VLAN `red`

advertisement
JUNIPER WIRELESS ACCESS
Niklas Henriksson
nhenriksson@juniper.net
Senior Systems Engineer
JUNIPER WIRELESS—WLA—ACCESS POINT FAMILY





3x3 MIMO
Dual Radio
All Weather
High Performance
Intelligent Switching
AP and Band Steering
Auto RF calibration
Bridging and Mesh
WLA Series Highlights
2x2 MIMO
Dual Radio
High Density
3x3 MIMO
Dual Radio
Max.
Coverage
WLA632
Dual Radio
Entry-level AP
WLA432
Single Radio
Low Cost AP
WLA522
WLA422
WLA371
2
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
WLC—CONTROLLER FAMILY




64 - 512 11n AP
Cluster Reliability
In-Service Upgrades
One Software Platform
Distributed & Centralized
WLC2800
WLC Series Highlights
16 - 256 11n AP
3-Stream
WLC880
16 - 128 11n AP
3-Stream
WLC800
12 AP
32 - 192 11n AP
Distributed a/b/g/n
4 AP
WLC8
WLC200R
WLC2
# of AP
3
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
WIRELESS MANAGEMENT & ACCESS CONTROL
WLM – Management and Access Control
RingMaster
Plan
4
WLM - Appliance
Configure
Monitor
SmartPass
Troubleshoot
Report
WLM – RMTS
WLM1200 – RMTS
WLM – SP
Software
Licenses
Optimized Linux
Server Platform
Software
Licenses
5 – 1,000 Aps
WLAN Management
250 – 5,000 APs
WLAN Access
Control
Guest Provisioning
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
CLUSTER CLIENT SESSION STATE
Client
Session State
AP and Service
Configurations
Seed
Member
PAM
Member
Client
Session
State
Fast keep-alives
Member
Find WLC req/resp
CAPWAP ctrl-plane
CAPWAP data-plane
SAM
A data-plane tunnel is built to the PAM (if required)
Client session state is replicated on the SAM
to allow a hitless failover
5
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
HITLESS FAILOVER (1 OF 2)
Client
Session State
AP and Service
Configurations
Seed
Member
PAM
Member
Client
Session
State
Fast keep-alives
Member
Find WLC req/resp
CAPWAP ctrl-plane
CAPWAP data-plane
PAM
SAM
Should the PAM be taken out of service, the SAM immediately
becomes the PAM and any CAPWAP data tunnel is moved
6
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
HITLESS FAILOVER (2 OF 2)
AP and Service
Configurations
Seed
Client
Session
State
Member
SAM
Client
Session
State
Fast keep-alives
Member
Find WLC req/resp
CAPWAP ctrl-plane
CAPWAP data-plane
PAM
A new SAM is designated and is given the AP configuration
and client session state
 Failover is fast enough that the client will be unaware it happened
7
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
AP LOAD BALANCING (1 OF 3)
AP and Service
Configurations
Seed
Member
Fast keep-alives
Member
Find WLC req/resp
CAPWAP ctrl-plane
CAPWAP data-plane
APs establish primary and secondary CAPWAP
control connections to the two controllers
designated by the Cluster seed
8
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
AP LOAD BALANCING (2 OF 3)
AP and Service
Configurations
Seed
Member
Member
Fast keep-alives
Member
Find WLC req/resp
CAPWAP ctrl-plane
CAPWAP data-plane
If the Cluster architecture changes in any way, the seed
will attempt to load-balance the available APs across
the available controllers, e.g. adding a controller
9
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
AP LOAD BALANCING (3 OF 3)
AP and Service
Configurations
Seed
Member
Member
Fast keep-alives
Member
Find WLC req/resp
CAPWAP ctrl-plane
CAPWAP data-plane
If a controller is added to the cluster
 APs will be load-balanced across all the available WLCs
 APs are distributed in the ratio of licenses available on the WLCs
10
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
IN-SERVICE SOFTWARE UPGRADE
1.
2.
Primary
Secondary
Seed
5.
Connected
Client
Member
3.
Member
Member
4.
In-service upgrade of the cluster WLC and AP software
 Upgrade order:
1. Primary seed 2. Secondary seed 3. Members 4. and 5. APs
11
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
LOCAL SWITCHING
Traditional central switching
VLAN
‘red’
Local switching
VLAN
‘red’
Infrastructure Switches
VLAN
‘red’
12
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
LOCAL SWITCHING WITH AP TUNNELS
New in 7.5 - extension to Local Switching capabilities allows
APs to initiate VLAN tunnels to other devices in the MoDo
Solves the ‘VLANs Everywhere’ problem
APs intelligently choose optimal target for VLAN tunnel
VLAN
‘green
’
VLAN
‘red’
VLAN
‘blue’
CAPWAP ctrl-plane
CAPWAP data-plane
13
Client
VLAN = ‘blue’
VLAN=‘green’
VLAN
‘red’
Copyright © 2011 Juniper Networks, Inc.
Client
VLAN = ‘green’
www.juniper.net
RINGMASTER PLANNING
RingMaster ‘computes and places’ APs based on:
 The layout of the RF obstacles on the floor plan
 The configured attenuation factors of the RF obstacles
 Capacity settings (when capacity planning is enabled)
 RingMaster aims for 90% coverage at the configured
baseline data rate
If any of these parameters are inaccurate:
 The number of APs RingMaster calculates will also
be inaccurate
 The suggested locations for APs may be sub-optimal
 RF coverage displayed by RingMaster will be inaccurate
To verify that the RingMaster plan is accurate:
 Deploy a subset of the RingMaster computed APs
 Perform spot checks of the coverage from the APs
 If there are major differences between RingMaster’s
predicted coverage and the actual coverage achieved,
identify where the problem lies, resolve and re-compute
if necessary
14
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
RINGMASTER VISUALIZATION
15
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
WHAT’S NEW IN RELEASE 7.5
WL Series Controller Software
 Secure Branch
RELEASE 5.7
 Spectrum Management
 Advanced Tunneling
 Misc enhancements
Management Software
 Watched Client List
 RingMaster / SmartPass integration
Hardware
 WLC880
 UMSP
16
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
SECURE BRANCH - DATA PATH ENCRYPTION
WLA CTRL – UDP port 5000 - Encrypted
CAPWAP DATA – UDP port 5247 - Encrypted
WLC CTRL – TCP port 8821 - Encrypted
New functionality to encrypt the WLC to WLA and WLC
to WLC data path (CAPWAP tunnels) in addition to
control path:
 Data path encryption can be enabled on an individual device
basis (WLA or WLC)
 Encryption of the CAPWAP tunnel is via AES-CCMP
 Keys are negotiated during the control path setup and used
for data path encryption
 WLC880R and enhanced WLA522 to support data path
encryption in hardware
17
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
SECURE BRANCH - WAN OUTAGE
New functionality to provide WLA and WLC with
awareness of WAN status and new modes of
operation during outage:

WLAs at remote sites can be configured to continue
operation during outage (configurable up to 5 days)

WLC and WLA can seamlessly re-sync once WAN link
is restored; no AP reboot and client sessions are
preserved

Configurable Evaluation timer can detect when link has
been restored (configurable up to 1 day)

Extended timeout can be configured to automatically
reboot the AP if the outage exceeds a certain duration
Caveats and Limitations*

Overlay sessions will stay active but will not
have connectivity during outage; recommend
Local Switching

Session roaming during outage is not supported

WLA cannot accept new clients during outage
*Note: Remote AP limitations are being addressed in Release 7.7 with phase 2 Remote AP feature set
18
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
SPECTRUM ANALYSIS PLANNING
Introduction of interference source in
planning process:
Modeling of WLAN behavior:
 Impact on performance
 Floor bleed through analysis
Run “what-if” scenarios:
 Visualization of interference impact
from multiple sources:
 RSSI Impact
 Data Rate Impact
 Modeling of various interference
sources
Plan around known interference
sources:
 E.g.. Break room microwaves, CW
transmitters, generators, Etc.
 Optimal AP placement, power and
channel selections
19
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
Download