Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
BUILDING A MISSION CRITICAL WIRELESS NETWORK TO SUPPORT THE GROWING DEVICE PROLIFERATION Maxime Deparisse
07/09/2012
2 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
High Performance WLAN Network
High density deployment
High availability WLAN model
AGENDA
Old WLAN Network Model
New WLAN security options
3 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
PROBLEMS WITH OLD CAMPUS WIRELESS
Enterprise Router
Core Switch
Firewall Appliance
WLAN Controller
Access Switch
Wireless Access Points
• Thin AP deployments model:
• Every intra AP traffic need to reach
WLAN controller
• Only N+1 redundancy
• Not scalable: adding new capacities is
difficult
• Limited resiliency and throughout
• Fat AP deployments model:
• Difficult to manage
• Roaming aggressiveness is weak
Acces points
4 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
High Performance WLAN Network
High density deployment
High availability WLAN model
AGENDA
Old WLAN Network Model
New WLAN security options
5 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
Clustered controllers – act collectively as single
virtual controller for wireless configuration
Old and Complex Approach
SIMPLICITY AT SCALE CONTROLLER CLUSTERING
Hot Stand-by or Back-up Controller
Controller A Controller B Controller C
Vendor
A
Vendor
B
Juniper’s Simplified Approach
x Scale x Resiliency x Reliability
Optimized for:
Management x
Discrete controllers operate independently
for AP redundancy configuration
Optimized for:
Scale
Reliability
Resiliency
Management
6 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
SINGLE POINT OF MANAGEMENT FEWER MANAGED DEVICES
Primary Seed
Member Member Member
Secondary Seed
7 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
Member
HOW THE CLUSTER ADDS A NEW CONTROLLER
The seed pushes the configuration to the
new member
2 The primary controller
pushes configurations to the secondary seed and members
1
Primary Seed
Secondary Seed
Member
When a member is removed and replaced the same
process is used
3
Member
Member
Member
8 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
HOW THE CLUSTER ADDS A NEW AP
Member
Secondary Seed
The Primary Seed sends AP config to the Primary controller and the AP sets up a connection
2
Member Member
Primary Seed
A new AP is introduced and contacts the Primary Seed.
1
Member The Primary Seed sends AP config to the Secondary controller and the
AP sets up a connection
3
9 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
HOW CLIENTS ARE ASSIGNED PRIMARY AND SECONDARY CONTROLLERS
Client Session
State
Primary controller authenticates/
authorizes client
2
Client Session
State
Primary propagates session details to backup controller
for use during failure
3
A new client associates to the system
1
Member Member Member
Secondary Seed
Primary Seed
10 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
ACTIVE-ACTIVE CONTROLLERS
Client Session
State
Primary controller authenticates/
authorizes client
2
Client Session
State
Primary propagates session details to backup controller
for use during failure
3
A new client associates to the system
1
Member Member Member
Secondary Seed
Primary Seed
11 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
SELF-REPAIRING CONTROL ARCHITECTURE
Member Member Member
Secondary Seed
Primary Seed
Should the Primary be taken out of service, the Secondary immediately
takes over
1
FAIL OVER
IN SUB-50
MILLISECONDS!
12 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
NONSTOP OPERATION
Member Member
Secondary Seed
Primary Seed
A new Secondary is designated and is given the
AP configuration and client session state
2
HITLESS
FAILOVER
13 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
IN-SERVICE SOFTWARE UPGRADE
Member Member Member
Secondary Seed
Primary Seed
AP moves associated stations to alternate AP then upgrades
4
Secondary passes control back to Primary and
upgrades
2
Primary Controller initiates upgrade sequence; passes control to
Secondary and upgrades
1
Primary Seed coordinates individual member upgrades; Member moves APs to
backup controller and upgrades
3
HITLESS
UPGRADE
14 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
UNIQUE FLEXIBILITY OF THE CLUSTER ARCHITECTURE
Ring Master SmartPass AD/DHCP/DNS WLC1 / WLC2 WLC3 / WLC4
Remote
Site 2
DC 1 DC 2 192.168.1.0/24 192.168.2.0/24
Remote
Site 1
192.168.5.0/24 192.168.4.0/24
DHCP DHCP
WAN
192.168.3.0/24
192.168.6.0/24
As soon as WLC’s are installed on the same DC, AP affinity can be used
15 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
Each controller has license for 256APs
If a controller fails, APs will fail over to the remaining controller, supporting all 200 APs
Non juniper
CONTROLLER VIRTUALIZATION A COST EFFECTIVE SOLUTION
Redundant Licenses - 200 APs
512 Licenses required!
Each controller is supporting 100 APs
Each controller has license for 128 APs*
*Note: Juniper 2800 licenses sold in blocks of 64
High Availability Licenses - 200 APs
ONLY 256 Licenses required!
Each
licensed
for 128 APs*
100 APs
Juniper
Virtual Controller Cluster
100 APs
Each
licensed
for 256 APs
100 APs 100 APs
16 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
High Performance WLAN Network
High density deployment
High availability WLAN model
AGENDA
Old WLAN Network Model
New WLAN security options
17 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
PERFOMANCES WLAN CRITERIA
Load balancing – accros Ap’s and radio’s
Bandwidth – 802.11n, 3T3R, TXBF, Airtime Fairness
Avoid broadcast– dhcp, multicast
Avoid latency – local switching
Avoid interferences– wifi and non wifi
18 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
WIRELESS LAN TECHNOLOGY STANDARDS
2.4GHz Band : 3 non-overlapping channels
802.11g
6 – 54Mbps data rates
802.11ng
6.5 – 195Mbps data rates
5GHz Band: 20 non-overlapping channels (region
dependant)
802.11a
6 – 54Mbps data rates
802.11na
6.5 – 450Mbps data rates
Note: the 802.11n Standard allows
for data-rates up to 600Mbps
Note: throughput is between 50%-
60% of the data-rate full duplex
19 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
802.11an or gn
802.3af/az PoE
1 GE interface
Single Radio
INDOOR 11N AP PRODUCT PORTFOLIO
WLA322 WLA522 / (E)
Advanced Features - Spectrum Analysis (HR)
- Wired crypto
WLA532 / (E)
Transmit Beamforming
WLA321
802.11n
802.3af/az PoE
1 GE interface
Dual Radio 802.11n
802.3af PoE
1 GE interface
Dual Radio
Advanced Features - Spectrum Analysis (HR)
- Wired crypto
802.11n
802.3af/az PoE
1 GE interface
Dual Radio
Advanced Features - Spectrum Analysis (LR) Advanced Features
- Spectrum Analysis (LR)
Moderate Performance Moderate Performance
Superior Performance Highest Performance
Juniper Networks reserves the right to change product specifications without notification
Transmit Beamforming
Transmit Beamforming
20 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
3 Industry Bests
Highest Performance AP
Lowest Power Consumption AP
Smallest Form Factor AP
Mandate this technology in RFP
450Mbps data rate (3x3, 3 spatial stream)
JUNIPER WLA SERIES FLAGSHIP ACCESS POINT WLA532 INDOOR 802.11N AP
What to know
Juniper designed Access Point
Juniper WLAN is 15-20% less expensive
when comparing complete BOMs
Juniper WLA 532 outperforms Cisco and Aruba
by up to 35% as validated by Novarum
21 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
AIRTIME FAIRNESS
What will Juniper’s Airtime Fairness
do for the clients?
Juniper’s Airtime Fairness will provide
each clients with an equal amount of time
to send traffic.
When a client goes into retransmission
for whatever reason, that client will get
less time next time he wants to send
traffic.
This will improve the throughput for all of
the other clients connecting to that ap.
22 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
TRANSMIT BEAMFORMING
TxBF is a technique that uses an array of
transmit antennas to transmit radio signals with
adjusted magnitude and phase at each transmit
antenna to achieve a focused beam that is
targeted to the receiver.
TxBF can raise the signal-to-noise (SNR) ratio
at the receiver and thus improve performance.
Focused Beam
23 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
PERFOMANCES WLAN CRITERIA
Load balancing – accros Ap’s and radio’s
Bandwidth –802.11n, 3T3R, TXBF, Airtime Fairness
Avoid broadcast– dhcp, multicast
Avoid latency – local switching
Avoid interferences– wifi and non wifi
24 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
AUTOMATIC CLIENT LOAD BALANCING
5 GHz capable client ‘encouraged’ to connect at 5 GHz
2.4 GHz only client connects at 2.4 GHz
Automatic Load Balancing per
RF Band
Band Steering
25 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
PERFOMANCES WLAN CRITERIA
Load balancing – accros Ap’s and radio’s
Bandwidth – 802.11n, 3T3R, TXBF, Airtime Fairness
Avoid broadcast– dhcp, multicast
Avoid latency – local switching
Avoid interferences– wifi and non wifi
26 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
11b Capacity:
11Mbps per channel
MULTICHANNEL CELL DESIGN
802.11b/g/n 11 channels available in the U.S. (varies by Regulatory Domain)
5GHz UNII Band
802.11a/n
100 104 108 112 116
20 non-overlapping channels
3 non-overlapping channels
11a Capacity:
54Mbps per channel
11n Capacity:
150Mbps per channel
450Mbps with 40MHz
136 140 132
Ch 36 40 44 48 52 56 60 64 149 153 157
Ch 1 2 3 4 5 6 7 8 9 10 11 2.4GHz
161
27 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
MULTICHANNEL DEPLOYMENT PLAN (AUTOTUNE 2.0)
2.4GHz Operation
Limited to 3 non-overlapping
20 MHz channels
5GHz Operation
Ch 36 Ch 52 Ch 60
Ch 60 Ch 64 Ch 40 Ch 44
Ch 44 Ch 56 Ch 36
20 non-overlapping
20 MHz channels
Ch 1 Ch 6 Ch 11
Ch 6 Ch 11 Ch 1
Ch 1 Ch 6 Ch 11
Intra-channel overlap
for better coverage Same channel isolation Same channel well isolated by
more adjacent cells
28 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
SPECTRUM ANALYZER
Why do you need Spectrum Management
In order to get the best performance the physical layer needs to be as clean as
possible. 802.11 is wireless and the physical layer is the air you use.
A Spectrum Analyzer will identify interference which enables you to:
Avoid certain channels and automatic frequency selection based on SA
Identify interferences and take action (replace, turn off or avoid channel)
Provides an illustration of the health of the Spectrum
Plan for expansion
Helps troubleshoot problems
29 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
SPECTRUM ANALYZER
Methods of getting SA information
From RingMaster in the Monitoring section
Using RingMaster Monitoring will provide a way to see interfering devices in a
reporting way
From RingMaster Spectrum
In the Spectrum view provides a live graph of the spectrum*
* Using the RingMaster Spectrum view will take the WLA out of service for client traffic
30 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
PERFOMANCES WLAN CRITERIA
Load balancing – accros Ap’s and radio’s
Bandwidth – 802.11n, 3T3R, TXBF, Airtime Fairness
Avoid broadcast– dhcp, multicast
Avoid latency – local switching
Avoid interferences– wifi and non wifi
31 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
Fat AP Architecture Local Switching
Thin AP Architecture Central Switching
Juniper WLAN
Architecture Local AND Central Switching
NO NEED TO COMPROMISE JUNIPER NETWORKS WIRELESS LAN EVOLUTION
x Performance x Reliability
Security Management
Performance Reliability
Security Management
Performance
x Security x Management x Reliability
Optimized for: Optimized for: Optimized for:
32 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
REMOTE LOCATION (NEXT GENERATION OF LS) WAN FAILURE BACKUP SCENARIO
Background:
The Juniper WLAN solution Local Switching story is a good fit for
remote deployments to enable EARLY QoS for the Traffic
Also adds survivability in case remote location router can’t send
traffic to the Core anymore
Maintain Wireless service in WAN failure condition
Feature Description:
New AP mode: ‘remote-ap’
Allows extended WAN outage window (5 days)
Seamless re-joining to WLC when WAN service is restored
High latency link deployment, and MTU independant
Remote AP survivability
Data path security
Breakout to local VLAN based SSID, User, RADIUS
Authentication
Add DiffServ marking to traffic based on ACL, User, SSID,
RADIUS Authentication
Core
MX / SRX
Ringmaster
WAN
Remote
Locations
Cluster of WLC880
33 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
PERFOMANCES WLAN CRITERIA
Load balancing – accros Ap’s and radio’s
Bandwidth – 802.11n, 3T3R, TXBF, Airtime Fairness
Avoid broadcast– dhcp, multicast
Avoid latency – local switching
Avoid interferences– wifi and non wifi
34 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
AVOIDING BROADCAST TO INCREASE PERFORMANCE
• Broadcast is the network
enemy but it is even worse in
Wireless LAN
• Each braodcast is sent on the
entire subnet (same as Wired
Network), but also sent to the
min data rate
• Broadcast is undesirable in
situations where battery
powered devices such as
phones in sleep mode wake
up on receiving a broadcast
packet.
• Juniper provide tools to limit
broadcast on Wireless LAN
• No broadcast
• Proxy ARP
35 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
WIFI MULTIMEDIA WITHOUT DATA RATE PROTECTION
Multicast on Wireless
is using the min data
rate speed for the
multciast flow for all
clients
Multicast on wire
WLC is IGMP aware
(report/snooping/pseudo
quierer…)
Multicast server sending
flow at 15 Mbps 11Mbps not
enough for
the flow
36 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
WIFI MULTIMEDIA WITH DATA RATE PROTECTION
clients cannot connect
to the multicast group
at a smaller rate than
36Mbps
Multicast on wire
WLC is IGMP aware
(report/snooping/pseudo
quierer…)
Multicast server sending
flow at 15 Mbps 450Mbps
x
37 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
• Reliable Multicast Traffic Delivery (Phase 2 – IGMP based optimization in rel 8.0) Rich Media Enablers
Feature Rationale: Multicast transmission is unreliable due to the absence of feedback
mechanism in IEEE 802.11 protocol. Broadcast is undesirable in situations where battery
powered devices such as phones in sleep mode wake up on receiving a broadcast packet. IGMP
group based conversion required to avoid unnecessary unicast to all clients on affected VLAN.
Deployment types: Critical requirement in Education, Healthcare customers, physical security
and surveillance products/applications running "TV-like" video distribution applications.
Feature Description Detail
MULTICAST TO UNICAST FOR RICH MEDIA CONTENT
38 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
WIFI MULTIMEDIA WITHOUT MULTICAST CONVERSION
Multicast on Wireless
is using the min data
rate speed for the
multciast flow for all
clients
Multicast on wire
WLC is IGMP aware
(report/snooping/pseudo
quierer…)
Multicast server
11Mbps
Multicast transmission is
unreliable due to the absence
of feedback mechanism in
IEEE 802.11 protocol
39 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
WIFI MULTIMEDIA WIT MULTICAST CONVERSION
With multicast
conversion set to ON,
each client get it s on
flow with it s own rate
Multicast on wire
WLC is IGMP aware
(report/snooping/pseudo
quierer…)
Multicast server
450Mbps
41 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
High Performance WLAN Network
High density deployment
High availability WLAN model
AGENDA
Old WLAN Network Model
New WLAN security options
42 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
Top WLAN requirements
BYOD
Unified Policy
Performance at Scale
Highly Resilient
High Density
High Scale
WIRELESS LAN TRENDS
0
100000
200000
300000
400000
Unique Daily Wireless Sessions Large American University ~50,000 Students, Multiple Devices Per Student
6x
Fall Summer Spring 2011
Fall Spring Summer 2010
43 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
HIGH DENSITY BEST PRACTICE
General network best practices:
• Avoid latency using Local swiching
• Avoid bottleneck using local switching
• Avoid broadcast using multicast to unicast proxy arp and no broadcast
Wifi best practices:
• Enough coverage for data capacity
• Use dual radio coverage and 3 stream AP (WLA 532)
• Reduce TX power for micro cell type of deployment. This has a positive
Impact on performances and radio redundancy
• Use load balancing accross radio and AP
• Avoid slow data rate to associate
• Avoid using beamforming
44 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
High Performance WLAN Network
High density deployment
High availability WLAN model
AGENDA
Old WLAN Network Model
New WLAN security options
45 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
WLC
Android
Tablet/smartphone
Mobile device connects
to secure wireless
network
1
User dot1x
authenticates to
wireless network
2
Device type policy is
configured to restrict
iPads; WLA holds device
traffic for inspection
3
Device is determined to
be an Android device
and is allowed on the
network
5
WLA sends device
type info to WLC for
matching against
policy
4
UAC
EX Series AP
ENFORCING A “NO BYOD” POLICY WITH DEVICE PROFILING
EX Series
46 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
Don’t forget:
You can copy-
paste this slide
into other
presentations,
and move or
resize the poll.
47 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
Don’t forget:
You can copy-
paste this slide
into other
presentations,
and move or
resize the poll.
48 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
Don’t forget:
You can copy-
paste this slide
into other
presentations,
and move or
resize the poll.