CWNP CWNA – WLAN Architecture

1. WLAN Architecture

In this module, we’re going to take a look at the wireless lan architecture. So that means we’re going to take a look at client devices, the different ways we can connect them, talk about things like the wireless lan controller when it gets into some of those specialty wireless lan infrastructure designs that we can make.

2. Management, Control, and Data Planes

So in the world of networking in general, not just even telecommunication, we have three logical planes of operation. The first is the management plane. Okay? So when we talk about the management plane, take any device, and I’m just going to draw any device where the data is being transferred. And I know I’m talking about management plane, but we’ll get there is the data plane. In today’s world, we try to move everything at that data plane as fast as we can.

And in order to know how to forward things, there’s a control plane that can update tables for forwarding packets or frames, but there’s got to be somebody out there that’s going to program this thing. And so that’s kind of the management plane defined by whatever you want as part of network management. So that means one solution might be you could use something to monitor routers and switches.

And on other night wired network infrastructures, or in the world of access points, we’re going to talk about this thing called a wireless lan controller that’s going to do all of that monitoring of whatever the access point is supposed to be doing. And we can use that centralized manager to push out our configurations, which would be really great if I had 3400 access points that I had to take control of. I don’t know that I want to configure each one or if there’s a newer operating system. I don’t know if I want to spend the weeks to upgrade each one.

So we can just push that stuff out from a centralized location. So that’s management plane, it’s usually not a part of the actual device. The control plane, as I was saying, is the one that takes care of signaling information signaling. So if I was a router, I might be using a routing protocol like ospf to signal updates about paths that I know about. The wireless access point might need to update its Mac address table so that it knows how to forward on the frames that come in through the wireless or coming out from the wired network.

So those are, again, like I said, ospf pgp, that’s signaling. That’s helping us out. Now, cisco uses the term content addressable, memory, cam, tables, spanning tree, all of those types of things. That’s fine. That’s still all a type of signaling. I just call the Mac address table. And then the data plane is the one that receives the knowledge from the control plane, pushing that knowledge into the data plane so that we can have our traffic go in and out, hopefully at a very close to hardware speed. We see that in routers, we see it in switches and everything else. The data plane is doing the work of transmitting or sending forwarding routing, whatever you want to use for the term of the data that’s going through.

3. Management Plane

So again, the management plane a little bit more about it is where we do the configurations, the updates, the monitoring. And it usually is a separate device, a separate server or service that is monitoring one or more of these access points. So again, it might just be simply a way that I can push new configurations.

Maybe tell all of the access points that they have a new ssid that they’re going to put out out, maybe check for security issues, the wifi, multimedia, what channel to use, power settings to use. All of that is controlled by a centralized location. In fact, in some of the cases where I said that you might have multiple access points in a room that might not be running at full power, but that’s because if one access point goes down, the wireless lan controller would know that, and then it would say, hey, make these other ones go to a higher power rate to cover that gap.

Again, monitoring and reporting how many people are connected, what kind of throughput are we doing, what are our statistics, all of those types of things. How many people are associated with us reassociations that gives us information about whether or not we have the right number of access points to the right number of subscribers or people that are connecting to it.

The upper layer monitoring and reporting could let us know about the applications that are being used as far as what’s generating the traffic, gives us the visibility of their IP connectivity, able to help you understand the traffic flow, things that are helpful when we’re trying to maybe reassess what we need in our network. And again, like I said, for the firmware management to upgrade the operating system on the access points. Just a nice place where I can upload the newest version of the operating system and this mass push it if I need to, or come up with a different schedule for a deployment to all of the different wireless components.

4. WLC (eNotes)

Now, some of these topics we’re going to talk about a little bit later, but let’s just look at some of the information that happens with a typical wireless lan controller. And please remember that different vendors might implement this just a little bit differently. And I’m not going to put a big network in here as far as what we’re looking for. But on the management plane, the wireless lan controller, as I said, can push out config, it can push out the new operating systems, it can monitor, it can control power, all those really cool things. But one of the other notices that we have with the wireless lan controller is that it can do what later.

We’re going to call a split Mac work and take some of the work out of what the access point does by moving it on to a wireless lan controller, which is usually much more powerful as far as processing and memory. In other words, let’s say somebody connects to an access point and we want to encrypt the traffic. Well, the access point can, through its own kind of IP tunneling mechanism. Again, the most common protocol we use is called capwap, and it will send that traffic to the wireless lan controller, who will then take care of the full encryption, pushing the encryption all the way out to the client. And so that the access point only has to forward the data. It doesn’t have to go through the work of encrypting it. The wireless lan controller can also take care of the authentication, the authorization and the accounting, the things we call a.

And it can be the point in which that actual data enters into the wired network instead of coming in through the actual access point. So it leaves the access point free to do more work with controlling the messages or getting the updates to power and all that sort of stuff. And when it does enter the network from the wireless lan controller, it also affords us that ability to move around. And I’m sure I’ve said this a number of times, that if I move to a different access point, I can still have my connection because it’s going to go to the wireless lan controller. And so I don’t even have to lose my IP address. And that switch over, we hope it’s actually about 100 milliseconds in size. Now, what if this is my headquarters?

And in my headquarters I have this wide area network connection to a smaller branch office, and that branch office maybe has 50 people. Maybe it’s just somebody at home. In fact, I’ll draw that here separately so they don’t have as many of these access points. They can still be managed by your wireless land controller. But the question is, if I have somebody connecting to an access point and they want to go to something else that’s internal to that branch office, right? I want to go through the switch to some local server that we have connected.

Does my traffic now have to go through the wireless lan controller over that wan link? And there are solutions that say, no, that we can split that up, that if you’re staying local, the traffic stays local. If it’s not going to be local, then we’ll send it to the wireless lan controller for that connectivity. Like we talked about before, many solutions like that. Some companies have this cool device. So if you’re at a big box hotel, does that look like a hotel? I’m not sure, but pretend it’s a hotel, and at the hotel you want to have secure communications. You can bring this little access point with you and plug that into the wired network of the hotel Internet access.

And what it will do is it will connect to the wireless lan controller for you. So it’ll take that internet connection to the wireless lan controller and all your traffic will go through that wireless lan controller and then come out of that network where you actually probably have better security, right, to leave your network to get out to the internet world. You have your own firewalls, intrusion detection and really cool stuff, so you can still have wireless at the hotel and the safety and protection of your traffic going through better security.

I mean, there’s a lot of solutions that all form around this wireless lan controller. As a matter of fact, some vendors say that if you have to have a lot of wireless lan controllers because you have so many access points, that you can get what’s called a wireless lan controller controller service, what they might call a wcs, that will basically manage the devices that are managing all of the other wireless controllers.

5. Control Plane

Now, the control plane is something we might actually see either at the wireless lan controller or even at the access point, depending if it’s standalone, what’s sometimes called autonomous, or if it’s lightweight. But that’s where we see protocols that communicate with other network devices so that we can get the intelligence, the interaction to know how to move traffic through the network. One of the things that you might see in the control plane lane is dynamic rf.

And again, this can be something that’s done either by the access point automatically or it can be done by a wireless lan controller. But what it’s going to do is basically coordinate the channel and power settings. Like I said, if I had a bunch of access points and I had them at lower power on purpose because I know I wanted to limit their coverage area because I got so many, but if one goes down, boom. Then we could amp the power on these others to cover that. What otherwise would have been a dead spot to make sure that the channels are not overlapping. They can dynamically take care of the channel numbers all by just listening and talking to each other. So that’s really kind of cool stuff that happens on the control plane.

And almost every vendor I’ve worked with, every vendor I’ve worked with has some sort of dynamic rf capability built in. And some people call it, like I said, the radio Resource management. I described roaming in the use of a wireless lan controller. So that means that as you go from one access point to the other, what we call a handoff, that you still maintain your connectivity, you still have your same stateful firewall rules of the clients. I mean, everything is working the way it should. And one of those 800 and 211s was about fast, secure roaming.

So you try to get it down into the 100 milliseconds type of work. Client load balancing can also be a big issue. If you have too many clients on one access point, maybe we’ll find a way to move them to another one to make it easier to spread the amount of work. Or if we’re doing mesh protocols, then we might be able to make sure we have the right protocol running so that you’re not taking loops and you’re taking the best path in that mesh of access points back into the main office.

6. Data Plane

Now the data plane is where we really worry about forwarding the data. The management plane sends me configurations. The control plane does my signaling to gather information.

7. Autonomous WLAN Architecture

So for a long time, an access point usually was a standalone, meaning it didn’t work or communicate with any central management. This is, of course, when wireless lands became kind of something new in the world and people were maybe not as confident about security. I think they’re pretty good right now with security. But anyway, we didn’t have that central control. It was just put one up, connect it to a switch and let people get into the network. And if you wanted to roam or do any of these other cool things, it just wasn’t going to happen. That meant that the standalone access point then had to have all of it, the management, the control and the data plane, rather than splitting off some of that work to the wireless lan controllers.

And so we called them standalone, some called them autonomous, some might call it a Fat AP. I don’t know if that’s a very nice thing to say about an access point, but anyway, it was just saying the access point did it all. Now, the most common industry term for this, like I said, is autonomous. And all the configurations that were done were done on each one individually. And if you think about it, that introduces a big amount of risk. The reason I say risk is because the more access points you have to handle one by one, the more chances you have of misconfiguring something. In fact, the access point that was standalone also had to do all of the encryption and decryption as well.

8. Centralized Network Management Systems

So going to that centralized network management system reduces that risk of misconfiguration. I mean, you could do it wrong and you do it wrong for everything at the same time, I guess. But hopefully you won’t do it wrong or have as many chances to do that. So you don’t have to configure the 200, 300 different access points. You don’t have to try to manually upgrade the operating systems or put out patches. It’s just not nice to have that central management. Plus, remember, it’s going to gather statistics for you as well.

9. Cloud Networking

Well, what’s there to talk about in wireless if we don’t talk about the cloud? Cloud networking or cloud computing are catchphrases. We use to describe advantages of computers networking functionality when provided as something we call software, as a service or saas. The idea behind cloud networking is that the applications and the network management, the monitoring, the functionality and control are provided as a software service.

A wireless lan controller is kind of that it actually doesn’t have to be the one that’s inside of your network. Although I would prefer that you could have a service that’s outside your network that provides you with the gui to make your configuration changes, to monitor your access points if you wanted to. So you don’t have to maintain even the wireless lan controller.

10. Centralized WLAN Architecture

So I like the centralized wireless lan architecture, which is to me is the to me, I like that as the best idea for managing my devices. The bad thing is that you should have, of course, a backup to one wireless lan controller if the other one goes down. I get that that means, unlike the cloud, they take care of that single point of failure, so we’d have to take care of that as well. But you just basically have to use the central part of your network that usually is in the core of your network to be able to deal with the traffic going into and out of your network through wireless access points.

And so now we’re replacing these autonomous access points with what we call the lightweight access points or thin access points, because the real intelligence of what’s going on is happening in the access or in the wireless lan controller and not the access points. That means the encryption, the decryption, all of that’s going on at the wireless lan controller. It’s usually an actual device, right, that you rack into your shelf, and it has more memory, more cpu power. In fact, you can actually wire an access point right into it and get power over ethernet if you wanted to.