Wireless Open Metropolitan Area Networks - ACM Digital Library

Wireless Open Metropolitan Area Networks J. Barcel´o A. Sfairopoulou B. Bellalta [email protected] [email protected] [email protected] Department of Information and Communication Technologies, Universitat Pompeu Fabra, Barcelona, Spain. IEEE 802.11 technologies allow the deployment of metropolitan access networks. This paper details the reasons for making these networks open to several service providers. The sharing of the wireless access network fosters competition and ultimately benefits the users. The second part of the paper describes the available technologies that allow such infrastructure sharing and compare them in terms of security, scalability, maturity and convenience.

I.

Introduction

cusses how the different alternatives can be combined. Finally, section V offers some concluding remarks.

Access to the data networks is a must in information society. Networks should reach as many people and places as possible, with as much capacity as possible. This article deals with what has been called the third pipe, i.e. an additional network that offers an alternative to cable and phone companies. Wireless Metropolitan Networks are one of the strongest candidates to complement the fixed network, and the lobbying efforts from telcos to ban Metro Wifi is a confirmation of this fact. In 2005, those countries in which regulation forced the sharing of fixed access networks (local loop unbundling [1]), the broadband penetration was three times larger [2] compared to countries in a monopolistic situation. For this reason, it is of paramount importance to deploy the new wireless metropolitan networks bearing in mind the possibility of sharing them among multiple Internet Service Providers (ISP). Since these networks offer open access to competitors, we call them Wireless Open Metropolitan Area Networks. The article is divided in two parts. The first one discusses the need for Wireless Open Metropolitan Area Networks. Section II deals specifically with the network neutrality debate and argues that the lack of competition at the access network is the origin of distortions such as traffic discrimination. It also explains that there are places and situations in which an open access network is the only acceptable solution. The second part, covered in section III, addresses more technical aspects. Some common tools used in wireless networks and shared networks are defined; the metrics that have been used in the comparison are explained; and finally, the different sharing models are described and compared. Since none of the available solutions is completely satisfactory, section IV dis34

II.

The lack of competition in the access networks

The society is increasingly dependant on networks both for business and for leisure. Being the telco arena a market with a definite tendency of aggregation in which only the big participants can survive, the regulators struggle to incentivate the competence among different actors. The bottleneck of the networks has not changed and the last mile accounts for 80% of the network costs for fixed deployments. There is the perception that there is room for improvement and that the telcos do not take the necessary steps to enhance the access network in order to maximize the returns from past investments [3]. The recent debate about network neutrality makes clear which is the power of telcos that, if allowed, can create a great alliance to distort the market and obtain additional benefits by prioritizing traffic and thus damaging the innovation in the Internet application layer [4]. In their ideal world, the telcos would have tight control over the network, provide a limited range of highly profitable services, and benefit from their dominant position to control the pace of investments in network upgrades and innovative services. The Internet has somehow broken that dream. The Internet has become a common playground to which everyone is invited. No single company controls the Internet and coming from the academic and research world, the Internet is open to its core. The use of well-known protocols and the implementation of these protocols by many manufacturers in open competition are examples of such openness. However, the telcos hold a dominant position. The

Mobile Computing and Communications Review, Volume 12, Number 3

prices of deploying access network (both wired and wireless) are still extremely high. Thus they are controlled by a limited number of companies that already own the networks and can afford new network deployments. The telcos could make an implicit alliance and set the rules of the game. Prioritizing traffic from affiliated Internet applications is only one demonstration of what can be done from their privileged position. A user may be reluctant to pay for prioritized internet traffic in which the services she wants to use are penalized in favor of others that she does not use. However, if the traffic prioritization is supported by all the ISPs in a common front, the user will finally end up paying for a service that is not satisfying. A particular user does not have the individual power to stand for its rights in front of the giant telcos. The only alternative is to find new ways to reach the backbone networks, circumventing those ISP that act as de facto monopoly. New participants and technologies are welcome in the access network world and even if the old players say that those initiatives are doomed from the very beginning, they deserve at least a try. One of such technologies is the wireless LAN IEEE 802.11 [5] standard and those following it such as IEEE 802.16 [6]. New participants include wireless communities, city councils and local governments, local network businesses. However, if these access networks were to be exploited by only one ISP, it would not represent a radical change to the current model, in which the telco owns the access network and only its services (internet connectivity) are offered to the users. A radically different model is encountered when the access network is shared among different ISPs. This solution was first proposed for wifi networks in [7]. It suggests an access network that organically grows and connects to different ISPs. The users are given freedom of choice and the entry barriers for the ISP are significantly lowered since they do not have to deploy a new network to offer their services. [8] and [9] broaden the concept of open access network by adding the wireless islands to the model. The layers of the model are represented in Fig. 1 and include: the wireless islands (the entities that deploy and maintain access points), the neutral operator (in charge of the backbone/backhaul and other common infrastructure) and the service providers. The service provider is not necessarily an ISP. It can provide any kind of service (e.g. voice service providers, cartography service providers, media service providers). The next section further explores the reasons for

INTERNET

SERVICE PROVIDER 1

SERVICE PROVIDER 2

SERVICE PROVIDER 3

NEUTRAL OPERATOR BACKBONE

WIRELESS ISLAND 1

W. ISLAND. 2

USER 1 USER 2 USER 3 USER 4 USER 5 USER 6

Figure 1: Actors involved in the Open Access Network model adopting the open access network model.

II.A.

Infrastructure sharing: Why and Where

Sharing the access network infrastructure inevitably adds complexity to the architecture, so there must be strong reasons to justify it. Some of these reasons are purely technological. Due to the limited spectrum reserved for Industrial, Scientific and Medical (ISM) applications, there are only three non-overlapping channels in the 802.11b band. Thus the network planning and channel-reuse does not have many grades of freedom. Deploying many networks from several providers in a given location is simply unattainable. The interference would be so high that none of the networks would work satisfactorily. Thus the service providers are forced to reach an agreement. Such an agreement will have secondary advantages. The most obvious is that the capital expenditure and operational expenditure can also be divided among the participating service providers, lowering the entry barriers. The high number of service providers will probably lead to better quality/price ratio and more diversity. Each service provider targets a given market niche and therefore the users will enjoy offers more adapted to their needs. Moreover, there are value added services that could be shared among the ISPs in addition to the infrastructure. A good example is the location platform presented in [10] that is closely tied to the access network. There is an illustrative example that consists of comparing data networks and road networks. It is obvious that it would not make any sense to deploy many separated road networks and that the users were al-

Mobile Computing and Communications Review, Volume 12, Number 3

35

lowed to drive only one of such networks. Conversely, deploying only one network and sharing it among all users is the preferred solution. Then each user has the right to drive the car that better fits her needs, either a Ford or a Toyota. And no one would ever consider the possibility to build a separate network only for Ford cars. The car industry would be the counterpart of the service providers. Many different options from where the users can choose. And where does it make sense to deploy a shared infrastructure? In most public places. When deploying a metropolitan WiFi network, specially in the cases in which it is subsidized with public money, the goal is to offer the best service to the citizenship. In this case, granting the network deployment and exploitation to only one company is unacceptable and will be followed by criticism. This is true even when the company is paying to the city council for deploying the network, such as in San Francisco. Some opponents to the project argue that leaving the network in the hands of one company betrays the interests of the citizens. Any other place where the tenants want to offer a variety of services to the visitors and guarantee a reasonable price for these services qualifies for deploying a shared network. This includes airports, train stations, hotels, convention centers, etc.

II.B.

Differentiating between infrastructure sharing and roaming

This section describes the meaning of infrastructure sharing, opposed to the concept of roaming. When the access network is shared, all the service providers directly connect to the access network, under the same conditions. For a formal description of the rules that regulate these connections refer to [7]. All the service providers are equally important, and any service provider can be added or removed without affecting the overall operation of the network. A rule of thumb to detect if an access network is shared, is to check for the presence of edge routers for each of the service providers. If those routers can be found (as in figure 2), it can be concluded that the access network is shared. All the mechanisms proposed in the next section are implementations of the access network sharing concept and it can be verified that in each of them there is an edge router (or a server with a similar function) for each service provider. The first of the proposed solutions maintains different layer 3 subnets. The fact that the different subnets coexists in the same layer 2 network might be shocking but it works in practice. The second proposal uses tunnels to separate the traffic and send it to 36

the proper network. The rest of the solutions use the well-known technique of separating traffic from different providers in different VLANs. Fig. 3 presents a completely different situation: a roaming scenario. Even though the user perception of the service might be the same as in open networks, the properties of the roaming model are completely different. In roaming, there is only one service provider connected to the network. Nevertheless, authentication and authorization messages can reach other service providers by means of proxies. The service provider that owns the access network is in a monopolistic situation and can apply pricing, QoS and filtering according to its own criteria, and the users will have to accept it since the service can not be provided by anyone else. The best practices recommendations for roaming can be found in [11] and they might be the right solution for certain occasions. As an example, European education institutions have reached an agreement to allow their students and personnel to access the wifi networks both at the home university or in a visited university (Eduroam) [12]. In this case the wifi network infrastructure clearly belongs to the university and this university might opt for granting access to visitors using its own resources. Another roaming solution similar to Eduroam is a project called WILMA [13]. Even though this project is presented as an open access network implementation, it belongs to the roaming solutions. As opposed to Eduroam which is based on radius, WILMA has developed its own software. The adoption of WILMA has been very limited and has not shared the success of Eduroam. The roaming solutions are obviated in the rest of the article, since they focus on a different scenario and can not be considered to solve the problems stated in the introduction.

III.

Comparative Analysis

The concept of wireless open metropolitan access network has been explored in the previous section. In principle, wireless access networks were not designed to be shared. However, there are a number of alternatives that permit that various ISPs benefit from a common wireless access infrastructure. This section reviews different solutions and assesses the viability of each of them. Aspects such as convenience, security, maturity and scalability are considered key factors for the success of a given solution.

Mobile Computing and Communications Review, Volume 12, Number 3

USER EQUIPMENT

NETWORK

AAA SERVER EDGE ROUTER TRAFFIC AAA SIGNALING SHARED ACCESS NETWORK

Figure 2: A shared access network connects to each of the service providers networks.

USER EQUIPMENT

NETWORK

AAA SERVER EDGE ROUTER TRAFFIC AAA SIGNALING ACCESS NETWORK

Figure 3: In the roaming case, there is only one service provider connected to the network. However, roaming agreements allow clients from other service providers to benefit from the service.

Mobile Computing and Communications Review, Volume 12, Number 3

37

III.A. Common tools This subsection briefly describes common tools and concepts used in one or more of the solutions detailed in subsection III.C. • Captive portal: A firewall that can change its rules dynamically. The user will find that all its traffic is blocked until it opens a browser and tries to navigate. At this point, the user is redirected to a pre-configured web page. This is usually for authenticating, charging, or forcing the user to accept certain terms of services. After these steps are completed, the traffic is open for the traffic of that user. • Tunnel: A tunnel involves encapsulating packets of one layer (or protocol) into higher or same layer (protocol). An example would be to encapsulate layer 2 ethernet packets into layer 3 IP packets. This tunnels can be used to provide security mechanisms in otherwise open networks. The tunnel has two ends at which the packets are encapsulated and de-capsulated. • SSID: Service Set Identifier. It is a name broadcasted by wireless APs to identify a wireless network. • VLAN: Virtual LAN. A Local Area Network can be virtually divided into different networks. • IEEE 802.1X and IEEE 802.11i: IEEE 802.1X [14] is a protocol for authentication. The user equipment implements a supplicant that requests access to the networks. The network equipment associates the client to a port that remains closed and only allows authentication messages until the user is authenticated. Then the user is granted access to the networks. The application of IEEE 802.1X to IEEE 802.11 networks is specified in IEEE 802.11i [15].

III.B.

Feasibility Metrics

The following aspects are analyzed in assessing the viability of each solution. Each solution is assigned a grade in a 1 to 5 scale (1-unacceptable, 2-poor, 3average, 4-good, 5-excellent). • Security: Security is a broad concept. In our discussion we use it to refer to the confidentiality of user’s data, the difficulty to impersonate another user or steal user credentials and the general resilience of the architecture. 38

• Maturity: A solution is mature if it uses widely implemented standardized protocols and broadly commercialized hardware. The user equipment can range from a last generation high end laptop to old PDA’s, or WiFi phones. Obviously the capabilities of each terminal are completely different and the goal is that the proposed solution works for the majority of them. Another aspect of maturity is how extensively the solution has been deployed and tested. • Scalability: Covers issues related with the growth of the number of terminals, number of APs, number of providers, or geographical growth. • Convenience: How easy it is for the user to select one service, or change from one service to another or even use different services simultaneously.

III.C. Technical Solutions III.C.1.

DHCrelay

This solution was proposed in [16]. The basic idea is that the clients share a layer 2 common access network. However, on top of this common layer 2 network, there are several layer 3 networks, each one belonging to a different service provider. These networks are not separated in different VLANs linked by routers as in traditional network design. Conversely, they coexist in a single VLAN. This VLAN has a router for each provider and the terminals get different IP configuration according to the service provider they have selected. Thus, two stations belonging to two different service providers will forward traffic to two different routers, that connect to the corresponding service provider’s network (See Fig. 4). A default service provider exists that allows the users to register to one or another service provider. This selection is stored in a database and is used by a modified DHCrelay agent [17] to configure the terminals. Details can be found in [8]. The default service provider implements a captive portal that presents a choice of the different service providers operating in the network. Usually, each of the service providers implements its own captive portal for authentication purposes. The access control is provided by captive portals in the interface between the open network and the provider’s network. Therefore, the access to the wireless network is open to anyone and only the access to the service provider’s networks is regulated.

Mobile Computing and Communications Review, Volume 12, Number 3

DHCP SERVER A DHCP SERVER B

CAPTIVE PORTAL

AUTH

CAPTIVE PORTAL

DHCRELAY

DHCP REQUEST AND RESPONSE

AUTH

SHARED ACCESS NETWORK

SHARED SSID USER A

USER B

Figure 4: When using a DHCRelay sharing solution, the users receive IP configuration (and default gateway) from the the provider they are registered to. • Security: Allows mutual authentication. The captive portal requesting the user credentials must own a valid certificate. The user can validate this certificate and then provide its credentials. The credentials exchange is performed using HTTPS. When authorization is completed and the captive portal (firewall) is open, it does not provide any kind of encryption for the user data, and the data can be sniffed clear over the air. Additionally, the fact that all the clients share the same layer 2 network is perceived as a security flaw, since this network usually contains a large number of computers and span a large geographic area and it can be difficult to isolate a problem. E.g. the service will collapse if a user installs a DHCPserver. Moreover, the mechanism has some availability drawbacks such as that the providers must offer means to the user to de-register for the users to be able to select another provider. Failing to do so effectively locks the user to a service provider. Therefore, a service provider that is down for whatever reason, not only denies service to its users, but additionally prevents those users from changing providers and severely affects availability. Grade (2/5). • Scalability: The fact that the access network has to be a layer 2 network (a common brodcast domain) may place some limitations both in geographical extension and in the number of termi-

nals. Current deployments include city-wide networks with thousands of users. Grade (3/5). • Maturity: It is based on well-known protocols such as DHCP and HTTP. There are deployments that have been running smoothly for years [8]. Grade (4/5). • Convenience: The provider selection and change is cumbersome, since it involves DHCP renews. Once the provider is selected, the user still has to enter its username and password, and maybe open a pop-up window for automatic reauthentication. On the positive side, this solution works for most off-the-shelf hardware, and the user does not need to install any 802.1X supplicant. A user connecting to the network is presented a web page with the logos of the different ISP operating in the network and a brief description of the services offered by each of them. Grade (3/5). • Where: This technology has been used in Stockholm and Barcelona, both in university campus and metro-wifi environment.

III.C.2.

Tunneling

As in the previous example, the access to the wireless access network is open (i.e. 802.1X is not used). The network has not any open gateway to other networks. Instead, there are tunnels servers, typically one for each provider, to which the user can connect (See Fig. 5). The user must receive information about the available tunnel servers and how to connect to them. The tunnel-establishment includes authentication, and once the tunnel is established, the user can forward traffic through it to reach outer networks. • Security: Users establishing tunnels are properly authenticated, and the information that travels within the tunnel, encrypted. However, users can still connect to the network without establishing any tunnel and make use of the network resources without being authenticated, even if they cannot reach outer networks. On the other hand, tunneling (as opposed to layer 2 encryption) offers security guarantees even when some network nodes (routers, access points or relays in a mesh deployment) are not trusted. Grade (5/5). • Scalability: The only scalability limitation is the tunnel server burden of encrypting and decrypting the traffic from and to all clients. Grade (4/5).

Mobile Computing and Communications Review, Volume 12, Number 3

39

ISP A

ISP A ISP B

ISP B

TUNNEL SERVER

CAPTIVE PORTAL

CAPTIVE PORTAL

TUNNEL SERVER

TUNNEL

TUNNEL

SHARED ACCESS NETWORK

VLAN A

AUTH

AUTH

SHARED ACCESS NETWORK

VLAN B

AUTH

AUTH

SSID A

SSID B

SHARED SSID USER B

USER B USER A

USER A

Figure 5: The tunneling solution offers tunnel servers to which the users can connect.

Figure 6: Each provider uses a different SSID and different VLAN.

• Maturity: The tunnels are a mature technology. However, most users are not familiar with them. Grade (4/5).

in the number of service providers that can operate in a network. Moreover, the inclussion (or removal) of a new service provider implies the reconfiguration of all the network equipment. This can be a daunting task unless automated tools are provided. Grade (3/5).

• Convenience: Most of the user’s terminals are not already equipped with tunneling software, and users are not as familiar with tunneling as they are with web-browsing. That might pose a problem on limited-capacity terminals and the additional burden of setting up the client at the beginning of every networking session. Grade (2/5). • Where: This has been the technology of choice for the Urbino wifi [18] which is a mixture between campus and metropolitan/rural wifi network.

III.C.3.

Multiple SSID

In this solution, the AP broadcasts separate SSIDs for disparate service providers (See Fig 6). The user can visualize the different SSIDs available and choose the one corresponding to her provider. Then, every service provider can set its own security policies and the traffic from each provider is kept in a separate VLAN.

40

• Maturity: This solution does not place any additional requirement on the client’s terminal, only on the network APs. Most enterprise-level APs support multiple SSID broadcast or can support it by upgrading their firmware. Grade (4/5). • Convenience: The user has to choose the correct SSID, but this should not be difficult since most terminals include graphical tools that facilitate the task. The only problem is that the SSID is only an ascii name, and the user might need some prior information to know the correspondence between the name and the actual service provider. Or to know the details of the services offered by that provider. Grade (4/5). • Where: This technique is extensively used for example to keep separate SSIDs for management and users, or to separate a protected network and an open network. However, the authors are not aware that it has been used to share infrastructure.

• Security: Every provider might choose different security policies. Therefore the mechanism is as secure as the service provider wants it to be. Grade (4/5).

III.C.4.

• Scalability: Enterprise-class APs typically support 16 or 32 different SSIDs. This places a limit

It is expected that the CAPWAP protocol [19], still under development, allows that the user is assigned

CAPWAP VLAN differentiation

Mobile Computing and Communications Review, Volume 12, Number 3

ISP A

Wi

Wi ISP B

PDG

PDG PLMN B WAG

AUTH SERVER AUTH SERVER

VLAN A

Wn

VLAN B

PLMN A

WAG

SITE TO SITE LAYER 2 TUNNEL

Wn

SHARED ACCESS NETWORK

SHARED ACCESS NETWORK

AUTH AUTHENCRYPTED DATA

ENCRYPTED DATA

SHARED SSID USER B

USER B

USER A

Figure 7: When CAPWAP is in use, the user is first authenticated and then assigned to a VLAN. to one VLAN or another depending on the 802.11i authentications (See Fig. 7). That means that the user first authenticates and then she is assigned to a VLAN solely for her provider. • Security: It uses encryption over the air, 802.11i challenge/response mechanism, and separate VLANs for different service providers. Grade (5/5). • Scalability: The number of required VLANs grows together with the number of providers. The number of supported VLANs is a switch dependant value, but 250 can be used as a reference value. Grade (4/5). • Maturity: CAPWAP is under design and it will be long until it is implemented and generalized. Grade (2/5). • Convenience: Users require a WPA (Wireless Protected Access) supplicant. But probably it will be included in all clients in the years to come. Grade (3/5). • Where: This is an option for the future. CAPWAP is still undergoing standardization at the IETF.

III.C.5.

The IMS solution

IMS stands for IP Multimedia Subsystem and proposes the convergence of the Internet and the cellular worlds. WLAN plays an important role, since

USER A

Figure 8: IMS-WLAN interworkin includes new interfaces (Wn) and entities (WAG and PDG, WLAN Access Gateway and Packet Data Gateway, respectively). it is the wireless technology of choice to access the Internet currently. For this reason the interworking WLAN-IMS scenario is being standardized in [20]. In a move without precedent in the cellular world, the standardization process has considered the possibility that the WLAN could be shared among different service providers, or Public Land Mobile Network Operators (PLMN) if we are talking cellular (See Fig. 8). The IMS solution is actually a solution in between sharing and roaming. It has to be explained that two different access categories are possible, namely, IP direct access and IMS access. The former one resembles the roaming scenario described in subsection II.B while the latter uses tunnel technology similar to the one described in III.C.2. When a user roams into the WLAN, it is offered a list of the PLMN sharing that WLAN. The user selects one of them and performs authentication. Depending on the user’s profile it will be granted IP direct access, IMS access or both. If the IMS access is available, a mechanism that involves a DNS resolution is used to find out which is the tunnel server that the user has to connect to. This tunnel establishment requires additional keying material and, when completed, connects the user to the IMS. That means access to the same services available in the cellular network (e.g. Short Message Service, SMS). Even though IMS is a very ambitious model, and the complexity of the proposed architecture is high, the fact that this convergence model is backed by

Mobile Computing and Communications Review, Volume 12, Number 3

41

the most relevant mobile operators and manufacturers makes it a clear candidate for the future. However, despite of the goodness of the IMS solution, some more immediate solutions are required to solve the problem. These imperfect and maybe temporal solutions will probably be picked among the ones described previously. • Security: Not only offers security, but also accountability, police enforceability, and all the characteristics of a cellular network. Grade (5/5). • Scalability: In principle, there is no theoretical limitation concerning the number of users, service providers or geographical extension of the network. Grade (5/5). • Maturity: This is work under development. There is no closed standard yet. Grade (1/5) • Convenience: The wlan terminal will be as easy to use as a cell phone. Grade (5/5) • Where: This is an option for the future. IMS is still undergoing standardization at the 3GPP.

IV. A Future-Proof Path From the summary in table 1 it can be deduced that there is no technology that clearly outperforms the others in all the analyzed aspects. Network administrators of the shared network have three alternatives among which they can choose in current deployments, while keeping in mind the future transition to one of the other two that are underway. The final choice is determined by the user’s profile, the number of service providers, the size of the network and the emphasis on security aspects. For a network with a limited and stable number of service providers, the multiple SSID option is the best choice. The multiple SSID alternative has the additional advantage of allowing the combination of different solutions. As an example, imagine a wireless open metropolitan access network shared between ISP A and ISP B. The sharing has been enabled by the modified DHCrelay mechanism so far, and the SSID was CityNet. The network administrators decide to program a smooth transition to a multiple SSID sharing. Then, the old mechanism can be kept running under the CityNet SSID, and two new SSIDs (ISP ANet and ISP BNet) could be created. The three SSIDs could coexist for some time to allow the users to adapt to the new sharing mechanism. 42

Similarly, as soon as either the CAPWAP or IMS solutions become mature enough to be deployed, this could be done in a new SSID, while preserving the existing sharing mechanism for some time.

IV.A. The role of QoS and fair sharing Throughout the article it has been assumed that the network is over-provisioned to satisfy all the user requirements and avoid the appearance of congestion. However, this might not be the case in a wireless open metropolitan networks with a large number of users running bandwidth-hungry applications. The bottleneck is the wireless channel with limited shared bandwidth and prone to collisions. IEEE 802.11 offers pernode fair sharing and IEEE 802.11e allows traffic prioritization by separating traffic in 4 different queues. IEEE 802.16 supports (although not specifies) richer scheduling and call admission control mechanisms. However, the QoS tools provided by the different standards are not particularly aimed at fairly sharing infrastructure among different service providers. Thus more research is required to adequate the existing tools to fulfill a purpose different from the one they were originally designed to satisfy. Alternatively, new standards or standard amendments could be developed to explicitly address the problem of sharing wireless open metropolitan access networks. Even though the bottleneck is the wireless hop, it does not mean that the sharing problem has to be solved there. Applying bandwidth throttling rules at the routers that connect the service providers networks with the access network (see Fig. 2) could be a valid alternative. The sharing of wireless access networks and the prioritization of traffic under congestion conditions is still an area for future research. First, the business goals of the participating actors must be defined and then explicit policies must be derived. Then, the techniques to enforce such policies have to be investigated and implemented.

V. Conclusion Access networks require huge investments. In the case of wireless networks, the deployment costs are lower, but not negligible. For wireless networks, available spectrum limitations might limit the number of access networks operating in a given place. In any case, the access network is an entry barrier that limits the number of ISPs. This situation unavoidably harms competition and the only solution to diversify the ISPs is to share the access network.

Mobile Computing and Communications Review, Volume 12, Number 3

Table 1: A summary comparison among the different technologies that enable wireless access network sharing Technology Security Scalability Maturity Convenience DHCRelay ** *** **** *** Tunneling ***** **** **** ** Multiple SSID **** *** **** **** CAPWAP ***** **** ** *** IMS ***** ***** * ***** Metropolitan wireless networks typically use IEEE 802.11 technologies and its different flavors. Such standards do not explicitly support access network sharing, but there is a number of techniques that make it possible. One of the options is to offer different IP configuration to terminals from different service providers. Another option is to force the users to create tunnels to obtain network connectivity. In this case the tunnel end determines which service provider is being used. Finally, current APs allow the broadcast of multiple SSIDs, actually behaving as multiple virtual hotspot. The traffic of each virtual hotspot can be kept separated into different VLANs thus actually separating traffic from different ISPs. There are still two other alternatives that make use of standards that will be available in a near future: CAPWAP and IMS. In this paper, all the alternatives are compared in terms of security, scalability, maturity and convenience. The outcome of the comparison is that the perfect sharing technology does not exist. However, we propose some guidelines to choose and even combine the most appropriate solution for a plausible scenario. The multiple SSID option plays a preponderant role by allowing the combination of techniques and thus allowing soft transitions from one alternative to another.

Acknowledgment The authors would like to thank the anonymous reviewers for their insightful comments.

References [1] S. Bregni and R. Melen, “Local loop unbundling in the Italian network,” Communications Magazine, IEEE, vol. 40, no. 10, pp. 86–93, 2002. [2] S. Turner, “Broadband Reality Check: The FCC Ignores Americas Digital Divide,” Free Press. Retrieved April, vol. 30, p. 2006, 2005. [3] D. Searls, “Linux for Suits: Migrating a Mentality,” Linux Journal, vol. 2007, no. 154, 2007.

[4] B. van Schewick, “Towards an Economic Framework for Network Neutrality Regulation,” 33rd Research Conference on Communication, Information and Internet Policy, Arlington, VA, September, pp. 23–25, 2005. [5] I. S. 802.11, Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications, Std., 1999 Edition (Revised 2003). [6] I. S. 802.16, Local and Metropolitan Area Networks - Part 16: Air Interface for Fixed Broadband Wireless Access Systems for Mobile Users, Std., 2005 Edition. [7] R. Battiti, R. L. Cigno, M. Sabel, F. Orava, and B. Pehrson, “Wireless LANs: From WarChalking to Open Access Networks.” MONET, vol. 10, no. 3, pp. 275–287, 2005. [8] J. Barcelo, C. Macian, J. Infante, M. Oliver, and A. Sfairopoulou, “Barcelona’s Open Access Network Testbed,” in IEEE Tridentcom, Barcelona, Spain, 2006. [9] J. Infante, M. Oliver, and C. Macian, “Wi-Fi Neutral Operator: Promoting cooperation for network and service growth,” in ITS Conference on Regional Economic Development, Pontevedra, Spain, 2005. [10] J. Barcelo, B. Bellalta, C. Macian, M. Oliver, and A. Sfairopoulou, “Position Information for VoIP Emergency Calls,” in WEBIST, Barcelona, Spain, 2007. [11] B. Anton, B. Bullock, and J. Short, “Best Current Practice for Wireless Internet Service Provider Roaming,” Wi-Fi Alliance – Wireless ISP Roaming (WISPr), Feb. 2003. [12] J. Sankar and K. Wierenda, “Inter-nren roaming,” TERENA Technical Report, 2004. [13] M. Brunato and D. Severina, “WilmaGate: a New Open Access Gateway for Hotspot

Mobile Computing and Communications Review, Volume 12, Number 3

43

Management,” in WMASH, Cologne, Germany, 2005. [14] I. S. 802.11x, IEEE Standard for Local and metropolitan area networks Port-Based Network Access Control, IEEE Std 802.11i Std., 2004. [15] I. S. 802.11i, Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications;AMENDMENT 6: Medium Access Control (MAC) Security Enhancements, IEEE Std 802.11i Std., 2004. [16] A. Escudero, B. Pehrson, E. Pelleta, J. Vatn, and P. Wiatr, “Wireless access in the flyinglinux.NET infrastructure: MobileIPv4 integration in a IEEE 802.11b,” in 11-thIEEE Workshop on Local and Metropolitan Area Networks (LANMAN), Boulder Co., USA, 2001. [17] R. Droms, “Dynamic Host Configuration Protocol,” RFC 2131 (Draft Standard), Mar. 1997, updated by RFC 3396. [Online]. Available: http://www.ietf.org/rfc/rfc2131.txt [18] A. Bogliolo, “Urbino Wireless Campus: A Wide-Area University Wireless Network to Bridge Digital Divide,” in AccessNets, Ontairo, Canada, 2007. [19] P. Calhoun, M. Montemurro, and D. Stanley. (2006) CAPWAP Protocol Specification. Internet draft. [Online]. Available: http://ietfreport.isoc.org/all-ids/draft-ietfcapwap-protocol-specification-02.txt [20] 3GPP Technical Specification Group Services and System Aspects, TS 23.234 3GPP system to Wireless Local Area Network (WLAN) interworking, 3GPP Std., 2007.

44

Mobile Computing and Communications Review, Volume 12, Number 3