Internet DRAFT - draft-gwee-capwap-comparative-analysis

draft-gwee-capwap-comparative-analysis







Network Working Group                                            R. Gwee
Internet-Draft                                      Republic Polytechnic
Expires: March 16, 2006                               September 12, 2005


                      CAPWAP Comparative Analysis
             draft-gwee-capwap-comparative-analysis-00.txt

Status of this Memo

   By submitting this Internet-Draft, each author represents that any
   applicable patent or other IPR claims of which he or she is aware
   have been or will be disclosed, and any of which he or she becomes
   aware will be disclosed, in accordance with Section 6 of BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt.

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

   This Internet-Draft will expire on March 16, 2006.

Copyright Notice

   Copyright (C) The Internet Society (2005).

Abstract

   The purpose of this document is to present a comparative evaluation
   of the Control and Provisioning of Wireless Access Points (CAPWAP)
   protocol proposals.  To the date of this document, the following four
   protocols have been proposed, namely CAPWAP Tunneling Protocol (CTP),
   Light Weight Access Point Protocol (LWAPP), Secure Light Access Point
   Protocol (SLAPP), Wireless LAN Control Protocol (WiCoP).  Each of
   these protocols has its own unique strengths in fulfilling the CAPWAP
   Objectives through their own mechanisms and functionalities.  The
   final CAPWAP protocol should comprise all of these strengths.  This



Gwee                     Expires March 16, 2006                 [Page 1]

Internet-Draft            Comparative Analysis            September 2005


   document gives a comparative study of the four proposed protocols
   based on the CAPWAP Objectives and makes recommendations on the
   combination of their strengths for the final CAPWAP protocol.


Table of Contents

   1.  Requirements notation  . . . . . . . . . . . . . . . . . . . .  3
   2.  Terminology  . . . . . . . . . . . . . . . . . . . . . . . . .  4
   3.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  5
   4.  Comparative Evaluation . . . . . . . . . . . . . . . . . . . .  7
     4.1.  Mandatory Objectives . . . . . . . . . . . . . . . . . . .  7
       4.1.1.  Logical Groups . . . . . . . . . . . . . . . . . . . .  7
       4.1.2.  Support for Traffic Separation . . . . . . . . . . . .  9
       4.1.3.  Wireless Terminal Transparency . . . . . . . . . . . . 10
       4.1.4.  Configuration Consistency  . . . . . . . . . . . . . . 11
       4.1.5.  Firmware Trigger . . . . . . . . . . . . . . . . . . . 13
       4.1.6.  Monitoring and Exchange of System-wide Resource
               State  . . . . . . . . . . . . . . . . . . . . . . . . 14
       4.1.7.  Resource Control Objective . . . . . . . . . . . . . . 16
       4.1.8.  CAPWAP Protocol Security . . . . . . . . . . . . . . . 18
       4.1.9.  System-wide Security . . . . . . . . . . . . . . . . . 19
       4.1.10. IEEE 802.11i Considerations  . . . . . . . . . . . . . 20
       4.1.11. Interoperability Objective . . . . . . . . . . . . . . 21
       4.1.12. Protocol Specifications  . . . . . . . . . . . . . . . 23
       4.1.13. Vendor Independence  . . . . . . . . . . . . . . . . . 24
       4.1.14. Vendor Flexibility . . . . . . . . . . . . . . . . . . 25
       4.1.15. NAT Traversal  . . . . . . . . . . . . . . . . . . . . 25
     4.2.  Desirable Objectives . . . . . . . . . . . . . . . . . . . 26
       4.2.1.  Multiple Authentication Mechanisms . . . . . . . . . . 27
       4.2.2.  Support for Future Wireless Technologies . . . . . . . 28
       4.2.3.  Support for New IEEE Requirements  . . . . . . . . . . 29
       4.2.4.  Interconnection Objective  . . . . . . . . . . . . . . 30
       4.2.5.  Access Control . . . . . . . . . . . . . . . . . . . . 30
   5.  Comparative Analysis . . . . . . . . . . . . . . . . . . . . . 32
   6.  Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . 35
   7.  Security Considerations  . . . . . . . . . . . . . . . . . . . 36
   8.  References . . . . . . . . . . . . . . . . . . . . . . . . . . 36
   Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 37
   Intellectual Property and Copyright Statements . . . . . . . . . . 38











Gwee                     Expires March 16, 2006                 [Page 2]

Internet-Draft            Comparative Analysis            September 2005


1.  Requirements notation

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119].














































Gwee                     Expires March 16, 2006                 [Page 3]

Internet-Draft            Comparative Analysis            September 2005


2.  Terminology

   This document follows the terminologies of [I-D.ietf-capwap-arch] and
   [I-D.ietf-capwap-objectives].















































Gwee                     Expires March 16, 2006                 [Page 4]

Internet-Draft            Comparative Analysis            September 2005


3.  Introduction

   With the popularity of wireless connectivity in today's markets,
   deployments of large number of wireless termination points (WTPs) in
   large wireless local area networks (WLANs) have become relatively
   common.  The sheer size of such networks has led to scalability
   issues that have been described in the CAPWAP Problem Statement
   [I-D.ietf-capwap-problem-statement] .  These issues can be summarized
   as: possible misconfiguration and improper operation of the WLAN;
   difficulty in distributing and maintaining a consistent configuration
   throughout the entire WLAN; ineffective handling of the dynamic
   nature of the wireless medium; challenges in ensuring security for
   the entire WLAN.  In view of these challenging issues, different
   vendors have derived their own proprietary solutions.  However, these
   solutions are not interoperable and thus the CAPWAP standardization
   is in process to provide an integral and interoperable solution to
   the above problems.

   The primary purpose of CAPWAP is to ensure effective handling of
   large WLANs.  The Architecture Taxonomy [I-D.ietf-capwap-arch] has
   highlighted a centralized WLAN architecture in which an access
   controller (AC) provides centralized control and management for a
   group of WTPs.  To achieve interoperability in the CAPWAP framework,
   critical objectives have been identified [I-D.ietf-capwap-objectives]
   and these will be used as the basis for the comparative evaluation in
   this document.  The comparative study will only focus on the
   mandatory and desirable objectives for analysis.  Non- objectives and
   Operator Requirements are out of scope for this document.  It is of
   utmost importance that the final CAPWAP protocol will fulfill the
   main requirements for addressing the Problem Statement and hence be
   suitable for managing large WLANs effectively.

   To the date of this document, four protocols, namely CTP, LWAPP,
   SLAPP and WiCoP, have been proposed as candidate protocols for
   CAPWAP.

   CTP [I-D.singh-capwap-ctp] provides centralized control and
   provisioning of large WLANs and improves scalability by minimizing
   the configuration of the wired infrastructure.  Its centralized
   operation helps in providing centralized security and policy
   management as well.  As CTP assumes that the MAC layer of the
   wireless technology is fully implemented in the WTP, it is able to
   provide IP network services to users independent of the wireless
   technology used.  This is possible by making use of the control
   channel binding between the WTP and AC to provide all the necessary
   signaling required for proper operation.

   LWAPP [I-D.ohara-capwap-lwapp] defines how the WTPs communicate with



Gwee                     Expires March 16, 2006                 [Page 5]

Internet-Draft            Comparative Analysis            September 2005


   AC by means of layer 2 protocols or a routed IP network.  It
   concentrates on three goals.  The first goal is to provide
   centralized control and functions for a wireless network.  The second
   goal is to shift the higher level protocol processing burden from the
   WTP to the AC, resulting in lighter WTP.  The third goal is to
   provide a generic encapsulation and transport mechanism.  LWAPP
   claims to be independent of the layer 2 wireless technology.

   SLAPP [I-D.narasimhan-ietf-slapp] is unique in terms of its protocol
   design.  It consists of a technology-independent component and a
   technology-dependent component.  The former will perform the core
   functionalities of the protocol that is independent of the wireless
   technology used.  The latter component is dependent on the type of
   wireless technology and provides control functionalities in the form
   of a relevant control protocol.  These two components will form a
   complete solution.  Through such a design, SLAPP is extensible to any
   future technologies or new methods.

   WiCoP [I-D.iino-capwap-wicop] provides a common platform for
   accommodating WLAN entities of different architectural designs.  It
   allows interoperability between WTPs and ACs even if their
   architectural designs are different.  Thus, it is able to provide
   cost-effective WLAN expansions and accommodate future development in
   WLAN technologies.  WiCoP can also be used on shared infrastructure
   WLANs in which different logical groups are situated in a single
   physical WLAN.  In such cases, tunnels will be used to separate
   traffic flows based on logical grouping.

   It can be inferred that each of the above protocols have their own
   strengths in certain aspects of WLAN management.  It will be
   beneficial for the industry to have an effective protocol capable of
   addressing various aspects of WLAN management.  Thus the final CAPWAP
   protocol should have the sum of the strengths of individual
   protocols.  In this way, the industry can benefit by having the best
   of available solutions.  This document takes inspiration from
   presentations made during IETF 63 and provides recommendations on the
   various protocols mechanisms.














Gwee                     Expires March 16, 2006                 [Page 6]

Internet-Draft            Comparative Analysis            September 2005


4.  Comparative Evaluation

   This section provides a comparative evaluation of the various
   protocols mechanisms for each CAPWAP objectives.  For this document,
   only the Mandatory and Desirable Objectives are considered.  The non-
   Objectives are not considered as they are deemed not essential for
   the final CAPWAP protocol.

4.1.  Mandatory Objectives

   According to the CAPWAP Objectives, mandatory objectives are
   considered crucial for the control and provisioning of WTPs.  They
   directly address the Problem Statement and must be realized by the
   final CAPWAP protocol.  In the following, a comparison of the various
   protocols' mechanisms is made against each mandatory objective.  A
   description of each objective and statements from the evaluation
   draft of each protocol are stated for reference.  A final analysis
   and recommendation of the preferred mechanism among the four is given
   at the end of each objective.

4.1.1.  Logical Groups

   "The CAPWAP protocol MUST be capable of controlling and managing
   physical WTPs in terms of logical groups including BSSID-based
   groups."

4.1.1.1.  CTP Evaluation

   In CTP, physical and logical associations are enumerated by means of
   its discovery mechanism.  Unique indices for the enumeration of radio
   and network are provided using Radio-Index and Network-Index
   respectively.  Such enumerations are used in protocol exchange and
   state machine to support logical grouping of physical WTPs.

4.1.1.2.  LWAPP Evaluation

   For LWAPP, BSSID/SSIDs are used to identify logical groups.  Thus a
   single WTP is assumed to support multiple SSIDs.  Logical groups can
   be created by the AC through the creation of WLANs.  A WLAN will be
   identified through the SSID and can have a separate security policy
   and a unique BSSID.  Thus each WLAN can be assumed as a separate
   network.  Specific rules are given on the BSSID to WLAN Identifier
   mapping.  One thing to note for Local MAC WTPs is that VLAN tags may
   be used to allow for bridging of data frames to a specific VLAN.
   This function will allow the support of logical groups in Local MAC
   mode.





Gwee                     Expires March 16, 2006                 [Page 7]

Internet-Draft            Comparative Analysis            September 2005


4.1.1.3.  SLAPP Evaluation

   The SLAPP protocol allows a WTP to define its logical groups
   supported through the use of BSSIDs.  On the AC side, a logical group
   can be created by defining a WLAN with a specific BSSID, ESSID and
   associated parameters.  Each logical group can have its own set of
   policies such as security, QoS etc.

4.1.1.4.  WiCoP Evaluation

   WiCoP makes use of BSSIDs to create logical groups for the wireless
   medium segment and VLANs to create logical groups for the wired
   segment.  Both logical groups are then mapped together using the
   BSSID-TunnelID.  This mechanism supports both Split MAC and local MAC
   architectures.

4.1.1.5.  Analysis

   From the objective statement, it is clear that logical groups must be
   supported across both wired and wireless aspects of the network
   regardless of the type of MAC architecture in WTP.  Such grouping
   will provide advantages in terms of easier traffic management, better
   security.  Thus it must be considered that the CAPWAP protocol should
   be able to fulfill this objective in an effective and efficient
   manner.

   From the above descriptions, LWAPP and SLAPP work similarly in the
   sense that they make use of BSSIDs and WLANs to define logical
   groups.  The difference between these two protocols lies in the
   parameters used in the classifying of logical groups.  However, SLAPP
   does not specify the use of VLAN for support of logical groups in
   Local MAC mode, unlike LWAPP.  On the other hand, WiCoP makes use of
   BSSIDs and VLANs for identifying logical groups while CTP supports
   enumeration of logical association.

4.1.1.6.  Recommendation

   From the above evaluations, all the four protocols' mechanisms do
   fulfill this objective in an effective manner.  But in terms of
   efficiency and simplicity, the mechanism in WiCoP does appear to have
   an advantage in supporting the logical group objective.  It
   explicitly includes logical group information in the WTP
   configuration phase and provides mappings for logical groups to cover
   both wireless and wireline segments.  This makes WiCoP's approach to
   this objective highly structured.






Gwee                     Expires March 16, 2006                 [Page 8]

Internet-Draft            Comparative Analysis            September 2005


4.1.2.  Support for Traffic Separation

   "The CAPWAP Protocol MUST define transport control messages such that
   the transport of control messages is separate from the transport of
   data messages."

4.1.2.1.  CTP Evaluation

   For CTP, data packets are always enumerated as CTP_DATA type.  In
   addition, a logical WTP device has the option of transporting the
   data traffic via tunneling or bridging locally onto the wired
   network.  On the other hand, control packets are handled separately
   from data packets and always terminated at the controller.

4.1.2.2.  LWAPP Evaluation

   For LWAPP, a control packet is differentiated from a data packet by
   the definition of a 'C' bit in the LWAPP header.  If the bit is set,
   the LWAPP frame is a control frame and if the bit is cleared, the
   LWAPP frame is a data frame.  In split MAC mode, the frame is
   tunneled to the AC.  However, in the local MAC mode, the frame can be
   locally bridged at the WTP.  Both mechanisms help in keeping the
   control and data traffic separated.

4.1.2.3.  SLAPP Evaluation

   In the draft specification of SLAPP, the IEEE 802.11 control protocol
   is used as an example.  The IEEE 802.11 control protocol has two
   components which caters for control packets and data packets
   individually.  Control packets will contain a SLAPP control protocol
   header and transmitted as UDP packets to the AC.  Data packets will
   be tunneled via Generic Routing Encapsulation (GRE) to the AC.  In
   this way, both control and data packets are uniquely identified and
   separated sufficiently.

4.1.2.4.  WiCoP Evaluation

   WiCoP makes use of tunnels to differentiate control and data traffic.
   Control traffic is transmitted via a control tunnel while data
   traffic from different logical groups is transmitted via distinct
   VLAN tunnels.  This ensures separation of traffic flows between the
   WTPs and AC.  In addition, a 'C' bit is used to differentiate a
   control frame from a data frame.

4.1.2.5.  Analysis

   For CTP, although it has been clearly stated that CTP data messages
   are used to tunnel user data between WTP and AC, it only meets this



Gwee                     Expires March 16, 2006                 [Page 9]

Internet-Draft            Comparative Analysis            September 2005


   objective partially as it does not specify how such a tunnel is
   triggered.  More information is required on the configuration of the
   tunneling option in a WTP.

   On the other hand, LWAPP does fulfill this objective through its
   various mechanisms used in separating the control and data traffic.
   It is able to meet this objective in both local and split MAC
   architectures.

   SLAPP is also able to fulfill this objective as it distinguishes
   between control packets and data packets based on different
   encapsulation of different packets.  However, it should be noted that
   the control protocol aspect of SLAPP is actually dependent on the
   type of technologies used and thus attention must be paid in this
   area for use with future technologies.

   WiCoP is able to fulfill this objective as well based on its use of
   separate data and control tunnels.  Similarly to LWAPP, a 'C' bit is
   used to differentiate the control and data packets.  However, it is
   interesting to find that WiCoP makes use of only one control tunnel
   to transport control packets from all logical groups.  This may be
   deemed as a security issue and needs to be considered in that light.

4.1.2.6.  Recommendation

   From the descriptions above, CTP's mechanism does not explicitly
   specify how a trigger for a user data tunnel is called.  It will be
   best if CTP can provide some specifications on the trigger issue.  On
   the other hand, WiCoP's design gives rise to some security concern
   due to lack of separation of control packets from different logical
   groups.  It will also be beneficial for CAPWAP if WiCoP can provide
   some form of separation for the control packets for logical groups.
   For example, it can introduce distinct tunnels not only for data
   packets but also for control packets for different logical groups.
   In view of these issues, the mechanism stated in LWAPP and SLAPP
   specifications are at a better position to meet this objective in an
   equally effective manner.

4.1.3.  Wireless Terminal Transparency

   "Wireless terminals MUST NOT be required to recognize or be aware of
   the CAPWAP protocol."

4.1.3.1.  CTP Evaluation

   The operation of CTP is transparent to the wireless terminals.
   Wireless terminals only interact with the WTPs' wireless MAC and
   their traffic is bridged either to the controller or the local wired



Gwee                     Expires March 16, 2006                [Page 10]

Internet-Draft            Comparative Analysis            September 2005


   infrastructure.  Any encapsulation of traffic that took place will be
   transparent to the wireless terminals as well.

4.1.3.2.  LWAPP Evaluation

   The LWAPP protocol only operates between the AC and WTP and thus does
   not have any impact on the wireless terminals.  Upon connection of a
   WTP to an AC, it will be configured to provide service autonomously.

4.1.3.3.  SLAPP Evaluation

   SLAPP only operates between the AC and WTPs.  SLAPP messages do not
   travel on the IEEE 802.11 wireless links and thus are transparent to
   the wireless terminals.

4.1.3.4.  WiCoP Evaluation

   WiCoP does not require any changes to the wireless terminals.  Its
   operations are confined between the AC and WTPs.  Thus wireless
   terminals are not aware of the WiCoP protocol.

4.1.3.5.  Analysis

   On analysis of the four proposed protocols, it can be observed that
   these protocols are designed in such a way that their operations do
   not extend to the wireless aspect or affect any wireless terminals.

4.1.3.6.  Recommendation

   The mechanisms stated in all the four proposed protocols realize this
   objective in an equally effective manner.

4.1.4.  Configuration Consistency

   "The CAPWAP protocol MUST include support for regular exchanges of
   state information between WTPs and WLAN controller.  Examples of
   state information include WTP processing load and memory
   utilization."

4.1.4.1.  CTP Evaluation

   In its specification, CTP includes support for regular exchanges of
   state information through its statistics messages.  In this case, CTP
   recommends the reuse of IEEE 802.11 MIBs for configuration and
   statistics message payload.  MIB extensions should be defined where
   the corresponding MIBs are not sufficient.





Gwee                     Expires March 16, 2006                [Page 11]

Internet-Draft            Comparative Analysis            September 2005


4.1.4.2.  LWAPP Evaluation

   The LWAPP protocol provides two options in which a WTP manages its
   configuration.  WTPs can retain any configuration parameters provided
   by the AC or let the AC maintain a record of all WTPs.  If a WTP
   saves configuration locally, it is able to provide such information
   to any new AC in the event of failure and reconnection to a new AC.
   Statistical information in LWAPP specification is bound to IEEE
   802.11.  Any new wireless technologies for LWAPP will need to define
   their corresponding statistics report format.

4.1.4.3.  SLAPP Evaluation

   During the initialization process in SLAPP, a capability exchange
   mechanism is performed between the WTPs and AC, allowing the AC to
   have a consistent picture of the capabilities of the WTPs.  After the
   exchange, the AC configures the WTPs via configuration messages.  WTP
   statistics and status can also be obtained by an AC upon request to
   the WTP.

4.1.4.4.  WiCoP Evaluation

   WiCoP makes use of Feedback messages which contain configuration
   information of WTPs and ACs.  The WTPs and AC regularly exchange
   Feedback messages and this helps to provide a consistent
   configuration for all the WTPs.

4.1.4.5.  Analysis

   It is important to understand the rationale behind this objective.
   As a CAPWAP protocol is meant to support a large WLAN network
   environment, proper maintenance of state information of all the nodes
   is required for its effective operation.  A deeper analysis indicates
   that in addition to this function, the type of state information to
   be exchanged is also important to for effective management with
   minimum operation.

   The above four protocols have focused on the fulfillment of the
   objective through their own mechanisms but does not provide
   sufficient information on the type of state information.  Although
   the latter part is implementation specific, it is useful to provide a
   framework such that there will be fewer implementation issues arising
   in the future.

4.1.4.6.  Recommendation

   The mechanisms stated in all the four protocols fulfill this
   objective in an equally effective manner.  However, LWAPP and CTP



Gwee                     Expires March 16, 2006                [Page 12]

Internet-Draft            Comparative Analysis            September 2005


   specifications provide some recommendation of the use of IEEE 802.11
   bound statistics and configuration in their specification.  Thus in
   terms of details, it is recommended to use the mechanisms of LWAPP or
   CTP for this objective.  It will be good if the final CAPWAP protocol
   does consider this aspect in its specification, providing some
   details of a framework.

4.1.5.  Firmware Trigger

   "The CAPWAP protocol MUST support a trigger for delivery of firmware
   updates."

4.1.5.1.  CTP Evaluation

   A WTP image management system is out of scope in the CTP
   specification.  However, it does provide a trigger for software
   upgrade in its control channel establishment phase.  A WTP sends a
   software update request/response message to the AC to confirm whether
   it needs to update its firmware.  CTP does not specify how the
   firmware upgrade will be carried out but assumes the application of
   standardized binary transport protocols (FTP/TFTP).

4.1.5.2.  LWAPP Evaluation

   LWAPP provides a trigger for firmware upgrade during the image-data
   phase of its state machine.  A WTP communicates with the AC to
   determine whether it needs to upgrade its firmware.  The WTP then
   makes use of the Image Download message to download the required
   files.

4.1.5.3.  SLAPP Evaluation

   SLAPP provides a trigger for firmware upgrade through its Image
   Download protocol.  In its specification, it mentions a method of
   securing image download using DTLS.  The image download protocol is
   selected when a new image is determined to be available during the
   SLAPP discovery phase.  The WTP then downloads the new firmware from
   AC for updating.

4.1.5.4.  WiCoP Evaluation

   WiCoP makes use of Firmware Download message to initiate firmware
   check and download regularly.  Such messages are sent out
   periodically in order to ensure the most up-to-date firmware for the
   WTPs.






Gwee                     Expires March 16, 2006                [Page 13]

Internet-Draft            Comparative Analysis            September 2005


4.1.5.5.  Analysis

   Among the four proposed protocols, WiCoP seem to be the only protocol
   that specifies a firmware update periodically.  For the rest of the
   protocols, the trigger for the firmware update only occurs during the
   setting up of a connection.  Often, it is important that a WTP will
   update its firmware regularly for effective operation.  This is
   especially true for operation within a large WLAN environment where
   the are possibilities for WTPs to be reorganized frequently.  It will
   be better if a firmware update be triggered as and when there is an
   available new update and not when a new connection is being set up.

4.1.5.6.  Recommendation

   As stated earlier, WiCoP is the only protocol that provides firmware
   update during running operation mode.  Such procedure is important if
   consistent firmware version is to be found in all WTPs in a large
   WLAN environment.  In addition to updating firmware during the
   setting up of new connections, frequent updates and firmware checks
   are highly recommended for this objective.  In view of this
   perspective, the mechanism stated in WiCoP fulfills this objective in
   the most effective manner.

4.1.6.  Monitoring and Exchange of System-wide Resource State

   "The CAPWAP protocol MUST allow for the exchange of statistics,
   congestion and other WLAN state information."

4.1.6.1.  CTP Evaluation

   CTP makes use of the statistics request and statistics notification
   messages to facilitate the periodic exchange of statistics.  The
   statistics payload is based on MIB definitions from the IEEE 802.11
   standard and extensions.  This protocol mechanism is agnostic to
   wireless technologies and updates to existing wireless standards.

4.1.6.2.  LWAPP Evaluation

   LWAPP provides a mechanism for exchange of statistics and WLAN state
   information between a WTP and AC.  The type of statistics and state
   information differs according to the aspect of the network
   considered: wireless and wired.

   Information collected on wired aspect includes firmware version,
   number of radios, radio failures etc.  In the event of failure, a WTP
   may also provide reboot statistics and reason for previous failure.
   On the other hand, information collected on wireless aspect includes
   statistics such as signal strength based on AC's policy.  The LWAPP



Gwee                     Expires March 16, 2006                [Page 14]

Internet-Draft            Comparative Analysis            September 2005


   protocol also allows for unsolicited statistics collection.

4.1.6.3.  SLAPP Evaluation

   The SLAPP protocol allows for monitoring and exchange of system wide
   resources through the definition of configuration, status, event and
   statistics elements.  It allows different types of statistics such as
   transmit frame counters, receive frame counters etc to be exchanged
   between a WTP and AC.  Statistics collected can be in aggregated form
   or instantaneous form.  SLAPP allows an AC to configure specific
   events at the WTP through the event mechanism.  Using one of the
   configuration elements, an AC may reconfigure or re-adjust its
   parameters based on statistics, status or events collected from a
   WTP.

4.1.6.4.  WiCoP Evaluation

   WiCoP makes use of Feedback messages together with QoS-Value,
   Statistics, Interface-Error and QoS-Capability message elements to
   monitor configuration state of the WTPs and AC.  The Feedback
   messages are sent regularly to the AC by the WTPs.  This mechanism is
   also combined with keepalive signaling to serve dual roles of
   feedback and notification.  WiCoP timers are configured to manage
   these dual roles.

4.1.6.5.  Analysis

   From the objective statement, it should be noted that not only should
   the final CAPWAP protocol provide a mechanism for monitoring and
   exchange of system-wide resource state information, it is also
   important for the protocol specification to list the state
   information that are being monitored and exchanged by WTPs and ACs.
   Furthermore, the final CAPWAP protocol should apply this objective
   over the entire network and not focus on only a portion of the
   network e.g. wireless portion.

   From the above description, the four proposed protocols provide their
   own unique mechanisms to exchange system-wide resource state
   information.  However, it seems that CTP has focused this objective
   more on the wireless aspect of the network and thus may not be a
   complete solution for this objective.  The remaining three protocols
   fulfill this objective effectively based on their specifications but
   there is an interesting observation on WiCoP.  The WiCoP protocol
   allows a WTP and AC to exchange Feedback messages regularly as the
   Feedback messages also serve as keepalive signals.  The dual role of
   such feedback system is crucial for operational efficiency especially
   in a large WLAN environment.  Furthermore, the QoS capability message
   element in WiCoP provides a description of the network congestion



Gwee                     Expires March 16, 2006                [Page 15]

Internet-Draft            Comparative Analysis            September 2005


   information which directly addresses the objective.

4.1.6.6.  Recommendation

   CTP focuses this objective more on the wireless aspect of the network
   and thus may not be a complete solution for this objective.  The
   remaining protocols are able to fulfill this objective effectively
   but it can be observed that the Feedback messages used in WiCoP play
   a dual role in exchanging state information and acting as keepalive
   signals.  Such mechanism allow for high operational efficiency
   especially in a large WLAN environment.

   In view of this, it can be stated that the mechanisms stated in
   LWAPP, SLAPP and WiCoP fulfill this objective effectively.  But in
   terms of operational efficiency, the mechanism in WiCoP certainly has
   an advantage over the rest of the proposed protocols.

4.1.7.  Resource Control Objective

   "The CAPWAP protocol MUST map the IEEE 802.11e QoS priorities to
   equivalent QoS priorities across the switching and wireless medium
   segments."

4.1.7.1.  CTP Evaluation

   CTP makes use of a two tiered mechanism to map QoS priorities on
   packets on both wired and wireless aspects of the network.  On the
   wired aspect of the network, CTP defines an 8-bit field for carrying
   QoS related information independently of the transport protocol.
   Alternatively, IEEE 802.1p tags can be used on packets to carry QoS
   information across the wired segment.

   On the other hand, for the wireless aspect of the network, the
   mapping of QoS information on the packets is carried out using the
   IEEE 802.11e standard.

4.1.7.2.  LWAPP Evaluation

   In LWAPP, an IEEE 802.11 WTP QoS message element is defined which is
   sent by the AC to the WTP to communicate quality of service
   configuration information.  This message element contains fields that
   correspond to an access category in the IEEE 802.11e specifications
   and specifies whether data frames are to be tagged using IEEE 802.1p
   or DSCP.

   When the AC creates a WLAN on the WTP through the Add WLAN command,
   IEEE 802.11e information elements and the default QoS value may be
   included as parameters to configure the WLAN.  Such parameters will



Gwee                     Expires March 16, 2006                [Page 16]

Internet-Draft            Comparative Analysis            September 2005


   be used to determine the access category queue to be used for all
   packets for a particular user.

4.1.7.3.  SLAPP Evaluation

   SLAPP defines an IEEE 802.11e element for configuring the IEEE
   802.11e functions at the WTP by the AC.  The element allows the
   support of WMM, WMM-SA and U-APSD.  Thus the internal parameters to
   be used follow that of the standard used.  The mapping between IEEE
   802.11e access category and DSCP or IEEE 802.1d tags are defined in
   the WMM specification.  It is expected that the AC and WTP follow
   this standard mapping for QoS over the wired and wireless aspects of
   the network.

4.1.7.4.  WiCoP Evaluation

   The current specifications do not directly address this objective,
   although it is possible to implement a mapping of IEEE 802.11e AC to
   VLAN priority tags using the BSSID-TunnelID item.

4.1.7.5.  Analysis

   Based on the description above, WiCoP does not directly address this
   objective.  CTP and SLAPP follow a model in which packets on the
   wired aspect are tagged using a QoS policy and packets on the
   wireless aspect are tagged using the IEEE 802.11e standard.  Mapping
   between the two QoS policies are performed on the WTP side.  Although
   this model may work well, there is a lack of control for the AC in
   preserving the QoS requirements from the AC to the wireless terminal.
   Thus the effectiveness of CTP and SLAPP in meeting this objective may
   be undermined if the mapping is not done accurately.  On the other
   hand, LWAPP does allow an AC to determine the QoS policy of a
   wireless terminal directly and thus is able to have more control on
   the QoS preservation along both wired and wireless aspects of the
   network.

4.1.7.6.  Recommendation

   WiCoP does not directly address this objective and thus may be
   inappropriate to be considered for this objective.  CTP and SLAPP
   exhibit a lack of control by AC in preserving the QoS requirements on
   both wired and wireless aspects of the network.  LWAPP is able to
   allow an AC to have more control in determining the QoS policy of a
   wireless terminal directly.  Thus in view of this advantage, the
   mechanism in LWAPP meets this objective in a most effective manner.






Gwee                     Expires March 16, 2006                [Page 17]

Internet-Draft            Comparative Analysis            September 2005


4.1.8.  CAPWAP Protocol Security

   "The CAPWAP protocol MUST support mutual authentication of WTPs and
   the centralized controller.  It must also ensure that information
   exchanges between them are secured."

4.1.8.1.  CTP Evaluation

   CTP does not support a pre-shared key mechanism for mutual
   authentication.  It assumes the use of digital certificates for
   mutual authentication between the WTP and AC.  CTP also specifies
   that the encryption key is to be generated by the AC and transported
   securely to the WTP.

4.1.8.2.  LWAPP Evaluation

   LWAPP specifies two different methods of authentication between the
   AC and WTP.  The first method is asymmetric cryptography and makes
   use of X.509 certificates on both AC and WTP.  The second method
   makes use of pre-shared keys that is predefined on both AC and WTP.
   The exchange of session keys for encrypting control traffic has also
   been specified in LWAPP.  Session keys may be updated over time
   through the key update mechanism for added security.

4.1.8.3.  SLAPP Evaluation

   SLAPP uses DTLS for the purpose of mutual authentication, key
   management, and encryption.  As DTLS provides a secure and
   connectionless channel using a widely accepted and analyzed protocol,
   it reduces the need for redefinition in these aspects of the
   protocol.

4.1.8.4.  WiCoP Evaluation

   WiCoP makes use of IPSec based authentication and encryption
   mechanisms to secure all exchanges.

4.1.8.5.  Analysis

   WiCoP does not seem to explicitly specify how IPSec is used in its
   authentication and encryption mechanisms apart from mentioning that
   it is being used.  It will be best if WiCoP provides more information
   on it.

   CTP is different from the other protocols in the sense that it makes
   use of digital certificates solely instead of pre-shared keys.

   LWAPP is able to support both the use of digital certificates and



Gwee                     Expires March 16, 2006                [Page 18]

Internet-Draft            Comparative Analysis            September 2005


   pre-shared keys, thus providing a comprehensive support in the area
   of security.

   SLAPP makes use of an existing protocol DTLS to meet its objectives.
   The use of DTLS will certainly reduce review work required in the WG
   as compared to the use of other security mechanisms in other
   protocols.

4.1.8.6.  Recommendation

   It is important to remember that realizing this objective should not
   involve any new work on security measures or the design of new
   security mechanisms.  The aim of this objective is to ensure
   sufficient security for the protocol using existing and widely
   accepted security mechanisms if possible.  Involving new work or
   excessive review on the various security mechanisms may hamper the
   progress of the finalization of the CAPWAP protocol.  Thus in view of
   this, the mechanism used in SLAPP meets this objective in a most
   practical manner as it involves the least review work.

4.1.9.  System-wide Security

   "According to the CAPWAP objectives, it states that "The design of
   the CAPWAP protocol MUST NOT allow for any compromises to the WLAN
   system by external entities."

4.1.9.1.  CTP Evaluation

   CTP does not define a data path encryption mechanism as it assumes
   that there will be an end-to-end encrypted tunnel for sensitive data.
   CTP control messages will be sent encrypted with AES-CCM.

4.1.9.2.  LWAPP Evaluation

   LWAPP control protocol is secured through a key exchange that is
   protected either through a pre-shared key or via an X.509
   certificate.  For use of X.509 certificate, LWAPP specifies a
   certificate profile that limits a certificate to a specific role.
   PMK sharing is not permitted and the PMK is always held at the AC.
   This arrangement is to facilitate support for future IEEE 802.11
   extensions as well as detection and taking action against rouge
   attacks.

4.1.9.3.  SLAPP Evaluation

   SLAPP uses DTLS to protect its communication.  PMK sharing is not
   permitted and SLAPP specifies that the PMK resides on the
   authenticator.



Gwee                     Expires March 16, 2006                [Page 19]

Internet-Draft            Comparative Analysis            September 2005


4.1.9.4.  WiCoP Evaluation

   WiCoP does not yet address the issue of potential problems due to PMK
   sharing.

4.1.9.5.  Analysis

   Similarly to the analysis provided in the earlier objective, LWAPP
   and SLAPP provide sufficient security measures as compared to the
   rest.

4.1.9.6.  Recommendation

   Similarly to the recommendations in the earlier objective, the
   mechanism in SLAPP meets this objective in a most practical manner.

4.1.10.  IEEE 802.11i Considerations

   "The CAPWAP protocol MUST determine the exact structure of the
   centralized WLAN architecture in which authentication needs to be
   supported, i.e. the location of major authentication components.

   This may be achieved during WTP initialization where major
   capabilities are distinguished.  The protocol must allow for the
   exchange of key information when authenticator and encryption roles
   are located in distinct entities."

4.1.10.1.  CTP Evaluation

   CTP considers the IEEE 802.11i security function in two components
   namely EAP authenticator and key management.  The two components can
   be co-located or separate on the WTP or the AC.  Any exchange of
   security association information between the AC and the WTP is
   protected either by IEEE 802.11i mechanisms or by CTP mechanisms.

4.1.10.2.  LWAPP Evaluation

   LWAPP defines both local and split MAC approaches for this objective.
   For Split MAC mode, the authentication is centralized but encryption
   is performed either at the AC or WTP.  For local MAC mode, the
   authentication lies in the AC but encryption occurs at the WTP.  In
   both modes, PMK is maintained in the AC.

4.1.10.3.  SLAPP Evaluation

   SLAPP supports both local MAC and split MAC architectures for this
   objective.  It takes a step further in defining a bridged and
   tunneled version of the local MAC architecture, and a distinction



Gwee                     Expires March 16, 2006                [Page 20]

Internet-Draft            Comparative Analysis            September 2005


   between L2 crypto being handled at the WTP versus L2 crypto being
   handled at the AC for the split MAC architecture.  The WTP and AC
   agree on the type of architecture during the registration phase of
   the SLAPP state machine.

   When L2 crypto is performed at the AC, encrypted IEEE 802.11 frames
   will be tunneled to the AC.  If L2 crypto is performed at the WTP,
   decrypted IEEE 802.3 frames will be tunneled.  When the IEEE 802.1x
   authenticator is located on the AC and L2 crypto is performed by the
   WTP, the AC will send PTKs and GTKs to the WTP through a control
   message that is protected by DTLS.

4.1.10.4.  WiCoP Evaluation

   WiCoP addresses a scenario in which the authenticator is separated
   from the point of encryption for both Split MAC and Local MAC
   architectures.  In this case, a Key Config message is used to
   explicitly transport the 3rd message of the four-way handshake from
   the authenticator to the point of encryption.  Thus the KeyMIC and
   KeyRSC can be calculated.

4.1.10.5.  Analysis

   From the above description, all the four protocols consider this
   objective in their design.  All the protocols consider the specific
   case in which the authenticator is separated from the point of
   encryption and thus a possible solution to address this condition.
   In accordance with this objective, it can be observed that WiCoP
   reveals a specific scenario where the Key Config message is used.
   However, this is not explicitly specified in other protocols.  Thus
   this mechanism in WiCoP satisfies the objective exactly with its Key
   Config message.  This message directly addresses the objective.  But
   it is also noted that the rest of the protocols are also compliant
   with this objective.

4.1.10.6.  Recommendation

   WiCoP provides the greatest details in relation to this objective.
   The specifications clearly describe how the Key Config message is
   used to exchange counter information in designs where the
   authentication function and encryption point are located in different
   WLAN devices.  So the WiCoP mechanism addresses this objective in the
   most complete manner.

4.1.11.  Interoperability Objective

   "The CAPWAP protocol MUST include sufficient capabilities
   negotiations to distinguish between major types of WTPs."



Gwee                     Expires March 16, 2006                [Page 21]

Internet-Draft            Comparative Analysis            September 2005


4.1.11.1.  CTP Evaluation

   In CTP, a capabilities exchange mechanism is specified that allows a
   WTP and AC to negotiate their operational mode.  In Split MAC mode,
   the WTP will forward all wireless MAC management traffic to the AC.
   In local MAC mode, the 802.11 management frames will be terminated at
   the WTP.

   In Split MAC mode, the WTP will forward all data traffic to the AC
   with the format of the traffic to be IEEE 802.11 or IEEE 802.3
   depending on the mode of the control channel.

   In Local MAC mode, the data frames will be bridged locally by the WTP
   to its switching segment.  The switching segment may be present
   locally at the WTP or at the AC.  For AC handled bridged access, the
   CTP protocol provides a tunneling method for IEEE 802.3 frame
   encapsulation.

4.1.11.2.  LWAPP Evaluation

   The LWAPP protocol is capable of supporting both local and split MAC
   approaches.  It specifies the division of labour for both local and
   split MAC architectures.  A WTP advertises its mode of operation
   through the WTP Mode and Type message element.

4.1.11.3.  SLAPP Evaluation

   SLAPP supports not only both the split-MAC and local-MAC
   architecture, but also defines a set of sub-modes for each of these
   architectures and appropriate split of AP functions between the AC
   and the WTP for each of these sub-modes.  A WTP indicates its support
   of the CAPWAP modes defined in SLAPP during the registration phase.
   The AC will then select a CAPWAP mode that it can operate with the
   WTP.

4.1.11.4.  WiCoP Evaluation

   WiCoP makes use of a 'M' field in its header to distinguish between
   local MAC and split MAC WTPs.  The AC processes each WiCoP packet
   accordingly based on this information.

   So using 'M' field, an AC can handle packets from different types of
   WTPs faster and with fewer processing steps.

4.1.11.5.  Analysis

   From the above description, the four proposed protocols have
   sufficient capabilities to distinguish between major types of WTP.



Gwee                     Expires March 16, 2006                [Page 22]

Internet-Draft            Comparative Analysis            September 2005


   The difference between these protocols lies in their form of
   mechanisms and the complexity of these mechanisms.  SLAPP supports
   the widest range of WTP architecture modes but it also incurs a high
   level of complexity.  Although CTP and LWAPP supports this objective
   with less complexity, but negotiation must takes place between the
   WTP and AC beforehand in order to find out the types of architectures
   of the WTP.  WiCoP seem to offer a very practical and yet simple
   solution in meeting this objective by making use a single 'M' field.

4.1.11.6.  Recommendation

   SLAPP supports the most number of modes of CAPWAP architectures
   although it also incurs a high level of complexity on the protocol
   design.  CTP and LWAPP are less complex but an extra step is required
   in both protocols to negotiate the types of architectures used in
   WTPs.  On the other hand, WiCoP offers a simple and practical
   solution by making use of a 'M' field.  Thus it can be inferred that
   the mechanism used in WiCoP satisfies this objective the best with
   its integrated approach to operability.

4.1.12.  Protocol Specifications

   "Any WTP or WLAN controller vendor or any person MUST be able to
   implement the CAPWAP protocol from the specification itself and by
   that it is required that all such implementations do interoperate."

4.1.12.1.  CTP Evaluation

   The CTP specification has provided full specification of the protocol
   and its operation within WTPs and ACs.  It also indicates the
   configuration and statistics capabilities based on MIB specifications
   from relevant IEEE standards.

4.1.12.2.  LWAPP Evaluation

   The LWAPP specification has provided full specification of the
   protocol that ensures interoperability for any WTP or AC vendors.

4.1.12.3.  SLAPP Evaluation

   SLAPP does not any prior exchange of technical information between AC
   and WTP vendors.  By implementing just the protocol, interoperability
   is achieved as long as both the WTP and AC can support the same mode
   of CAPWAP architectures.

4.1.12.4.  WiCoP Evaluation

   WiCoP is a complete specification and does not require any additional



Gwee                     Expires March 16, 2006                [Page 23]

Internet-Draft            Comparative Analysis            September 2005


   proprietary information to implement.

4.1.12.5.  Analysis

   From the objective, it mainly suggests a need for final protocol to
   be as detailed as possible such that any implementation problems can
   be minimized for interoperability.

4.1.12.6.  Recommendation

   Since all the specifications are complete, it can be stated that the
   mechanisms used in all protocols meet this objective in an equally
   effective manner.

4.1.13.  Vendor Independence

   "A WTP vendor SHOULD be able to make modifications to hardware
   without any WLAN controller vendor involvement."

4.1.13.1.  CTP Evaluation

   CTP does not assume any reliance on hardware architectures for WTPs
   and ACs in its specifications.

4.1.13.2.  LWAPP Evaluation

   As LWAPP is fully specified, it is assumed that any WTP vendors can
   create the actual implementation of the protocol on their hardware.
   This allows them to make any necessary changes without the need to
   involve any AC vendor.

4.1.13.3.  SLAPP Evaluation

   Since SLAPP satisfies the earlier objective, it also satisfies this
   objective.

4.1.13.4.  WiCoP Evaluation

   WiCoP is a complete specification and does not require any additional
   proprietary information to implement.

4.1.13.5.  Analysis

   Analysis is rather straightforward in this case.  From the design of
   the four protocols, they do not require a WTP vendor to involve an AC
   vendor in making modifications to its own products.





Gwee                     Expires March 16, 2006                [Page 24]

Internet-Draft            Comparative Analysis            September 2005


4.1.13.6.  Recommendation

   Based on the above analysis, the mechanisms used in all the four
   protocols fulfill this objective effectively.

4.1.14.  Vendor Flexibility

   "The CAPWAP protocol MUST NOT limit WTP vendors in their choice of
   local-MAC or split-MAC WTPs.  It MUST be compatible with both types
   of WTPs."

4.1.14.1.  CTP Evaluation

   Based on implementation, CTP has been found to be operable without
   knowledge of underlying vendor hardware.

4.1.14.2.  LWAPP Evaluation

   Based on implementation, LWAPP supports both Local and MAC approaches
   and allows for third party WTP vendors to work with both approaches
   without restriction.

4.1.14.3.  SLAPP Evaluation

   SLAPP provides support for both local MAC and split MAC architectures
   along with their sub-modes.  Assuming a common mode supported by both
   the WTP and AC, the AC can select this mode for operation with WTP.

4.1.14.4.  WiCoP Evaluation

   WiCoP is a complete specification and does not require any additional
   proprietary information to implement.

4.1.14.5.  Analysis

   Based on the above description, the mechanisms used in all the four
   protocols are able to meet this objective.

4.1.14.6.  Recommendation

   The mechanisms used in all the four protocols are able to meet this
   objective in an equally effective manner.

4.1.15.  NAT Traversal

   "The CAPWAP protocol MUST NOT prevent the operation of established
   methods of NAT traversal."




Gwee                     Expires March 16, 2006                [Page 25]

Internet-Draft            Comparative Analysis            September 2005


4.1.15.1.  CTP Evaluation

   In CTP, an authentication mechanism is defined to establish a secure
   connection without depending on MAC or IP address.  CTP packets are
   normally transported via UDP.  As CTP is transported above the IP
   layer, it will work properly through NAT devices.  The WTP can be
   statically configured to discover the AC through a NAT segment.

4.1.15.2.  LWAPP Evaluation

   LWAPP considers two situations in which it may be used in conjunction
   with LWAPP.  The first scenario is where a WTP is behind a NAT
   system.  The second scenario is where the AC sits behind a NAT.  For
   the first scenario, the LWAPP protocol can easily traverses NAT
   systems since all communications is performed over IP using UDP.  For
   the second scenario, there will a few issues which requires user
   intervention and predefined configuration to be done for NAT
   compliance.

4.1.15.3.  SLAPP Evaluation

   SLAPP does not provide any specifications on this objective.

4.1.15.4.  WiCoP Evaluation

   WiCoP does not provide any specifications on this objective.

4.1.15.5.  Analysis

   The aim of this objective is to ensure that the CAPWAP protocol
   operates above the layer at which a NAT device operates.  In general,
   the four proposals are specified to operate above the IP layer.  So
   their operations should not affected by NATs.  There may be some
   instances in which protocol implementations will need to be adapted,
   e.g. in terms of AC/WTP identifications.

4.1.15.6.  Recommendation

   All the four protocols have been specified to operate above the IP
   layer.  It is therefore considered that their operations will not be
   affected by NAT traversals.  So all four protocols are equally
   applicable for this objective.

4.2.  Desirable Objectives

   In this section, a comparison of the various protocols is made
   against each CAPWAP Desirable Objective.  A description of each
   Desirable Objective and statements from the evaluation draft of each



Gwee                     Expires March 16, 2006                [Page 26]

Internet-Draft            Comparative Analysis            September 2005


   protocol are provided for reference.  A final analysis is given at
   the end of each objective.

4.2.1.  Multiple Authentication Mechanisms

   "The CAPWAP protocol MUST support different authentication mechanisms
   in addition to IEEE 802.11i."

4.2.1.1.  CTP Evaluation

   CTP is wireless terminal agnostic and as the PMK key exchange is
   generic, it does not prevent the operation of any other
   authentication mechanisms.

4.2.1.2.  LWAPP Evaluation

   LWAPP allows for a separate security policy for every WLAN created.
   The Encryption Policy field of the Add WLAN message element defines
   static and dynamic WEP encryption, as well as TKIP and AES.

4.2.1.3.  SLAPP Evaluation

   SLAPP does not restrict the use of other authentication techniques
   other than IEEE 802.11i.  Typically different techniques are used on
   separate SSIDs which can be based on one WTP.

4.2.1.4.  WiCoP Evaluation

   WiCoP does not prevent the operation of any authentication mechanism.
   It is generic to support all types of authentication mechanisms.

4.2.1.5.  Analysis

   From the above description, all the four protocols provide some
   support for use of different authentication techniques.  However, it
   is clear that LWAPP and SLAPP provide support for multiple
   authentications in a more effective manner.  The use of SSIDs in
   determining the type of security policy used can help in ensuring a
   standardized form of security measure for each logical network.  This
   helps to reduce implementation issues.

4.2.1.6.  Recommendation

   Based on the above analysis, the mechanisms used in both SLAPP and
   LWAPP are the better candidates among the four to fulfill this
   objective effectively.





Gwee                     Expires March 16, 2006                [Page 27]

Internet-Draft            Comparative Analysis            September 2005


4.2.2.  Support for Future Wireless Technologies

   "CAPWAP protocol messages MUST be designed to be extensible for
   specific layer 2 wireless technologies.  It should not be limited to
   the transport of elements relating to IEEE 802.11."

4.2.2.1.  CTP Evaluation

   CTP specification considers other layer 2 wireless technologies in
   its capabilities exchange phase.  In the event that there are layer 2
   wireless specific elements that need to be added, those can be easily
   supported by extensions to the protocol.

4.2.2.2.  LWAPP Evaluation

   LWAPP specification describes the process that must be followed in
   order to define a wireless technology binding for LWAPP.  It also
   defines the IEEE 802.11 binding in its specification for this
   objective.

4.2.2.3.  SLAPP Evaluation

   SLAPP supports this objective by providing a mechanism to negotiate a
   technology specific control protocol in its framework.

4.2.2.4.  WiCoP Evaluation

   WiCoP is generic and extensible to support future developments in
   wireless technologies.

4.2.2.5.  Analysis

   Based on the specifications of the four protocols, it is clear that
   these protocols do consider the possible use of other layer 2
   wireless technologies in their design.  Although LWAPP provides some
   definition of the process of binding a wireless technology to the
   protocol, it mainly describes the IEEE 802.11 binding in the rest of
   the specifications.  It will be best if more information can be
   provided in the form of a generic technology binding process
   framework.  On the other hand, SLAPP does provide an excellent
   framework that helps to extend its use to other future wireless
   technologies.  Its unique protocol design helps in providing some
   form of modularity in the area of wireless technology used and thus
   protocol redesign, if required, is restricted mainly to the
   technology-dependent component only.






Gwee                     Expires March 16, 2006                [Page 28]

Internet-Draft            Comparative Analysis            September 2005


4.2.2.6.  Recommendation

   Although all the four protocols meet this objective, the mechanism
   used in SLAPP does have an advantage over the rest by virtue of its
   framework.  In the event of protocol redesign or extension required
   to accommodate any future development, only the technology-dependent
   component is affected.

4.2.3.  Support for New IEEE Requirements

   "The CAPWAP protocol MUST be openly designed to support new IEEE
   802.11 definitions and extensions."

4.2.3.1.  CTP Evaluation

   CTP defines an abstraction layer to accommodate any type of wireless
   MAC technology.  New IEEE 802.11 amendments can be easily
   accommodated by the protocol although more work is required to
   interpret the impact of the amendment on both the AC and the WTP.

4.2.3.2.  LWAPP Evaluation

   The LWAPP protocol was designed to be able to accommodate new IEEE
   extensions defined, although it is possible that some future
   extensions will require some additional IETF CAPWAP standardization
   work.

4.2.3.3.  SLAPP Evaluation

   SLAPP defines a raw IEEE 802.11 frame support that allows any IEEE
   802.11 frame to be transmitted to the AC, regardless of architecture.
   Should there be a new IEEE 802.11 amendment that requires fundamental
   changes to the current model, an additional technology dependent
   protocol can be defined and negotiated between AC and WTP.

4.2.3.4.  WiCoP Evaluation

   WiCoP is generic and extensible to support future developments in
   wireless technologies and standards.

4.2.3.5.  Analysis

   Based on the specifications of the four protocols, all the protocols
   provide support for new IEEE 802.11 definitions.  Among them, SLAPP
   provides a favourable scheme to implement the addition of new IEEE
   802.11 amendments easily.  By virtue of its framework, it can retain
   much of its technology independent component and add just a new
   control protocol to include the new definition in its operation.



Gwee                     Expires March 16, 2006                [Page 29]

Internet-Draft            Comparative Analysis            September 2005


4.2.3.6.  Recommendation

   Based on the above analysis, the mechanism used in SLAPP has an
   advantage over the rest in meeting this objective effectively.

4.2.4.  Interconnection Objective

   "The CAPWAP protocol MUST NOT be constrained to specific underlying
   transport mechanisms."

4.2.4.1.  CTP Evaluation

   CTP is independent to the transport technology as it makes use of UDP
   to transmit its packet.

4.2.4.2.  LWAPP Evaluation

   LWAPP packets are transported using UDP or Ethernet as transports.
   Support for transport capabilities has been included within the LWAPP
   protocol itself.  Thus, it is expected that LWAPP is sufficiently
   independent of the transport protocol used.

4.2.4.3.  SLAPP Evaluation

   SLAPP makes use of IPv4 to transport its packets and thus its
   operation is independent of the L2 interconnection technologies.  It
   is expected that SLAPP will work over IPv6 as well.

4.2.4.4.  WiCoP Evaluation

   WiCoP does not rely of the specifics of underlying transport
   technologies.  Although WiCoP uses UDP, it does not require any UDP-
   specific information for its operation.

4.2.4.5.  Analysis

   By virtue of their protocol design, the four protocols are not
   constrained to specific underlying transport mechanisms.

4.2.4.6.  Recommendation

   From the specifications given, the mechanisms used in all the
   protocol proposals are able to meet this objective in an equally
   effective manner.

4.2.5.  Access Control

   "The CAPWAP protocol MUST be capable of exchanging information



Gwee                     Expires March 16, 2006                [Page 30]

Internet-Draft            Comparative Analysis            September 2005


   required for access control of WTPs and wireless terminals."

4.2.5.1.  CTP Evaluation

   CTP defines connection, disconnection and authentication messages
   that control the access of wireless terminals.  Furthermore, during
   the registration phase, the WTP have to provide an AP-ID field for
   verification by the AC.  This identification mechanism can be
   considered as a means of access control of the WTP.

4.2.5.2.  LWAPP Evaluation

   As LWAPP tunnels 802.11 MAC management frames to the AC, the AC has
   complete control over the behaviour of the network.  In addition, an
   AC performs authorization of WTPs before connection for security
   reasons.

4.2.5.3.  SLAPP Evaluation

   As SLAPP supports multiple WTP authentication models, it allows the
   AC to have full control over restricting WTPs based on the access
   control policies.  The access control functions for wireless
   terminals consist of several components.  For example, the
   cryptographic and associated authentication requirements can be
   configured per-logical group, which can be used to control access to
   specific logical groups.  Additional access control policies may be
   enforced at the AC if tunneling of frames is required to the AC.

4.2.5.4.  WiCoP Evaluation

   WiCoP uses the Terminal Data message element to exchange association
   and authentication information on wireless terminals.  This is used
   by the AC to supervise access control.

4.2.5.5.  Analysis

   Based on the above descriptions, the mechanisms used in all four
   proposed protocols are able to meet this objective.

4.2.5.6.  Recommendation

   The mechanisms used in all four protocols are able to meet this
   objective equally well.








Gwee                     Expires March 16, 2006                [Page 31]

Internet-Draft            Comparative Analysis            September 2005


5.  Comparative Analysis

   As mentioned in the introduction, this document contains a
   comparative analysis of the four protocols.  From all the analysis of
   the various protocols for each objective, every protocol has its own
   unique strengths in meeting the objectives.  Ideally, the final
   CAPWAP protocol should have a combination of all the best strengths
   of the various protocols.  The table below lists the various
   protocols and their best strengths in meeting the CAPWAP objectives.










































Gwee                     Expires March 16, 2006                [Page 32]

Internet-Draft            Comparative Analysis            September 2005


      CAPWAP Objectives              Recommended Protocol Mechanisms

      Logical Groups                 WiCoP

      Support for Traffic Separation LWAPP/SLAPP

      Wireless Terminal Transparency All

      Configuration Consistency      LWAPP/CTP

      Firmware Trigger               WiCoP

      Monitor System                 WiCoP

      Resource Control               LWAPP

      Protocol Security              SLAPP

      System Security                SLAPP

      802.11i Considerations         WiCoP

      Interoperability               WiCoP

      Product Specifications         All

      Vendor Independence            All

      Vendor Flexibility             All

      NAT Traversal                  All

      Multiple Authentication        SLAPP/LWAPP

      Future Wireless                SLAPP

      New IEEE Requirements          SLAPP

      Interconnection                All

      Access Control                 All

           Table 1: Recommended mechanisms for CAPWAP Objectives

   Thus it can be inferred that the ideal CAPWAP protocol should have a
   combination of the best mechanisms from the various proposals.  For
   example, WiCoP has advantage for logical group objective while LWAPP
   has advantage for resource control objective.  Thus the final CAPWAP



Gwee                     Expires March 16, 2006                [Page 33]

Internet-Draft            Comparative Analysis            September 2005


   protocol should make use of WiCoP's strength and combine it with
   LWAPP's strength.

















































Gwee                     Expires March 16, 2006                [Page 34]

Internet-Draft            Comparative Analysis            September 2005


6.  Conclusion

   In conclusion, a comparative evaluation of the various proposed
   protocols has been provided.  Recommendations have been given on the
   various strengths of the protocols.  The final CAPWAP protocol should
   contain a combination of these strengths.  To do this, one suggestion
   is to combine the mechanisms involved in these strengths into the
   final CAPWAP protocol.  However, this may involve some redesigning
   work and careful analysis of the impact and interaction among these
   mechanisms.









































Gwee                     Expires March 16, 2006                [Page 35]

Internet-Draft            Comparative Analysis            September 2005


7.  Security Considerations

   Security aspects have been discussed in the four proposals.
   Realizing the recommendations made in this document should not affect
   the security considerations previously accounted for in the four
   proposals.  In addition, there should be no introduction of new
   security threats due to realization of recommendations in this
   document.

8.  References

   [I-D.ietf-capwap-arch]
              Yang, L., Zerfos, P., and E. Sadot, "Architecture Taxonomy
              for Control and Provisioning of Wireless Access
              Points(CAPWAP)", draft-ietf-capwap-arch-06 (work in
              progress), November 2004.

   [I-D.ietf-capwap-objectives]
              Govindan, S., "Objectives for Control and Provisioning of
              Wireless Access Points (CAPWAP)",
              draft-ietf-capwap-objectives-03 (work in progress),
              June 2005.

   [I-D.ietf-capwap-problem-statement]
              Calhoun, P., "CAPWAP Problem Statement",
              draft-ietf-capwap-problem-statement-02 (work in progress),
              September 2004.

   [I-D.iino-capwap-wicop]
              Iino, S., "Wireless LAN Control Protocol (WiCoP)",
              draft-iino-capwap-wicop-02 (work in progress), June 2005.

   [I-D.narasimhan-ietf-slapp]
              Narasimhan, P., "SLAPP : Secure Light Access Point
              Protocol", draft-narasimhan-ietf-slapp-01 (work in
              progress), June 2005.

   [I-D.ohara-capwap-lwapp]
              Calhoun, P., "Light Weight Access Point Protocol",
              draft-ohara-capwap-lwapp-03 (work in progress), July 2005.

   [I-D.singh-capwap-ctp]
              Singh, I., "CAPWAP Tunneling Protocol (CTP)",
              draft-singh-capwap-ctp-02 (work in progress), July 2005.

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.




Gwee                     Expires March 16, 2006                [Page 36]

Internet-Draft            Comparative Analysis            September 2005


Author's Address

   Richard Choon Lim Gwee
   Republic Polytechnic
   Tanglin Campus
   1, Kay Siang Road
   Singapore  248922
   Singapore

   Phone: +65 6419 6244
   Email: richard.gwee@rp.edu.sg








































Gwee                     Expires March 16, 2006                [Page 37]

Internet-Draft            Comparative Analysis            September 2005


Intellectual Property Statement

   The IETF takes no position regarding the validity or scope of any
   Intellectual Property Rights or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; nor does it represent that it has
   made any independent effort to identify any such rights.  Information
   on the procedures with respect to rights in RFC documents can be
   found in BCP 78 and BCP 79.

   Copies of IPR disclosures made to the IETF Secretariat and any
   assurances of licenses to be made available, or the result of an
   attempt made to obtain a general license or permission for the use of
   such proprietary rights by implementers or users of this
   specification can be obtained from the IETF on-line IPR repository at
   http://www.ietf.org/ipr.

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights that may cover technology that may be required to implement
   this standard.  Please address the information to the IETF at
   ietf-ipr@ietf.org.


Disclaimer of Validity

   This document and the information contained herein are provided on an
   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
   ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
   INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
   INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.


Copyright Statement

   Copyright (C) The Internet Society (2005).  This document is subject
   to the rights, licenses and restrictions contained in BCP 78, and
   except as set forth therein, the authors retain all their rights.


Acknowledgment

   Funding for the RFC Editor function is currently provided by the
   Internet Society.




Gwee                     Expires March 16, 2006                [Page 38]