Capwap Study Notes-first knowledge of capwap (4)

2.5.7 capwap Transmission Mechanism

Standard UDP Client/Server mode is used between WTP and AC to establish communication.

Capwap supports UDP and UDP-lite [rfc3828].

￠ On IPv4, capwap Control and Data tunnel use UDP. In this case, the UDP checksum in the capwap packet must be set to 0. The capwap Control Packet port on the AC is UDP's well-known port 5246, and the data packet port is UDP's well-known port 5247. WTP can select capwap Control and Data port at will.

In IPv6, The capwap Control CHannel generally uses UDP, while the data channel can use UDP or UDP-lite. UDP-lite is the default data channel transmission protocol. When UDP-lite is used, the checksum must be 8. The port used by UDP-lite is consistent with that used by UDP.

2.5.8 partition, reorganization, MTU discovery

The capwap protocol provides IP packet allocation and reorganization services at the application layer. Because of the tunneling mechanism, the transmission medium in the middle of the packet fragmentation is transparent. Therefore, the capwap protocol can be used in any network architecture (such as firewall and NAT.

The sharding Mechanism Implemented by capwap is also limited and inadequate, which is described in rfc4963.

Capwap executes MTU detection to avoid sharding.

Once WTP discovers the AC and wants to establish a capwap session with the AC, it must execute a path MTU (PMTU) to discover it. The PMTU discovery process of IPv4 is described in rfc1191. IPv6 uses rfc4821.

2.5.9 Message format

Capwap protocol reliability requires that messages must be paired and composed of requests and responses. The Message Type values of all request messages are odd, and all response message types are even.

If WTP or AC receives an unknown message with an odd number of message types, it will add a value of the Message Type and then respond to the sender, the response contains the "unknown message type" element. If the unknown message type is an even number, the message will be ignored.

2.5.9.1 brief introduction to UDP-lite Protocol

The UDP-lite protocol is more suitable for scenarios where the network error rate is relatively high, but applications are not sensitive to minor errors, such as playing real-time videos.

So what is the difference between it and the traditional UDP protocol?

The traditional UDP protocol performs a complete verification of its load (payload). If some of the bits (even if only one) change, the entire packet may be discarded. In some cases, the cost of dropping this packet is very high, especially when the packet is large.

In UDP-lite protocol, the user does not need to verify the load of a data packet, or the number of bits to be verified is controlled by the user, in addition, the UDP-lite protocol uses the length field of the UDP protocol to represent its checksum coverage. Therefore, when the checksum coverage field of the UDP-lite protocol is equal to the entire UDP packet (including the UDP header and load) the UDP-lite package is the same as the traditional UDP package. In fact, Linux supports UDP-lite Protocol by adding a setsockopt option on the basis of the original UDP protocol to control sending and receiving checksum coverage.

2.5.9.2 brief introduction to capwap packets

Capwap control protocol includes two messages that will never be protected by dtls: discovery request and discovery response.

The message format is as follows:

The rest of the capwap control protocol packets must be encrypted by the dtls protocol, and therefore include a capwap dtls header.

The capwap protocol is optional for dtls encryption of data packets.

Capwap Header Format:

Protocol UDP header: All capwap packets are encapsulated in UDP or UDP-lite (IPv6.

￠ Capwap dtls header: All capwap messages encrypted by dtls have this header prefix.

￠ Dtls header: The dtls header provides authentication and encryption services for capwap loads. Dtls is defined in rfc4347.

￠ Capwap header: All capwap protocol packets use the same header, which is located after the capwap pre-judgment code or dtls header.

Listen wireless load: The capwap Protocol packet containing the wireless load is called the capwap data packet. Capwap does not require the format of the wireless load, but is determined by the wireless protocol standard.

Accept control header: The capwap protocol contains a signal component called capwap control protocol. All capwap control packets contain a control header, which is not included in the capwap control report.

Authorization message element: the capwap control message contains one or more elements that follow the control header. These message elements appear in TLV format (type/length/value)

2.5.9.2.1 pre-judgment code

The first eight digits of the two capwap headers are pre-judgment codes, which are used to quickly determine whether the packets are encrypted by dtls. The first four digits indicate the capwap version. The current version number is 0. If the last four digits are 1, The capwap dtls header is used. If the last four digits are 0, the capwap header is used.

0

0 1 2 3 4 5 6 7

+-+

| Version | type |

2.5.9.2.2 capwap dtls Header

This message is encrypted by dtls. The length is 32 characters, including 8-bit pre-judgment code and 24-bit reserved code.

0 1 2 3

0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 4 5 6 7 8 9 0 1

+- +-+

| Capwap preamble | reserved |

+- +-+

2.5.9.2.3 capwap Header

All packets of the capwap Protocol include the capwap header. The control packet is received on the control channel and the data packet is received on the data channel,

0 1 2 3

0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 4 5 6 7 8 9 0 1

+- +-+

| Capwap preamble | hlen | rid | wbid | T | f | L | w | M | K | flags |

+- +-+

| Fragment ID | frag offset | rsvd |

+- +-+

| (Optional) radio MAC address |

+- +-+

| (Optional) wireless specific information |

+- +-+

| Payload... |

+- +-+

The packet consists of the following parts:

(1) capwap Preamble: 8-bit pre-judgment code.

(2) hlen: Specifies the length of the capwap header.

(3) RID: 5-bit RF identifier, indicating the source Rf of the message.

(4) wbid: 5-bit Wireless Frame identifier, indicating the wireless frame type, which can be, or epcglobal.

(5) T: 1-bit data frame identifier. When the value is 1, the data frame is of the type specified by wbid, and when the value is 0, it is an IEEE 802.3 data frame.

(6) F: indicates a one-bit packet. If the value is 1, the packet is a capwap packet group and must be duplicated with other groups.

(7) L: indicates the end of a one-bit group. If the value is 1, this packet is the last group.

(8) W: 1 option flag. If the value is 1, the wireless specific information option exists.

(9) M: 1-bit option flag. If the value is 1, the radio MAC address option exists.

(10) K: 1-bit survival mark, indicating that the message is used to keep the connection alive and cannot carry user data.

(11) flags: A three-digit reserved flag.

(12) fragment ID: A 16-bit Group Identifier that identifies different packet groups. groups with the same ID belong to the same capwap packet.

(13) Fragment offset: the position of each group in the position of the 13-bit group in the capwap packet.

(14) Reserved: A three-digit reserved code.

(15) radio MAC address: 32-bit rf mac address. If the IP address is less than 32 bits, the MAC address is filled with 0. Specifies the MAC address of the source Rf of the message.

(16) wireless specific information: 32-bit special wireless information, less than 32 characters are filled with all 0 characters. Contains special information, such as the Association with IEEE 802.11, IEEE 802.16, and epcglobal.

(17) payload: a data packet is user data, and a control message is a control message. For details about the control message definition, see [1].

2.5.9.3capwap data packets

There are two types of capwap data packets: capwap Data Channel keep-alive and data payload. Capwap data hannel keep-alive packets are used for Synchronous Control and Data tunnel to maintain data tunnel connections. Data payload packets are used to transmit user data between AC and WTP.

2.5.9.3.1 capwap Data Channel keep-alive

The purpose of this article is to maintain the availability of the channel. When the datachannelkeepalive timer expires, WTP sends the message and sets the datachanneldeadinterval timer.

In the message, except for the heln field and K flag, the other fields and flag spaces are set to 0. When receiving the keepalive message, the AC will respond to a keepalive message to the WTP.

After receiving the keepalive message from the AC, WTP cancels the datachanneldeadinterval timer and resets the datachannelkeepalive timer. Then, WTP resends the keepalive message as a control message. If the AC response message is still not received when the datachanneldeadinterval timer expires, WTP deletes the control session of dtls. If a data session exists, it is also deleted.

The keepalive Message format is as follows:

0 1 2 3

0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 4 5 6 7 8 9 0 1

+- +-+

| Message element length | Message Element [0... n]...

+- +-+

The packet is encapsulated in the payload field of the capwap packet.

Message element length: 16bit length field. The maximum value is 65535.

Message Element [0. N]: The keppalive packet data carried. The seesion ID must be carried.

2.5.9.3.2 data payload

Capwap data payload packets encapsulate user data to be forwarded, which may contain 802.3 frames or wireless data frames. For details, see section 3.2.

2.5.9.3.3 dtls Data Channel Establishment

If AC and WTP are configured as the dtls tunnel transmission mode, you must initialize the dtls session. To avoid re-Authentication and authentication of AC and WTP, The dtls data channel should use the features of the TLS session.

The AC dtls implementation should not initialize the data channel session without a control channel.

2.5.9.4 capwap control packets

Capwap control packets are classified into the following types:

Discovery: discovery of the AC and AC locations and capabilities in the Network

Join: WTP is used to request services from AC, and AC is used to respond to WTP

Control Channel Management: Maintain the Control CHannel

WTP Configuration Management: AC sends a configuration file to WTP.

Station session management: the AC sends the station policy to WTP

Device management operations: request and send firmware to WTP

Binding-specific capwap management messages: AC and WTP are used to exchange capwap management information specified by the Protocol. The connection status of a station may be exchanged.

2.5.9.3.1 capwap discovery operations

￠ Discovery Request Message

WTP uses the Discovery request to automatically discover the available AC in the network and provide its basic performance to the AC.

￠ Discovery Response Message

The AC uses discovery response to notify the WTP of the request service of the services it supports.

￠ Primary discovery Request Message

WTP sends the primary Discovery request to determine whether the preferred (or configured) AC is available or to execute a path MTU discovery

￠ Primary discovery response

AC uses primary discovery response to tell WTP that it is currently available and supports services.

When WTP is configured with a preferred AC, but now it is connected to another ac, the primary Discovery request will be sent. Because WTP only has one capwap state machine, WTP sends the primary Discovery request in the run state, and the AC does not transmit this message.

2.5.9.3.2 capwap Join Operations

Semi join request

After establishing a dtls connection with the AC, WTP uses join request to request services from an AC.

Semi join response

The AC uses join response to tell WTP whether to provide services to it.

2.5.9.3.3 control channel management

Invalid Echo Request

Response echo response

Echo Request and echo response are used to explicitly maintain the connection of the control channel when the control packets are not sent.

2.5.9.3.4 WTP Configuration Management

Invalid configuration status request

WTP is used to send your current configuration to AC

Configuring configuration status response

The AC provides its own configuration data to WTP, covering the configuration requested by WTP

Configure configuration update request

When running, the AC sends a message to WTP to modify the configuration of WTP.

Configure configuration update response

Response configuration update request

Please change state event request

1: When WTP receives the configuration status response from AC, WTP uses the change state event request to provide the current status of WTP radio, and confirms that the configuration provided by AC has been successfully applied.

2: In the run state, WTP sends the change state event request to inform AC that WTP radio has undergone unexpected changes.

Please change state event response:

Response to change state event request

Export clear configuration request:

AC is used to request WTP to restore its configuration to the factory default value.

Export clear configuration response

After WTP is restored to the default factory value, it is sent to the AC for confirmation.

Capwap provides an elastic WTP configuration management mechanism. There are two methods:

1: WTP does not have any configuration. accept any configuration provided by AC.

2: WTP stores the static memory provided by the AC with configuration data that is not the default value, and then restarts the Initialization Configuration.

2.5.9.3.5 device management operations (optional)

Restore Image Data Request

Exchange between WTP and AC for WTP to download a new firmware

Restore image data response

Response to image data response

Restore reset request

WTP is required to be restarted.

Restore reset response

Response to reset request

Invalid WTP event request

WTP is used to send information to the AC. WTP event request may be sent in stages or as a response to a WTP synchronization event.

Descriwtp Event Response

Respond to WTP event request

Invalid Data Transfer Request

Send the debugging information on WTP to AC

Invalid Data Transfer Response

Response Data Transfer Request

WTP event request refers to some defined status information sent by WTP, such as decryption error report and duplicate IPv4 address, which can also be used to send Vendor Specific Payload

Data transfer requests can be sent by the AC or WTP.

2.5.9.3.6 the firmware download process defined by capwap:

The download of firmware may take place in the image data or run status. The capwap protocol does not allow the AC to identify whether the firmware information provided by WTP is correct or whether the WTP stores firmware correctly.

2.5.9.3.7 station session management

Login station configuration request

AC is used to create, modify, and delete the staion session status on WTP.

Administrative Station configuration response

Response to station configuration request