What is Roaming?

Written By Mukul Manikandan

This blog post is written to explain in the simplest manner about what the 802.11r protocol aka IEEE 802.11r or Fast BSS Transition (FT) is. 

Fast roaming basics

Very simply put, fast roaming technology was invented in order to reduce the association times when clients roam around and a network that is protected by enterprise security. In the case of WPA2 personal, you will not have the EAP exchanges that take up a significant amount of time.

The regular association process when a client connects to an SSID with enterprise security is as follows.

  1. Client sends an authentication request

  2. AP sends back an authentication response

  3. Client sends an association request

  4. AP sends an association response

  5. 4-way handshake #1 : AP sends nonce to client

  6. 4-way handshake #2 : Supplicant nonce passed to the AP

    1. The encryption key is derived at this stage. Diffie Helman.

  7. 4-way handshake #3 : Verification of the derived encryption key and communication of group transient key by the AP.

  8. 4-way handshake #4 : Acknowledgement of successful decryption.

It is important and interesting to know that the human brain cannot perceive of any event that takes place faster than 100ms. Therefore, an interruption in voice or video that occurs faster than this interval while the client is roaming will not be perceived by the user. In an enterprise security world, where the RADIUS server may be located within the LAN or over an internet connection, the 8 steps that take place above would take several hundreds of milliseconds to complete and imagine the disruption if clients had to perform them over and over again while roaming and associating with each new AP! 

Thus, the fast roaming / Fast Transition (FT) protocol 802.11r was introduced, where the AP with which the client associated to first, will vouch for that authentication across that managed network. Therefore, the lengthy 8 step association will now boil down to the following 4 steps. 

  1. FT authentication; includes PMK seed information from original association and supplicant nonce (client).

  2. FT authentication response – includes PMK seed information and AP nonce (AP)

  3. Derivation of encryption key (AP & Client independently)

  4. FT re-association request – verification of derived encryption key (client)

  5. FT re-association response – acknowledgement of successful decryption and Group Transient Key (AP)

Note: One of the issues with 802.11r is that many older client devices don’t have drivers that support it, and in fact even have trouble properly detecting and associating to networks with 802.11r enabled. While adding new information elements to beacon frames is a scalable part of the 802.11 protocol since the early days of WiFi -- and is an essential element in backwards compatibility of new APs with older client devices -- many older client drivers cannot read and interpret the new FT information element in the beacon frames properly so they see the beacons as corrupted frames. Therefore, to ensure maximum client compatibility, the common recommendation is to disable fast roaming when using WPA2 Personal, and only use it for WPA2 Enterprise networks.

Source: https://www.networkcomputing.com/wireless-infrastructure/wifi-fast-roaming-simplified 

Mukul Manikandan
Previous

How to display your git branch name on the shell prompt?
Next

How to decide between an SQL database and a NoSQL database?