 |
|
|
|
| ||||
|
|
menu |
Next-Generation WLAN Architecture For High Performance Networks - Part 2
This is the second part of the article "Next-Generation WLAN Architecture For High Performance Networks - Part 1". It is adviced to read the Part 1 before you atart with Part 2. APPLICATION-OPTIMIZED INTELLIGENT SWITCHING Today, organizations must choose a WLAN architectureeither distributed (fat AP) or centralized (thin AP)and force-fit their applications to that architecture's needs. Smart Mobile eliminates this either/or compromise. With the Smart Mobile architecture, the APs are neither thin nor fat. They are "smart." Smart Mobile APs have sufficient intelligence to perform cryptography and policy enforcement, as well as data forwarding, throughout the distributed WLAN, at the point closest to the wireless client. Enterprises can configure the Smart Mobile WLAN to specify which data gets forwarded centrally and which gets forwarded on a distributed basis.
Centralized Forwarding in Smart Mobile: The WLAN Controller Forwards the Data
As in a typical centralized only WLAN, client data traffic can be delivered directly to the WLAN controller, with the WLAN controller forwarding it through the network. The return traffic is also forwarded through the WLAN controller, which then forwards it to the AP and on to the client station. Local file, print and application traffic would take a similar path configured for centralized forwarding. Centralized QoS and Firewall Policy Enforcement When wireless to wireless traffic is forwarded centrally, Smart Mobile ensures quality of service (QoS) for applications like voice. It uses Wi-Fi Multimedia (WMM) over-the-air, mapped to DiffServ and 802.1p for traffic prioritization and management, enforcing QoS throughout the core network. QoS is enforced as part of the design of the forwarding plane of the Mobility Exchange. The Mobility Exchange also enforces the firewall and location policy for strong security and control. Distributed Forwarding in Smart Mobile: The AP Forwards the Data In distributed forwarding, the access point forwards the traffic without having to send it through a WLAN controller. This makes it possible to deploy voice over WLAN on a massive scale, because voice packets travel the shortest path possible, thus minimizing latency. Distributed forwarding also enables migration to 802.11n without having to upgrade existing WLAN controllers, because it reduces the offered data forwarding load on the controller. "Station Switching Records" Enable AP-based Distributed Forwarding To enable distributed forwarding, Smart Mobile introduces the distribution of switching data learned by the central WLAN controller to the AP in the form of a "station switching record" (SSR). The Mobility Exchange controller distributes a SSR to the AP for each associated client. The SSR is distributed after the endpoint client station is validated and the client is authenticated, which ensures a secure session. The SSR contains the station address, VLAN, subnet and gateway data, tag and local switch flags, firewall and QoS policy, and broadcast suppression information. Once the AP has the SSR for an authenticated client, the client traffic is delivered directly from the AP and no longer needs to go through the Mobility Exchange controller. The AP forwards the traffic through the network as directly to the destination as the attached network segment allows. The return traffic follows the same path through the AP. Local file, print and application traffic follow a similar path. Distributed QoS and Firewall Policy Enforcement When wireless to wireless traffic is forwarded on a distributed basis, Smart Mobile ensures quality of service (QoS) for applications like voice. Just as with centralized wireless to wireless QoS, Smart Mobile uses Wi-Fi Multimedia (WMM) over-the-air, mapped to DiffServ and 802.1p, enforcing QoS throughout the core network. But in the case of distributed wireless to wireless, QoS is enforced in the Mobility Point based on the SSR data provided by the Mobility Exchange distributing QoS policy enforcement. In addition, the Mobility Point enforces the firewall and location policy for distributed forwarding. DISTRIBUTED CRYPTOGRAPHY Smart Mobiles distributed cryptography approach is critical to enabling distributed forwarding. As noted above, Smart Mobile provides centralized security policy definition, but policy enforcement can be distributed or centralized based on application needs. Mobility Point access points perform 802.11 packet decryption and encryption, which ensures that encryption performance scales as network usage grows. In contrast, centralized encryption creates abottleneck at the WLAN controller. The inherent performance and scalability advantages of distributed forwarding and policy enforcement are not possible under a centralized cryptography model. Increased Performance and Scalability The distributed cryptography model delivers greater performance because it leverages the processing power in the AP silicon for encryption. Ultimately, it delivers greater scalability at less cost. In addition, this approach can facilitate rapid implementation of emerging wireless standards by deploying more capable APs instead of bigger, more expensive WLAN controllers. Organizations will naturally add more APs as they expand WLAN coverage, and the encryption power and emerging standards availability in the AP will scale in conjunction. Adding APs as the user base grows is far less costly than upgrading expensive WLAN controllers to handle the load centrally. ENTERPRISE-WIDE EXTENSIBILITY: EXTENDING COVERAGE OUTDOORS Distributed data forwarding plays a key role in extending enterprise WLAN service to outdoor and unwired areas using enterprise mesh technologies like mesh point and mesh portal services. Distributed forwarding eliminates the need to backhaul traffic to the central WLAN controller to make policy determinations. Instead, the policiesare enforced in the mesh by the mesh point and mesh portal APs. This is critically important because over-theair bandwidth is very limited, so reducing the need to backhaul traffic to the wired network helps to conserve and optimize usage of scarce bandwidth.
Optimal Path Selection Smart Mobile uses optimal path selection through mesh portals, which is an enabling technology for enterprise outdoor and un-carpeted coverage requirements. The mesh portal is selected by wireless link quality or by switched path cost. The mesh portal uplink can change while the client service is simultaneously preserved. This optimal path selection also routes around uplink failures, while preserving client service. The Smart Mobile intelligent switching model optimizes traffic flows for the applications throughout the WLAN, and is more scalable than a generalized routing protocol. Native Mobility across the Entire Network Smart Mobiles distributed forwarding model continues support for native mobility. The Mobility Domain (a group of up to 32 Mobility Exchanges) knows all of its Mobility Domain peers in the network through inter-Mobility Exchange peer communications with Mobility Domain "seeds." The "seed" informs each Mobility Exchange of every other Mobility Exchange in the domain, every Mobility Exchange VLAN instance, and every associated client's Mobility Point VLAN instance. The Station Switching Record supports tunnel endpoints, so Smart Mobile can establish dynamic tunnel end-points based on SSRs, to any Mobility Exchange or Mobility Point AP in the Mobility Domain. When a tunnel endpoint is specified, a tunnel is established between the client-hosting Mobility Point and any other Mobility Exchange or Mobility Point. Intelligent Switching in Smart Mobile: Optimized for Performance and Scalability With Smart Mobile, IT managers determine what traffic should be centrally forwarded and what traffic should be forwarded on a distributed basis. The IT manager sets up service profiles as part of the Smart Mobile network configuration. IT can set up different service profiles to fit the requirements of different applications. For instance, IT may choose to tunnel all guest traffic to a centrallized or segregated controller, but use distributed forwarding for all the employee traffic. Or IT may use distributed forwarding for all the voice traffic, but centrally forward all other traffic. The switching model can be configured to fit the specific application requirements. High Performance Investment Protection for 802.11n Distributed forwarding provides investment protection for 802.11n because it takes the load off the WLAN switches and eliminates the 10/100 Mbps bottleneck. Enterprises can deploy 802.11n without having to replace their Mobility Exchange WLAN controllers. But IT does not sacrifice control and security to gain a high bandwidth advantage. Policies in Smart Mobile are distributed and enforced at the AP, whether that policy describes encryption, quality of service, firewalls, location or many other parameters.
Enabling VoWLAN on a Massive Scale For many years the VoIP community has been perfecting Session Initiation Protocol (SIP) and User Datagram Protocol (UDP) for optimized transport of VoIP, bringing VoIP technology to its current pervasive deployability. Establishing a VoIP call includes both handsets negotiating the call with the central SIP server. Conducting a call requires the SIP-negotiated UDP call transport mechanism flow from handset to handset directly. Smart Mobile distributed forwarding resembles the SIP/UDP VoIP architecture and supports optimized traffic flow for voice applications. Once the central WLAN controller assures the handset and authenticates the caller, the VoIP handsets talk to each other as peers. In essence, distributed forwarding in Smart Mobile allows voice traffic to take the shortest path through the network, with the lowest possible latency and jitter, which ensures the highest quality voice call. While current-generation WLAN architectures cannot support voice service for more than a handfull users, Smart Mobile can deliver toll-quality voice service to hundreds of users.
UNCOMPROMISED SECURITY Smart Mobile delivers uncompromised protection of business continuity and data privacy by incorporating four tiers of security: Endpoint integrity assurance. With endpoint integrity assurance, SmartMobile prevents misconfigured or infected devices from accessing the network by checking for the latest security patches and service packs, personal firewall and routing policy, anti-virus and anti-spyware software. Industry-leading (802.1X) authentication and encryption. Strong authentication, authorization, accounting, coupled with advance wireless protected access (WPA2) encryption prevents misuse and eavesdroppers, isolating traffic between private users and groups, and ensuring data privacy. Application-based firewall policy enforcement. Smart Mobile provides per user, per station, per group policy enforcement for QoS scheduling, location and security filtering that is application aware. Policy is enforced at the point in the network that is closest to the end station, preserving network bandwidth and improving performance throughout. Comprehensive intrusion protection. Trapeze partnered with AirDefense, the pioneer and leader in wireless intrusion prevention systems, to deliver the industry's only fully integrated IPS. The Trapeze/AirDefense solution defends against rogue devices, denial-of-service attacks, Evil Twins that spoof legitimate hotspots, misconfigured machines, and many other threats. An integrated IPS reduces configuration efforts in comparison with deploying a separate IPS overlay, and simplifies administration.CENTRALIZED MANAGEMENT Smart Mobile retains centralized management, providing IT managers with complete lifecycle control over the WLAN from a single console. The ability to centrally plan, configure, deploy, and manage the WLAN improves overall visibility into the network, reduces operational costs and total cost of ownership, and lets organizations deliver a broad range of services to their users with minimal burden on IT. Trapeze RingMaster is recognized as the industrys leading centralized lifecycle management suite. RingMaster has an integrated 3D planner to help organizations plan their WLAN deployment, both indoors and outdoors. RingMaster enables network managers to efficiently configure, deploy, monitor and optimize a WLAN that supports tens of thousands of users. IT can set policies for users based on their identities, so that no matter where they roam on the wired or wireless network, they have consistent access to their resourcesand IT has control. Mobility Point access points are plug-and-play, and are configured and controlled by the Mobility Exchange switches. This increases management efficiency as well as security.
Polls |
Telecom Interview Q&ATelecom Articles |
|||||||||||||||||||||
