We’ve been asked numerous times why 11s peering is so fast compared with WiFi Direct. WiFi Direct peering (or group formation) entails the following steps:
1. Group Owner Negotiation
3. Authentication (Open System)
4. Association (Open System)
5. 802.1X Wireless Protected Setup Authentication
6. Failure (yes, this is part of the specification!)
8. Authentication (RSN)
9. Association (RSN)
10. 802.1X RSN Authentication
This is for the general case, called Standard Group Formation. The specification defines different behaviors for two other scenarios: when the Group Owner is pre-configured (Autonomous Group Formation) and when the network credentials are pre-stored (Persistent Group Formation). These scenarios can omit some of the phases enumerated above. For more details, check out this great paper about WFD.
You can see a wireshark capture of these exchanges in the figure below. These capture is generated from
wpa_supplicant‘s own test suite on simulated hardware and an ideal medium. This means that there are no frame losses, and even then, it takes 34 frames to establish a link between two nodes. On a lossy medium, a lost frame may require restarting the authentication process and this is why WFD peering may take a long time.
Mesh, on the other hand, does not assign roles to nodes and therefore has no concept of Group Owner, nor the need for a Group Owner negotiation. Security is also much simpler, as there is no authenticator/supplicant assimetry.
An open mesh peering takes only 4 frames without security and 4 more to establish a secure peer link. The entire peer link takes exactly 8 frames, as shown below.
No one summarized it better than security expert and SAE designer Dan Harkins:
It’s 34 frames of compromised and questionable security versus 8 of strong security. And both options can use the identical credential for authentication, it’s just that mesh does it right and WFD does it wrong.
Think about that next time you are waiting on your Android phone to connect with WiFi Direct…