Fast Transition: Which wire does "over DS" take?

Hey there!

I just recently started playing around with 802.11r. Which seems to work quite well.

My network spans 3 floors with 2 access points each. Every floor is a saprate appartment with individual networks but all access points provide all networks.

Router: 10.0.0.1/24 on vlan 1, 10.0.64.1/24 on vlan64, 10.0.72.1/24 on vlan 72, 10.0.84.1/24 on vlan 24.
Access Point 1: 10.0.0.11/24 on vlan 1, all other networks are "unmanaged".
Access Point 2: 10.0.0.12/24 on vlan 1, all other networks are "unmanaged".
(...)
Access Point 6: 10.0.0.16/24 on vlan 1, all other networks are "unmanaged".

So there's br-lan.1, br-lan.64, br-lan.72 and br-lan.84 an every access point. Only br-lan.1 has an IP address while this one is not assigned to a wireless network and every other interface has no IP adress but is assigned to a wireless network.

Assuming the 802.11r does work, what kind of traffic am I expecting to see on which interface when a client tries to roam?
Does traffic go through br-lan.1 because that's the only one with an IP address?

When I'm tcpdump-ing br-lan.1 and br-lan-72 (which I'm on currently), I can't see any traffic indicating there's one access point communicating with another. Altough there's some syslog messages telling me there's 802.11r going on.

Any suggestions on how to get behind what's going on?

Just to be clear: My setup is working sufficently well at the moment. I'm not trying to improve something. I just want to understand how things work.

Regards,
Stephan.

Can you first of all post the part of the syslog that shows the fast transition going on, just to make sure the system really uses 802.11r?

Please change all pws and mac addresses.

I only have one "wire", one wired network, so ft over ds can only run over my br-lan, but I never used a sniffer to check the packages.

1 Like

Fast transitioning only works within the same network. If the client's IP address changes, all connections to Internet services have to be rebuilt anyway.

1 Like

Hey there!

Sorry for not responding earlier, I was a little busy over last view days.

The syslog contains lots of "kernel reports: key addition failed", which "the internet" claims as "is showing up but seems to work anyway, so don't care". This is basically what I wanted to confirm by tcpdumping.

I was trying "Ubiquiti Inc. WiFiman" on android while running around. There's a distinction between "disconnected" and "roaming" when switching from one AP to another within this app. I can run a constant ping command from one of my non-wifi devices that barely uses a single ping when switching form one AP to another. Roaming is noticable slower (read: takes time to reconnect) when 802.11r is turned off in all my APs. That's why I suspect 802.11r is running and used.

Walking through the house

This morning I turned on my smart phone and walked around in order to get some coffee. This is how things connected.

Here's my my AP number 7.
This is the one I was next to when I turned on my phone.
There's a 4-way handshake happening.

Wed Mar  2 08:51:14 2022 daemon.info hostapd: wlan1-2: STA 01:a1:a1:27:1a:c7 IEEE 802.11: authenticated
Wed Mar  2 08:51:14 2022 daemon.info hostapd: wlan1-2: STA 01:a1:a1:27:1a:c7 IEEE 802.11: associated (aid 1)
Wed Mar  2 08:51:14 2022 daemon.notice hostapd: wlan1-2: AP-STA-CONNECTED 01:a1:a1:27:1a:c7
Wed Mar  2 08:51:14 2022 daemon.info hostapd: wlan1-2: STA 01:a1:a1:27:1a:c7 RADIUS: starting accounting session FF555B1E6F651B18
Wed Mar  2 08:51:14 2022 daemon.info hostapd: wlan1-2: STA 01:a1:a1:27:1a:c7 WPA: pairwise key handshake completed (RSN)
Wed Mar  2 08:51:14 2022 daemon.notice hostapd: wlan1-2: EAPOL-4WAY-HS-COMPLETED 01:a1:a1:27:1a:c7
Wed Mar  2 08:56:00 2022 daemon.notice hostapd: wlan1-2: AP-STA-DISCONNECTED 01:a1:a1:27:1a:c7
Wed Mar  2 08:56:01 2022 daemon.err hostapd: nl80211: kernel reports: key addition failed
Wed Mar  2 08:56:01 2022 daemon.err hostapd: nl80211: kernel reports: key addition failed
Wed Mar  2 08:56:14 2022 daemon.info hostapd: wlan1-2: STA 01:a1:a1:27:1a:c7 IEEE 802.11: deauthenticated due to inactivity (timer DEAUTH/REMOVE)

On my road to coffee I passed AP number 5. No 4-way handshake here.

Wed Mar  2 08:52:15 2022 daemon.err hostapd: nl80211: kernel reports: key addition failed
Wed Mar  2 08:52:15 2022 daemon.info hostapd: wlan1-2: STA 01:a1:a1:27:1a:c7 IEEE 802.11: associated (aid 1)
Wed Mar  2 08:52:15 2022 daemon.notice hostapd: wlan1-2: AP-STA-CONNECTED 01:a1:a1:27:1a:c7

The AP number 11 is close to the coffee machine. No 4-way here as well.

Wed Mar  2 08:52:25 2022 daemon.err hostapd: nl80211: kernel reports: key addition failed
Wed Mar  2 08:52:25 2022 daemon.info hostapd: wlan0-2: STA 01:a1:a1:27:1a:c7 IEEE 802.11: associated (aid 1)
Wed Mar  2 08:52:25 2022 daemon.notice hostapd: wlan0-2: AP-STA-CONNECTED 01:a1:a1:27:1a:c7

The my travel back passing AP number 5 once again.

Wed Mar  2 08:55:10 2022 daemon.notice hostapd: wlan1-2: AP-STA-DISCONNECTED 01:a1:a1:27:1a:c7
Wed Mar  2 08:55:10 2022 daemon.err hostapd: nl80211: kernel reports: key addition failed
Wed Mar  2 08:55:10 2022 daemon.info hostapd: wlan1-2: STA 01:a1:a1:27:1a:c7 IEEE 802.11: associated (aid 1)
Wed Mar  2 08:55:10 2022 daemon.notice hostapd: wlan1-2: AP-STA-CONNECTED 01:a1:a1:27:1a:c7

I started workings close to my access point number 1.

Wed Mar  2 08:56:01 2022 daemon.err hostapd: nl80211: kernel reports: key addition failed
Wed Mar  2 08:56:01 2022 daemon.info hostapd: wlan1-2: STA 01:a1:a1:27:1a:c7 IEEE 802.11: associated (aid 2)
Wed Mar  2 08:56:01 2022 daemon.notice hostapd: wlan1-2: AP-STA-CONNECTED 01:a1:a1:27:1a:c7

Configuration

All access points share a common vlan 1 where every AP has an individual IP but no wireless is attached.
All access points share a common vlan 72 where no AP has an IP but where equally configured wireless networks are attached.

Router

That's a banana PI with no wifi.

/etc/config/network
config interface 'lan'
	option type 'bridge'
	option ifname 'eth0.1'
	option proto 'static'
	option ipaddr '10.0.0.1'
	option netmask '255.255.254.0'
	option delegate '0'

config interface 'stephan'
	option ifname 'eth0.72'
	option type 'bridge'
	option proto 'static'
	option ipaddr '10.72.0.1'
	option netmask '255.255.255.0'

AP 7

This one is a Belkin RT3200 running SNAPSHOT r18953-b9251e3b40.

/etc/config/network
config interface 'lan'
	option proto 'static'
	option gateway '10.0.0.1'
	list dns '10.0.0.1'
	option device 'br-lan.1'
	option delegate '0'
	option netmask '255.255.254.0'
	option ipaddr '10.0.1.7'

config interface 'stephan'
	option device 'br-lan.72'
	option proto 'none'
	option force_link '1'
	option defaultroute '0'
	option peerdns '0'
	option delegate '0'
/etc/config/wireless
config wifi-device 'radio0'
	option type 'mac80211'
	option path 'platform/18000000.wmac'
	option band '2g'
	option htmode 'HT20'
	option cell_density '0'
	option channel '5'
	option country 'DE'
	option distance '10'
	option beacon_int '300'
	option logger_syslog_level '1'
	option log_level '1'
	option txpower '9'

config wifi-device 'radio1'
	option type 'mac80211'
	option path '1a143000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0'
	option band '5g'
	option htmode 'HE80'
	option country 'DE'
	option cell_density '0'
	option channel '124'
	option logger_syslog_level '1'
	option log_level '1'

config wifi-iface 'wifinet2'
	option ssid 'stephan-wifi'
	option key 'redacted-key'
	option network 'stephan'
	option device 'radio0'
	option hidden '0'
	option mode 'ap'
	option encryption 'psk-mixed'
	option short_preamble '1'
	option disassoc_low_ack '1'
	option ieee80211k '1'
	option rrm_neighbor_report '1'
	option rrm_beacon_report '1'
	option ieee80211r '1'
	option mobility_domain '0c62'
	option nasid '81a5fb6eaf9d360b619c0704fc63eb82'
	option ft_over_ds '1'
	option ft_psk_generate_local '1'
	option time_advertisement '1'
	option bss_transition '1'

config wifi-iface 'wifinet8'
	option ssid 'stephan-wifi'
	option key 'redacted-key'
	option network 'stephan'
	option device 'radio1'
	option hidden '0'
	option mode 'ap'
	option encryption 'psk-mixed'
	option short_preamble '1'
	option disassoc_low_ack '1'
	option ieee80211k '1'
	option rrm_neighbor_report '1'
	option rrm_beacon_report '1'
	option ieee80211r '1'
	option mobility_domain '0c62'
	option nasid 'f8e0d11599b1a8a5f3d042076ac6901f'
	option ft_over_ds '1'
	option ft_psk_generate_local '1'
	option time_advertisement '1'
	option bss_transition '1'

AP 5

This one is a TP-Link 4900 running 21.02.1 r16325-88151b8303.

/etc/config/network
config interface 'lan'
	option proto 'static'
	option gateway '10.0.0.5'
	list dns '10.0.0.1'
	option device 'br-lan.1'
	option delegate '0'
	option netmask '255.255.254.0'
	option ipaddr '10.0.1.11'

config interface 'stephan'
	option device 'br-lan.72'
	option proto 'none'
	option force_link '1'
	option defaultroute '0'
	option peerdns '0'
	option delegate '0'
/etc/config/wireless
config wifi-device 'radio0'
	option type 'mac80211'
	option hwmode '11a'
	option path 'ffe09000.pcie/pci9000:00/9000:00:00.0/9000:01:00.0'
	option cell_density '0'
	option htmode 'HT40'
	option country 'DE'
	option channel '44'
	option logger_syslog_level '1'
	option log_level '1'

config wifi-device 'radio1'
	option type 'mac80211'
	option hwmode '11g'
	option path 'ffe0a000.pcie/pcia000:02/a000:02:00.0/a000:03:00.0'
	option htmode 'HT20'
	option cell_density '0'
	option country 'DE'
	option distance '10'
	option beacon_int '300'
	option channel '9'
	option logger_syslog_level '1'
	option log_level '1'
	option txpower '9'

config wifi-iface 'wifinet2'
	option ssid 'stephan-wifi'
	option key 'redacted-key'
	option network 'stephan'
	option device 'radio0'
	option hidden '0'
	option mode 'ap'
	option encryption 'psk-mixed'
	option short_preamble '1'
	option disassoc_low_ack '1'
	option ieee80211k '1'
	option rrm_neighbor_report '1'
	option rrm_beacon_report '1'
	option ieee80211r '1'
	option mobility_domain '0c62'
	option nasid '93dbc85f871be4ae7f079a963e8059b6'
	option ft_over_ds '1'
	option ft_psk_generate_local '1'
	option time_advertisement '1'
	option bss_transition '1'

config wifi-iface 'wifinet8'
	option ssid 'stephan-wifi'
	option key 'redacted-key'
	option network 'stephan'
	option device 'radio1'
	option hidden '0'
	option mode 'ap'
	option encryption 'psk-mixed'
	option short_preamble '1'
	option disassoc_low_ack '1'
	option ieee80211k '1'
	option rrm_neighbor_report '1'
	option rrm_beacon_report '1'
	option ieee80211r '1'
	option mobility_domain '0c62'
	option nasid '69b27a9a3b41e7936e9d18df92744cd4'
	option ft_over_ds '1'
	option ft_psk_generate_local '1'
	option time_advertisement '1'
	option bss_transition '1'

AP 11

This one is a TP-Link 4900 running 21.02.1 r16325-88151b8303.

/etc/config/network
config interface 'lan'
	option proto 'static'
	option gateway '10.0.0.1'
	list dns '10.0.0.1'
	option device 'br-lan.1'
	option delegate '0'
	option netmask '255.255.254.0'
	option ipaddr '10.0.1.11'

config interface 'stephan'
	option device 'br-lan.72'
	option proto 'none'
	option force_link '1'
	option defaultroute '0'
	option peerdns '0'
	option delegate '0'
/etc/config/wireless
config wifi-device 'radio0'
	option type 'mac80211'
	option hwmode '11a'
	option path 'ffe09000.pcie/pci9000:00/9000:00:00.0/9000:01:00.0'
	option cell_density '0'
	option country 'DE'
	option htmode 'HT40'
	option logger_syslog_level '1'
	option channel '136'
	option log_level '1'

config wifi-device 'radio1'
	option type 'mac80211'
	option hwmode '11g'
	option path 'ffe0a000.pcie/pcia000:02/a000:02:00.0/a000:03:00.0'
	option htmode 'HT20'
	option country 'DE'
	option cell_density '0'
	option beacon_int '300'
	option channel '13'
	option distance '5'
	option logger_syslog_level '1'
	option log_level '1'
	option txpower '9'

config wifi-iface 'wifinet2'
	option ssid 'stephan-wifi'
	option key 'redacted-key'
	option network 'stephan'
	option device 'radio0'
	option hidden '0'
	option mode 'ap'
	option encryption 'psk-mixed'
	option short_preamble '1'
	option disassoc_low_ack '1'
	option ieee80211k '1'
	option rrm_neighbor_report '1'
	option rrm_beacon_report '1'
	option ieee80211r '1'
	option mobility_domain '0c62'
	option nasid '056cfa288e0e450325c756bee76cb795'
	option ft_over_ds '1'
	option ft_psk_generate_local '1'
	option time_advertisement '1'
	option bss_transition '1'

config wifi-iface 'wifinet8'
	option ssid 'stephan-wifi'
	option key 'redacted-key'
	option network 'stephan'
	option device 'radio1'
	option hidden '0'
	option mode 'ap'
	option encryption 'psk-mixed'
	option short_preamble '1'
	option disassoc_low_ack '1'
	option ieee80211k '1'
	option rrm_neighbor_report '1'
	option rrm_beacon_report '1'
	option ieee80211r '1'
	option mobility_domain '0c62'
	option nasid '2bf39786782d30017b3abbf3f3a3eab0'
	option ft_over_ds '1'
	option ft_psk_generate_local '1'
	option time_advertisement '1'
	option bss_transition '1'

AP 1

This one is a Belkin RT3200 running SNAPSHOT r18953-b9251e3b40.

/etc/config/network
config interface 'lan'
	option proto 'static'
	option gateway '10.0.0.1'
	list dns '10.0.0.1'
	option device 'br-lan.1'
	option delegate '0'
	option netmask '255.255.254.0'
	option ipaddr '10.0.1.1'

config interface 'stephan'
	option device 'br-lan.72'
	option proto 'none'
	option force_link '1'
	option defaultroute '0'
	option peerdns '0'
	option delegate '0'
/etc/config/wireless
config wifi-device 'radio0'
	option type 'mac80211'
	option path 'platform/18000000.wmac'
	option channel '1'
	option band '2g'
	option htmode 'HT20'
	option cell_density '0'
	option country 'DE'
	option beacon_int '300'
	option distance '5'
	option disabled '0'
	option logger_syslog_level '1'
	option log_level '1'
	option txpower '9'

config wifi-device 'radio1'
	option type 'mac80211'
	option path '1a143000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0'
	option band '5g'
	option htmode 'HE80'
	option country 'DE'
	option cell_density '0'
	option channel '112'
	option disabled '0'
	option logger_syslog_level '1'
	option log_level '1'

config wifi-iface 'wifinet2'
	option ssid 'stephan-wifi'
	option key 'redacted-key'
	option network 'stephan'
	option device 'radio0'
	option hidden '0'
	option mode 'ap'
	option encryption 'psk-mixed'
	option short_preamble '1'
	option disassoc_low_ack '1'
	option ieee80211k '1'
	option rrm_neighbor_report '1'
	option rrm_beacon_report '1'
	option ieee80211r '1'
	option mobility_domain '0c62'
	option nasid 'd87d64420cb4c5fc2fde22769bed615c'
	option ft_over_ds '1'
	option ft_psk_generate_local '1'
	option time_advertisement '1'
	option bss_transition '1'

config wifi-iface 'wifinet8'
	option ssid 'stephan-wifi'
	option key 'redacted-key'
	option network 'stephan'
	option device 'radio1'
	option hidden '0'
	option mode 'ap'
	option encryption 'psk-mixed'
	option short_preamble '1'
	option disassoc_low_ack '1'
	option ieee80211k '1'
	option rrm_neighbor_report '1'
	option rrm_beacon_report '1'
	option ieee80211r '1'
	option mobility_domain '0c62'
	option nasid '5870c6e77ebf73c9b492748a04514c6f'
	option ft_over_ds '1'
	option ft_psk_generate_local '1'
	option time_advertisement '1'
	option bss_transition '1'

Regards,
Stephan.

1 Like

few months later ..

Does anyone has the reply to this very intersting question : Fast Transition: Which wire does “over DS” take?

1 Like