plnog14 - wireless cloud, a new business for operators - jochen müdsam

©2014 Extreme Networks, Inc. All rights reserved.

Wireless Cloud -

new business for operatorsNew requirements & WiFi standards force the need

for scalable and flexible WiFi architectures.

Jochen Müdsam, Senior Network Consultant

[email protected]


Trends & challenges of mobile enterprise infrastructures

Overview Gigabit WiFi 802.11ac & high density design

The Cloud Architecture

AgendaNew requirements & WiFi standards

force the need for scalable and

flexible WiFi architectures


Experience EconomyThe

Consumerized experiences shape our mobile expectations

People desire Wi-Fi that is simple, fast and smart

The greatest opportunity for IT is to exceed expectations


Wi-Fi Fuels GrowthThe Mobile World Expands

+70% of global wireless traffic traverses Wi-Fi

Internet of Things including wearables is in its infancy

Over 7 Billion Wi-Fi devices will be shipped in the next 3 years


Endsystem Explosion- „Post PC Era“Holistic IP Convergence

Number of Endsystems

IP Printers

Medical systems

Facility ManagementBuilding Control

Security

VoIP Phones

Systeme/OS

Diversität

(Virtual) servers

PC

Sensors,M2M

Smart Phones, Tablets

Production Control

Laptops

IP Video Surveillance

Corporatenot managed

Privatemanaged

Privatenot managed

Corporatemanaged

Corporatenot managed

Privatemanaged

Privatenot managed

Corporatemanaged


What is 802.11ac? The 5th Wi-Fi Generation

3x the over-the-air performance in Wave 1 compared to 802.11n

Extented Battery Lifetime

Backward compatible

H1-12 H1-15H2-12 Q1-13 Q2-13 Q3-13 Q4-13

1st Gen Wave-1 Chips

Wave-1

802.ac APs 1st Gen

Wave-2 Chips*

802.AC

ratified

Full

Wave-2 Chips

H1-14

Wave-2

Extreme APs


Up to 1.3 Gbps per Radio - with 802.11ac Wave 1

includes 2 technology innovations compared to 11n: Wider channels: 80MHz (11n max. 20Mhz and 40Mhz)

Higher modulation: 256-QAM (11n only 64-QAM)

802.11ac Characteristics Wave 1


Cli

en

t MIMO:

Spatial

Streams

AP3825 Channel Width

20 MHz

(Mbps)

40 MHz

(Mbps)

80 MHz

(Mbps)

11

ac

1x1:1 86.7 200 433.3

2x2:2 173.4 400 866.6

3x3:3 260 600 1300

11

n1x1:1 72.2 150 N/A

2x2:2 144.4 300 N/A

3x3:3 216.7 450 N/A

ba

g a/g 54 N/A N/A

b 11 N/A N/A

11

80MHz and 256 QAM PHY Rate

3x3 1.3Gbps, ~850Mbps TCP

2x2 866Mbps, ~600Mbps TCP

802.11ac Characteristics Wave 1 – client data rates


CHANNEL WIDTH NO. OF CHANNELS

(U.S)

NO. OF CHANNELS

(EUROPEAN UNION)

20MHZ 24 19

40MHZ 11 9

80MHZ 5 4

160MHZ 2 2

12

Significant reduction of non-overlapping channels with increased channel bandwidth -

only in the 5 GHz band used. Consider DFS support for clients

802.11ac Characteristics Wave 1 – 5 GHz – non-overlapping channels

©2014 Extreme Networks, Inc. All rights reserved.13

802.11ac Characteristics Wave 1 – Higher modulation method: 256-QAM

More information per symbol


256-QAM

80MHz

3 Spatial Streams

-56dBm

802.11ac requires a 13 dB stronger signal to take full advantage of the higher modulation method

802.11ac Characteristics Wave 1 – Higher modulation method: 256-QAM


600 Feet

600 Feet

360,000 Sq. Feet

Sample coverage for 3x3 11n AP (or 3x3 11ac AP with 11n clients) in HT40 mode

360405450

802.11ac Characteristics - Coverage vs. Speed


600 Feet

600 Feet

360,000 Sq. Feet

Upgrade to 3x3 11ac AP with 11ac clients, still using 40Mhz channels (VHT40)

360405

450

540

600



600 Feet

600 Feet

360,000 Sq. Feet

Upgrade to 3x3 11ac AP with 11ac clients using 80MHz channels (VHT80)

780878

975

11701300

585



up to 1.7 Gbps per radio - with 802.11ac Wave 2

includes 2 technology innovations versus 11ac Wave 1:: Additional spatial streams: up to 8 (theoretically) compared with 4 11n (no manufacturer

has more than 3 streams into products) - Wave 2 4 streams (4x 433 Mbps = 1.7 Gbps)

Multi-user MIMO: possibility of multiple stations on the same channel tx at the same time

support (compared 11n only one station per time slot

1

802.11ac Characteristics Wave 2


Overview WLAN ArchitecturesHistory

Split MAC/ Thin AP Architecture

Split MAC between AP and Controller (Encryption,

QoS, RF Management)

No scale in big enviroments

Fat AP Architecture

Everything (Management & Traffic Forwarding) direct

on each AP

Management

S/W

IP Network

Fit AP Architecture

Decentralized Policy Enforcement (Encryption,

QoS, RF Management)

Centralized Management & Control


The Cloud- Architecture ONE Architecture for all requirements

Reduced hardware costs

Ease of Management

Improved performance via

bridging, filtering, QoS and rate

limiting directly on AP

AP High Availability: new

connections and roaming

irrespectively of the Cloud

Central and distributed client-

traffic forwarding

22


AP IntelligenceReduced Controller Dependency

AP HA &

Advanced ServicesVirtualization

Data Centralization

Bridge @ AP

Filter @ AP per User & Application

QoS @ AP per User & Application

Rate limit @ AP per User

RF Optimization @ AP

Existing connections operate independent of cloud (pre-shared key & 802.1x)

New connections operate for pre-shared keys & 802.1X independent of cloud

Roaming operates independent of cloud

Guest services via cloud

V2110- first virt. Controller forVM-Ware & Hyper-V

Configuration management

WIPS for centralized monitoring, response

L7 Application Monitorung

One centralized security application for global deployment

SDN intergation

The Cloud- Architecture Cornerstones


Ro

les IT Admin Employee Guest

Se

rvic

es

Corporate

Productivity

Applications

Internet &

VPN Access

Only

Admin.

Applications

Ru

les

Allo

w H

TT

P

Allo

w H

TT

PS

Allo

w IP

Sec

Allo

w S

AP

Rate

Lim

it

Allo

w P

ing

Allo

w T

eln

et

Allo

w E

mail

Allo

w T

FT

P

Allo

w S

NM

P

Allo

w O

racle

Deny B

cast

Roles

correspond

to specific

user types

on the

network

Services

group Rules

and apply to

Roles

Rules allow,

deny, rate

limit or

contain

specific

traffic type

• A single enforcement architecture from edge

to data center

• Meeting customer needs since 2001 - over

10 million switch ports and access points

• Enforcement at the edge (point of ingress)

• Meeting business needs

• Layer 2-4 Access Control

Enforcement for QoS, rate limiting,

VLAN, Topologie

(Bridge@AP/Controller, per

Application)

• Flexible policy enforcement criteria

• Unique in the industry

• Scaling from the wireless edge to the data

center

The Cloud- Architecture Flexibility Policys – foundation for Single SSID Design


Userbased Policys vs. SSID based

Per user/ application topology, QoS, rate-limit ACL

therefore less SSIDs needed - easier configuration of clients

simpler enforce security policies as SSIDs are less protected

Better performance in the air - because fewer beacons

Example with 6 SSID per AP – 3 APs- same area:Beacon Data Rate Channel Bandwidth Utilization

1 Mbps 25.92%

2 Mbps 12.96%

5.5 Mbps 4.71%

11 Mbps 2.36%

6 Mbps (802.11a/g) 4.32%

12 Mbps (802.11a/g) 2.16%

Same Network with 3 SSIDs per AP:

Beacon Data Rate Channel Bandwidth Utilization

1 Mbps 12.96%

2 Mbps 6.48%

5.5 Mbps 2.36%

11 Mbps 1.18%

6 Mbps (802.11a/g) 2.16%

12 Mbps (802.11a/g) 1.08%

WLAN Appliance

LAN

SSID Production

Policy intern

Policy Guest

Policy BYOD

The Cloud- Architecture Flexibility - Single SSID Design

Policy BB

Policy Scanner


Access Type(s) Application Provision

AuthenticationVirtual Device

Identity(s)

Device Type(s) Physical Device

Identity(s)

Location

Time of DayAuthorization

Health

User Identity – Joe

Smith

Apple Lion OSX v10.7

Android v4.0.4

Wednesday, April 11, 2012

9:41:00 AM EST

Building-A

Floor-2

Conference Room-7b

Apple MacBook Air

Samsung Galaxy Note

Windows v7.5.3

MAC-Auth: 28:37:37:19:17:e6

PWA: 00:00:f0:45:a2:b3

802.1X: 00:0D:3A:00:a2:f1

Wireless

Associated AP: wifi-243

SSID: Prod-Guest

BSSID: 0-1a-e8-14-de-98

Role: Sponsored Guest

Sponsor: Jane Doe

Internet Access

Shared Engineering Servers

Web (HTTP): 5Mb download

Email (SMTP): 2Mb download

All other Services: DISABLED

Symantec Anti-Virus: Enabled

Signature Update – v10.4.3

OS Patches – Up to date

Peer2Peer Service: DISABLED

43 Services Running

The Cloud- Architecture Visibility – Holistic approach for BYOD and Identity & Access Management


Policy

Guest

Contractor

Employee

EmployeeOwned

Vstng_EmpDevice

Personal Device

Corporate Device

Guest Device

WirelessConference Rooms

Allow

Single SSID/VLAN

Weekends

Holidays Rate Limit, QoS

Contain

Web based

MAC

Multiple VLANs

Deny

M–S8 am–6 pm

TimeLocationAccess Method

DeviceUser

Outside theagency

5ft from an Acess Pt

Anytime

Hall way

Class room

Wired

802.1x

HTTP

Salesforce

Youtube

Twitter

Application*

Facebook

Oracle

Privilegeduser

Auth.Method

VDI

The Cloud- Architecture Context based Control – Holistic approach for BYOD and Identity & Access Management

IF $User AND $Device AND $Access Method

AND $Location AND $Time THEN $Permission_Allowed


RADIUS RequestLAN Switch

Extreme Policy and/or RFC 3580

InternetVPN

AP

WLAN

Appliance

User-Based

Policies

The Cloud- Architecture Infrastructure & vendor independent – Holistic approach via OneFabric Control Center


30

Switch

AP1

AP2

AP3

WLAN Appliance

Personal request, no

encryption

Patient info encrypted

for privacy – HIPAA

requirement

Access denied

based on location 3rd party service

is consulted

Internet

Data Center

Containment of

multicast traffic

(e.g. Apple

Bonjour) at AP –

no congestion

* Only company to support this for the same SSID

The Cloud- Architecture in ActionBest Practice – Integration MDM and Bonjour Traffic

NMS & IAM


The Cloud- Architecture Building block of a successful mobility solution

Integrated Architecture & Management for LAN & WLAN

IAM & BYOD visibility, control, security, simplicity

Programmability & SDN

Flexible architecture

Perfectly designed to extend Service Provider Business into

WiFi

plnog14 - wireless cloud, a new business for operators - jochen müdsam

Internet

extreme networks

chantry networks

wifi technology

identifi wireless

excellent mobile experiences

mobile devices

excellent experiences

years of experience