Fast BSS Transition – 802.11r

What is the purpose of 11r. Published in 2008 and rolled up to the 802.11 standard in 2012. An amendment to improve handoff from one AP to another.

This handoff is the same with or without 11r, the device is what ultimately decides when and where to roam.

As security was added, so were the additional exchanges in messages where the amount of time to roam was increased.

This delay caused packet loss for some devices, especially voice calls and other latency sensitive applications.

What are the benefits?

802.11r aims to reduce the length of time it takes to roam between access points. With real-time applications now relying on the wireless network, 802.11r can help reduce the roaming time and help minimize dropped traffic.

Here’s an example of the difference in roaming times. It may not seem like a lot but for some applications such as VoIP it could be the jitter or missed words.

I have frame exchanges with a client roaming to another AP. This network doesn’t have 802.11r enabled.

In this other example, I turn on 802.11r and we can see the difference in the amount of time it takes to roam.

Caveat

The device needs to support 802.11r to join the BSS. Without 802.11r support, the device will be denied from associating due to an incompatibility.

Fast BSS Transition 802.11r

Fast transition is part of the reassociation process within the same mobility domain. In this mobility domain, the access points are working together in the same infrastructure or extended service set (ESS).

Key Terms to remember:

• FT – Fast Transition
• FTO – A station is the Fast Transition Originator (FTO).
• Over-the-Air – When FTO communicates with the target AP directly
• Over-the-DS – When FTO communicates with target AP through the current AP

Initial exchange of Fast Transition is called FT initial mobility domain association.

When the FTO wants to roam from its current AP to a target AP using FT protocols, it will exchange messages in one of two ways:

• Over-the-Air
  • When the FTO communicates directly with the target AP
• Over-the-DS
  • When FTO communicates with target AP through the current AP.
  • FT Action Frames are used between FTO and AP
  • Communication between AP and target AP is encapsulated.

APs advertise their FT capabilities.

• Beacon frame
• Probe Response frame

Open System authentication uses the following suite types:

• 00:0f:ac:3
• 00:0f:ac:4

SAE uses suite type of:

• 00:0f:ac:9

FT initial mobility association without an RSN

• STA sends Reassociation request with MDE.
• AP responds with Reassociation response frame with MDE.

FT Protocol

Over-the-Air FT protocol Authentication in an RSN

• Fresh PTK is computed in advance of the reassociation

The exchange is as follows:

• FTO sends Authentication Request to Target AP.
  • Source Address field is set to the MAC address of the FTO
  • Destination Address field is set to the BSSID of target AP
• Target AP sends Authentication Response

Over-the-DS FT protocol in an RSN

• Fast BSS Transition over DS bit will equal 1

• over-the-DS transition is done by FTO sending FT request to target AP through the current AP.
• FT Request frame from FTO will be a FT Action frame
  • FT Action frame field value will be FT Request
• FT Response frame is an FT Action frame with FT Action field value of FT Response
• STA address field of FT Request frame is set to the MAC address of the FTO
• Target AP address field of FT Request frame is set to the BSSID of the target AP

Sample Frames

You can download the frames created from our lab environment.