Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revisionBoth sides next revision
docs:guide-user:network:wifi:mesh:80211s [2022/04/07 19:08] bluewavenetdocs:guide-user:network:wifi:mesh:80211s [2024/09/23 17:10] – Move note 5 into note 4 as previously it sounded like `wpad` was an available package taylorkline
Line 1: Line 1:
-====== 802.11s based wireless mesh network ======+====== 802.11s Wireless Mesh Networking ======
  
-[[wp>IEEE 802.11s|802.11s]] is an open-source standard for connecting wireless devices without having to set up infrastructure. It operates on [[wp>Data_link_layer|Layer 2]] and makes sure that all nodes can see each other on a bridged Layer 2 network (as if they were all plugged into a switch). Any [[wp>Network_layer|Layer 3]] infrastructure will work on top of this. An IP router and DHCP clients will work well. More sophisticated infrastructure can be implemented depending upon the use case. (eg Batman, Bird, OLSR etc.)+[[wp>IEEE 802.11s|802.11s]] is an open standard for connecting wireless devices without having to set up infrastructure. It operates on [[wp>Data_link_layer|Layer 2]] and makes sure that all nodes can see each other on a bridged Layer 2 network (as if they were all plugged into a switch). Any [[wp>Network_layer|Layer 3]] infrastructure will work on top of this.
  
-===== Status =====+Packages to enhance the basic layer 2 802.11 mesh have been developed, particularly where multiple Internet gateways and partial cabled backhaul are required. 
 +These enhanced packages are targeted more for large infrastructure scenarios eg. local community through to city scale, rather than a typical home mesh application.
  
-802.11s works reliably with OpenWrt 19.07 and later, including authentication and encryption, assuming that there is hardware/driver support and that ''wpad-mesh-openssl'' (or equivalent) has been installed.+See:\\ 
 +[[:docs:guide-user:network:wifi:mesh:batman]]\\ 
 +[[:docs:guide-user:network:wifi:mesh:mesh11sd]]\\ 
 +[[:docs:guide-user:network:wifi:mesh:olsr]]
  
-A possible ARP relay bug was reported that supposedly prevented mesh nodes more than single hop from each other from converging into a single mesh.\\  +In contrast, basic 802.11s mesh can serve as simple "One Hop Wifi Extender" in a home environment without any enhanced packages.
-This was however configuration issue where it was not possible to set the mesh_gate_announcements parameter in the wireless config file.\\ +
-This parameter had to be set manually using the iw utility, after startup and again after network restart.\\ +
-The mesh11sd package is now available to dynamically set and reset mesh parameters using the UCI config.\\  +
-See: [[docs:guide-user:network:wifi:mesh:mesh11sd|The Mesh11sd Project]]+
  
-    +===== What is a Mesh? =====
-===== Config =====+
  
-It is necessary to remove ''wpad''depending which one is installed by default:+A mesh network is a multi point to multi point layer 2 mac-routing backhaul used to interconnect mesh peers. Mesh peers are generally non-user devicessuch as routers, access points, CPEs etc..
  
-<code> +A normal user device, such as a phone, tablet, laptop etc., cannot connect to a mesh network. Instead, connection is achieved via a mesh gateway, a special type of mesh peer.
-opkg remove wpad-mini +
-opkg remove wpad-basic +
-opkg remove wpad-basic-wolfssl +
-</code>+
  
-Install dependencies (''wpad-mesh-*'' instead):+===== Are you sure you want a mesh? ===== 
 +If you are looking for a solution to enable your user devices to [[docs:guide-user:network:wifi:roaming|seamlessly roam from one access point to another in your home, you need 802.11r (roaming) support]], not 802.11s.
  
-<code> +//It is unfortunate that some manufacturers have used the word "Mesh" for marketing purposes to describe their non-standard, closed source, proprietary "roaming" functionality and this causes great confusion to many people when they enter the world of international standards and open source firmware for their network infrastructure. 
-opkg install wpad-mesh-openssl # or wpad-mesh-wolfssl +//
-</code>+
  
-[[https://github.com/openwrt/openwrt/commit/49cc712b44c76e99bfb716c06700817692975e05|As of September 2019]], ''wpad-openssl'' or ''wpad-wolfssl'' are //**also**// sufficient for 802.11s use and are the **full version** of ''wpad''.+  The accepted standard for mesh networks is ieee802.11s
 +  - The accepted standard for fast roaming of user devices is ieee802.11r.
  
-**Notes:** +These are two completely unrelated standards.  
-  - ''wpad-basic-wolfssl'' only has **802.11r** and **802.11w** support. +
-  - ''wpad-mesh-openssl'' and ''wpad-mesh-wolfssl'' only have **802.11r/w** and **802.11s** support. +
-  - ''wpad-openssl'' and ''wpad-wolfssl'' are the **full version** of ''wpad'' and have **802.11k/v/r/w** and **802.11s** support. +
-  - The **full version** of ''wpad'' means that nothing was trimmed to reduce its size like the ''basic'' or ''mesh'' versions.+
  
-Edit ''/etc/config/wireless'' and make sure: +===== 802.11s Mesh ===== 
-  * ''radio0'' is not disabled +802.11s works reliably with all current OpenWrt versions,including over the air encryption, assuming that there is hardware/driver support. The package ''wpad-mesh-mbedtls'' (or equivalentis required for this.
-  * ''radio0'' is configured to be compatible on each device that should join the mesh (same channel, same mesh ID, same password) +
-  * add an ''iface'' entry along these lines:+
  
-<code> +An 802.11s interface requires numerous operational parameters to be set **AFTER** the interface has come up and established itself as a part of the mesh. 
-config wifi-iface 'mesh' +Some SoC combinations do not establish the mesh interface quickly enoughso many of these operational parameters may fail to be implemented.
-        option network 'mesh+
-        option device 'radio0' +
-        option mode 'mesh' +
-        option mesh_id 'your-mesh-name' # anythingthis connects the nodes into one mesh (plus the password if there's any) +
-        option encryption 'psk2/aes' # or 'none' +
-        option key 'your-secret-password' +
-</code>+
  
-**Note:** Access by client devices is achieved by bridging the 'ap' and the 'mesh' interfaces.+However, for single hop Wifi extender use, additional parameters do not need to be set for this very basic but useful mode
  
-If you want to run a routing protocol like OLSR on your mesh, disable 802.11s's built-in routing with ''option mesh_fwding '0' ''.+Historically, the inability to set required mesh parameters in the wireless configuration (due to the interface not yet being established) was interpreted by some as an "ARP relay bug" as the layer 2 (mac routing) network would never become active between all mesh nodes at the same time.
  
-For a complete list of mesh parameters you can inspect the values of the following variables in [[https://github.com/openwrt/openwrt/blob/master/package/kernel/mac80211/files/lib/netifd/wireless/mac80211.sh|mac80211.sh Source]]: +The mesh11sd package was developed to allow all available mesh parameters to be correctly set.
-  * MP_CONFIG_INT +
-  * MP_CONFIG_BOOL +
-  * MP_CONFIG_STRING+
  
-Alternatively, you can issue the command +===== 802.11s Rapid Deployment =====
-<code> +
-# iw dev <devname> get mesh_param  +
-</code> +
-to obtain a list of available mesh parameters, but without documentation.+
  
-Then reinitialize wifi and see if it worked:+An 802.11s mesh backhaul can be rapidly deployed by taking advantage of the OpenWrt Firmware Selector (or the Image Builder) and the Mesh11sd package.
  
-<code> +See:
-# wifi +
-# logread -l 20 -f +
-# iw dev wlan0 station dump +
-</code>+
  
-===== Wireless Hardware Support =====+[[docs:guide-user:network:wifi:mesh:rapiddeployment|802.11s Rapid Deployment]]
  
-:!: Support for 802.11s (type mesh) depends on wireless driver. Most up to date open source drivers work. Note that some drivers may advertise they support mesh but is not. For example ath10k-ct driver doesn't support it, you should remove both ct module and firmware and install non ct versions to get mesh support.+===== Verifying Wireless Driver Support ===== 
 + 
 +:!: Support for 802.11s (type mesh) depends on wireless driver. Most up to date open source drivers work. Note that some drivers may advertise they support mesh but have problems with it. 
 + 
 +For example, as of Dec 2023, the ''ath10k-ct'' wireless driver used in NETGEAR R7800 and other devices with Qualcomm Atheros QCA988x chips doesn't support mesh very wellresulting in errors and random dropping of wireless interfaces ([[https://github.com/greearb/ath10k-ct/issues/81|issue report]]). It is recommended that you use [[https://firmware-selector.openwrt.org/|firmware selector]] to request a custom firmware build that removes the //-ct// module (ex: ''kmod-ath10k-ct''and the //-ct// firmware (ex: ''ath10k-firmware-qca9984-ct''and replaces them with the //non-ct// versions (ex: ''kmod-ath10k'' and ''ath10k-firmware-qca9984''to get reliable mesh support.
  
 Use the following to determine if your hardware supports 802.11s mesh. Use the following to determine if your hardware supports 802.11s mesh.
Line 115: Line 91:
 ...</code> ...</code>
  
-===== Using the command line (CLI) =====+===== Installation & Configuration =====
  
-''iw'' is a nl80211 based CLI configuration utility for wireless devices.[[http://wireless.kernel.org/en/users/Documentation/iw#About_iw|Read more...]]+If you want to run an encrypted mesh, you must install a version of ''wpad'' that supports mesh encryption.
  
-Create a new interface "mesh0" +At the time of writing, either the full or mesh-capable version of ''wpad'' is required.
-<code>iw phy phy0 interface add mesh0 type mp mesh_id mymesh</code>+
  
-Confirm that the new interface exists +Examples: 
-<code>ifconfig -a | grep mesh0+  * ''wpad-mesh-mbedtls'' # The basic version + mesh support. 
 +  * ''wpad-mbedtls'' # The full large version. 
 +  * ''wpad-mesh-openssl'' 
 +  * ''wpad-openssl'' 
 +  * ''wpad-mesh-wolfssl'' 
 +  * ''wpad-wolfssl''
  
-     mesh0      Link encap:Ethernet  HWaddr 00:18:39:14:48:B5</code>+**Installing support for Mesh Encryption:** 
 +It is necessary to remove the non-mesh version of ''wpad'', depending which one is installed by default. You can find out which one you have in the Luci Web Interface with the ''System->Software'' Menu, <color #22b14c>Update Lists...</color>, then type in the ''Filter:'' 'wpad'. Whichever one says ''Installed'' is the one you have. Remove it and then ''Install..'' the ''-mesh'' variant.
  
-Bring up your mesh0 interface +Or with the following commands: 
-<code>ifconfig mesh0 up</code>+<code bash> 
 +opkg list-installed wpad* 
 +</code>
  
-Assign the interface an IP addresse.g10.0.0.1 +Now install the mesh-supporting version matching the one you had from the list above: 
-<code>ifconfig mesh0 10.0.0.1</code>+ 
 +<code bash> 
 +opkg update 
 +opkg install ... 
 +</code>  
 + 
 +**Notes:** 
 +  - [[https://github.com/openwrt/openwrt/commit/49cc712b44c76e99bfb716c06700817692975e05|From September 2019]], ''wpad-openssl'' or ''wpad-wolfssl'' //**became**// capable of 802.11s encyption. ''wpad-mbedtls'' was added later. 
 +  - The ''wpad-basic-*'' versions only have **802.11r** and **802.11w** support. 
 +  - The ''wpad-mesh-*'' versions only have **802.11r/w** and **802.11s** support. 
 +  - The ''wpad-*'' are the **full version** of ''wpad'' (nothing trimmed to reduce its size) and have **802.11k/v/r/w** and **802.11s** support. 
 + 
 +Example of a single command to remove the basic wpad and replace it with mesh: 
 + 
 +//**WARNING: You must reboot or restart the wpad service before the new wpad version will become active.**// 
 + 
 +<code bash> 
 +opkg update && opkg install wpad-mesh-mbedtls --download-only && opkg remove wpad-basic-mbedtls && opkg install wpad-mesh-mbedtls --cache . && rm *.ipk 
 +</code> 
 + 
 +**Configuring Mesh Networking within the LuCI Web Interface:** 
 + 
 +//**WARNING:** Do not configure mesh networking using LuCI if you are also running mesh11sd in auto_config mode\\ 
 +This is because LuCI creates a static config and mesh11sd dynamically manages the mesh config.// 
 + 
 +  - Go to ''Network->Wireless'' 
 +  - Click 'Add' on either the 2.4 or 5gz Wifi bands 
 +  - ''Interface Configuration->General Setup->Mode'' Select: '802.11s', and put in a 'Mesh ID' value to be shared among your nodes, for the name of your mesh. 
 +  - Select ''LAN'' for the ''Network''
 +  - ''Interface Configuration->Wireless Security'', choose 'WPA3-SAE' and put in a password to be shared among your mesh nodes. 
 +  - ''Save'' 
 +  - Now ''Save & Apply'' 
 + 
 +**WARNING:** STP has no effect on a mesh network as layer 2 traffic is inserted into the mesh backhaul **after STP processing** in the bridge interface\\ 
 +Bridge loops WILL occur if you have any non-mesh segments in the backhaul (eg ethernet links)or have multiple mesh backhauls (eg 2.4GHz AND 5GHz).\\ 
 +To prevent mesh bridge loops and support non-mesh backhaul segments or multiple mesh backhauls you must either run mesh11sd or create your own nftables bridge ruleset to drop looping packets.\\ 
 + 
 +==== The Wireless UCI Config File ==== 
 + 
 +//**WARNING: Do not configure mesh networking by editing the /etc/config/wireless file if you are also running mesh11sd in auto_config mode.\\ 
 +This is because /etc/config/wireless is a static config and mesh11sd dynamically manages the mesh config.**// 
 + 
 +The ''/etc/config/wireless'' file should have a mesh section added along these lines: 
 + 
 +<code> 
 +config wifi-iface 'mesh' 
 +        option device 'radio0' 
 +        option disabled '0
 +        option mode 'mesh' 
 +        option ifname 'mesh0' 
 +        option network 'lan' 
 +        option mesh_id 'my-mesh-id' 
 +        option encryption 'sae' # or 'none' if you do not want encryption 
 +        option key 'your-secret-password' 
 +</code> 
 + 
 +**Note:** option network 'lan' bridges the the 'mesh' interface to the 'lan'. 
 + 
 +This configuration should be sufficient to bring up the mesh network so you can now reinitialize wifi and see if it worked: 
 + 
 +<code> 
 +wifi 
 +iw dev mesh0 info 
 +</code> 
 + 
 +You should see an output similar to: 
 +<code> 
 +Interface mesh0 
 + ifindex 10 
 + wdev 0x3 
 + addr 12:34:56:78:9a:bc 
 + type mesh point 
 + wiphy 0 
 + channel 2 (2417 MHz), width: 20 MHz, center1: 2417 MHz 
 + txpower 28.00 dBm 
 + multicast TXQ: 
 + qsz-byt qsz-pkt flows drops marks overlmt hashcol tx-bytes tx-packets 
 + 0 0 129166 0 0 0 0 9107016 129167 
 +</code> 
 + 
 +Every device you want to participate in the mesh must be configured in the same way ie same mesh_id, same channel, same key. 
 + 
 +This wireless UCI configuration may be sufficient for a "mesh" of two or possibly three meshnodes that are fairly close together. 
 +But an organic, autonomously self managing mesh network of many meshnodes requires additional configuration. 
 + 
 +==== Mesh11sd - Setting Parameters and Options ==== 
 + 
 +There are many mesh parameters available, some of which are essential for a reliable mesh network. 
 + 
 +The majority of these however, require the mesh interface to be up and established before setting. 
 + 
 +If these parameters were to be set in the wireless UCI config file, they would fail, as of course the wireless UCI config is used to start/restart the wireless system and the mesh interface only becomes established //after// UCI has completed its tasks. 
 + 
 +Parameters can be set manually using the IW utility, but any settings done this way will only persist as long as the mesh interface is up. 
 +Rebooting, restarting the network, or reinitializing the wireless interface ("wifi" command) will set parameters back to default. 
 + 
 +For permanently setting parameters, the Mesh11sd package should be installed: 
 + 
 +<code> 
 +opkg update 
 +opkg install mesh11sd 
 +</code>
  
-By default, mesh points will use channel 1 and automatically attempt to create peer links with mesh nodes with the same mesh ID and channel.+For full details of the Mesh11sd package see: 
 +[[:docs:guide-user:network:wifi:mesh:mesh11sd]]
  
-===== Verify =====+===== Verify the Mesh Network is Working =====
  
 Use the ''iw'' command to display peer links or a table of reachable nodes in your mesh Use the ''iw'' command to display peer links or a table of reachable nodes in your mesh
Line 169: Line 254:
 </code> </code>
  
-===== Block single peer from meshing ===== 
-//This may require the iw-full package!// 
-Block a peer from meshing using its MAC address 
-<code> 
-iw dev $MESH_IFACE station set $MAC_TO_BLOCK plink_action block 
-</code> 
-Verify using section above (iw dev $MESH_IFACE station dump) 
-<code> 
- mesh plink: BLOCKED 
-</code> 
-Unblock: 
-<code> 
-iw dev $MESH_IFACE station set $MAC_TO_UNBLOCK plink_action open 
-</code> 
  
-according to [[https://github.com/freifunk-berlin/firmware/issues/726#issuecomment-569065569|this source]] plink_action is not persisted across reconnects of mesh links. +===== More resources & background ===== 
-===== More background ===== +  * [[docs:guide-user:network:wifi:mesh:mesh11sd|Mesh11sd Project:]] on the OpenWrt Wiki 
-  * [[http://www.cwnp.com/wp-content/uploads/pdf/802.11s_mesh_networking_v1.0.pdf|good background article]] from CWNP +  * [[http://www.cwnp.com/wp-content/uploads/pdf/802.11s_mesh_networking_v1.0.pdf|Old but useful historic information:]] from CWNP 
-  * [[https://wireless.wiki.kernel.org/en/developers/Documentation/ieee80211/802.11s]] +  * [[https://wireless.wiki.kernel.org/en/developers/Documentation/ieee80211/802.11s|Old but useful introduction to the 802.11s standard:]] from kernel.org 
-  * [[http://lists.open80211s.org|Open80211s Mailing List]]+  * [[https://www.youtube.com/watch?v=vVoZppb_FR0 A very outdated and somewhat misleading video that nevertheless serves as a basic introduction to 802.11s mesh networking: ]] on Youtube
  • Last modified: 2024/09/23 17:13
  • by taylorkline