1 General
2 Northbound API
- 2.1 OVSDB
  - 2.1.1 Wifi_VIF_Config
  - 2.1.2 Wifi_VIF_Neighbors
3 Southbound API
4 Requirements

General

This release introduces support for IEEE 802.11r Fast BSS Transition, a critical feature for enhancing Wi-Fi roaming performance.

Fast BSS Transition (FT) significantly reduces the time and overhead required for client devices to roam between Access Points (APs) within the same network. By allowing devices to pre-authenticate with neighboring APs, it eliminates the need for a full re-authentication process during a handoff. This minimizes connection interruption and latency, ensuring a smoother and more reliable experience for mobile devices.

The OpenSync software stack has been updated to support a broader range of Fast Transition Authentication and Key Management (AKM) suites, including FT-SAE and FT-PSK. This also includes support for modern AKMs that leverage longer cryptographic hashes, which improves security and key derivation robustness.

This enhancement is particularly beneficial for real-time applications like voice calls, video conferencing, and live streaming, as it ensures seamless connectivity as a user moves throughout a Wi-Fi network.

Northbound API

OVSDB

Wifi_VIF_Config

Name	Type	Description

Name	Type	Description
ft_over_ds	bool	`True` enables FT key exchange over Distribution System (FT-over-DS). `False` enables FT-over-the-air Default: `True`
ft_pmk_r0_key_lifetime_sec	integer	Lifetime of a PMK-R0 key in seconds. `0` - disables PMK-R0 lifetime Default: `1209600` (14 days)
ft_pmk_r1_max_key_lifetime_sec	integer	Maximum lifetime for PMK-R1 key in seconds. Default: `0` (Disabled)
ft_pmk_r1_push	bool	`True` enables PMK-R1 push in R0KH Default: `False` (PMK-R1 Pull)
ft_psk_generate_local	bool	`True` disables RxKH key exchanges in PSK networks and makes Authenticator generate PMKs locally Default: `False`
nas_identifier	string	In IEEE 802.11r context NAS Identifier is used as the R0 Key Holder ID (R0KH-ID). It is a string that uniquely identifies BSS in the Mobility Domain. Please note this field is also used for WPAx-Enterprise.
ft_encr_key	string (64)	Acts as a shared secret for the exchange of FT RxKH keys and association contexts between other BSS and ‘this’ BSS over the Distribution System. It has a fixed length of 64 hexadecimal characters to form 256-bit encryption key.
wpa_key_mgmt Existing field	set	Field specifying Authorization and Key Management is extended with the following enum variants: `ft-sae` `ft-sae-ext` `ft-psk` `ft-eap` `ft-eap-sha384`

Wifi_VIF_Neighbors

This table is used to define neighboring Access Points and is extended with Fast BSS Transition fields by adding following parameters.

Name	Type	Description

Name

Type

Description

ft_enabled

bool

nas_identifier

string

In IEEE 802.11r context NAS Identifier is used as the R0 Key Holder ID (R0KH-ID).

This entry allows ‘current’ AP to resolve R0KH-ID potentially coming from Re-association Request to BSSID of the R0KH.

ft_encr_key

string (64)

Specifies an encryption key expected by a remote BSS that is subject of this table entry.

In other words - if ‘current’ AP is about to send RRB PMK-R1 Push frame to ‘this’ BSS - it shall use this key to encrypt it.

Southbound API

On most platforms configuration for Fast BSS Transition is handled by hostapd and by such it doesn’t require integration with other components. In OpenSync, One Wi-Fi Manager (OWM) translates FT configuration to a correct hostapd configuration file and is responsible for keeping configuration and state in sync.

Important note for Broadcom: Custom patches for hostapd on Broadcom platforms add custom configuration option ft_rrb_lo_sock. RRB exchanges use L2 frames that usually are not forwarded from one BSS to the other on the same platform. This configuration option enables loopback and allow RRB message exchange between BSSes on the same AP.

Requirements

There are no specific requirements for this feature on platforms that use hostapd other than building hostapd with support for IEEE 802.11r.

Other platforms are not supported.