JUNIPER WIRELESS ACCESS Niklas Henriksson nhenriksson@juniper.net Senior Systems Engineer JUNIPER WIRELESS—WLA—ACCESS POINT FAMILY 3x3 MIMO Dual Radio All Weather High Performance Intelligent Switching AP and Band Steering Auto RF calibration Bridging and Mesh WLA Series Highlights 2x2 MIMO Dual Radio High Density 3x3 MIMO Dual Radio Max. Coverage WLA632 Dual Radio Entry-level AP WLA432 Single Radio Low Cost AP WLA522 WLA422 WLA371 2 Copyright © 2011 Juniper Networks, Inc. www.juniper.net WLC—CONTROLLER FAMILY 64 - 512 11n AP Cluster Reliability In-Service Upgrades One Software Platform Distributed & Centralized WLC2800 WLC Series Highlights 16 - 256 11n AP 3-Stream WLC880 16 - 128 11n AP 3-Stream WLC800 12 AP 32 - 192 11n AP Distributed a/b/g/n 4 AP WLC8 WLC200R WLC2 # of AP 3 Copyright © 2011 Juniper Networks, Inc. www.juniper.net WIRELESS MANAGEMENT & ACCESS CONTROL WLM – Management and Access Control RingMaster Plan 4 WLM - Appliance Configure Monitor SmartPass Troubleshoot Report WLM – RMTS WLM1200 – RMTS WLM – SP Software Licenses Optimized Linux Server Platform Software Licenses 5 – 1,000 Aps WLAN Management 250 – 5,000 APs WLAN Access Control Guest Provisioning Copyright © 2011 Juniper Networks, Inc. www.juniper.net CLUSTER CLIENT SESSION STATE Client Session State AP and Service Configurations Seed Member PAM Member Client Session State Fast keep-alives Member Find WLC req/resp CAPWAP ctrl-plane CAPWAP data-plane SAM A data-plane tunnel is built to the PAM (if required) Client session state is replicated on the SAM to allow a hitless failover 5 Copyright © 2011 Juniper Networks, Inc. www.juniper.net HITLESS FAILOVER (1 OF 2) Client Session State AP and Service Configurations Seed Member PAM Member Client Session State Fast keep-alives Member Find WLC req/resp CAPWAP ctrl-plane CAPWAP data-plane PAM SAM Should the PAM be taken out of service, the SAM immediately becomes the PAM and any CAPWAP data tunnel is moved 6 Copyright © 2011 Juniper Networks, Inc. www.juniper.net HITLESS FAILOVER (2 OF 2) AP and Service Configurations Seed Client Session State Member SAM Client Session State Fast keep-alives Member Find WLC req/resp CAPWAP ctrl-plane CAPWAP data-plane PAM A new SAM is designated and is given the AP configuration and client session state Failover is fast enough that the client will be unaware it happened 7 Copyright © 2011 Juniper Networks, Inc. www.juniper.net AP LOAD BALANCING (1 OF 3) AP and Service Configurations Seed Member Fast keep-alives Member Find WLC req/resp CAPWAP ctrl-plane CAPWAP data-plane APs establish primary and secondary CAPWAP control connections to the two controllers designated by the Cluster seed 8 Copyright © 2011 Juniper Networks, Inc. www.juniper.net AP LOAD BALANCING (2 OF 3) AP and Service Configurations Seed Member Member Fast keep-alives Member Find WLC req/resp CAPWAP ctrl-plane CAPWAP data-plane If the Cluster architecture changes in any way, the seed will attempt to load-balance the available APs across the available controllers, e.g. adding a controller 9 Copyright © 2011 Juniper Networks, Inc. www.juniper.net AP LOAD BALANCING (3 OF 3) AP and Service Configurations Seed Member Member Fast keep-alives Member Find WLC req/resp CAPWAP ctrl-plane CAPWAP data-plane If a controller is added to the cluster APs will be load-balanced across all the available WLCs APs are distributed in the ratio of licenses available on the WLCs 10 Copyright © 2011 Juniper Networks, Inc. www.juniper.net IN-SERVICE SOFTWARE UPGRADE 1. 2. Primary Secondary Seed 5. Connected Client Member 3. Member Member 4. In-service upgrade of the cluster WLC and AP software Upgrade order: 1. Primary seed 2. Secondary seed 3. Members 4. and 5. APs 11 Copyright © 2011 Juniper Networks, Inc. www.juniper.net LOCAL SWITCHING Traditional central switching VLAN ‘red’ Local switching VLAN ‘red’ Infrastructure Switches VLAN ‘red’ 12 Copyright © 2011 Juniper Networks, Inc. www.juniper.net LOCAL SWITCHING WITH AP TUNNELS New in 7.5 - extension to Local Switching capabilities allows APs to initiate VLAN tunnels to other devices in the MoDo Solves the ‘VLANs Everywhere’ problem APs intelligently choose optimal target for VLAN tunnel VLAN ‘green ’ VLAN ‘red’ VLAN ‘blue’ CAPWAP ctrl-plane CAPWAP data-plane 13 Client VLAN = ‘blue’ VLAN=‘green’ VLAN ‘red’ Copyright © 2011 Juniper Networks, Inc. Client VLAN = ‘green’ www.juniper.net RINGMASTER PLANNING RingMaster ‘computes and places’ APs based on: The layout of the RF obstacles on the floor plan The configured attenuation factors of the RF obstacles Capacity settings (when capacity planning is enabled) RingMaster aims for 90% coverage at the configured baseline data rate If any of these parameters are inaccurate: The number of APs RingMaster calculates will also be inaccurate The suggested locations for APs may be sub-optimal RF coverage displayed by RingMaster will be inaccurate To verify that the RingMaster plan is accurate: Deploy a subset of the RingMaster computed APs Perform spot checks of the coverage from the APs If there are major differences between RingMaster’s predicted coverage and the actual coverage achieved, identify where the problem lies, resolve and re-compute if necessary 14 Copyright © 2011 Juniper Networks, Inc. www.juniper.net RINGMASTER VISUALIZATION 15 Copyright © 2011 Juniper Networks, Inc. www.juniper.net WHAT’S NEW IN RELEASE 7.5 WL Series Controller Software Secure Branch RELEASE 5.7 Spectrum Management Advanced Tunneling Misc enhancements Management Software Watched Client List RingMaster / SmartPass integration Hardware WLC880 UMSP 16 Copyright © 2011 Juniper Networks, Inc. www.juniper.net SECURE BRANCH - DATA PATH ENCRYPTION WLA CTRL – UDP port 5000 - Encrypted CAPWAP DATA – UDP port 5247 - Encrypted WLC CTRL – TCP port 8821 - Encrypted New functionality to encrypt the WLC to WLA and WLC to WLC data path (CAPWAP tunnels) in addition to control path: Data path encryption can be enabled on an individual device basis (WLA or WLC) Encryption of the CAPWAP tunnel is via AES-CCMP Keys are negotiated during the control path setup and used for data path encryption WLC880R and enhanced WLA522 to support data path encryption in hardware 17 Copyright © 2011 Juniper Networks, Inc. www.juniper.net SECURE BRANCH - WAN OUTAGE New functionality to provide WLA and WLC with awareness of WAN status and new modes of operation during outage: WLAs at remote sites can be configured to continue operation during outage (configurable up to 5 days) WLC and WLA can seamlessly re-sync once WAN link is restored; no AP reboot and client sessions are preserved Configurable Evaluation timer can detect when link has been restored (configurable up to 1 day) Extended timeout can be configured to automatically reboot the AP if the outage exceeds a certain duration Caveats and Limitations* Overlay sessions will stay active but will not have connectivity during outage; recommend Local Switching Session roaming during outage is not supported WLA cannot accept new clients during outage *Note: Remote AP limitations are being addressed in Release 7.7 with phase 2 Remote AP feature set 18 Copyright © 2011 Juniper Networks, Inc. www.juniper.net SPECTRUM ANALYSIS PLANNING Introduction of interference source in planning process: Modeling of WLAN behavior: Impact on performance Floor bleed through analysis Run “what-if” scenarios: Visualization of interference impact from multiple sources: RSSI Impact Data Rate Impact Modeling of various interference sources Plan around known interference sources: E.g.. Break room microwaves, CW transmitters, generators, Etc. Optimal AP placement, power and channel selections 19 Copyright © 2011 Juniper Networks, Inc. www.juniper.net