WLAN Architecture - Considerations
Christoffer Jacobsson
What will I talk about?
• Some enterprise WLAN history.
• Explaining the three working planes of a WLAN.
• Centralized architecture, pros and cons.
• Distributed architecture, pros and cons.
• Summary and an extra slide on redundancy.
Where did enterprise WLAN begin?
• Fat/Autonomous APs
• Secondary access method
• Unique solutions for every need
• Limited coverage
• Little or no visibility
• Management nightmare
The three working planes of a WLAN
Data plane
• Data Forwarding
Management plane
Control plane
• Configuration
• Dynamic radio control
• Firmware
• Mobility/Roaming
• Monitoring/Reporting
• Load balancing
• Encryption/Decryption
• QoS tagging
• Data filtering
How do we leverage these working planes?
Wireless Network Management System (WNMS)
Management plane
Management plane
Management plane
Management plane
Control plane
Control plane
Control plane
Control plane
Data plane
Data plane
Data plane
Data plane
SSID: Awsome-Company
Security: WPA2-PSK
SSID: Awsome-Company
Security: WPA2-PSK
SSID: Awsome-Company
Security: WPA2-PSK
SSID: Awsome-Company
Awsome-company
Security: WPA2-PSK
Centralized architecture – ”The overlay implementation”
YeahBaby Inc. WLAN project.
500 employees, 2 devices per person.
7 floor building.
• New VLANs exist only in controller and
Core/Distribution
Trunk port including new
WLAN client WLANs
Management
Control
• Seamless roaming accross all floors
• Centralized channel and power dynamics
• Encryption from client to controller
• One RADIUS client
• One point of management
Data
s
Centralized architecture for a distributed company
NearYou AB WLAN project.
20 Offices spread out over the country
All internet and server access goes through HQ
Management
Control
Data
• New VLANs exist only in HQ
• All APs configured the same way
• Client traffic encrypted to HQ
• One RADIUS client
• One point of management
Drawbacks of a centralized architecture
NearYou AB WLAN project.
20 Offices spread out over the country
All internet and server access goes through HQ
Management
Control
Data
• Dependancy on controllers
• Possible traffic U-turns and bottlenecks
• Scalability issues
• Controllers and licenses are expensive
Distributed architecture – Optimizing traffic flows
UpUpAndAway Inc. WLAN project.
4 offices globally.
Demands local survivability.
• Client traffic forwarded locally
Control
Management
• Local RADIUS client
Data
• Central management on premises or in
the cloud
• Local shared control plane
• Distributed architecture is redundant by
design
Control
Data
Control
Data
Distributed architecture – an MSPs perspective
Aranya AB, WLAN as a service.
Customers totally separated from eachother.
No operational dependencies on Aranya datacenter
Control
Control
Data
Management
Data
Data
Control
Control
Data
Data
Data
Data
Data
Drawbacks of a distributed architecture
Management
• Alot of more wired side management
• More RADIUS clients
• Wireless encryption ends at AP
• Changing architecture can sometimes
require hardware replacement.
Control
Control
Data
Data
Data
Data
Extra redundancy considerations
• Who and where are your RADIUS clients and servers?
• Are those server certificates under control?
• Are you querying more than one LDAP server?
• Who and where are your DHCP servers and IP-helpers?
• Always test your redundancy!
Questions and comments are welcome!
Mail: Christoffer@aranya.se
Phone: +46700 92 10 92