Mobile & Public Wireless LAN
Solution Integration
Howard Tsai
hotsai@cisco.com
ITS 2003, Taipei
© 2001, Cisco Systems, Inc. All rights reserved.
1
Agenda
• Mobile & WLAN Market Trends
• Key Technologies of Mobile & PWLAN Integration
• Case Study of WLAN Services
• Summary
ITS 2003, Taipei
© 2001, Cisco Systems, Inc. All rights reserved.
2
U.S.: 2.5G/3G/PWLAN Service Revenues
Data service segmentation
Relative size of revenues
$35,000
$30,000
2002
Thousands
$25,000
$20,000
WAN data revenue: $3.6B
P-WLAN revenue: $8.5M
$15,000
$10,000
$5,000
2006
$0
2002
2003
2004
2005
2006
Mobile Internet (WAP & other)
Networked-based messaging (SMS, IM, MMS)
Data-only device connectivity
Source: IDC, 2003
ITS 2003, Taipei
© 2001, Cisco Systems, Inc. All rights reserved.
WAN data revenue: $32.8B
P-WLAN revenue: $1.5B
3
Wireless LANs Equipment Are Taking Off
Future Growth
Due To:
Worldwide WLAN Market
*includes embedded clients, add-on client
cards, & infrastructure equipment for both
the business and consumer segments
($ Billions)
$11.0
$10.0
$9.0
$8.0
$7.0
$6.0
$5.0
$4.0
$3.0
$2.0
$1.0
$0.0
CAGR = 43%
$10.3
$9.0
$6.0
$3.3
$2.6
$1.7
2001
2002
2003
2004
2005
2006
Standards
Lots of Bandwidth
Low Cost
Embedded in Laptops
Variety of Devices
Voice + Data
Multiple Applications
Security Issues Solved
Ease of Deployment
Network Mgmt. Tools
Enterprise Adoption
Source: Forward Concepts, 2003
ITS 2003, Taipei
© 2001, Cisco Systems, Inc. All rights reserved.
4
Enterprises Driving Early WLAN Market
Growth
WLAN Equipment Market
• By 2002, Gartner estimates that
75% of U.S. Enterprises will have
piloted or deployed WLAN
Infrastructure
• Enterprise WLAN market is
$5,000.0
$4,500.0
$4,000.0
$3,500.0
$3,000.0
$2,500.0
$2,000.0
$1,500.0
$1,000.0
expected to represent 1/3 of Total
WLAN market: In 2005 the Enterprise
WLAN market is expected to grow to
a $1.6 Billion market which
represents more then 30% of the
Total WLAN market
$500.0
$2000
2001
2002
Enterprise WLAN Market
2003
2004
2005
Total WLAN Market
Diagram Data Source: Synergy Research Group,
May 2002
ITS 2003, Taipei
© 2001, Cisco Systems, Inc. All rights reserved.
Source: Gartner, Notebook Market Predictions
for 2002, 12/2001
5
Evolution of the WLAN Market
Early Adopters
Education
Specific Industries
Hotels
Retail
Airports Coffee Shops Hospitals
Convention Center Manufacturing
Universities
K-12
Libraries
Major Market
Home
Networking
Office
WLANs
Outdoor
Wireless
Bridging
Next Wave
Managed Enterprise VPN
Public WLAN Services
ITS 2003, Taipei
© 2001, Cisco Systems, Inc. All rights reserved.
New Applications
Phones, PDA’s, Printers
Buses, Sports Events, Construction Sites
Public Safety (Police, Ambulances)
6
Enterprise Spending Priorities
Security
Disaster Recovery
Storage
Wireless
Servers
Remote Access
Network Management
LAN Infrastructure
WAN Services
Network OS
Video Conferencing
0
10
20
30
40
50
60
70
Source: Network World, IT Spending Survey 2002
ITS 2003, Taipei
© 2001, Cisco Systems, Inc. All rights reserved.
7
© 2002, Cisco Systems, Inc. All rights reserved.
Wireless LAN Market Share Data
WLAN Enterprise Infrastructure Market
(Enterprise Market, Access Points & Bridges, 802.11a + b + g)
Cisco 51%
Total WLAN Market
Symbol 11.5%
Proxim
9%
Enterasys 4%
3Com
3%
Avaya
2%
Others 19.5%
Cisco 16%
Others 27%
Linksys 17%
Buffalo 12%
D-Link 11%
Netgear 8%
Proxim
5%
Symbol 4%
Consumer
(Consumer + Enterprise, Infrastructure + Clients, 802.11a + b + g)
Source: Dell’Oro, Feb.’03
ITS 2003, Taipei
© 2001, Cisco Systems, Inc. All rights reserved.
9
Perceived Customer Service Needs
CONSUMER
ENTERPRISE
• Personalized services &
content
• Enable mobile working
• (Very) easy to use
• Application-ready
• Lower price: charged by
value not by traffic
• Easy to Manage
• Plug-and-Play
• Secure/Trusted
Source： Cisco Analysis
ITS 2003, Taipei
© 2001, Cisco Systems, Inc. All rights reserved.
10
Agenda
• Mobile & PWLAN Market Trends
• Key Technologies of Mobile & PWLAN Integration
– VPN
– Security
– IP Mobility
• Case Study of WLAN Services
• Summary
ITS 2003, Taipei
© 2001, Cisco Systems, Inc. All rights reserved.
13
Public Wireless LAN Solution Architecture
HLR/AuC
HLR/AuC
Foreign PLMN
Hot Spot 1
SS7 Network
Roaming Consortium
GRX, GRIC, etc
PMS AAA
ITP
SESM CGF
Airline 1
Ticketing,
Baggage
AAA
HLR-Proxy
Cisco 2600 SSG
/BBMS
Billing
VPN
Corporate
VPN
Tunnel
Airline 2
Ticketing,
Baggage
ISP Cloud/
Internet
Extranet
SSG
HA
L2 or L3 Device
GGSN
PDSN
Hot Spot 2
ITS 2003, Taipei
© 2001, Cisco Systems, Inc. All rights reserved.
IP
Walled Garden
Services
Operator A
Internet
14
GPRS and PWLAN Integration
Integration Model
De-coupled
Loose Coupling
What does it mean?
• Everything Separate
• Common Services
• Common Subscription
• Common Billing
Tight Coupling
• Common User Authentication
• Common Roaming Agreements
• Seamless Mobility
ITS 2003, Taipei
© 2001, Cisco Systems, Inc. All rights reserved.
15
Mobile WLAN Integration Evolution
1.
Single Service View: common billing and custom
care.
2.
Network Control: mobile based access control and
charging?
3.
Single Voice Access: Access to GSM CS Services.
4.
Service Continuity: Between WLAN and GSM/GPRS.
5.
New Services: Access to 3GPP PS services.
ITS 2003, Taipei
© 2001, Cisco Systems, Inc. All rights reserved.
16
#1 Concern:
Wireless LAN Security
“War Driving”
Hacking into WEP
Lessons:
•
Security must be turned on (part of the installation process)
•
Employees will install WLAN equipment on their own
(compromises security of your entire network)
•
WEP keys can be easily broken (business & government users
need better security)
ITS 2003, Taipei
© 2001, Cisco Systems, Inc. All rights reserved.
17
Client Enabled VPN:
Operator only provide a access way
DNS
HLR
Proxy AAA
DHCP
AAA
GTP/RP
BTS
BSC
SGSN/PCF
BGW
GGSN/
PDSN
VPNs
PLMN
BGW
WML content
App
Servers
Corporate Network
Air Link
Encryption
optional
VPN
concentrator
terminates
tunnel
Client IP software
is source
ITS 2003, Taipei
Internet
GTP
Tunnel
© 2001, Cisco Systems, Inc. All rights reserved.
VPN tunnel
Original IP layer
18
Sample “Wireless” VLAN Deployment
Company-A
Floor 1
Network Server
(User Database,
DHCP/DNS Services)
Company-B
Floor 2
802.1Q Trunk
Core
Network Router
SSID=Voice1
SSID=Voice2
SSID=Data
Data
VLAN
RADIUS Server
Cisco CallManager
802.1x with Dynamic WEP/LEAP
Voice
VLAN
802.1x with Dynamic WEP/LEAP + TKIP/MIC
ITS 2003, Taipei
© 2001, Cisco Systems, Inc. All rights reserved.
19
Client Differentiation with VLANs
Allows a single WLAN
network to handle
different devices with
different types of security
(up to 16 separate VLANs)
802.1Q wired
network w/ VLANs
AP Channel: 6
SSID “laptop” = VLAN 1
SSID “pda” = VLAN 2
SSID “phone” = VLAN 3
SSID: laptop
Security: PEAP + AES
SSID: pda
Security: LEAP + TKIP
SSID: phone
Security: LEAP + WEP
ITS 2003, Taipei
© 2001, Cisco Systems, Inc. All rights reserved.
20
Seamless Handoff With Dual-mode Handset
(Generic Architecture)
VoIP Signaling
Cell/PSTN
Handoff Signaling
Cellular/PSTN signaling
VGW
CCM/PS: Call Manager/ Proxy Server
MS: Mobile Station
HS: Handoff Server
VGW: Voice Gateway
MS
(Dual-mode)
AP
HS
IP
Phone B
CCM/PS
Overview:
- Handoff is accomplished by managing VoIP call legs
- Make before break ensures seamless handoff
- HS is responsible for forwarding media from the appropriate call leg.
- HS can use media processing to estimate and compensate for delay
differences between mobile and VoIP call-legs
ITS 2003, Taipei
© 2001, Cisco Systems, Inc. All rights reserved.
21
Cisco’s WLAN Security Hierarchy
Authentication:
• 802.1X-based LEAP
• 802.1x-based EAP-TLS
• 802.1X-based PEAP with One-Time Passwords
• 802.1X-based SIM
Encryption:
• Dynamic WEP keys
• Cisco pre-standard TKIP
• 802.11i-standard TKIP, part of WPA (Wi-Fi Protected
Access)
• AES
ITS 2003, Taipei
Blue:
Green:
© 2001, Cisco Systems, Inc. All rights reserved.
Available today
Future 802.11i Standards
22
The Cisco Wireless Security Suite
Strong Security
WPA
Interoperability
Scalability
TKIP
or
802.1X
AES
Low Cost
Mobility
Authentication
Encryption
On-Campus
WPA: Wi-Fi Protected Access
CCX
Remote Access
Remote
Access
ITS 2003, Taipei
TKIP: Temporal Key Integrity Protocol
AES: Advanced Encryption Standard
CCX: Cisco Compatible eXtensions
VPN is the
Best Solution!
© 2001, Cisco Systems, Inc. All rights reserved.
23
Wi-Fi Protected Access (WPA)
• WPA is the biggest thing to happen to WLAN security
since Cisco LEAP
• Cisco has supported the base technologies of WPA
longer than any other vendor
• All new products after Aug.’03 MUST have WPA
Existing products are grandfathered
• 802.11i-standard TKIP + 802.1X authentication
• There is a non-802.1X version of WPA for home use
which is unsuitable for enterprises
ITS 2003, Taipei
© 2001, Cisco Systems, Inc. All rights reserved.
24
WLAN Security:
802.1X Authentication
• LEAP
“Lightweight” EAP
Radius
Server
AP
Nearly all major OS’s supported:
WinXP/2K/NT/ME/98/95/CE, Linux, Mac, DOS
• EAP-TLS
EAP-Transport Layer Security
Mutual Authentication implementation
Client
• PEAP
“Protected” EAP
Establishes secure tunnel (similar to VPN)
Supported by Cisco, Microsoft, & RSA
Option: One-Time Passwords (“OTP”)
ITS 2003, Taipei
© 2001, Cisco Systems, Inc. All rights reserved.
25
Broadening Support for LEAP
Cisco has licensed LEAP to many companies:
• LEAP support: RADIUS servers
Funk Software: Steel-Belted Radius Server
Interlink: Secure.XS Radius Server
• LEAP support: Client Devices
Apple: Powerbooks/iBooks
HP: Print Servers
Symbol: Handhelds
Intermec: Handhelds
• LEAP support: Client Software
Funk Software: Odyssey Client v.1.1
Meetinghouse: Aegis Client v.1.3.6
• LEAP support: Chipsets
Intel
Intersil
Atheros
Atmel
ITS 2003, Taipei
TI
Marvell
Agere
Broadcom
© 2001, Cisco Systems, Inc. All rights reserved.
26
WLAN Security:
Encryption
• TKIP
Temporal Key Integrity Protocol
Dec.’01: Cisco’s pre-standard TKIP
Aug.’03: 802.11i-standard TKIP (part of WPA)
• AES
Advanced Encryption Standard
“The Gold Standard”
Optional part of 802.11i spec
Hardware encryption vs. software encryption
ITS 2003, Taipei
© 2001, Cisco Systems, Inc. All rights reserved.
27
Cisco Compatible Program (“CCX”)
for WLAN Client Cards
• No cost licensing of Cisco wireless technology, via
Cisco Compatible eXtensions (“CCX”) specification
for use in non-Cisco wireless client devices
• Independent testing to ensure interoperability with
Cisco infrastructure
• Marketing of these devices by Cisco and the client
suppliers under the Cisco Compatible brand
ITS 2003, Taipei
© 2001, Cisco Systems, Inc. All rights reserved.
28
Goals of Internet Mobility
• Not constrained by location
• Always on IP connectivity
• Transport Independent
• Robust Roaming
Connections
• Application Mobility
• Application Continuity
ITS 2003, Taipei
© 2001, Cisco Systems, Inc. All rights reserved.
29
Mobile IP
The Solution for Mobility at the IP Layer
• Transparent connectivity to all other hosts
• Mobile always reachable at the same IP address
• Only the Home/Foreign Agent needs to know
the mobile’s location
• Scalable Solution: All other routers do normal
forwarding
ITS 2003, Taipei
© 2001, Cisco Systems, Inc. All rights reserved.
30
Mobile IP Components
HA, Home Agent
• Association of the MN’s “home” IP
address and its “care of address” on
the foreign network
CN, Correspondent Node
Destination IP host in session with
a Mobile Node
• Redirects and tunnels packets to the
care of address on the foreign network
CN
HA
FA, Foreign Agent
Internet
COA
FA
• Acts as a ‘relay’ between
the MN and its Home Agent
MN, Mobile Node
MN
ITS 2003, Taipei
Using its “home” IP address,
regardless of which network
it is connected.
© 2001, Cisco Systems, Inc. All rights reserved.
• Provides an local IP
address to the MN called
“Care Of Address” (COA)
MN
31
Overview of Mobile IP Functionality
CN
5.
4.
FA
1. and 2.
HA
3.
MN
•
•
•
•
•
•
ITS 2003, Taipei
1. MN discovers Agent
2. MN obtains COA (Care Of Address)
3. MN registers with HA
4a. HA tunnels packets from CN to FA
4b. FA detunnels packet and forwards to MN
5. FA forwards packets from MN to CN
© 2001, Cisco Systems, Inc. All rights reserved.
32
Vertical Market Applications
Defense
•
Army, Navy, Marines, Air Force, NATO,
UK DoD, etc.
Public Services & Homeland
Security
•
•
•
EMS
Police
Fire Fighters
Commercial Markets
•
•
•
•
•
Mass Transit
Rail & Airlines
Rental fleets
Commercial aircraft
Heavy equipment, logistics
Consumer Automotive
•
•
ITS 2003, Taipei
© 2001, Cisco Systems, Inc. All rights reserved.
Telematics
Infotainment
33
Effective Continuity of Public Safety
Applications are now accessed by the
Mobile Network via the 802.11 Hotspot
DMV driver database
802.11 Hotspot
NFIS National
Criminal DB
Patrol vehicle roams
into 802.11 coverage
Core Network
Video Storage
Database
CDPD/1xRTT/GPRS
Mobile Router
Applications are accessed by the
Mobile Network via Cellular Network
Mobile Network
ITS 2003, Taipei
© 2001, Cisco Systems, Inc. All rights reserved.
Dispatch Center
for remote video
monitoring
34
Agenda
• Mobile WLAN Market Trends
• Key Technology of Mobile & WLAN Integration
• Case Study of WLAN Services
• Summary
ITS 2003, Taipei
© 2001, Cisco Systems, Inc. All rights reserved.
35
Hot Spot Access Service Provider
SP #1 Data Center
RADIUS/SNMP/SESM/
DHCP/DNS/Apps
servers
Airline 1
Ticketing,
Baggage
Mobile SP
SP #1
Cloud
Internet
BBSM/ SSG
SP #2
Cloud
Airport Gates
Airline 2
Ticketing,
Baggage
ITS 2003, Taipei
© 2001, Cisco Systems, Inc. All rights reserved.
SP #2 Data Center
RADIUS/SNMP/SESM/
DHCP/DNS/Apps
servers
36
Munich Airport Uses Cisco Technology for the World's
First WiFi Multiple ISP Hotspot
MUNICH, Germany--(BUSINESS WIRE)--June 5, 2003-- Using
technology from Cisco Systems, the German airport operator
Flughafen Munchen GmbH (FMG) is making Munich International
Airport with wireless Internet user-friendly hotspot in the world -one that allows the user to choose their own Internet service
provider (ISP). Munich is Germany's second-largest commercial
airport, handling 23.2 million passengers in 2002….increasing
capacity of 50million by 2003…..
Michael Zaddach, vice president of Information Systems at Munich
Airport, "Business travellers in particular benefit from instant
access to the Internet, email and corporate networks over wireless
LANs, so there was clearly a case for creating a hotspot at the
airport. Cisco Systems was the only company able to offer a
homogeneous and workable solution spanning everything from
access points to a Service Selection Gateway. …
ITS 2003, Taipei
© 2001, Cisco Systems, Inc. All rights reserved.
37
WLAN Products:
Consumer vs. Business
• Industry has segmented:
consumer vs. business
• Cisco offers only
“business-class” products:
Security
Upgradeability
Network management
Advanced features
Choice of antennas
Highest throughput
Scalability
ITS 2003, Taipei
© 2001, Cisco Systems, Inc. All rights reserved.
To deliver these capabilities while
maintaining high performance (i.e. no
tradeoffs) requires intelligence at the
network edge (i.e. Smart AP’s)
38
BT Wireless LAN
BT Retail has launched a Wireless Local Area Network (WLAN)
which will be rolled out across the UK (complemented by GPRS)
• Targeting Business Customers initially and Residential
Customers later this year
• Planning 4000 hot spots by June 2005: airports, train stations,
hotels, cafes…
• Services up to 2 Megabits/sec (5 x 3rd Generation Mobile)
• By June 2003 400 hot spots will be covered at a cost of less
than £10m
• Mobility Strategy is expected to generate £180m of annual
revenues by 2005
• Pricing options: monthly flat rate of ~£95 (+VAT), time based
tariff at 10p (+VAT) per minute and daily flat rate (price TBC)
ITS 2003, Taipei
© 2001, Cisco Systems, Inc. All rights reserved.
39
BT Open Zone: Public Wireless LAN
Service Offering:
•BT created UK's first Public Access Wireless LAN network
•Currently there are 300K WLAN users in the UK (mostly at home)
•Focus on integrated mobile and fixed line solutions
•BT‘s target is to capture 10% of the UK mobile business market by 2006/7,
the expected margin being 10%.
•BT Openzone Pricing
•£85+vat/mnth unlimited
•£40+vat/mnth 900minutes
•£20+vat/mnth 300 Minutes
Proof of success:
•New mobility strategy expected to contribute new revenue of £180m a year
•by 2004/05 and could rise to £500m per annum in five years;
£30m is expected from WLAN while £150m from reselling mmO2 airtime
ITS 2003, Taipei
© 2001, Cisco Systems, Inc. All rights reserved.
40
Telia „Homerun“
• Telia provides a public WLAN service, Homerun:
- 150 sites with more than 1000 access points, mainly in Sweden
- Airports, eg SAS lounges in airports in Copenhagen (Kastrups),
Stockholm (Arlanda) and Chicago (O’Hare)
- Hotels, eg Best Western and First Hotel
- Shopping centres, schools, heritage buildings, conference centres,
roadside restaurants, trade fairs, ...
• Allows enterprise VPN access
• Hotspot, office and home options available
• Three pricing options
- Flat rate (£98.60 monthly charge, £32.60 initial charge)
- Usage-based (£19.78 monthly charge, 15.8p/min usage charge, £32.60
initial charge)
- Day-rate (£6.33 for 24 consecutive hours, can be purchased over the web)
ITS 2003, Taipei
© 2001, Cisco Systems, Inc. All rights reserved.
41
Swisscom P-WLAN Service
• Public launch Q4 of 2002
• Up to few 100 Hot Spots
• ‘Nearest Hot Spot’ locater provided through SMS
• Easy to use service built on browser technology
• Pricing:
Postpaid and billing through the mobile bill
Prepaid value cards (24h) (multiple sessions)
• Open to the Enterprise VPN technology
ITS 2003, Taipei
© 2001, Cisco Systems, Inc. All rights reserved.
42
Public Wireless LAN
Service Offering:
• Public Wireless LAN (PWLAN) service which will initially be
available at airports, hotels and convention centers
• European roll-out will cover all countries with T-Mobile
presence, later full roaming and integration with T-Mobile US
(ex Voicestream)
• Targetted for business customers when travelling
• Main device for use will be laptops or PDAs
• Authentication either per SMS or per
username/password
• Billing: postpaid (T-Mobile customers) and
prepaid (credit card)
ITS 2003, Taipei
© 2001, Cisco Systems, Inc. All rights reserved.
43
Lufthansa
Wireless LAN
• January 2003, Lufthansa launched FlyNet, a high-speed broadband
access on a scheduled flight
• Lufthansa is also equipping al its 55 airport lounges worldwide with
WLAN Internet access in conjunction with its partner Vodafone D2
• Flynet will cost 30-25 euros per flight leg with up to 3 Mbit/s for
downloads and 128 Kbps for uploads (later 750 Kbps)
• The components for the on-board data network were supplied by
Cisco Systems. From mid-2003 Lufthansa plans to introduce FlyNet
throughout its long-range fleet, which will consist of 80 aircrafts.
ITS 2003, Taipei
© 2001, Cisco Systems, Inc. All rights reserved.
44
Agenda
• Mobile WLAN Market Trends
• Key Technology of Mobile WLAN
• WLAN Applications and Services
• Summary
ITS 2003, Taipei
© 2001, Cisco Systems, Inc. All rights reserved.
45
Summary
• GPRS and PWLAN – Complementing in Mobile
Market
• Extend Enterprise WLAN to PWLAN then to GPRS
-- Extension strategy
• Roamed/visiting PWLAN users in key locations –
Airports, Hotels, Convention Centers, and many
new hot spots.
• Security, Mobility and VPN are key ingredients of
mobile and wireless LAN integration.
ITS 2003, Taipei
© 2001, Cisco Systems, Inc. All rights reserved.
46