Progression of WLAN Architecture
While the acceptance of 802.11 technologies in the enterprise continues to grow, the evolution of WLAN architecture has kept an equivalent pace. In most cases, the main purpose of 802.11 technologies is to provide a wireless portal into a wired infrastructure network.
The method of how an 802.11 wireless portal is integrated into a typical 802.3 Ethernet infrastructure continues to change drastically. Figure below depicts the progression of WLAN architecture.
Access Point–Intelligent Edge Architecture
For many years the conventional access point has been thought of as a portal device where all the “brains” and horsepower exists inside the access point (AP) on the edge of the network architecture.
Since all the intelligence exists inside each individual access point, they are often referred to as “fat APs” or “intelligent edge APs.” Another recently coined term for the traditional access point is the autonomous AP.
An autonomous access point contains at least two physical interfaces: usually a radio frequency (RF) radio card and a 10/100BaseT port. The majority of the time these physical interfaces are bridged together by a virtual interface known as a Bridged Virtual Interface (BVI).
The BVI is assigned an IP address that is shared by the two physical interfaces. An intelligent edge access point will typically encompass both the 802.11 protocol stack and the 802.3 protocol stack.
These APs might have some of the following features:
- Multiple management interfaces, such as command line, web GUI, and SNMP
- Security features, such as 802.1X/EAP (WPA/WPA2)
- Fixed or detachable antennas
- Filtering options, such as MAC and protocol
- Connectivity modes, such as root, repeater, bridge, and scanner
- Removable radio cards
- Multiple radio card capability: 2.4 GHz and 5 GHz
- Adjustable transmit power, which is used mostly for cell sizing
- VLAN support (VLANs are created on a managed wired switch.)
- IEEE standards support
- 802.3af Power over Ethernet (PoE) support
The autonomous AP that utilizes edge intelligence was the foundation that WLAN architects deployed for many years and still remains a reliable and popular choice.
Wireless Network Management System (WNMS)
One of the challenges for a WLAN administrator using a large WLAN intelligent edge architecture is management. As an administrator, would you want to configure 300 fat APs individually?
One major disadvantage of using the traditional autonomous access point is that there is no central point of management. Any intelligent edge WLAN architecture with 25 or more access points is going to require some sort of wireless network management system (WNMS).
A WNMS provides a central point of management to configure and maintain as many as 5,000 fat access points. A WNMS can be either a hardware appliance or a software solution. The most widely known WNMS is the vendor-specific Cisco Wireless LAN Solution Engine (WLSE), shown in Figure below.
Vendor-neutral WNMS also exist, such as the AirWave software solution. Since the main purpose of a WNMS is to provide a central point of management, both configuration settings and firmware upgrades can be pushed down to all the autonomous access points.
Although centralized management is the main goal, a WNMS has other capabilities as well, such as including RF spectrum planning and management. A WNMS can also be used to monitor intelligent edge WLAN architecture with alarms and notifications, centralized and integrated into a management console.
Other capabilities include network reporting, trending, capacity planning, and policy enforcement. A WNMS might also be able to perform some rogue AP detection, but by no means should a WNMS be considered a wireless intrusion detection system (WIDS).
One of the main disadvantages of a WNMS is that it will not assist in the roaming capabilities between access points, whereas the wireless switching architecture has that ability.
Currently WNMSs are completely separate from any wired network management systems. A WNMS may also not recognize certain hardware, and the most current firmware updates from a vendor are not always immediately usable in a WNMS.
Centralized WLAN Architecture
The next progression in the development of WLAN integration is the centralized WLAN architecture. This model uses a central WLAN switch or controller that resides in the core of the network.
In the centralized WLAN architecture, autonomous APs have been replaced with “thin access points.” A thin AP has minimal intelligence and is functionally just a radio card and an antenna.
All the intelligence resides in the centralized WLAN switch and all of the configuration options are distributed to the thin APs from the WLAN switch. The encryption/decryption capabilities might reside in the centralized WLAN switch or may still be handled by the thin APs, depending on the vendor.
Many of the solutions initially started out as edge WLAN switch solutions; however, most have moved to a centralized architecture that exists at the core of the network. Thin APs may be connected directly to the core WLAN switch, but they are usually connected to a third-party wired switch on the edge of the network in a distributed fashion.
Communications between the thin access points and the WLAN switch are often transported on the wired side using a Generic Routing Encapsulation (GRE) tunnel. The 802.11 frames are encapsulated in a GRE packet from the end point of the thin AP to the other end point, which is the WLAN switch.
The majority of WLAN switching vendors are startup companies such as Aruba Networks and Trapeze Networks, although more established companies such as Symbol and Cisco both have centralized WLAN architecture solutions.
The WLAN switch/thin AP model has gained huge acceptance in the enterprise and was used in over 50 percent of new deployments in 2004.
WLAN Switch/Controller
At the heart of the centralized WLAN architecture model is the WLAN switch (see Figure below), also known as a WLAN controller.
A WLAN controller may have some of these many features:
- AP management Allows centralized management and configuration of thin access points.
- VLANs Created on the WLAN switch as opposed to a fat AP solution, where they are created on a managed wired switch. The ability to create VLANs is one of the main benefits of a WLAN switch because they can provide for segmentation and security.
- User management The ability to control who, when, and where with role-based access control (RBAC).
- Layer 2 security support Support for 802.1X/EAP (WPA /WPA2) security solutions.
- Layer 3 and 7 VPN concentrators The WLAN switch acts as a VPN end point.
- Captive portal Used for web page authentication, usually for guest users.
- Automatic failover and load balancing Provides support for Virtual Router Redundancy Protocol (VRRP)
- Internal Wireless Intrusion Detection Systems Most WLAN switches have internal WIDS capabilities for security monitoring.
- Site survey and RF spectrum management Some Wi-Fi switches have automatic channel management and cell sizing capabilities.
- Bandwidth management Bandwidth pipes can be restricted upstream or downstream.
- Firewall capabilities Stateful packet inspection is available with an internal firewall.
- Layer 3 roaming support Capabilities to allow seamless roaming across layer 3 routed boundaries.
- 802.3af Power over Ethernet (PoE) support Wireless switches can provide direct power to thin access points via PoE or thin access points can be powered by third-party edge switches.
The most obvious advantages of the centralized architecture of a WLAN controller include AP management, user management, RF spectrum planning and management, and VLAN segmentation.
Another major advantage of the WLAN switch model is that most of the switches support some form of fast secure roaming, which can assist is resolving latency issues often associated with roaming.
One possible disadvantage of using a WLAN switch is that the WLAN switch might become a bottleneck because all data must be sent to and redirected from the WLAN switch.
Most switch vendors are able to prevent this from occurring by providing a scalable hierarchical environment. Quality of Service (QoS) policies are also enforced at the WLAN switch, which may cause latency issues.
WLAN switches and the thin access points might be separated by several hops, which can also introduce network latency. Some of the WLAN controllers have so many features and configuration settings that the user interface can be very confusing for novice administrators.
Remote Office WLAN Switch
Although WLAN switches typically reside on the core of the network, wireless edge switches exist usually in the form of a remote office WLAN switch. A remote office WLAN switch will typically not be equipped with as many features as a core WLAN switch, and it will also be less expensive.
The purpose of a remote office WLAN switch is so that remote and branch offices can be managed from a single location. These devices will allow for only a limited number of thin APs. Features typically include Power over Ethernet, internal firewalling, and an integrated router using NAT and DHCP for segmentation.
Distributed WLAN Architecture
A few vendors have recently implemented a distributed WLAN architecture that uses a WLAN switch that manages hybrid fat/thin access points. The centralized switch still acts as a central point of management for all the hybrid access points.
However, QoS policies and all of the 802.11 MAC data forwarding is handled at the edge of the network at the access points instead of back on the WLAN switch.
The thinking behind these hybrid fat/thin solutions is that you maintain the centralized management but you eliminate the potential data bottlenecks and hopefully improve latency.
Unified WLAN Architecture
WLAN switching could very well take another direction by fully integrating wireless switching capabilities into wired network infrastructure devices. Wired switches at both the core and the edge would also have wireless switching capabilities, thereby allowing for the combined management of the wireless and wired network.
This unified architecture has already begun to be deployed by some vendors and will likely grow in acceptance as WLAN deployments become more commonplace and the need for fuller integration continues to rise.