BUILDING A MISSION CRITICAL WIRELESS NETWORK TO SUPPORT THE

BUILDING A MISSION CRITICAL WIRELESS NETWORK TO SUPPORT THE GROWING DEVICE PROLIFERATION Maxime Deparisse

07/09/2012

2 Copyright © 2012 Juniper Networks, Inc. www.juniper.net

High Performance WLAN Network

High density deployment

High availability WLAN model

AGENDA

Old WLAN Network Model

New WLAN security options


PROBLEMS WITH OLD CAMPUS WIRELESS

Enterprise Router

Core Switch

Firewall Appliance

WLAN Controller

Access Switch

Wireless Access Points

• Thin AP deployments model:

• Every intra AP traffic need to reach

WLAN controller

• Only N+1 redundancy

• Not scalable: adding new capacities is

difficult

• Limited resiliency and throughout

• Fat AP deployments model:

• Difficult to manage

• Roaming aggressiveness is weak

Acces points





AGENDA




Clustered controllers – act collectively as single

virtual controller for wireless configuration

Old and Complex Approach

SIMPLICITY AT SCALE CONTROLLER CLUSTERING

Hot Stand-by or Back-up Controller

Controller A Controller B Controller C

Vendor

A

Vendor

B

Juniper’s Simplified Approach

x Scale x Resiliency x Reliability

Optimized for:

Management x

Discrete controllers operate independently

for AP redundancy configuration

Optimized for:

Scale

Reliability

Resiliency

Management


SINGLE POINT OF MANAGEMENT FEWER MANAGED DEVICES

Primary Seed

Member Member Member

Secondary Seed


Member

HOW THE CLUSTER ADDS A NEW CONTROLLER

The seed pushes the configuration to the

new member

2 The primary controller

pushes configurations to the secondary seed and members

1

Primary Seed

Secondary Seed

Member

When a member is removed and replaced the same

process is used

3

Member

Member

Member


HOW THE CLUSTER ADDS A NEW AP

Member

Secondary Seed

The Primary Seed sends AP config to the Primary controller and the AP sets up a connection

2

Member Member

Primary Seed

A new AP is introduced and contacts the Primary Seed.

1

Member The Primary Seed sends AP config to the Secondary controller and the

AP sets up a connection

3


HOW CLIENTS ARE ASSIGNED PRIMARY AND SECONDARY CONTROLLERS

Client Session

State

Primary controller authenticates/

authorizes client

2

Client Session

State

Primary propagates session details to backup controller

for use during failure

3

A new client associates to the system

1


Secondary Seed

Primary Seed


ACTIVE-ACTIVE CONTROLLERS

Client Session

State

Primary controller authenticates/

authorizes client

2

Client Session

State

Primary propagates session details to backup controller

for use during failure

3

A new client associates to the system

1


Secondary Seed

Primary Seed


SELF-REPAIRING CONTROL ARCHITECTURE


Secondary Seed

Primary Seed

Should the Primary be taken out of service, the Secondary immediately

takes over

1

FAIL OVER

IN SUB-50

MILLISECONDS!


NONSTOP OPERATION

Member Member

Secondary Seed

Primary Seed

A new Secondary is designated and is given the

AP configuration and client session state

2

HITLESS

FAILOVER


IN-SERVICE SOFTWARE UPGRADE


Secondary Seed

Primary Seed

AP moves associated stations to alternate AP then upgrades

4

Secondary passes control back to Primary and

upgrades

2

Primary Controller initiates upgrade sequence; passes control to

Secondary and upgrades

1

Primary Seed coordinates individual member upgrades; Member moves APs to

backup controller and upgrades

3

HITLESS

UPGRADE


UNIQUE FLEXIBILITY OF THE CLUSTER ARCHITECTURE

Ring Master SmartPass AD/DHCP/DNS WLC1 / WLC2 WLC3 / WLC4

Remote

Site 2

DC 1 DC 2 192.168.1.0/24 192.168.2.0/24

Remote

Site 1

192.168.5.0/24 192.168.4.0/24

DHCP DHCP

WAN

192.168.3.0/24

192.168.6.0/24

As soon as WLC’s are installed on the same DC, AP affinity can be used


Each controller has license for 256APs

If a controller fails, APs will fail over to the remaining controller, supporting all 200 APs

Non juniper

CONTROLLER VIRTUALIZATION A COST EFFECTIVE SOLUTION

Redundant Licenses - 200 APs

512 Licenses required!

Each controller is supporting 100 APs

Each controller has license for 128 APs*

*Note: Juniper 2800 licenses sold in blocks of 64

High Availability Licenses - 200 APs

ONLY 256 Licenses required!

Each

licensed

for 128 APs*

100 APs

Juniper

Virtual Controller Cluster

100 APs

Each

licensed

for 256 APs

100 APs 100 APs





AGENDA




PERFOMANCES WLAN CRITERIA

Load balancing – accros Ap’s and radio’s

Bandwidth – 802.11n, 3T3R, TXBF, Airtime Fairness

Avoid broadcast– dhcp, multicast

Avoid latency – local switching

Avoid interferences– wifi and non wifi


WIRELESS LAN TECHNOLOGY STANDARDS

2.4GHz Band : 3 non-overlapping channels

802.11g

6 – 54Mbps data rates

802.11ng

6.5 – 195Mbps data rates

5GHz Band: 20 non-overlapping channels (region

dependant)

802.11a

6 – 54Mbps data rates

802.11na

6.5 – 450Mbps data rates

Note: the 802.11n Standard allows

for data-rates up to 600Mbps

Note: throughput is between 50%-

60% of the data-rate full duplex


802.11an or gn

802.3af/az PoE

1 GE interface

Single Radio

INDOOR 11N AP PRODUCT PORTFOLIO

WLA322 WLA522 / (E)

Advanced Features - Spectrum Analysis (HR)

- Wired crypto

WLA532 / (E)

Transmit Beamforming

WLA321

802.11n

802.3af/az PoE

1 GE interface

Dual Radio 802.11n

802.3af PoE

1 GE interface

Dual Radio

Advanced Features - Spectrum Analysis (HR)

- Wired crypto

802.11n

802.3af/az PoE

1 GE interface

Dual Radio

Advanced Features - Spectrum Analysis (LR) Advanced Features

- Spectrum Analysis (LR)

Moderate Performance Moderate Performance

Superior Performance Highest Performance

Juniper Networks reserves the right to change product specifications without notification




3 Industry Bests

Highest Performance AP

Lowest Power Consumption AP

Smallest Form Factor AP

Mandate this technology in RFP

450Mbps data rate (3x3, 3 spatial stream)

JUNIPER WLA SERIES FLAGSHIP ACCESS POINT WLA532 INDOOR 802.11N AP

What to know

Juniper designed Access Point

Juniper WLAN is 15-20% less expensive

when comparing complete BOMs

Juniper WLA 532 outperforms Cisco and Aruba

by up to 35% as validated by Novarum


AIRTIME FAIRNESS

What will Juniper’s Airtime Fairness

do for the clients?

Juniper’s Airtime Fairness will provide

each clients with an equal amount of time

to send traffic.

When a client goes into retransmission

for whatever reason, that client will get

less time next time he wants to send

traffic.

This will improve the throughput for all of

the other clients connecting to that ap.


TRANSMIT BEAMFORMING

TxBF is a technique that uses an array of

transmit antennas to transmit radio signals with

adjusted magnitude and phase at each transmit

antenna to achieve a focused beam that is

targeted to the receiver.

TxBF can raise the signal-to-noise (SNR) ratio

at the receiver and thus improve performance.

Focused Beam




Bandwidth –802.11n, 3T3R, TXBF, Airtime Fairness





AUTOMATIC CLIENT LOAD BALANCING

5 GHz capable client ‘encouraged’ to connect at 5 GHz

2.4 GHz only client connects at 2.4 GHz

Automatic Load Balancing per

RF Band

Band Steering









11b Capacity:

11Mbps per channel

MULTICHANNEL CELL DESIGN

802.11b/g/n 11 channels available in the U.S. (varies by Regulatory Domain)

5GHz UNII Band

802.11a/n

100 104 108 112 116

20 non-overlapping channels

3 non-overlapping channels

11a Capacity:

54Mbps per channel

11n Capacity:

150Mbps per channel

450Mbps with 40MHz

136 140 132

Ch 36 40 44 48 52 56 60 64 149 153 157

Ch 1 2 3 4 5 6 7 8 9 10 11 2.4GHz

161


MULTICHANNEL DEPLOYMENT PLAN (AUTOTUNE 2.0)

2.4GHz Operation

Limited to 3 non-overlapping

20 MHz channels

5GHz Operation

Ch 36 Ch 52 Ch 60

Ch 60 Ch 64 Ch 40 Ch 44

Ch 44 Ch 56 Ch 36

20 non-overlapping

20 MHz channels

Ch 1 Ch 6 Ch 11

Ch 6 Ch 11 Ch 1

Ch 1 Ch 6 Ch 11

Intra-channel overlap

for better coverage Same channel isolation Same channel well isolated by

more adjacent cells


SPECTRUM ANALYZER

Why do you need Spectrum Management

In order to get the best performance the physical layer needs to be as clean as

possible. 802.11 is wireless and the physical layer is the air you use.

A Spectrum Analyzer will identify interference which enables you to:

Avoid certain channels and automatic frequency selection based on SA

Identify interferences and take action (replace, turn off or avoid channel)

Provides an illustration of the health of the Spectrum

Plan for expansion

Helps troubleshoot problems


SPECTRUM ANALYZER

Methods of getting SA information

From RingMaster in the Monitoring section

Using RingMaster Monitoring will provide a way to see interfering devices in a

reporting way

From RingMaster Spectrum

In the Spectrum view provides a live graph of the spectrum*

* Using the RingMaster Spectrum view will take the WLA out of service for client traffic









Fat AP Architecture Local Switching

Thin AP Architecture Central Switching

Juniper WLAN

Architecture Local AND Central Switching

NO NEED TO COMPROMISE JUNIPER NETWORKS WIRELESS LAN EVOLUTION

x Performance x Reliability

Security Management

Performance Reliability

Security Management

Performance

x Security x Management x Reliability

Optimized for: Optimized for: Optimized for:


REMOTE LOCATION (NEXT GENERATION OF LS) WAN FAILURE BACKUP SCENARIO

Background:

The Juniper WLAN solution Local Switching story is a good fit for

remote deployments to enable EARLY QoS for the Traffic

Also adds survivability in case remote location router can’t send

traffic to the Core anymore

Maintain Wireless service in WAN failure condition

Feature Description:

New AP mode: ‘remote-ap’

Allows extended WAN outage window (5 days)

Seamless re-joining to WLC when WAN service is restored

High latency link deployment, and MTU independant

Remote AP survivability

Data path security

Breakout to local VLAN based SSID, User, RADIUS

Authentication

Add DiffServ marking to traffic based on ACL, User, SSID,

RADIUS Authentication

Core

MX / SRX

Ringmaster

WAN

Remote

Locations

Cluster of WLC880









AVOIDING BROADCAST TO INCREASE PERFORMANCE

• Broadcast is the network

enemy but it is even worse in

Wireless LAN

• Each braodcast is sent on the

entire subnet (same as Wired

Network), but also sent to the

min data rate

• Broadcast is undesirable in

situations where battery

powered devices such as

phones in sleep mode wake

up on receiving a broadcast

packet.

• Juniper provide tools to limit

broadcast on Wireless LAN

• No broadcast

• Proxy ARP


WIFI MULTIMEDIA WITHOUT DATA RATE PROTECTION

Multicast on Wireless

is using the min data

rate speed for the

multciast flow for all

clients

Multicast on wire

WLC is IGMP aware

(report/snooping/pseudo

quierer…)

Multicast server sending

flow at 15 Mbps 11Mbps not

enough for

the flow


WIFI MULTIMEDIA WITH DATA RATE PROTECTION

clients cannot connect

to the multicast group

at a smaller rate than

36Mbps

Multicast on wire

WLC is IGMP aware


quierer…)

Multicast server sending

flow at 15 Mbps 450Mbps

x


• Reliable Multicast Traffic Delivery (Phase 2 – IGMP based optimization in rel 8.0) Rich Media Enablers

Feature Rationale: Multicast transmission is unreliable due to the absence of feedback

mechanism in IEEE 802.11 protocol. Broadcast is undesirable in situations where battery

powered devices such as phones in sleep mode wake up on receiving a broadcast packet. IGMP

group based conversion required to avoid unnecessary unicast to all clients on affected VLAN.

Deployment types: Critical requirement in Education, Healthcare customers, physical security

and surveillance products/applications running "TV-like" video distribution applications.

Feature Description Detail

MULTICAST TO UNICAST FOR RICH MEDIA CONTENT


WIFI MULTIMEDIA WITHOUT MULTICAST CONVERSION

Multicast on Wireless

is using the min data

rate speed for the

multciast flow for all

clients

Multicast on wire

WLC is IGMP aware


quierer…)

Multicast server

11Mbps

Multicast transmission is

unreliable due to the absence

of feedback mechanism in

IEEE 802.11 protocol


WIFI MULTIMEDIA WIT MULTICAST CONVERSION

With multicast

conversion set to ON,

each client get it s on

flow with it s own rate

Multicast on wire

WLC is IGMP aware


quierer…)

Multicast server

450Mbps





AGENDA




Top WLAN requirements

BYOD

Unified Policy

Performance at Scale

Highly Resilient

High Density

High Scale

WIRELESS LAN TRENDS

0

100000

200000

300000

400000

Unique Daily Wireless Sessions Large American University ~50,000 Students, Multiple Devices Per Student

6x

Fall Summer Spring 2011

Fall Spring Summer 2010


HIGH DENSITY BEST PRACTICE

General network best practices:

• Avoid latency using Local swiching

• Avoid bottleneck using local switching

• Avoid broadcast using multicast to unicast proxy arp and no broadcast

Wifi best practices:

• Enough coverage for data capacity

• Use dual radio coverage and 3 stream AP (WLA 532)

• Reduce TX power for micro cell type of deployment. This has a positive

Impact on performances and radio redundancy

• Use load balancing accross radio and AP

• Avoid slow data rate to associate

• Avoid using beamforming





AGENDA




WLC

Android

Tablet/smartphone

Mobile device connects

to secure wireless

network

1

User dot1x

authenticates to

wireless network

2

Device type policy is

configured to restrict

iPads; WLA holds device

traffic for inspection

3

Device is determined to

be an Android device

and is allowed on the

network

5

WLA sends device

type info to WLC for

matching against

policy

4

UAC

EX Series AP

ENFORCING A “NO BYOD” POLICY WITH DEVICE PROFILING

EX Series


Don’t forget:

You can copy-

paste this slide

into other

presentations,

and move or

resize the poll.


Don’t forget:

You can copy-

paste this slide

into other

presentations,

and move or

resize the poll.


Don’t forget:

You can copy-

paste this slide

into other

presentations,

and move or

resize the poll.

Documents

BUILDING A MISSION CRITICAL WIRELESS NETWORK TO SUPPORT THE