Re: [Cerowrt-devel] Open Source RRM & Hand-Over Optimization (WAS: Throughput regression with `tcp: refine TSO autosizing`)

["Björn Smedman" <bs@anyfi.net>]

On Mon, Feb 2, 2015 at 11:53 PM, Avery Pennarun <apenwarr@google.com> wrote:
> On Mon, Feb 2, 2015 at 11:44 AM, Björn Smedman <bs@anyfi.net> wrote:
>> On Mon, Feb 2, 2015 at 5:21 AM, Avery Pennarun <apenwarr@google.com> wrote:
>>> While there is definitely some work to be done in handoff, it seems
>>> like there are some find implementations of this already in existence.
>>> Several brands of "enterprise access point" setups seem to do well at
>>> this.  It would be nice if they interoperated, I guess.
>>>
>>> The fact that there's no open source version of this kind of handoff
>>> feature bugs me, but we are working on it here and the work is all
>>> planned to be open source, for example: (very early version)
>>> https://gfiber.googlesource.com/vendor/google/platform/+/master/waveguide/
>>
>> We've got an SDN-inspired architecture with 802.11 frame tunneling (a
>> la CAPWAP), airtime fairness, infrastructure initiated hand-over,
>> Opportunistic Key Caching (OKC), IEEE 802.11r Fast BSS Transition and
>> a few more goodies. It's currently free as in beer
>> (http://anyfi.net/software,
>> https://github.com/carrierwrt/carrierwrt/pull/7 and
>> http://www.anyfinetworks.com/download) up to 100 APs, but we're
>> definitely going to open source in one form or another.
>>
>> We've also tried to raise some interest in fixing up CAPWAP
>> (https://www.ietf.org/mail-archive/web/opsawg/current/msg03196.html),
>> which is (unfortunately) the best open standard at the moment.
>> Interest seems marginal though...
>
> This sounds cool.  Is the CAPWAP/encapsulation stuff separable from
> the rest?  At 802.11ac speeds, a super fast WAN link, and a low-cost
> SoC, too many layers can be a killer.

Our current architecture is a bit "fixed function" with tunneling
built in. That's because it's targeted at guest access / homespots
where there's typically a "local MAC" for the home Wi-Fi network
(which we don't touch), and for guests you usually want to tunnel
anyway. Many use L2oGRE to tunnel a "second SSID" in this use-case,
but since the visited AP is a point of attack we think you should
encrypt "through" the AP. You can do that without any extra overhead
since you're just shoveling encrypted 802.11 frames from one interface
to another, but you're right it's a bit slower in practice: in the
extreme case of frame shoveling in user space you're limited to about
40 Mbps (for guests) on a $10 SoC (but home Wi-Fi throughput is not
impacted).

What we're working on now though is an "Open wSwitch" that lets you
pick and choose which frames to tunnel and where, even within one BSS
/ for a single STA. You'll also be able to set the temporal key (TK)
from a central location so that you can do e.g. OKC / 802.11r combined
with local bridging. This should make it possible to do both the
secure guest access and the more enterprisy stuff over the same
control plane protocol. We're also planning to put the 802.11
tunneling in kernel space this time, which should easily get you 100
Mbps of AES-128-CCM through a cheap SoC (and into/out of a cheap
mobile device!).