Re: [DNA] Re: RS/RA Exchange

[Greg Daley <greg.daley@eng.monash.edu.au>]

Hi Bernard,

Bernard Aboba wrote:
>>On WLAN with switched ethernet, broadcasts go over the wireless link.
> 
> 
> This depends on whether a station is a member of the same broadcast
> domain as the VLAN on which the broadcast originated.  Remember, APs are
> capable of handling multiple VLANs nowadays. So if there are no stations
> that are members of the same VLAN as the broadcast frame in question, it
> won't be forwarded over the Wireless Medium (WM).

This is an interesting idea, but relies upon the devices
knowing that they share (for example) the default VLAN.

(perhaps this is part of what Hesham was talking about...)

In this case, you could readily use VRRP on the
VLAN, and tie RA transmission rates to master and
backup instances.

>>Most switches today treat multicast as broadcast.
> 
> 
> Today's switches typically support IGMP snooping and/or GARP Multiast
> Registration Protocol (GMRP), so that multicast in fact need not be
> handled the same as broadcast.

Indeed.

Most of them don't support MLD snooping yet though.

The use of GARP would make an interesting alternative.
I've not seen many wireless devices using it.

Perhaps these are transitional problems, though.

I've got no problem with directing multicast only to
the ports which require the traffic.
I was thinking that the principle benefit is if there
was a router-router configuration protocol where it
doesn't matter much that the packets go out on the wireless
medium.

What's important is that there's either topological
separation, or authenticated/authorized message exchange.
I'd guess that if the first isn't available, a mechanism
for the second would be useful, since it could be used
to prevent impersonation attacks.

>>A device which can transmit onto the wireless link will have its
>>vrrp or all-routers messages bridged onto the wired link
> 
> 
> I think you are assuming that an IEEE 802.11 wireless access point is a
> bridge. This is not the case.  IEEE 802.11-1999 does not require an AP to
> implement spanning tree protocol (STP) and APs do not "learn" or forward
> in the same manner that bridges do.  For example, an IEEE 802.11 AP will
> not forward a frame received on the DS to the WM unless the destination
> address is one of a station that has associated to the AP.

You're right about the forwarding except in the case
where broadcast or unsnooped/GARP'ed multicast is
done.

I'm not really assuming 802.1d bridging.  It doesn't
matter what mechanism is used for the forwarding if
the multicast messages are being treated like broadcasts.
These messages will go out onto all cells uniformly.

One solution to achieving this private configuration
channel is to use GARP or snooping on the
AP's or 802.1d bridges behind them.

Multicast router solicitation messages from switches
could be used by routers to determine the presence of
snooping switch infrastructure.

In this case, the multicast message delivery is
going to be confined to routers which can
participate in mrdisc.  Transmissions wouldn't go
over the wireless medium, though it doesn't stop
non-members from from sending to the router groups.

More concrete physical security or an authorization
mechanism would help here.

Greg