plnog14 - wireless cloud, a new business for operators - jochen müdsam
TRANSCRIPT
©2014 Extreme Networks, Inc. All rights reserved.
Wireless Cloud -
new business for operatorsNew requirements & WiFi standards force the need
for scalable and flexible WiFi architectures.
Jochen Müdsam, Senior Network Consultant
©2014 Extreme Networks, Inc. All rights reserved.
Trends & challenges of mobile enterprise infrastructures
Overview Gigabit WiFi 802.11ac & high density design
The Cloud Architecture
AgendaNew requirements & WiFi standards
force the need for scalable and
flexible WiFi architectures
©2014 Extreme Networks, Inc. All rights reserved.
Experience EconomyThe
Consumerized experiences shape our mobile expectations
People desire Wi-Fi that is simple, fast and smart
The greatest opportunity for IT is to exceed expectations
©2014 Extreme Networks, Inc. All rights reserved.
Wi-Fi Fuels GrowthThe Mobile World Expands
+70% of global wireless traffic traverses Wi-Fi
Internet of Things including wearables is in its infancy
Over 7 Billion Wi-Fi devices will be shipped in the next 3 years
©2014 Extreme Networks, Inc. All rights reserved.
Endsystem Explosion- „Post PC Era“Holistic IP Convergence
Number of Endsystems
IP Printers
Medical systems
Facility ManagementBuilding Control
Security
VoIP Phones
Systeme/OS
Diversität
(Virtual) servers
PC
Sensors,M2M
Smart Phones, Tablets
Production Control
Laptops
IP Video Surveillance
Corporatenot managed
Privatemanaged
Privatenot managed
Corporatemanaged
Corporatenot managed
Privatemanaged
Privatenot managed
Corporatemanaged
©2014 Extreme Networks, Inc. All rights reserved.
Trends & challenges of mobile enterprise infrastructures
Overview Gigabit WiFi 802.11ac & high density design
The Cloud Architecture
AgendaNew requirements & WiFi standards
force the need for scalable and
flexible WiFi architectures
©2014 Extreme Networks, Inc. All rights reserved.
What is 802.11ac? The 5th Wi-Fi Generation
3x the over-the-air performance in Wave 1 compared to 802.11n
Extented Battery Lifetime
Backward compatible
H1-12 H1-15H2-12 Q1-13 Q2-13 Q3-13 Q4-13
1st Gen Wave-1 Chips
Wave-1
802.ac APs 1st Gen
Wave-2 Chips*
802.AC
ratified
Full
Wave-2 Chips
H1-14
Wave-2
Extreme APs
©2014 Extreme Networks, Inc. All rights reserved.
Up to 1.3 Gbps per Radio - with 802.11ac Wave 1
includes 2 technology innovations compared to 11n: Wider channels: 80MHz (11n max. 20Mhz and 40Mhz)
Higher modulation: 256-QAM (11n only 64-QAM)
802.11ac Characteristics Wave 1
©2014 Extreme Networks, Inc. All rights reserved.
Cli
en
t MIMO:
Spatial
Streams
AP3825 Channel Width
20 MHz
(Mbps)
40 MHz
(Mbps)
80 MHz
(Mbps)
11
ac
1x1:1 86.7 200 433.3
2x2:2 173.4 400 866.6
3x3:3 260 600 1300
11
n1x1:1 72.2 150 N/A
2x2:2 144.4 300 N/A
3x3:3 216.7 450 N/A
ba
g a/g 54 N/A N/A
b 11 N/A N/A
11
80MHz and 256 QAM PHY Rate
3x3 1.3Gbps, ~850Mbps TCP
2x2 866Mbps, ~600Mbps TCP
802.11ac Characteristics Wave 1 – client data rates
©2014 Extreme Networks, Inc. All rights reserved.
CHANNEL WIDTH NO. OF CHANNELS
(U.S)
NO. OF CHANNELS
(EUROPEAN UNION)
20MHZ 24 19
40MHZ 11 9
80MHZ 5 4
160MHZ 2 2
12
Significant reduction of non-overlapping channels with increased channel bandwidth -
only in the 5 GHz band used. Consider DFS support for clients
802.11ac Characteristics Wave 1 – 5 GHz – non-overlapping channels
©2014 Extreme Networks, Inc. All rights reserved.13
802.11ac Characteristics Wave 1 – Higher modulation method: 256-QAM
More information per symbol
©2014 Extreme Networks, Inc. All rights reserved.
256-QAM
80MHz
3 Spatial Streams
-56dBm
802.11ac requires a 13 dB stronger signal to take full advantage of the higher modulation method
802.11ac Characteristics Wave 1 – Higher modulation method: 256-QAM
©2014 Extreme Networks, Inc. All rights reserved.
600 Feet
600 Feet
360,000 Sq. Feet
Sample coverage for 3x3 11n AP (or 3x3 11ac AP with 11n clients) in HT40 mode
360405450
802.11ac Characteristics - Coverage vs. Speed
©2014 Extreme Networks, Inc. All rights reserved.
600 Feet
600 Feet
360,000 Sq. Feet
Upgrade to 3x3 11ac AP with 11ac clients, still using 40Mhz channels (VHT40)
360405
450
540
600
802.11ac Characteristics - Coverage vs. Speed
©2014 Extreme Networks, Inc. All rights reserved.
600 Feet
600 Feet
360,000 Sq. Feet
Upgrade to 3x3 11ac AP with 11ac clients using 80MHz channels (VHT80)
780878
975
11701300
585
802.11ac Characteristics - Coverage vs. Speed
©2014 Extreme Networks, Inc. All rights reserved.
up to 1.7 Gbps per radio - with 802.11ac Wave 2
includes 2 technology innovations versus 11ac Wave 1:: Additional spatial streams: up to 8 (theoretically) compared with 4 11n (no manufacturer
has more than 3 streams into products) - Wave 2 4 streams (4x 433 Mbps = 1.7 Gbps)
Multi-user MIMO: possibility of multiple stations on the same channel tx at the same time
support (compared 11n only one station per time slot
1
802.11ac Characteristics Wave 2
©2014 Extreme Networks, Inc. All rights reserved.
Trends & challenges of mobile enterprise infrastructures
Overview Gigabit WiFi 802.11ac & high density design
The Cloud Architecture
AgendaNew requirements & WiFi standards
force the need for scalable and
flexible WiFi architectures
©2014 Extreme Networks, Inc. All rights reserved.
Overview WLAN ArchitecturesHistory
Split MAC/ Thin AP Architecture
Split MAC between AP and Controller (Encryption,
QoS, RF Management)
No scale in big enviroments
Fat AP Architecture
Everything (Management & Traffic Forwarding) direct
on each AP
Management
S/W
IP Network
Fit AP Architecture
Decentralized Policy Enforcement (Encryption,
QoS, RF Management)
Centralized Management & Control
©2014 Extreme Networks, Inc. All rights reserved.
The Cloud- Architecture ONE Architecture for all requirements
Reduced hardware costs
Ease of Management
Improved performance via
bridging, filtering, QoS and rate
limiting directly on AP
AP High Availability: new
connections and roaming
irrespectively of the Cloud
Central and distributed client-
traffic forwarding
22
©2014 Extreme Networks, Inc. All rights reserved.
AP IntelligenceReduced Controller Dependency
AP HA &
Advanced ServicesVirtualization
Data Centralization
Bridge @ AP
Filter @ AP per User & Application
QoS @ AP per User & Application
Rate limit @ AP per User
RF Optimization @ AP
Existing connections operate independent of cloud (pre-shared key & 802.1x)
New connections operate for pre-shared keys & 802.1X independent of cloud
Roaming operates independent of cloud
Guest services via cloud
V2110- first virt. Controller forVM-Ware & Hyper-V
Configuration management
WIPS for centralized monitoring, response
L7 Application Monitorung
One centralized security application for global deployment
SDN intergation
The Cloud- Architecture Cornerstones
©2014 Extreme Networks, Inc. All rights reserved.
Ro
les IT Admin Employee Guest
Se
rvic
es
Corporate
Productivity
Applications
Internet &
VPN Access
Only
Admin.
Applications
Ru
les
Allo
w H
TT
P
Allo
w H
TT
PS
Allo
w IP
Sec
Allo
w S
AP
Rate
Lim
it
Allo
w P
ing
Allo
w T
eln
et
Allo
w E
Allo
w T
FT
P
Allo
w S
NM
P
Allo
w O
racle
Deny B
cast
Roles
correspond
to specific
user types
on the
network
Services
group Rules
and apply to
Roles
Rules allow,
deny, rate
limit or
contain
specific
traffic type
• A single enforcement architecture from edge
to data center
• Meeting customer needs since 2001 - over
10 million switch ports and access points
• Enforcement at the edge (point of ingress)
• Meeting business needs
• Layer 2-4 Access Control
Enforcement for QoS, rate limiting,
VLAN, Topologie
(Bridge@AP/Controller, per
Application)
• Flexible policy enforcement criteria
• Unique in the industry
• Scaling from the wireless edge to the data
center
The Cloud- Architecture Flexibility Policys – foundation for Single SSID Design
©2014 Extreme Networks, Inc. All rights reserved.
Userbased Policys vs. SSID based
Per user/ application topology, QoS, rate-limit ACL
therefore less SSIDs needed - easier configuration of clients
simpler enforce security policies as SSIDs are less protected
Better performance in the air - because fewer beacons
Example with 6 SSID per AP – 3 APs- same area:Beacon Data Rate Channel Bandwidth Utilization
1 Mbps 25.92%
2 Mbps 12.96%
5.5 Mbps 4.71%
11 Mbps 2.36%
6 Mbps (802.11a/g) 4.32%
12 Mbps (802.11a/g) 2.16%
Same Network with 3 SSIDs per AP:
Beacon Data Rate Channel Bandwidth Utilization
1 Mbps 12.96%
2 Mbps 6.48%
5.5 Mbps 2.36%
11 Mbps 1.18%
6 Mbps (802.11a/g) 2.16%
12 Mbps (802.11a/g) 1.08%
WLAN Appliance
LAN
SSID Production
Policy intern
Policy Guest
Policy BYOD
The Cloud- Architecture Flexibility - Single SSID Design
Policy BB
Policy Scanner
©2014 Extreme Networks, Inc. All rights reserved.
Access Type(s) Application Provision
AuthenticationVirtual Device
Identity(s)
Device Type(s) Physical Device
Identity(s)
Location
Time of DayAuthorization
Health
User Identity – Joe
Smith
Apple Lion OSX v10.7
Android v4.0.4
Wednesday, April 11, 2012
9:41:00 AM EST
Building-A
Floor-2
Conference Room-7b
Apple MacBook Air
Samsung Galaxy Note
Windows v7.5.3
MAC-Auth: 28:37:37:19:17:e6
PWA: 00:00:f0:45:a2:b3
802.1X: 00:0D:3A:00:a2:f1
Wireless
Associated AP: wifi-243
SSID: Prod-Guest
BSSID: 0-1a-e8-14-de-98
Role: Sponsored Guest
Sponsor: Jane Doe
Internet Access
Shared Engineering Servers
Web (HTTP): 5Mb download
Email (SMTP): 2Mb download
All other Services: DISABLED
Symantec Anti-Virus: Enabled
Signature Update – v10.4.3
OS Patches – Up to date
Peer2Peer Service: DISABLED
43 Services Running
The Cloud- Architecture Visibility – Holistic approach for BYOD and Identity & Access Management
©2014 Extreme Networks, Inc. All rights reserved.
Policy
Guest
Contractor
Employee
EmployeeOwned
Vstng_EmpDevice
Personal Device
Corporate Device
Guest Device
WirelessConference Rooms
Allow
Single SSID/VLAN
Weekends
Holidays Rate Limit, QoS
Contain
Web based
MAC
Multiple VLANs
Deny
M–S8 am–6 pm
TimeLocationAccess Method
DeviceUser
Outside theagency
5ft from an Acess Pt
Anytime
Hall way
Class room
Wired
802.1x
HTTP
Salesforce
Youtube
Application*
Oracle
Privilegeduser
Auth.Method
VDI
The Cloud- Architecture Context based Control – Holistic approach for BYOD and Identity & Access Management
IF $User AND $Device AND $Access Method
AND $Location AND $Time THEN $Permission_Allowed
©2014 Extreme Networks, Inc. All rights reserved.
RADIUS RequestLAN Switch
Extreme Policy and/or RFC 3580
InternetVPN
AP
WLAN
Appliance
User-Based
Policies
The Cloud- Architecture Infrastructure & vendor independent – Holistic approach via OneFabric Control Center
©2014 Extreme Networks, Inc. All rights reserved.
30
Switch
AP1
AP2
AP3
WLAN Appliance
Personal request, no
encryption
Patient info encrypted
for privacy – HIPAA
requirement
Access denied
based on location 3rd party service
is consulted
Internet
Data Center
Containment of
multicast traffic
(e.g. Apple
Bonjour) at AP –
no congestion
* Only company to support this for the same SSID
The Cloud- Architecture in ActionBest Practice – Integration MDM and Bonjour Traffic
NMS & IAM
©2014 Extreme Networks, Inc. All rights reserved.
The Cloud- Architecture Building block of a successful mobility solution
Integrated Architecture & Management for LAN & WLAN
IAM & BYOD visibility, control, security, simplicity
Programmability & SDN
Flexible architecture
Perfectly designed to extend Service Provider Business into
WiFi
©2014 Extreme Networks, Inc. All rights reserved.