無線網路架構(一)

828 views
736 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
828
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
10
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

無線網路架構(一)

  1. 1. WLAN Infrastructure
  2. 2. Wireless Wireless Data Networks Broadband PCS Broadband PCS Metricom Metricom Local Wide Coverage Area Satellite Satellite Circuit & Packet Data Cellular, CDPD, RAM, ARDIS Circuit & Packet Data Cellular, CDPD, RAM, ARDIS Narrowband PCS Narrowband PCS Data Rates 9.6 Kbps 19.6 Kbps 56 Kbps 1 Mbps 2 Mbps 4 Mbps 10 Mbps Infrared Wireless LANs Infrared Wireless LANs Narrow Band Wireless LANs Narrow Band Wireless LANs 54 Mbps Spread Spectrum Wireless LANs Spread Spectrum Wireless LANs 802.11 Products
  3. 3. License Free ISM Band Extremely Low Very Low Low Medium High Very High Ultra High Super High Infrared Visible Light Ultra- violet X-Rays Audio AM Broadcast Short Wave Radio FM Broadcast Television Infrared wireless LAN Cellular (840MHz) NPCS (1.9GHz) Current Product Notes: Very little spectrum is for unlicensed use. 902-928 MHz 26 MHz Older Product 5 GHz (IEEE 802.11A) HyperLAN HyperLAN2 Future Technology 2.4 – 2.4835 GHz 83.5 MHz (IEEE 802.11B)
  4. 4. Channels- 802.11b <ul><li>Spectrum: 83MHz </li></ul><ul><li>Channels: Three 22MHz stationary channels. Only 3 non-overlapping. </li></ul><ul><li>Speeds: 1, 2, 5.5, and 11 Mbps data rate </li></ul>1 2 3 4 5 6 7 8 9 10 11 2400 2483
  5. 5. Coverage 1 Mbps DSSS 5.5 Mbps DSSS 11 Mbps DSSS 2 Mbps DSSS
  6. 6. Bandwidth Blue= 11Mb Green=11Mb Red=11Mb Total Bandwidth=33MB
  7. 7. Site Survey Channel Mapping Channel 1 Channel 6 Channel 11 Channel 1 Channel 6 Channel 11 Channel 11 Channel 1 Channel 6 Channel 11
  8. 8. Site Survey Bandwidth Layout 2 Mbps 2 Mbps 2 Mbps 2 Mbps 2 Mbps 2 Mbps 2 Mbps 2 Mbps 2 Mbps 2 Mbps 5.5 Mbps 5.5 Mbps 5.5 Mbps 5.5 Mbps 5.5 Mbps 5.5 Mbps 5.5 Mbps 5.5 Mbps 5.5 Mbps 5.5 Mbps 11 Mbps 11 Mbps 11 Mbps 11 Mbps 11 Mbps 11 Mbps 11 Mbps 11 Mbps 11 Mbps 11 Mbps
  9. 9. 30mW Cell Size Comparison 30 milli-Watt client and Access Point range capabilities 11 Mbps DSSS 80-100 feet radius 5.5 Mbps DSSS 100-200 feet radius 2 Mbps DSSS 200-275 feet radius
  10. 10. Cell Size Comparison, Cont. <ul><li>Full Antenna Power – 30mW </li></ul><ul><li>3 Access Points </li></ul><ul><li>Reduce Antenna power - 5mW </li></ul><ul><li>18 Access Points </li></ul><ul><li>Fewer users per access point </li></ul>1 6 11 1 6 11 1 11 6 6 11 1 1 6 11 1 11 6 6 11 1 1 2
  11. 11. Antennas <ul><li>Antennas extend range by changing the shape of the signal </li></ul><ul><li>Different applications call for different antennas </li></ul><ul><li>Measurements given in “gain” – dBI </li></ul><ul><li>Cable type/length greatly affects “gain” </li></ul>
  12. 12. Antennas, Cont. Maximum Coverage Autorate Negotiation Wireless for Students DiPole Indoor, Patch Outdoor Class 1 Class 3 Hallway 1000’ 850’ Class 4 Class 2 AP’s on Isolated LAN with PIX Class 8 Class 10 Class 11 Class 9 Building Courtyard 1000’ 1 6 1 6 11 1
  13. 13. Antennas, Cont. Maximum Coverage Autorate Negotiation Cabling Only Available at Store Front Yagi Antennas and DiPole 2000’ 850’ 1 6 11 1 6 11
  14. 14. Products Evolving <ul><li>Better radios – better reception, improved bandwidth </li></ul><ul><li>Better management </li></ul><ul><li>Easier to deploy (in-line power) </li></ul><ul><li>More security </li></ul><ul><li>New standards </li></ul>
  15. 15. Inline Power
  16. 16. 100mW Cell Size Comparison 100 milli-Watt client and Access Point range capabilities 11 Mbps DSSS 100-150 feet radius 5.5 Mbps DSSS 150-250 feet radius 2 Mbps DSSS 250-350 feet radius
  17. 17. 802.11a (fall?) <ul><ul><li>Spectrum (US*): </li></ul></ul><ul><ul><li>50mW from 5.150 – 5.250 GHz </li></ul></ul><ul><ul><li>250mW from 5.250 - 5.350 GHz </li></ul></ul><ul><ul><li>1W from 5.725 – 5.825 GHz </li></ul></ul><ul><ul><li>Speeds: </li></ul></ul><ul><ul><li>6, 12, and 24Mbps for compliances </li></ul></ul><ul><ul><li>54Mbps+ expected </li></ul></ul><ul><ul><li>Channels: </li></ul></ul><ul><ul><li>20 MHz channels </li></ul></ul><ul><ul><li>Vendors? 8 - 15 </li></ul></ul>
  18. 18. Wired or Wireless… <ul><li>Wireless pilots encouraged, but would not invest heavily – technology changing </li></ul><ul><li>Wireless is not a replacement for wired networks at this time </li></ul>
  19. 19. Some Problems
  20. 20. Other Frequency Hopping Interference potential 802.11b Bluetooth HomeRF Cordless Phone
  21. 21. Problems with just plugging it in <ul><ul><li>Colliding channel allocations? </li></ul></ul><ul><ul><li>How to implement authentication (WEP)? </li></ul></ul><ul><ul><li>Coordination between autonomous departments? </li></ul></ul><ul><ul><li>Interference with other devices? </li></ul></ul><ul><ul><li>On different subnets? </li></ul></ul><ul><ul><li>Different accesses policies? </li></ul></ul><ul><ul><li>Dueling Access Points? </li></ul></ul><ul><ul><li>Signal leakage between buildings? </li></ul></ul><ul><ul><li>Building codes? </li></ul></ul>Building A Building B <ul><ul><li>You are not in control. </li></ul></ul>
  22. 22. Wireless Networks are Public <ul><li>Public networks will be designed, installed, and managed by TIS on department’s behalf (and on departments funding) </li></ul><ul><li>Public networks must be authenticated </li></ul><ul><li>Installation will be professional, following UT building codes and practices </li></ul><ul><li>Spectrum will be allocated/adjudicated by TIS </li></ul><ul><li>Public interest will be considered over private interest in wireless conflicts </li></ul><ul><li>There are always exceptions </li></ul>
  23. 23. Which Vendor?
  24. 24. Authentication
  25. 25. Authentication Schemes <ul><li>SSIDs (Service Set Identifiers) </li></ul><ul><ul><li>Broadcast in clear by unit and clients. Anyone can hear and insert. </li></ul></ul><ul><li>WEP (Wired Equivalent Privacy) </li></ul><ul><ul><li>Uses RC4, problems with exchanging keys. Either sent in clear or have to be manually configured and then exposed on client. </li></ul></ul><ul><li>MAC (hardware address restrictions) </li></ul><ul><ul><li>Restrict based on Ethernet hardware address. Hard to manage across all access points. Any card can pretend to be any MAC address. </li></ul></ul>
  26. 26. Authentication Schemes, Cont. <ul><li>UTEID (home grown) </li></ul><ul><ul><li>http://www .tis.utexas.edu /network /pubaccess / </li></ul></ul><ul><ul><li>UT’s home grown digitally signed fat cookie application. Doesn’t provide encryption, but doesn’t require any custom software and is compatible with all OSes. </li></ul></ul><ul><li>802.1X / EAP / LEAP </li></ul><ul><ul><li>Extended Authentication Protocol, Lightweight Extended Authentication Protocol </li></ul></ul><ul><ul><li>Solves authentication and key distribution problem. Evolving standard and isn’t supported on some OSes. LEAP doesn’t use same secured mechanisms as EAP-TLS. </li></ul></ul><ul><li>VPN (Virtual Private Network) </li></ul><ul><ul><li>Requires client software. All traffic has to go to VPN gateway and back – obviates local routing/switching. </li></ul></ul>
  27. 27. SSID <ul><li>- Broadcast in clear by AP and client, anyone can add to their client </li></ul><ul><li>- Must be manually configured on all clients </li></ul><ul><li>Provides no encryption of signals </li></ul><ul><li>Provides no user authentication/accounting </li></ul>
  28. 28. WEP <ul><li>+ Provides some encryption (still vulnerable to same attack as wired networks ala dsniff) </li></ul><ul><li>- Uses shared key which is exposed to other clients </li></ul><ul><li>Key must be manually configured on all clients (or sent in clear) </li></ul><ul><li>Has various crypto defects </li></ul><ul><li>Provides no user authentication/accounting </li></ul>
  29. 29. MAC <ul><li>Requires obtaining hardware addresses of all clients </li></ul><ul><li>MAC address can be duplicated by any client </li></ul><ul><li>Must be maintained on all APs (not scalable) </li></ul><ul><li>Provides no encryption </li></ul><ul><li>Provides no user authentication/accounting </li></ul>
  30. 30. UT EID <ul><li>+ Provides user authentication utilizing well known mechanism (already in use on wired ports) </li></ul><ul><li>+ Requires no additional software and is available on all platforms </li></ul><ul><li>- Funnels all traffic through central gateway which obviates local switching/routing </li></ul><ul><li>No encryption provided </li></ul><ul><li>Home grown – unclear how to integrate with new offerings </li></ul>
  31. 31. 802.1x/EAP Authentication
  32. 32. EAP over LAN Ethernet Laptop computer 802.1X Authenticator/Bridge Radius Server EAPOL-Start EAP-Request/Identity EAP-Response/Identity EAP-Request Radius-Access-Request Radius-Access-Challenge EAP-Response (cred) Radius-Access-Request EAP-Success Access blocked Port connect Radius-Access-Accept Access allowed RADIUS EAPOL
  33. 33. EAP over Wireless Ethernet Access Point Radius Server EAPOL-Start EAP-Request/Identity EAP-Response/Identity EAP-Request Radius-Access-Request Radius-Access-Challenge EAP-Response (cred) Radius-Access-Request EAP-Success Access blocked Association Radius-Access-Accept RADIUS EAPOW Laptop computer Wireless 802.11 802.11 Associate Access allowed EAPOW-Key (WEP)
  34. 34. Future EAP Client Work ? <ul><li>Microsoft placing 802.11 EAP Native supplicant in, </li></ul><ul><ul><li>Win2K, WinCE </li></ul></ul><ul><li>What about other Microsoft OSes? </li></ul><ul><ul><li>Win9x/WinNT (need LEAP) </li></ul></ul><ul><li>What about other OSes? </li></ul><ul><ul><li>Linux, MacOS (need LEAP) </li></ul></ul>
  35. 35. Change AP Association Steps to Re-association: Adapter listens for beacons from APs. Adapter evaluates AP beacons, selects best AP. Adapter sends association request to selected AP (B). AP B confirms association and registers adapter. Access Point A Access Point B Roaming from Access Point A to Access Point B AP B informs AP A of re-association with AP B. AP A forwards buffered packets to AP B and de-registers adapter.
  36. 36. 802.1X/EAP/LEAP <ul><li>+ Provides user authentication/accounting in scalable manner </li></ul><ul><li>+ Provides encryption (still vulnerable to same attack as wired networks ala dsniff) </li></ul><ul><li>Evolving standard </li></ul><ul><li>Requires client software not extant on all platforms </li></ul><ul><li>Network equipment more likely to be proprietary </li></ul><ul><li>Will require inve$tment in new authentication infrastructure </li></ul><ul><li>LEAP doesn’t support same encryption features </li></ul>
  37. 37. VPN <ul><li>+ Provides user authentication </li></ul><ul><li>+ Provides encryption </li></ul><ul><li>Requires software on all clients </li></ul><ul><li>Funnels all traffic through VPN gateway, obviates local switching/routing </li></ul><ul><li>Dedicated expen$ive VPN gateway hardware needed at high traffic rates, and new authentication infrastructure </li></ul>
  38. 38. What about other devices? Handheld? <ul><li>EAP (Extensible Authentication Protocol) </li></ul><ul><li>VPN (IP SEC) </li></ul><ul><li>PPP (PPTP, PPPOE) </li></ul><ul><li>LEAP (Lightweight & Efficient Application Protocol) – card drivers, only one time user/password authentication </li></ul>
  39. 39. We don’t decide… <ul><li>UTEID: </li></ul><ul><li>Already deployed </li></ul><ul><li>Could transition to VPN from UTEID easily or run in parallel </li></ul><ul><li>802.1x would mean flag day for any mechanism and isn’t ready for deployment </li></ul>… see what the industry decides
  40. 40. Multicast Applications <ul><li>Multicast Support is in WLAN infrastructure </li></ul><ul><li>Multicast has problems when Clients Roam </li></ul><ul><ul><li>Router/L2 Switch is unaware of Client move </li></ul></ul><ul><ul><li>Router/Switch still sends multicast stream to original AP </li></ul></ul><ul><ul><li>Multicast stream terminated when Router/L2 timesout due to non-response to multicast query </li></ul></ul><ul><ul><ul><li>No IGMP leave is sent by AP or Client </li></ul></ul></ul>

×