WDS and Dynamic WDS

Introduction

(Note - this is a work in progress. Please bug Adrian if you see this message as he is currently trying to stay on top of documenting, debugging and extending it.)

WDS (Wireless Distribution System) is an early 802.11 method of linking multiple 802.11 devices together to provide WiFi relays and repeaters.

More information can be found in the Wikipedia page on Wireless Distribution System.

Unfortunately WDS did not specify how APs and relays would find each other, negotiate encryption settings and how they would determine which nodes would link to one another. WDS only specified the frame format used (called 4-address frames) which allow stations to act as relays for traffic.

Sam Leffler worked on an extension to WDS called Dynamic WDS (DWDS). Dynamic WDS implements a layer on top of WDS for connecting DWDS enabled APs, however as implemented in FreeBSD it currently does not implement a dynamic discovery method. DWDS, like WDS and other non mesh topologies, does not support loops in the DWDS enabled APs.

WDS versus DWDS

In WDS, each AP to AP link would require a static WDS association to be created. Adrian hasn't actually successfully configured legacy WDS although it in theory should work. It's just, well, not currently well documented.

DWDS is a little different. The dynamic part of Dynamic WDS involves an AP wishing to send relay traffic to another AP. When the remote AP sees this traffic, it creates a virtual station interface for that particular AP so it can bridge traffic to and from that AP using 4-address frames.

How it works

A DWDS enabled AP has three parts: 

# cat /var/run/wdsrun.wlan1
#! /bin/sh
DEV=$1
ifconfig bridge0 addm $DEV
ifconfig $DEV wepmode mixed
ifconfig $DEV up
#

Then whenever a 4-address frame appears from a new device, wlanwds will run the provided script to configure up a new wlanX interface for that particular station.

For the station side, a separate VAP is created - but it needs the dwds flag AND 'bssid' flag when it and the AP are created! - so it gets a new MAC address. Yes, it needs a different MAC to the AP or the receive path won't know whether it's traffic destined for DWDS processing or not.

Then wpa_supplicant is run on that particular node to associate, and it's added to the bridge0 group. The first time a packet is sent from an address that is not the STA MAC it will trigger a 4-address frame to be sent to the AP, establishing the DWDS session.

Traffic encryption

Traffic between all stations on a DWDS relay AP will be encrypted with one key to the primary AP. Yes, individual stations will have their own encryption keys to the AP itself, but AP to AP traffic is treated as a single station with a single encryption key.

Broadcast traffic

Currently broadcast traffic to DWDS stations is done by a hostap interface. Ie, the data path isn't bridge -> DWDS STA interface, it's actually done via the hostap packet output path.

Supported Devices

The only devices currently tested to work are ath(4) NICs. Other NICs which support 4-address frames with WEP or WPA/WPA2 key management may also work.

Vendor Interoperability

This DWDS implementation is likely used as the basis for a variety of other non-mesh AP extender configurations however the underlying mechanisms for discovery and association may differ. (eg the older Apple airport units use WDS/DWDS but how units find each other and configure up associations is much different to the FreeBSD implementation.)

Also note Apple's ProxySTA is not DWDS.

Shortcomings

TODO

WiFi/DWDS (last edited 2020-05-07T21:48:20+0000 by AdrianChadd)