802.11r FT roaming causes serious speed drop (mt76)

PARTIAL FULLY WORKING SOLUTION: 802.11r FT roaming causes serious speed drop (mt76) - #16 by devianceluka

IMPORTANT CLUE: 802.11r FT roaming causes serious speed drop (mt76) - #31 by devianceluka

I have a complete testing setup where I’m triggering roaming with wpa_supplicant roam on a laptop with Intel AX210 and also Android devices where im walking around.

POCO F5 (qualcomm) + Redmi Note 13 Pro+ (mediatek), both everything latest (Android 15).

With these 2 devices I always get a serious speed drop when roaming back to 5ghz bssid and only with FT. If I roam on plain non-802.11r-enabled BSSIDs, everything works fine.

Speed drops from ~900mbit to 10-300mbit, but 95% of the time it is around 50-100mbit. I had to write 300mbit, because sometimes it gets there (200-300), but very rarely. And I also had to write 10mbit because, sometimes it looks like it struggles to even get over 0mbit (in reality it instantly drops from the very start from ~50-100 to 1-10), but again, rarely.

But NEVER over 300mbit. Non-FT-enabled SSIDs work as expected.

I tested 2,4ghz > 5ghz on the same AP and also 5ghz-only ssids between 2x Redmi AX6000 and both are the same (meaning, roaming with FT to 5ghz bssid is the exact and only culprit).

It happens every single time. Im testing this for days already. Its seriously not interference or whatever. The very next second to fix it, I only need to wifi off > on and its instantly back to 900mbit in ookla/iperf3, every single time.

I checked MCS from those Android devices and theyre correct (at times, theyre even higher when the device is doing a speedtest/iperf3 immediately after I walked to get it to FT roam back to 5ghz, while speedtest/iperf3 shows lets say 30mbit).

With wpa_supplicant roam + Intel AX210 it works normally with absolutely no speed drop or any other issue.

I tried everything possible in the past days that theres absolutely nothing left to try. Thats why im now here.

To sum it up:

1. it happens every single time only when FT roaming to 5ghz bssid (auth_alg=ft in logread)
2. sometimes it looks like its struggling to get anything over 0-10mbps, but rarely
3. MCS are correct
4. non FT enabled bssids dont have this issue (auth_alg=open or auth_alg=sae in logread)
5. wpa_supplicant + Intel AX210 doesnt have this issue
6. wifi off>on immediately gets ookla/iperf3 back to 900mbit every single time

This testing setup that I mentioned is now a stock flashed R3 mini used only for this (I can try literally anything):

root@OpenWrt:~# ubus call system board
{
        "kernel": "6.6.104",
        "hostname": "OpenWrt",
        "system": "ARMv8 Processor rev 4",
        "model": "Bananapi BPi-R3 Mini",
        "board_name": "bananapi,bpi-r3-mini",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "24.10.3",
                "revision": "r28872-daca7c049b",
                "target": "mediatek/filogic",
                "description": "OpenWrt 24.10.3 r28872-daca7c049b",
                "builddate": "1758316778"
        }
}

root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fdec:3f4e:bf0f::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config device
        option name 'eth1'
        option macaddr 'a2:72:e8:24:28:a9'

config interface 'wan'
        option device 'eth1'
        option proto 'dhcp'

config interface 'wan6'
        option device 'eth1'
        option proto 'dhcpv6'

root@OpenWrt:~# cat /etc/config/wireless
config wifi-device 'radio0'
        option type 'mac80211'
        option path 'platform/soc/18000000.wifi'
        option band '2g'
        option channel '1'
        option htmode 'HE20'
        option txpower '100'

config wifi-device 'radio1'
        option type 'mac80211'
        option path 'platform/soc/18000000.wifi+1'
        option band '5g'
        option channel '36'
        option htmode 'HE80'
        option txpower '100'

config wifi-iface 'r0_FT'
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option ssid 'FT'
        option encryption 'psk2'
        option key '12345678'
        option ieee80211r '1'
        option ft_over_ds '0'

config wifi-iface 'r0_noFT'
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option ssid 'noFT'
        option encryption 'psk2'
        option key '12345678'

config wifi-iface 'r1_FT'
        option device 'radio1'
        option network 'lan'
        option mode 'ap'
        option ssid 'FT'
        option encryption 'psk2'
        option key '12345678'
        option ieee80211r '1'
        option ft_over_ds '0'

config wifi-iface 'r1_noFT'
        option device 'radio1'
        option network 'lan'
        option mode 'ap'
        option ssid 'noFT'
        option encryption 'psk2'
        option key '12345678'

root@OpenWrt:~# cat /etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option cachesize '1000'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'
        option ednspacket_max '1232'
        option filter_aaaa '0'
        option filter_a '0'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'
        option ra_slaac '1'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

root@OpenWrt:~# cat /etc/config/firewall
config defaults
        option syn_flood        1
        option input            REJECT
        option output           ACCEPT
        option forward          REJECT
# Uncomment this line to disable ipv6 rules
#       option disable_ipv6     1

config zone
        option name             lan
        list   network          'lan'
        option input            ACCEPT
        option output           ACCEPT
        option forward          ACCEPT

config zone
        option name             wan
        list   network          'wan'
        list   network          'wan6'
        option input            REJECT
        option output           ACCEPT
        option forward          REJECT
        option masq             1
        option mtu_fix          1

config forwarding
        option src              lan
        option dest             wan

# We need to accept udp packets on port 68,
# see https://dev.openwrt.org/ticket/4108
config rule
        option name             Allow-DHCP-Renew
        option src              wan
        option proto            udp
        option dest_port        68
        option target           ACCEPT
        option family           ipv4

# Allow IPv4 ping
config rule
        option name             Allow-Ping
        option src              wan
        option proto            icmp
        option icmp_type        echo-request
        option family           ipv4
        option target           ACCEPT

config rule
        option name             Allow-IGMP
        option src              wan
        option proto            igmp
        option family           ipv4
        option target           ACCEPT

# Allow DHCPv6 replies
# see https://github.com/openwrt/openwrt/issues/5066
config rule
        option name             Allow-DHCPv6
        option src              wan
        option proto            udp
        option dest_port        546
        option family           ipv6
        option target           ACCEPT

config rule
        option name             Allow-MLD
        option src              wan
        option proto            icmp
        option src_ip           fe80::/10
        list icmp_type          '130/0'
        list icmp_type          '131/0'
        list icmp_type          '132/0'
        list icmp_type          '143/0'
        option family           ipv6
        option target           ACCEPT

# Allow essential incoming IPv6 ICMP traffic
config rule
        option name             Allow-ICMPv6-Input
        option src              wan
        option proto    icmp
        list icmp_type          echo-request
        list icmp_type          echo-reply
        list icmp_type          destination-unreachable
        list icmp_type          packet-too-big
        list icmp_type          time-exceeded
        list icmp_type          bad-header
        list icmp_type          unknown-header-type
        list icmp_type          router-solicitation
        list icmp_type          neighbour-solicitation
        list icmp_type          router-advertisement
        list icmp_type          neighbour-advertisement
        option limit            1000/sec
        option family           ipv6
        option target           ACCEPT

# Allow essential forwarded IPv6 ICMP traffic
config rule
        option name             Allow-ICMPv6-Forward
        option src              wan
        option dest             *
        option proto            icmp
        list icmp_type          echo-request
        list icmp_type          echo-reply
        list icmp_type          destination-unreachable
        list icmp_type          packet-too-big
        list icmp_type          time-exceeded
        list icmp_type          bad-header
        list icmp_type          unknown-header-type
        option limit            1000/sec
        option family           ipv6
        option target           ACCEPT

config rule
        option name             Allow-IPSec-ESP
        option src              wan
        option dest             lan
        option proto            esp
        option target           ACCEPT

config rule
        option name             Allow-ISAKMP
        option src              wan
        option dest             lan
        option dest_port        500
        option proto            udp
        option target           ACCEPT


### EXAMPLE CONFIG SECTIONS
# do not allow a specific ip to access wan
#config rule
#       option src              lan
#       option src_ip   192.168.45.2
#       option dest             wan
#       option proto    tcp
#       option target   REJECT

# block a specific mac on wan
#config rule
#       option dest             wan
#       option src_mac  00:11:22:33:44:66
#       option target   REJECT

# block incoming ICMP traffic on a zone
#config rule
#       option src              lan
#       option proto    ICMP
#       option target   DROP

# port redirect port coming in on wan to lan
#config redirect
#       option src                      wan
#       option src_dport        80
#       option dest                     lan
#       option dest_ip          192.168.16.235
#       option dest_port        80
#       option proto            tcp

# port redirect of remapped ssh port (22001) on wan
#config redirect
#       option src              wan
#       option src_dport        22001
#       option dest             lan
#       option dest_port        22
#       option proto            tcp

### FULL CONFIG SECTIONS
#config rule
#       option src              lan
#       option src_ip   192.168.45.2
#       option src_mac  00:11:22:33:44:55
#       option src_port 80
#       option dest             wan
#       option dest_ip  194.25.2.129
#       option dest_port        120
#       option proto    tcp
#       option target   REJECT

#config redirect
#       option src              lan
#       option src_ip   192.168.45.2
#       option src_mac  00:11:22:33:44:55
#       option src_port         1024
#       option src_dport        80
#       option dest_ip  194.25.2.129
#       option dest_port        120
#       option proto    tcp

Please clean up AI permutaded config options, preferably resetting the device configuration totally. You are certainly not permitted to make megawatt radio transmissions anywhere in the world.

If not obvious FT counts only if 2 APs have same parameters, including ESSID AP name

This is a totally reset device. Also, txpower is limited elsewhere so it doesnt matter what is in the config. About same names and AI I dont understand what you meant.

Should be obvious that different client behavior means it is a client side problem.

What problem ON YOUR MOBILE PHONES you are solving with 11R?

Are you using multiple APs (as in 2 or more unique physical access point devices distributed across the coverage area)?

I assume that for the 5Ghz←→5Ghz you turned off the 2.4GHz AP’s (to prevent multistage FT)? Also, did you try both ways (AP1-AP2-AP1, as well as AP2-AP1-AP2)?

The only thing that comes to mind is that the exchanged key (AP to AP) needs to be loaded to HW, otherwise speed may get affected by SW decryption. As said above, I also agree that it would be unlikely that such mechanism would change dependent on client…

Important consideration. For PSK FT there is virtually no benefit using 802.11R. This is different for WPA (where delay is much larger).

Is this PSK FT a proxy for an issue experienced with WPA?

You probably mean EAP aka wpa enterprise (not in conf files)

Seamless and lossless roaming inside one big mobility domain between 2 houses with many rooms.

I also think that, thats why im here. It could also be a bug in mt76 or somewhere else in openwrt.

Yes

Yes. I tried all. I have 16 ssids per radio per production device. R3 mini is only for testing exactly as those configs. Roaming (back) to 5ghz bssid with FT is the exact and only culprit. Without FT it doesnt cause this speed drop.

Then it would also exhibit behaviour on x86 with wpa_supplicant roam. I believe its the problem somewhere with MCS or Android behaviour where those MCS shown are some kind of fake. I tried to play with cell_density which doesnt fix it. The only thing left is to try and push directly into hostapd basic_rates and supported_rates to really force it to a single MCS. If I had to guess, it could be worse, because at the start I had cell_density ‘3’ which I think was worse then now with cell_density ‘0’.

I dont understand what you meant. FT-PSK == psk2 + 802.11r enabled

Thats one of the things left to try. I will probably try this soon.

Im open to ideas to try anything. Maybe I missed something. Older openwrt versions are another one.

Cmon, it does not work already. Why youd bolt on more stuff….

11R reduces authentication from (typical) 1.5s WPA 5s RADIUS/EAP to (normative) .6s So I really dont see much gain IRL. This is all lossless client side all 3 ways. You hear .6s cracklling in voip phone or freezing a game anyway.

Wifi is like air. Us humans need it

The only thing you really need is reliable connection. The rest (including speed) is optional. If one of your clients doesn't support (or have broken) 802.11r, OCV, or even 802.11w then just turn off respective option. Roaming is a nice thing to have when it works and you actively use VoIP. In all other cases it is totally optional with zero drawbacks.

That’s right. Just trying to say that with PSK switch times are really short already. For practical use, I wouldn’t expect a FT benefit- in contrast with use of EAP FT over EAP…

This inspired me and I might just solved this by switching to WPA3:

option encryption 'sae'

On POCO F5 atleast. I dont care about x86 if it got broken now.

I will need a few days for family members to lend me their Androids to test more.

If I understand you correctly, when switching between APs, the client (e.g., POCO) seamlessly switches between individual APs from 5GHz to 2.4GHz to 5GHz, etc. I'm asking because I've noticed for some time that the problem is that even though the client (in my case, a Xiaomi 11T) is locked to 5GHz with 866/866, the transfer rate doesn't exceed 20Mbps DW and 200 UP. As you wrote, simply turning Wi-Fi off and on on the client drains the maximum bandwidth. I mainly use D-Link DIR2150/2660 and 878, with a WAC510 as a dumb AP. After turning Wi-Fi off and on again, the Xiaomi 11T receives data on the same radio from the same location... much more. Screenshots for WAC510:

10000366671080×727 122 KB

After Roaming between two AP's:

10000366651080×1500 129 KB

After turn off/on wifi on Xiaomi 11T

10000366691080×1546 149 KB

And test - distance between WAC510 and Xiaomi 2 meters.

10000366711080×1508 147 KB

It doesnt drain. It restores.

Do you use FT? Do you have psk2? Then what you are experiencing is exactly this.

Your Xiaomi 11T has Mediatek SoC like my brothers Redmi Note 13 Pro+. My Redmi Pad also has mediatek soc (but a lower one) and just tested and cannot connect to FT-SAE-only ssid. With option encryption 'sae' and 802.11r enabled inside /etc/config/wireless it connects, but theres no auth_alg=ft, meaning WPA3+FT is not supported on it or bugged (mediatek soc) or simply removed from software for being a lower-cost device. I have yet to try my brothers newer Redmi.

TLDR: enable WPA3-only and it should be fixed or you will not be seeing auth_alg=ft in logread anymore for Xiaomi 11T (like my Redmi Pad). Either way, speed will be fixed. Report back please.

TLDR2: So far, its either:

1. FT+sae

2. no FT+sae (only for mediatek devices on FT+sae)

3. FT+psk2+speeddrop (if FT is needed for mediatek).

Mediatek SoC tested only:

1. Redmi Pad (Mediatek Helio G99, hyperos 1, android 14)
2. Xiaomi 11T ( 802.11r FT roaming causes serious speed drop (mt76) - #17 by lexmark3200 )

On another issue, sometimes I get auth_alg=open and sometimes auth_alg=sae. Whats the difference when theres only option encryption 'sae' inside /etc/config/wireless?

Yes , I use 802.11r, and I use usteer-ng.

I use WPA2-PSK with Force CCMP (AES) Cipher.

Ok, I will try to enable WPA3-EAP, but I see more option to set.

If you dont want EAP, its not EAP then. The correct one is WPA3-PSK

I have only:

10000366731080×2147 257 KB

I use wpad wolfssl on 24.10.3

WPA3-SAE is WPA3-PSK