Wireless luxemburg february 2013

  • 675 views
Uploaded on

 

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
675
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
34
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • Evolution to Wireless TechnologyFat AP Architecture (Autonomous Switching)Wireless Controller and Access Point are built into one device.Doesn’t scale well as each device must be managed individually.Thin AP Architecture (Centralized Switching)Separated Wireless Controller and AP into separate devices.APs are controlled by a controller reducing management improving security and scalability.Juniper Wireless Architecture (Centralized and Distributed Switching)Supports both Centralized and Distributed Switching from same AP.Distributed switching separates data traffic from control and management traffic.Provides the most direct path for data to go through your core network.Data can go directly from AP to AP or AP to backend system.Provides you with the lowest latency architecture for wireless.
  • Client Load BalancingAP’s maintain awareness of "rf neighborhood" based on neighboring Aps and client location, AP determines a target loadthe system uses various techniques to "coax" clients to less loaded AP’s. If devices are persistent the system will allow them on. if an AP detects a client on both 2.4Ghz and 5Ghz bands, the same techniques are used to "coax" a client to less loaded band The purpose of bandwidth control is to allow the setting of bandwidth limits to ensure reliable accessThere are three methods for controlling bandwidth:Maximum bandwidth per SSIDConfigured limit is full duplex in units of KbpsMaximum bandwidth per UserFull-duplex rate limit for aggregate of all packets through a clientWeighted fair queuing per Radio ProfileService-profiles compete for transmit opportunities based on the configured weightsBandwidth limits are defined in a QoS profileA VSA allows QoS profiles to be dynamically assigned
  • Discuss 7.7 remote AP features
  • SmartPass IFMAP SupportAn important piece of the BYOD use cases that we’ve looked at and that we’ll look at in upcoming slides, revolves around IF Map support in the SmartPass application. So, this is how we get information about wireless users from the WL system into UAC, so that UAC can build role and policy details and propagate those out to the various enforcement points, either the SRX or the EX. So, SmartPass 77 is where we introduced this feature. There are two primary use cases that are supported in our guest use case that we just looked at. That’s our guest user federation case. So, SmartPass in this example is authenticating the guest users and publishing via IF Map a complete user picture. So, such as the username, IP address Mac, everything that UAC needs to build role and policy is learned via SmartPass. So, the SmartPass publishes this, UAC builds a role, pushes that information out to the SRX and the EXs for enforcement. Now, the other important use case that SmartPass supports with IF Map, is the case where SmartPass is not the authenticator. So, .1X example where .1X, has performed against UAC directly from non agent to users. The UAC is going to be missing, kind of missing through the critical IP Mac binding. So, SmartPass 77 provides the ability to now publish that via IF Map as well. So, in this case, the user authenticates against UAC, so UAC knows user identity and knows Mac address, is missing IP address. So, when the WLC communicates with SmartPass via accounting data, SmartPass learns about IP address, via those accounting messages and updates the UAC via IF Map with that missing IP Mac binding, which then enables UAC to do coordinated policy enforcement across the network.

Transcript

  • 1. MOBILITY TRACK – WLAN AND “SIMPLYCONNECTED” Frank Baeyens Senior System Engineer fbaeyens@juniper.net
  • 2. AGENDA Juniper WLAN Solution Juniper WLAN what‟s new Juniper „Simply connect‟ intro BYOD „Simply Connect‟ overview Q&A2 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
  • 3. JUNIPER WLAN SOLUTION3 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
  • 4. COMPONENTS OF A WIRELESS LAN Access Point WLAN Controller WLAN Management Wireless LAN CONTROLLER (WLC) WLAN Management Campus Core Firewall MAG Encrypted Access (Location) WLM1200 802.1x Authentication Trusted Client4 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
  • 5. JUNIPER WLA SERIES ACCESS POINT FAMILY  Highest performance APs in the industry  Most cost effective APs in the industry  Full featured Intelligent switching  Spectrum analysis across the portfolio  Bridging and mesh WLA Series Highlights 3 x3 MIMO 3 stream Dual Radio Max. Performance Functionality 2x2 MIMO Dual Radio 2x2 MIMO High Density Dual Radio All-Purpose 2x2 MIMO AP Single Radio Entry-level AP WLA532(E)- WW WLA522(E)- WW WLA322-WW WLA321-WW Entry level 802.11n Indoor 11n Outdoor 11n5 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
  • 6. JUNIPER WLC SERIES CONTROLLER FAMILY  Simplest solution in the Industry 64 - 512 11n AP  Highest Reliability in the industry  Only vendor with In-service upgrades  One software platform WLC2800 Enterprise  Full Featured distributed deployment 4 - 256 AP‟s WLC Series Highlights 16 - 256 11n AP‟s VMware 1H-2013 WLC880 Virtual controller 4 - 32 AP 16 - 128 11n AP‟s Campus Q! 1H-2013 WLC100 WLC800 12 AP 4 AP WLC8 Branch 4 WLC2 12 16 32 64 128 192 256 512 # of AP6 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
  • 7. JUNIPER WLM SERIES LIFE CYCLE MANAGEMENT RingMaster Planning and deployment  3D predictive planning tool  Indoor and outdoor network plan Configuration and Verification Plan  Complete offline configuration  System and service wizards  Pushes configuration to WLCs Report Config Monitoring and reporting  By user, radio, AP, WLC, SSID  30 day history aids compliance  WIDS/WIPS integration Trouble Monitor shoot Location aware  Search by location  Roaming history  Geo fencing7 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
  • 8. JUNIPER WIRELESS MANAGEMENT RINGMASTER8 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
  • 9. SMARTPASS – ACCESS CONTROLSmartPass is a multi-faceted web-based, access control application suite  Guest access module  Ease of use / Bulk user creation  API for 3rd part application integration  SMS / Email creation of guest coupons with Self-Provisioning  Accounting database  Detailed client accounting history  Reporting available via RingMaster.  Access control module  RFC 3576 support to change authorization attributes or disconnect client sessions (Dynamic Radius)  Location awareness for client sessions. – Allow or deny access based on location Centralized Guest Access – Change any AAA attribute based on location Database  Access Rules (location based, time based or a combination of both)9 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
  • 10. SIMPLICITY AT SCALE CONTROLLER CLUSTERING Old and Complex Approach Juniper‟s Simplified Approach Hot Stand-by or Back-up Controller Vendor Vendor A B Controller A Controller B Controller C Discrete controllers operate independently Clustered controllers – act collectively as single for AP redundancy configuration virtual controller for wireless configuration Optimized for: Optimized for: x Scale x Resiliency  Scale  Resiliency x Reliability x Management  Reliability  Management10 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
  • 11. NO NEED TO COMPROMISE JUNIPER NETWORKS WIRELESS LAN EVOLUTION Juniper WLAN Fat AP Architecture Thin AP Architecture Local Switching Central Switching Architecture Local AND Central SwitchingOptimized for: Optimized for: Optimized for:x Security x Management  Security  Management  Security  Managementx Reliability  Performance x Reliability x Performance  Reliability  Performance 11 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
  • 12. UNIQUE FLEXIBILITY OF THE CLUSTER ARCHITECTUREAs soon as WLC‟s are installed on the same DC, AP affinity can be used WLC1 / WLC2 WLC3 / WLC4 AD/DHCP/DNS Ring Master SmartPassDC 1 192.168.1.0/24 192.168.2.0/24 DC 2 WAN 192.168.4.0/24 192.168.5.0/24 DHCP 192.168.3.0/24 DHCP 192.168.6.0/24 Remote Remote Site 1 Site 212 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
  • 13. SINGLE POINT OF MANAGEMENT FEWER MANAGED DEVICES Primary Seed Secondary Seed Member Member Member13 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
  • 14. IN-SERVICE SOFTWARE UPGRADE HITLESS 1 UPGRADE Primary Controller initiates upgrade sequence; passes control to Secondary and upgrades 2 Secondary passes control back to Primary and upgrades Primary Seed Secondary Seed Member Member Member 34 Primary Seed coordinates individual AP moves associated stations member upgrades; Member moves APs to to alternate AP then upgrades backup controller and upgrades14 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
  • 15. AIRTIME FAIRNESS What will Juniper‟s Airtime Fairness do for the clients? Juniper‟s Airtime Fairness will provide each clients with an equal amount of time to send traffic. When a client goes into retransmission for whatever reason, that client will get less time next time he wants to send traffic. This will improve the throughput for all of the other clients connecting to that ap.15 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
  • 16. AUTOMATIC CLIENT LOAD BALANCING Automatic Load Balancing per RF Band Band Steering 5 GHz capable client „encouraged‟ to connect at 5 GHz 2.4 GHz only client connects at 2.4 GHz16 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
  • 17. PERFORMANCE - SPECTRUM MANAGEMENT -MONITORING AND ALERTINGAlerting on interference source  Classification and other properties  RSSI  Duty Cycle  Channel(s) impacted  Associated events with that source  Per AP historical information  30 day historySpectrograph  All channels in 2.4GHz and 5GHz band  Multiple AP views  Real time FFT (min, max average of interference signal), Swept spectrum, Duty cycle, 5 minute rolling historyAuto reconciliation for planned sources  Automatic correlation between planned and monitored source  Reduce false alarms17 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
  • 18. JUNIPER WLAN WHAT‟S NEW18 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
  • 19. JUNIPER WL SERIES FLAGSHIP ACCESS POINT WLA532 INDOOR 802.11N AP 3 Industry Bests  Highest Performance AP  Lowest Power Consumption AP  Smallest Form Factor AP Mandate this technology in RFP  450Mbps data rate (3x3, 3 spatial stream)• Juniper WLAN is 15-20% lessexpensive when comparing completeBOMs• Juniper WLA 532 outperforms Ciscoand Aruba by up to 35% as validatedby Novarum• Ideal for High Density environments•Look movie about WLA532http://techvangelist.net/juniper-at-wfd319 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
  • 20. WLA532E AVAILABLE FOR USAGE EXTERNAL ANTENNA‟S20 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
  • 21. REMOTE BRANCH ENHANCEMENTS Resilient SSID EX4400 WLA in the remote branch will be able to accept new client requests in the WLC2800 remote branch while in outage mode on pre-configured back-up SSIDs, supporting either clear or PSK authentication. Path MTU SRX This enhancement will make it possible to set the correct MTU size to avoid Ringmaster packet fragmentation. WAN Remote-site Country Code This enhancement will provide a way to group WLAs in remote sites, each such site having its own country-code for geographical deployed WLA‟s. WLAN Round Trip Latency Wireless clients will be able to authenticate to a WLA over high latency SRX WLA-WLC connections.Branch Remote Office DFS Support WLAs in outage mode will be able to change channels to avoid operating on EX2200 radar enabled channels.WLA532 WIDS Logging When in outage mode, rogue and other attack information can be forwarded to a log server directly from the WLA. 21 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
  • 22. WATCHED CLIENT LIST New and Improved Client Watch List from legacy RM 5.0 version. Allows RingMaster to collect detailed data for a subset of clients to assist troubleshooting. Collected data includes session properties, location history, events, and statistics. All the clients in the Watch List are tracked by MAC address. Data lifetime: Non-trended data for Watch List clients including session details, events, and locations will be stored for 30 days. Retrieves and stores RADIUS accounting data and location from the configured SmartPass server22 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
  • 23. WATCHED LIST AP/CONTROLLER RingMaster is able to collect detailed information for WLCs and WLAs. In the Equipment view of the Status Monitoring page, you can add WLCs and WLA‟s to the Watched list Data lifetime: This information is kept up to 1 Year. The types of collected data include the following: - Client Count - Name - Client Count by SSID - IP Address - Port Statistics - Traffic Information - Model - Traffic by VLAN - Serial Number - Booted WLAs - Version - CPU and Memory Management - Mobility Domain - Connectivity Graph - Last Updated23 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
  • 24. IF-MAP24 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
  • 25. IF-MAP(THE INTERFACE FOR METADATA ACCESS POINTS ) IF-Map is a SOAP based protocol for publishing data to the MAP-server and querying or subscribing to get data from it. IF-Map is an open, non-proprietary standard that is multi-vendor compatible.25 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
  • 26. SMARTPASS IF-MAP SUPPORT SmartPass HTTP Redirect (guest users) RADIUS Acct (dot1x users) WLC Wireless Clients RADIUS Auth (dot1x users) IFMAP UAC SmartPass 7.7 adds support for two IF-MAP use cases  Guest User Federation – Guest users authenticating with SmartPass have complete session information published to IF-MAP; UAC can apply dynamic policy based on “learned” sessions  IP-MAC Binding for Non-agented Dot1x Sessions – Dot1x users authenticate directly with UAC; WLC sends session IP-MAC binding to SmartPass via RADIUS acct and SmartPass updates dot1x session in IF- MAP26 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
  • 27. DEVICE FINGERPRINTING27 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
  • 28. DEVICE FINGERPRINTING SOLUTIONS MSS device fingerprint Detection Support database characteristics •There are various •All controllers and 11N •Each device fingerprinting techniques WLA‟s. available which use •Pre-configured list of device fingerprint has a protocols like DHCP, ARP, fingerprints. label, called device- DNS, HTTP to determine • Additional fingerprints can type, that is used to the type of device. For be added by user. identify the detection, it will be used •Device detection and DHCP in MSS attribute assignment is be fingerprint. •Whenever the DHCP client supported with regular •User will be able to issues a DHCP request, it authentication mechanisms. add/delete/modify asks for DHCP option •Ability to query MSS to •Examine the DHCP show total counts by device- these fingerprints. messages for their DHCP type and device-profile. option.28 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
  • 29. DEVICE FINGERPRINTING - CONFIGURATION29 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
  • 30. Autotune Channel30 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
  • 31. NEW TERM: “INTERFERENCE DOMAIN”Def.: A set of radios in a MoDo that can interfere with each other  Overlapping coverage, so affected by each other‟s channel settings  Conversely, radios in different InDos do not mutually interfere  Example: radios that aren‟t on the same band  Only purpose is to improve scaling characteristics of the feature  In a large MoDo, most overlaps are too weak to affect the solution  Don‟t want to store & process large tables of near-zero interference  InDos are created automatically from the same RF data that drives the channel selection algorithm Temporary, non-configured, non-user-facing31 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
  • 32. DOMAINS OF PROCESSING Communications infrastructure MoDoSet of radios that affect each other InDo InDo AP Radio Radio Radio Radio Radio Radio32 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
  • 33. IPV6 FEATURES IPv6 address detection Session visibility in CLI, SNMP and RingMaster ACLs IPV6 QoS support using DSCP Captive Portal with dual stack clients33 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
  • 34. TRANSMIT BEAMFORMING A radio-frequency (RF) technique that focuses the RF energy to radiate directly at the receiver to improve signal reception and thus increase throughput. We implemented 802.11n-based transmit beamforming (TxBF):  does not require special antenna design  only works with clients that support 802.11n-based TxBF TxBF is supported in the following AP models in MSS 8.0:  WLA532, WLA322 and WLA321 Without TxBF With TxBF34 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
  • 35. TRANSMIT BEAMFORMING 802.11n standard specifies 2 different TxBF methods. Implicit TxBF Explicit TxBF beamformee beamformee beamformer beamformer 1. Beamformee transmits Long Training Symbols (LTSs) to 1. Beamformee makes direct channel estimate from LTSs sent beamformer. Beamformer makes channel estimate on the LTS. from Beamformer. Channel feedback 2. Beamformee returns channel feedback based on the channel 2. Beamformer computes the transmit steering matrix based on estimate. the reciprocal of the channel estimate. Beamformer can then perform TxBF. Implicit TxBF requires the radio to be calibrated accurately to improve reciprocity which complicates the transceiver 3. Beamformer computes the transmit steering matrix based on design. the channel feedback. Beamformer can then perform TxBF. We support Explicit TxBF based on the Atheros radio capabilities.35 Copyright © 2012 Juniper Networks, Inc. www.juniper.net