment Allocation Data Transfer Layer Management Resource Management Network Management Security
1X : Port Based
work Access Control
1AR: Secure Device ID
1AB: link layer
overy protocol
802.1X: Port Based
Network Access Control
802.1AE: MAC Security
802.1Q: VLAN
802.1Qad: QinQ
802.1Qah: MAC in MAC
802.1AQ: Shortest Path
Bridging
TRILL
802.1AD – Q in Q
802.1AH: MAC in MAC
802.1AJ: Two port MAC
Relay
802.1Qau: congestion
management
802.1OP:
802.1AS: Timing and
synchronization
802.1BA: Audio /video
bridging
802.1AT: Stream
reservation protocol (SRP)
802.1AB: link layer discovery
protocol
802.1AH: I-tags
802.1AD: SVLAN tags
802.1AK: Multiple VLAN
registration Protocol (MVRP)
802.1Qbe: Multiple Backbone
Service Instance Identifier
Registration Protocol (MIRP)
802.1Qbc: Provider Bridging
802.1Qbb: Priority based flow
control
802.1Qaz: Enhanced
transmission selection for
bandwidth sharing between
traffic classes
802.1Qbf: PBB-TE
Infrastructure segment
protection
802.1Qbg: Edge virtual
bridging
802.1BR: Bridge Port
Extension
802.1AX:Link Aggregation
802.1AE: MACsec
802.1OG: Secure Dat
Exchange
802.1Qaw: DDCFM (D
Driven Connection Fa
Management)
11. The Unified Model: WiLAN
• There has to be disKnct “media DIFs” for wired and wireless.
• One or more “common” DIFs operaKng over the media DIFs.
• Reality: Wired Ethernet as a mulK-access media no longer exists.
• Hubs are obsolete.
• Hence Ethernet is point-to-point
• Without port-ids, tradiKonal Ethernet alone is an ill-formed layer.
• Compromises layer separaKon. With them, Ether-type can be eliminated.
• With LLC, it is a beier-formed layer, however, DL-SAPs combine port-id and CEP-id.
• MAC addresses are bad address pracKce and have become a major security problem.
• Experience has shown that as long as they are globally unique the temptaKon to use them for
purposes they were not intended is too great.
• Addresses should only large enough for the scope of the layer they are used in.
• 16 bits is plenty, 12 would do.
• Addresses should be assigned as part of enrollment when joining a layer
15. Joining a wireless network
• 0 DIF exists to control access to the medium
• In the case of wireless this is an open medium where any station
can listen as well as transmit
• Joining this DIF is not about authenticating as much as it is about
coordination with stations and access points to access the medium
• Using an adaptation of 802.11’s Open System Authentication we
can achieve a similar result
• Process: finding a network to join, syncing configuration,
authentication
• Potential contention with randomly created addresses
21. What Would Be Standardized?
• Most of the arguments in a standards committee are over the “policies” to be included. In RINA, the policies are standardized but
configurable.
• The Policies would be registered in a Policy Catalog or Store.
• Policies could be free or charged for, public or proprietary.
• The Protocols would be RINA standards: EFCP for data transfer and CDAP for Management
• Implementations exist and are being tested
• Standardize (or already are) the wireless media access contention resolution Protocols, generalizing 802.11 as the common
approach for wireless.
• Use the existing Physical Layer Standards.
• DIFs would be defined more as “profiles” or “proformas” rather than as standards
• Header format is selected from a set of concrete syntaxes, i.e. it is policy.
• The RIB (MIB) is mostly standardized, with break-outs for product specifics.
• Common RIB is crucial to effective management, and with common DIFs this is easy.
• Address length and assignment is associated with a specific layer configuration, so it is policy
• Security are policies for enrollment and SDU protection.
• Might standardize common CDAP sequences, such as for enrollment.
• Bottom Line: Not Much
22. What We Learned
• Simplicity is always the best way to solve even complex problems
• To solve any problem, consider the point of view of the organism view not the observer
• Similar to real life, network addresses should be locaKon dependent (and route independent)
• Addressing and naming is easier using connecKon-end point Ids (CEP-IDs)
• It is significant to connect processes rather than machine interfaces
• CreaKng a secure container (the DIF) is stronger and simpler than applying security individually and
gradually
• Why do we have different soluKons for one problem?
• Not necessarily that all current soluKons are the best soluKons
• The best way to test a theory is at the edges: the “corner cases”