WLAN Architecture - Considerations

13
WLAN Architecture - Considerations Christoffer Jacobsson

Transcript of WLAN Architecture - Considerations

Page 1: WLAN Architecture - Considerations

WLAN Architecture - ConsiderationsChristoffer Jacobsson

Page 2: WLAN Architecture - Considerations

What will I talk about?

• Some enterprise WLAN history.

• Explaining the three working planes of a WLAN.

• Centralized architecture, pros and cons.

• Distributed architecture, pros and cons.

• Summary and an extra slide on redundancy.

Page 3: WLAN Architecture - Considerations

Where did enterprise WLAN begin?

• Fat/Autonomous APs

• Secondary access method

• Unique solutions for every need

• Limited coverage

• Little or no visibility

• Management nightmare

Page 4: WLAN Architecture - Considerations

The three working planes of a WLAN

Data plane Management plane Control plane

• Data Forwarding • Configuration

• Firmware

• Monitoring/Reporting

• Dynamic radio control

• Mobility/Roaming

• Load balancing

• Encryption/Decryption

• QoS tagging

• Data filtering

Page 5: WLAN Architecture - Considerations

How do we leverage these working planes?

Data plane

Management plane

Control plane

Data plane

Management plane

Control plane

Data plane

Management plane

Control plane

Data plane

Management plane

Control plane

SSID: Awsome-CompanySecurity: WPA2-PSK

SSID: Awsome-CompanySecurity: WPA2-PSK

SSID: Awsome-CompanySecurity: WPA2-PSK

SSID: Awsome-companySecurity: WPA2-PSK

Wireless Network Management System (WNMS)

SSID: Awsome-CompanySecurity: WPA2-PSK

Page 6: WLAN Architecture - Considerations

Centralized architecture – ”The overlay implementation”

YeahBaby Inc. WLAN project.500 employees, 2 devices per person.7 floor building.

Trunk port including new WLAN client WLANs• New VLANs exist only in controller and

Core/Distribution

• Seamless roaming accross all floors

• Centralized channel and power dynamics

• Encryption from client to controller

• One RADIUS client

• One point of management

s

Control

Data

Management

Page 7: WLAN Architecture - Considerations

Centralized architecture for a distributed company

NearYou AB WLAN project.20 Offices spread out over the countryAll internet and server access goes through HQ

• New VLANs exist only in HQ

• All APs configured the same way

• Client traffic encrypted to HQ

• One RADIUS client

• One point of management

Control

Data

Management

Page 8: WLAN Architecture - Considerations

Drawbacks of a centralized architecture

NearYou AB WLAN project.20 Offices spread out over the countryAll internet and server access goes through HQ

• Dependancy on controllers

• Possible traffic U-turns and bottlenecks

• Scalability issues

• Controllers and licenses are expensive

Control

Data

Management

Page 9: WLAN Architecture - Considerations

Distributed architecture – Optimizing traffic flows

UpUpAndAway Inc. WLAN project.4 offices globally.Demands local survivability.

• Client traffic forwarded locally

• Local RADIUS client

• Central management on premises or in the cloud

• Local shared control plane

• Distributed architecture is redundant by design

Data

Management

ControlControl

Data

Data

Control

Page 10: WLAN Architecture - Considerations

Distributed architecture – an MSPs perspective

Aranya AB, WLAN as a service.Customers totally separated from eachother.No operational dependencies on Aranya datacenter

Management

Data

Control

Data Data Data

ControlControl

Data

Control

Data Data Data

Page 11: WLAN Architecture - Considerations

Drawbacks of a distributed architecture

Management

Data

Control

Data Data Data

Control

• Alot of more wired side management

• More RADIUS clients

• Wireless encryption ends at AP

• Changing architecture can sometimes require hardware replacement.

Page 12: WLAN Architecture - Considerations

Extra redundancy considerations

• Who and where are your RADIUS clients and servers?

• Are those server certificates under control?

• Are you querying more than one LDAP server?

• Who and where are your DHCP servers and IP-helpers?

• Always test your redundancy!

Page 13: WLAN Architecture - Considerations

Questions and comments are welcome!Mail: [email protected] Phone: +46700 92 10 92