Page 2 of 2
Page 1.
Architecture to centralize control
Taking WLANs outdoors creates several challenges that must be met to ensure widespread adoption, including easy network deployment and management, real-time RF management and advanced security.
To help meet these challenges, an architecture has emerged in the outdoor WLAN mesh space that centralizes intelligence and control to help service providers, businesses and/or municipalities easily manage and operate outdoor mesh wireless networks with minimal operational costs.
In this new architecture, a WLAN controller system is used to create and enforce policies across many different lightweight access points. By centralizing intelligence within these devices, security, mobility, quality of service (QoS), and other functions essential to outdoor WLAN operations can be efficiently managed across an entire wireless enterprise.
Furthermore, by splitting functions between the access point and the controller, service providers can accelerate time-to-market, simplify management, improve performance, and increase security of large outdoor wireless networks.
Limits of traditional architectures
Traditional WLAN solutions distribute all traffic handling, RF control, security, and mobility functions to the access point itself. However, this architecture limits visibility of 802.11 traffic to an individual access point only. This means:
- Individual access points, when used without a management device, must be managed individually, which can increase operations costs and staffing requirements
- Network-wide attacks and interference are not visible across a system, which means:
(1) Single point of enforcement for security policies across Layer 1, Layer 2, and Layer 3 and (2) Inability to detect and mitigate denial of service (DoS) attacks across an entire WLAN
- A system cannot correlate or predict activity across an enterprise, which means
(1) Limits the ability to enable optimized, real-time load balancing and (2) Clients cannot perform fast handoffs, which are required to support real-time services such as voice and video
As more products emerge that use lightweight access points with centralized WLAN intelligence, there is a need for an industry standard that governs how these devices communicate with one another. The Lightweight Access Point Protocol (LWAPP) has been recommended by an IETF working group to address this issue. LWAPP standardizes the communications protocol between access points and WLAN systems (controllers, switches, routers, etc.). The goal of this initiative, as described in the IETF specification, is to:
- Reduce the amount of processing within an access point, enabling the limited computing resources within these devices to focus on wireless access, as opposed to filtering and policy enforcement
- Enable a scheme whereby traffic handling, authentication, encryption, and policy enforcement (QoS, security, etc) can be centralized for an entire WLAN system
- Provide a generic encapsulation and transport mechanism for multi-vendor access point interoperability, either by means of a Layer 2 infrastructure or an IP routed network
The LWAPP specification works to address these issues by defining the following types of activities:
- Access point device discovery, information exchange, and configuration
- Access point certification and software control
- Packet encapsulation, fragmentation, and formatting
- Communications control and management between access point and wireless system device
Putting LWAPP to work
When LWAPP was first introduced to the WLAN industry in 2002, it revolutionized the way WLAN deployments were managed with the concept of a "split MAC" the ability to separate the real-time aspects of the 802.11 protocol from most of its management aspects (Figure 1).
In particular, real-time frame exchange and certain real-time portions of MAC management are accomplished within the access point, while authentication, security management, and mobility are handled by WLAN controllers.
1. Cisco 1500 mesh access points
Combining LWAPP with intelligent RF management capabilities brings numerous benefits to customers deploying outdoor WLAN mesh networks.
Management
- Dynamic, system-wide RF management, including a host of features for smooth wireless operations, such as dynamic channel assignment, transmit power control, and load balancing. For outdoor environments where RF interference issues can be significant, this is a crucial capability.
- Single graphical interface for network-wide policies, including VLANs, security, and QoS.
Security
- Network-wide security policies that encompass all layers of a wireless network, from the radio layer through the MAC layer, and into the network layer. This makes it easier to provide uniformly enforced security and QoS or user policies that can address the particular capabilities of different classes of devices, such as handheld scanners, PDAs, or notebook computers.
- Discovery and mitigation of DoS attacks, and detection and denial of rogue access points. These functions occur across an entire LWAPP-based WLAN mesh network.
Mobility
- Cellular-like fast handoffs.
- Excellent support for real-time, mobile applications such as voice over WLAN.
LWAPP is rapidly becoming an essential building block for outdoor mesh wireless networks. It is a foundation upon which large-scale, heterogeneous WLANs can be constructed. By providing a standardized approach for RF internetworking, LWAPP simplifies RF management, and optimizes wireless networking for small, medium-sized, and large-scale outdoor WLAN deployments.
About the author
Neal Castagnoli is the technical leader for the software development team of the Wireless Networking Business Unit at Cisco Systems, Inc. He can be reached at ncastagn@cisco.com.
|
