Basic Roaming Algorithm
Roaming is a process in which a client shifts Wi-Fi network association from one Access Point (AP) to another AP within the same Extended Service Set (ESS) without losing connection.
There are 3 factors that trigger roaming on a Samsung device .
The first is a weak signal in terms of Received Signal Strength Indicator (RSSI) value. To avoid frequent retransmissions from lost packets, devices trigger roaming scans for an AP with a better signal when the current RSSI value is below -75dBm.
The second roaming factor is a beacon loss. When beacon packets from the connected AP are not received for two seconds (6 secs if display is turned off), the device considers it as a lost beacon and triggers roaming scan.
Finally, Channel Utilization (CU) can also trigger roaming. Due to limited resources of an AP, when multiple clients are connected to the same AP, connectivity may be hindered despite a strong radio signal (RSSI). Therefore, an AP notifies its clients of its current traffic through the CU factor in its beacon. The device triggers a roaming scan if the received CU value is greater than 70 percent and the current RSSI value is between -65dBm and -75dBm.
Currently CU roaming is supported on Galaxy S and Note series since the Galaxy S8.
The device will choose to connect to a new AP with 10dBm higher RSSI value than the current AP from the result of its roaming scan triggered by the aforementioned cases.
Save Roaming Channels
The purpose of roaming is to provide a seamless data experience. However, data may be muted while performing roaming scans. To remedy this, Samsung mobile devices support partial scanning for a more efficient roaming performance.
For a partial scan, device maintains a list of channels containing the same SSID at every scan. During roaming, the device will only scan for the channels in this list instead of a full-channel scan. This helps device to update the scan list in a much faster rate.
For example, on Galaxy S series, an active scan takes 40ms and a passive scan (on DFS channels) takes 130ms. With this, a legacy full-scan takes about 2800ms to complete while a partial scan with 7 saved channels will only take about 280ms – a 90% improvement.
Opportunistic Key Caching
During roaming, data is muted until the device completes connecting to a new AP. To avoid user-level interference, Samsung devices use Opportunistic Key Caching (OKC ) method to speed up roaming connection.
OKC method allows the wireless client and the WLAN infrastructure to cache only one PMK for the lifetime of the client association with this WLAN (derived from the MSK after the initial 802.1X/EAP authentication with the Authentication Server). This holds even when roaming between multiple APs where they all share the original PMK that is used as the seed on all WPA2 4-way handshakes.
Note that this is not an 802.11-standardized method for roaming.
Advantage of 802.11r
802.11r or Fast BSS Transition (FT) seeks to reduce the length of time of lost connectivity between the STA and the DS during a BSS transition. The FT protocols are part of the Re-Association service, and they only apply to STA transitions between APs within the same mobility domain of the same ESS.
IEEE 802.11r specifies FT between access points by redefining the security key negotiation protocol, allowing both the negotiation and requests for wireless resources (similar to RSVP but defined in 802.11e) to occur in parallel.
The key negotiation protocol in 802.11i requires the client to renegotiate its key with a RADIUS or other authentication server supporting Extensible Authentication Protocol (EAP) on every handoff for a 802.1X-based authentication, which is a time-consuming process. To save time, part of the key derived from server is cached in the wireless network, which allows a reasonable number of future connections to be based on the cached key instead of re-running 802.11X process every time.
The non-802.11r BSS transition takes the following steps.
- Run roaming Scan and find an AP for roaming
- Exchange 802.11 Authentication messages with the target access point (first from the client, then from the AP)
- Exchange Re-Association messages to establish connection at target AP
- Start 802.1X/EAP authentication and derive Master Session Key(MSK)
- Conduct Key (PTK) derivation – 802.11i 4-Way Handshake of session keys, create a unique encryption key for the association base on the master key established from the previous step
FT follows the same procedure except for the 802.1X negotiation where it piggybacks the PTK exchanges with the 802.11 Authentication and Re-Association messages instead.
Advantage of 802.11k (Neighbor Report, Beacon Report)
The 802.11k standard allows STAs or APs to get WLAN information from each other. There are many features regarding this, but mobile devices currently only support neighbor report and beacon report features. Both STAs and APs are able to get information about nearby APs through neighbor and beacon reports respectively.
1. Neighbor Report
As explained in partial scanning section, mobile maintains a roaming channel list to reduce scan time. But, there are cases where mobile may trigger a full-scan in order to find a roaming AP. I the following diagram, device initially finds AP1 and AP2 and saves CH 1 and CH 35 in the roaming channel list after connecting to AP2.
When device moves from Location1 to Location2, roaming will be triggered at point, Trigger1 due to a weak RSSI value. While the device tries to find a roaming candidate in CH 1 and CH 36 via a partial scan, it is not able to find any other AP from the list other than AP2. Only after a full-scan will the device discover AP3 and AP4 where it will add CH 11 and CH 46 into its roaming channel list after it connects to AP4.
Having neighbor reports avoids full-scans from such instance from happening. Initially, device will save CH 1 and CH 36 in the channel list as it connects to AP2, which is equal to previous case. Then, in addition, it will also send a neighbor report request to AP2. AP2 will return a list of nearby AP’s, which is AP1, AP2 and AP4. From this response, mobile will add CH 11 in its roaming channel list.
As the device moves away from Location 1 to Location2, device will run a partial roaming scan at Trigger1 for CH 1, CH 11 and CH 36. This time, mobile finds AP4 from its partial scan and successfully connects to AP4. After roaming success, device will repeat the steps by sending a neighbor request to AP4.
2. Beacon Report
APs may support roaming by sharing its neighbor list or BTM request. These requests serve as a list of recommended roaming candidates for the client devices. However, if this information is incorrect, it may disorient devices’ roaming decisions. To suggest the best roaming candidate to a client, AP may receive other APs’ distances from its mobile client through a beacon report.
When mobile receives a beacon report request, it will run a scan to collect beacon frames with their respective signal strengths and return it to the AP. The AP then, can choose the best roaming AP by combining internal information with the received beacon report.
Advantage of 802.11v (BSS Transition Management)
802.11v standard (Wireless Network Management) allows STAs to exchange information for the purpose of improving overall performance of the wireless network. This standard also has many services but mobile currently only supports BTM (BSS Transition Management).
1. BTM (BSS Transition Management)
Typically, a mobile device monitors its Wi-Fi link condition for roaming. However, it is unaware of what goes on inside the connected AP such as load balance, reboot schedule and number of clients, etc. With the support of BTM, an AP can request its mobile client to roam to another AP with a better network condition.
When Samsung mobile device receives a BTM request, it will trigger a partial roaming scan. If device is able to find an AP with better connection (currently 5%), it will roam to that AP. Otherwise, it will maintain its current Wi-Fi connection.
AP’s may indicate its severity of roaming recommendation to its client with elements in BTM request.
if an AP strongly recommends a mobile to roam to another AP, it can set the “Abridged Bit” in the BTM request to 1, where mobiles may consider and regard it as a higher priority.
When “Disassociation Imminent Bit” is set to 1 in the BTM request, it indicates that the connected client has 10 seconds before receiving a dis-association packets from its host AP. The AP may use this to force its client to roam to a different AP in necessary cases such as when AP is resetting or when its resources are maxed out.
The picture below shows a case where number of clients connected to an AP increases as people walk into a restaurant.
Assuming that the connected band is 2.4GHz with RSSI higher than -60dBm and CU at -60%. At the moment, mobile device will not trigger roaming, but with increasing number of clients from people entering, AP1 may decide to move some of the clients to AP2’s 5GHz band. Consequently, AP1 sends BTM requests recommending AP2’s 5GHz network to its clients. Upon receiving BTM requests from AP, mobile clients will calculate their own roaming score internally make roaming decisions.