Keys to Enterprise WLAN Reliability

Keys to Enterprise Keys to Enterprise WLAN ReliabilityWLAN Reliability

How to Achieve Wire-like Reliability

Over the AirOctober 28, 2010

Today’s SpeakersToday’s SpeakersToday’s SpeakersToday’s Speakers

Mark Cowtan, Director Product Marketing, Trapeze Networks

Matthew Herzog, Customer Support Manager, Trapeze Networks

WLAN Reliability AgendaWLAN Reliability AgendaWLAN Reliability AgendaWLAN Reliability Agenda

I. Why WLAN reliability matters

II. Five focus areas for reliability

• Downtime

• Traffic jams

• Disrupted roaming

• RF & Access limitations

• Competing services

III. Conclusions, Q&A

WLAN Reliability – The Tipping PointWLAN Reliability – The Tipping PointWLAN Reliability – The Tipping PointWLAN Reliability – The Tipping Point

a\b\g\na\b\g\n

bba/b/ga/b/g

Outdoor AccessOutdoor Access

MobilityMobility

WIDS/WIPSWIDS/WIPS

VoiceVoice

RTLSRTLS

TelemetryTelemetry

Asset Management

Asset Management

MultiMediaMultiMedia

Guest AccessGuest Access

Security

Management

LAN Extension

Performance

Scalability

Complete Coverage

Reliability

Unwired Enterprise

0

100

200

300

400

500

DevicesThousands

2008

2009

2010

2011

2012

2013

2014

Device Growth in Enterprise WLANs

Dual-Mode PhonesOther Wi-Fi DevicesIndustrial HandheldsWi-Fi PhonesLaptops, Notebooks

Rapid Device Proliferation(SmartPhones and Other Clients)

Rapid Growth in Devices and UtilizationRapid Growth in Devices and UtilizationRapid Growth in Devices and UtilizationRapid Growth in Devices and Utilization

CAGRCAGR90%90%

CAGRCAGR25%25%

CAGRCAGR44%44%

Source: Gartner 04/2010

SpringSummer

Break

Fall

3x Growth in Sessions(Multiple Devices per Student)

~50,000 Students

3x3x

Source: UoM 10/2010

What is WLAN Reliability to You?What is WLAN Reliability to You?What is WLAN Reliability to You?What is WLAN Reliability to You?

Wire-like Experience

• Always available

• Always connects

• Fast Ethernet rates

End-User Expectations• Predictable applications

• Landline quality voice

• Cable-quality video

• No restraints on mobility

• Supports my devices

IT Manager Expectations• Secure and assured sessions

• Easy management / provisioning

• Optimized resource utilization

• Scales easily and incrementally

• Low maintenance, no new staff

Is Wire-like Reliability Achievable?Is Wire-like Reliability Achievable?Is Wire-like Reliability Achievable?Is Wire-like Reliability Achievable?

LAN Access

Stationary user

Dedicated bandwidth

Fixed capacity

WLAN Access

Mobile user

Shared bandwidth

Variable capacity

Five Focus Areas for WLAN Reliability Five Focus Areas for WLAN Reliability Five Focus Areas for WLAN Reliability Five Focus Areas for WLAN Reliability

• Downtime• AP and controller resiliency

• Configuration and maintenance

• Traffic Jams • Forwarding / encryption bottlenecks

• Disrupted Roaming• Losing sessions or quality

• Crossing network boundaries

• RF & Access Limitations• Wasted bandwidth or sessions

• Rogues, Interference, Old clients

• Competing Services• Multimedia versus mission-critical

Hot Standby Approach

Configuring Controller RedundancyConfiguring Controller RedundancyConfiguring Controller RedundancyConfiguring Controller Redundancy

Controller Virtualization

• Each controller has a unique configuration

• Each controller operates independently

• Back-up continuously polls front-line devices

• Many-to-one standby resiliency

• Back-up connects upon learning of failure

• All controllers get common configuration

• Cluster acts collectively as "virtual controller"

• Many-to-many in-service resiliency

• Dynamic AP load sharing across controllers

• Lowers maintenance: upgrades, changes

Virtual Controller Cluster

Hot Standby Approach

How Controller Failover WorksHow Controller Failover WorksHow Controller Failover WorksHow Controller Failover Works

• Fully loaded hot standby required

• Catastrophic failure – all APs go down

• APs restart using hot standby controller

• Voice calls lost, data sessions stalled/lost

• Failover with no impact to session quality

•Even for active voice calls

• APs instantly remapped to in-service controller

• Dynamic AP load balancing across controllers

• No additional equipment required

Virtual Controller Cluster

Controller Virtualization

Immunity to Data Center BurnoutImmunity to Data Center BurnoutImmunity to Data Center BurnoutImmunity to Data Center Burnout

• Virtual Controller can span multiple Data Centers

• Boot from Group 1, Fail over to Group 2

Data Center 1 Data Center 2

Group 1 Group 2Virtual Controller

Virtualization Can Eliminate DowntimeVirtualization Can Eliminate DowntimeVirtualization Can Eliminate DowntimeVirtualization Can Eliminate Downtime

• APs have connections to primary and secondary controller

• APs load re-balanced when controller added or removed

• New AP additions evenly spread across cluster

• Allows in-service maintenance, at your convenience!




• Downtime

• Traffic jams





Where Do Different Functions Belong?Where Do Different Functions Belong?Where Do Different Functions Belong?Where Do Different Functions Belong?

• Forwarding

• Packet classification

• Encryption

• Session keys

• Security profile

Internet

Internet

Distributed Switching Scales for 802.11nDistributed Switching Scales for 802.11nDistributed Switching Scales for 802.11nDistributed Switching Scales for 802.11n

• All traffic flows through controller

• Traffic flows twice through network core

• 802.11n increases load up to 10x

• May require expensive upgrades

Centralized Switching Reaches Capacity Sooner With Increased Load from 802.11n

Distributed Switching Provides More Robust Handling of 802.11n Traffic

• Traffic can be forwarded by the AP

• Reduces burden on controller

• Optimizes traffic flows – ideal for voice

• Reduces 802.11n impact on controller

11n increases load by up to 10x

Internet

Distributed Cryptography Scales with APsDistributed Cryptography Scales with APsDistributed Cryptography Scales with APsDistributed Cryptography Scales with APs

Clear

En

crytped

Centralized Cryptography Distributed Cryptography

Clear

Mg

mt T

un

nel

WP

A2

etc

Distributed Improves Voice ReliabilityDistributed Improves Voice ReliabilityDistributed Improves Voice ReliabilityDistributed Improves Voice Reliability

• Longer path, more latency and jitter

• 3-6 times more latency

• Vulnerable to controller congestion

Centralized Switching Distributed Switching

• Most direct path, optimal flows

• Lowest latency

• Toll-quality, no dropped calls




• Downtime

• Traffic jams





Ensuring Reliable RoamingEnsuring Reliable RoamingEnsuring Reliable RoamingEnsuring Reliable Roaming

• Roaming within APs managed by same controller• Everyone expects this and most vendors very reliable• Part of IEEE 802.11i standard. Well defined mechanisms

• Roaming between controllers not a given• No standards for cross-controller roaming• Usually requires tunneling to home controllers• Distributed session keys improve reliability• One solution is fewer, bigger controllers

• Roaming across indoor / outdoor boundaries• Some vendors don’t have common indoor / outdoor architecture• Some vendors OEM outdoor solution

• Important evaluation criteria

Reliable Secure Roaming Expectations Reliable Secure Roaming Expectations Reliable Secure Roaming Expectations Reliable Secure Roaming Expectations

The way it should be…. The way it should be….

• Privileges and services follow users as they roam from AP to AP

• User credentials define access and network resource privileges

• Different groups with different privileges share infrastructure

• Privileges and services adjusted based on time, location, activity

• No network boundaries

MOBILITY – SECURITY – SERVICES

AAA

Centralized Policies

User roams

1

Credentials& servicesfollow user

2

Client A on Subnet 1

Standard Multi-Controller RoamingStandard Multi-Controller RoamingStandard Multi-Controller RoamingStandard Multi-Controller Roaming

Standard Roaming

•Client anchored to "home" controller

for credentials and session info

•New controller unaware prior to

connection, so must query network

•Long round trip through tunnel to

original controller to maintain session

•High rate of timeout & dropped calls

• Increases load on controllers and

doubles traffic on LAN core

•What about new .11k standard?

Anchored Mobility for Basic Roaming

Controller A

Roam


Client B on Subnet 1

Subnet 1 Subnet 2

Controller B


Flexible Mobility for Reliable Roaming

Reliable Multi-Controller RoamingReliable Multi-Controller RoamingReliable Multi-Controller RoamingReliable Multi-Controller Roaming

Reliable Roaming•Credentials and session data

spread across controllers

•Distributed session keys means

mobile profile precedes roam

•Shorter data path

•Less risk of interruption

•Less risk of latency, overload

•Optimizes infrastructure flows

•No dependence on controller

•Local switching for further gains

•Optimized for toll-quality VoIP

Controller A Controller B

Subnet 1 Subnet 2


Client B on Subnet 1

Roam

Mobility Mobility DomainDomain

A A




• Downtime

• Traffic jams





Considerations for Reliable RF AccessConsiderations for Reliable RF AccessConsiderations for Reliable RF AccessConsiderations for Reliable RF Access

• Radio transmission is a mysterious black art!

• Unlicensed spectrum, becoming crowded

• Legacy clients on a/b/g slow everyone else down

• What’s the right cell size? Do I need 2x2, 2x3, 3x3?

• What you can control up front:• RF Coverage and Capacity design

• Managing and monitoring your WLAN

• What you can only respond to:• Radio interference, Unwanted visitors, Malicious attacks

Keys to Reliable RF & AccessKeys to Reliable RF & AccessKeys to Reliable RF & AccessKeys to Reliable RF & Access

• Careful RF planning and layout of WLAN• Main use of spectrum analysis, if desired

• Good management tools are essential

• Auto-Tuning and standard roaming features• Automatic mitigation of AP down

• Wireless Intrusion Protection and Firewall• Scanning for Rogue APs, entrants, and attacks

• “Radio Firewall” around perimeter of building

• Load balancing / management techniques• Band-steering, Client load balancing

• Call Admission Control for assured access

• Emerging methods for marginal enhancements• Beamforming in sparse environments

• Spectrum Analysis to detect and avoid interference

Designing for Maximum CapacityDesigning for Maximum CapacityDesigning for Maximum CapacityDesigning for Maximum Capacity

• Turn off low-data rates areas in outlying bands

• Turn down the power to reduce interference

• Smaller cells yield higher data rates for everyone

• Adjacent channel interference is easily avoided in 5 GHz band

• Reserve 2.4 GHz for legacy clients

All clients enjoy high data rates

Tradeoff: Coverage or CapacityTradeoff: Coverage or CapacityTradeoff: Coverage or CapacityTradeoff: Coverage or Capacity

Coverage Capacity

$/Mbps

100 Users40 MHz Channels

Identical area

$/Sq. Ft. $/Mbps $/Sq. Ft. $/Mbps

3x Access points 3x Access points 2x Total cost2x Total cost7x Avg 7x Avg throughput throughput

3x Access points 3x Access points 2x Total cost2x Total cost7x Avg 7x Avg throughput throughput

Client Balancing Across APs and BandsClient Balancing Across APs and BandsClient Balancing Across APs and BandsClient Balancing Across APs and Bands

Most clientsdefault to 2.4Ghz on the AP with

strongest signal

5 Ghz

1 2

2.4 Ghz

Point of Entry

Differences in Call Admission ControlDifferences in Call Admission ControlDifferences in Call Admission ControlDifferences in Call Admission Control

• Mobile phones connect to WLAN in idle, non-used state

• If your WLAN has Session CAC• It counts sessions not active calls

• Is blind to non “voice” clients

• Drops roaming calls if at CAC limit

• Denies new calls if at CAC limit

Session CAC

Roam deniedcall dropped

2 active calls

New callersession denied

Any new clientsession denied

New callercall accepted

Roamaccepted

8 voice devicesassociated but idle

limit 10 reached

• Dynamic CAC does not carry a false load• Recognizes voice flows

• Only considers active calls

• Accepts roaming calls at CAC limit

Voice-gradeservice

8 voice devicesassociated but idle

Dynamic CAClimit 10 not reachedcan accept more calls

2 active calls




• Downtime

• Traffic jams





INTERNET COMMUNICATION SURVEILLANCE ASSET TRACKING

Separate Management for Everything!Separate Management for Everything!

Closed system, independent services, limited integration

Poor User

Experience

• Inconsistent service level for mission-critical applications

• Dropped sessions with peak loads

• Unaware of user context, location

• No proactive fault resolution

High

OpEx

• Unique UI for each service

• More devices to manage

• Cryptic disjointed information

• More complex, takes longer

• Need more skilled IT staff

The Penalty of Services in SilosThe Penalty of Services in SilosThe Penalty of Services in SilosThe Penalty of Services in Silos

Fully Integrated Services Enables SLAsFully Integrated Services Enables SLAsFully Integrated Services Enables SLAsFully Integrated Services Enables SLAs

WIDS/WIPSServer

RF Firewall

LocationAppliance

FCAPSManagement

WIDS/WIPSServer

RF Firewall

LocationAppliance

FCAPS & Services

Management

Typical WLAN Management Unified WLAN Management

Guest Server Guest

Server




• Downtime

• Traffic jams





ConclusionConclusionConclusionConclusion

• Reliability is needed for mission-critical applications• Economics of mobility and “unwired enterprise” unstoppable

• End-to-end session reliability is a test-bed must do!

• Achieving Wire-like reliability IS possible!• Controller virtualization eliminates downtime• Distributed switching and crypto avoids traffic jams• Distributed session keys improve roaming reliability • RF Planning and load management assures access to medium• Unified infrastructure & service management will allow SLAs

• Least mature aspect of whole solution for most vendors• Drill down on vendor claims, and test them

Q & AQ & AQ & AQ & A

Mark Cowtan, Director Product Marketing, Trapeze Networks

Matthew Herzog, Customer Support Manager, Trapeze Networks

Technology

Keys to Enterprise WLAN Reliability