PLNOG14 - Wireless Cloud, a new business for operators - Jochen Müdsam

©2014 Extreme Networks, Inc. All rights reserved.
Wireless Cloud -
new business for operators
New requirements & WiFi standards force the need
for scalable and flexible WiFi architectures.
Jochen Müdsam, Senior Network Consultant
jmuedsam@extremenetworks.com

 Trends & challenges of mobile enterprise infrastructures
 Overview Gigabit WiFi 802.11ac & high density design
 The Cloud Architecture
Agenda
New requirements & WiFi standards
force the need for scalable and
flexible WiFi architectures

Experience Economy
The
 Consumerized experiences shape our mobile expectations
 People desire Wi-Fi that is simple, fast and smart
 The greatest opportunity for IT is to exceed expectations

Wi-Fi Fuels Growth
The Mobile World Expands
 +70% of global wireless traffic traverses Wi-Fi
 Internet of Things including wearables is in its infancy
 Over 7 Billion Wi-Fi devices will be shipped in the next 3 years

Endsystem Explosion- „Post PC Era“
Holistic IP Convergence
Number of Endsystems
IP Printers
Medical systems
Facility Management
Building Control
Security
VoIP Phones
Systeme/OS
Diversität
(Virtual) servers
PC
Sensors,
M2M
Smart Phones, Tablets
Production Control
Laptops
IP Video
Surveillance
Corporate
not managed
Private
managed
Private
not managed
Corporate
managed
Corporate
not managed
Private
managed
Private
not managed
Corporate
managed

What is 802.11ac?
 The 5th Wi-Fi Generation
 3x the over-the-air performance in Wave 1 compared to 802.11n
 Extented Battery Lifetime
 Backward compatible
H1-12 H1-15H2-12 Q1-13 Q2-13 Q3-13 Q4-13
1st Gen Wave-1 Chips
Wave-1
802.ac APs 1st Gen
Wave-2 Chips*
802.AC
ratified
Full
Wave-2 Chips
H1-14
Wave-2
Extreme APs

 Up to 1.3 Gbps per Radio - with 802.11ac Wave 1
 includes 2 technology innovations compared to 11n:
 Wider channels: 80MHz (11n max. 20Mhz and 40Mhz)
 Higher modulation: 256-QAM (11n only 64-QAM)
802.11ac
Characteristics Wave 1

Client
MIMO:
Spatial
Streams
AP3825 Channel Width
20 MHz
(Mbps)
40 MHz
(Mbps)
80 MHz
(Mbps)
11ac
1x1:1 86.7 200 433.3
2x2:2 173.4 400 866.6
3x3:3 260 600 1300
11n
1x1:1 72.2 150 N/A
2x2:2 144.4 300 N/A
3x3:3 216.7 450 N/A
bag
a/g 54 N/A N/A
b 11 N/A N/A
11
80MHz and 256 QAM PHY Rate
3x3 1.3Gbps, ~850Mbps TCP
2x2 866Mbps, ~600Mbps TCP
802.11ac
Characteristics Wave 1 – client data rates

CHANNEL WIDTH NO. OF CHANNELS
(U.S)
NO. OF CHANNELS
(EUROPEAN UNION)
20MHZ 24 19
40MHZ 11 9
80MHZ 5 4
160MHZ 2 2
12
Significant reduction of non-overlapping channels with increased channel bandwidth -
only in the 5 GHz band used. Consider DFS support for clients
802.11ac
Characteristics Wave 1 – 5 GHz – non-overlapping channels

©2014 Extreme Networks, Inc. All rights reserved.13
802.11ac
Characteristics Wave 1 – Higher modulation method: 256-QAM
More information per symbol

256-QAM
80MHz
3 Spatial Streams
-56dBm
 802.11ac requires a 13 dB stronger signal to take full advantage of the higher modulation method
802.11ac
Characteristics Wave 1 – Higher modulation method: 256-QAM

600 Feet
600 Feet
360,000 Sq. Feet
Sample coverage for 3x3 11n AP (or 3x3 11ac AP with 11n clients) in HT40 mode
360405
450
802.11ac
Characteristics - Coverage vs. Speed

600 Feet
600 Feet
360,000 Sq. Feet
Upgrade to 3x3 11ac AP with 11ac clients, still using 40Mhz channels (VHT40)
360
405
450
540
600
802.11ac

600 Feet
600 Feet
360,000 Sq. Feet
Upgrade to 3x3 11ac AP with 11ac clients using 80MHz channels (VHT80)
780
878
975
1170
1300
585
802.11ac

 up to 1.7 Gbps per radio - with 802.11ac Wave 2
 includes 2 technology innovations versus 11ac Wave 1::
 Additional spatial streams: up to 8 (theoretically) compared with 4 11n (no manufacturer
has more than 3 streams into products) - Wave 2 4 streams (4x 433 Mbps = 1.7 Gbps)
 Multi-user MIMO: possibility of multiple stations on the same channel tx at the same time
support (compared 11n only one station per time slot
802.11ac
Characteristics Wave 2

Overview WLAN Architectures
History
Split MAC/ Thin AP Architecture
 Split MAC between AP and Controller (Encryption,
QoS, RF Management)
 No scale in big enviroments
Fat AP Architecture
 Everything (Management & Traffic Forwarding) direct
on each AP
Management
S/W
IP Network
Fit AP Architecture
 Decentralized Policy Enforcement (Encryption,
QoS, RF Management)
 Centralized Management & Control

The Cloud- Architecture
ONE Architecture for all requirements
 Reduced hardware costs
 Ease of Management
 Improved performance via
bridging, filtering, QoS and rate
limiting directly on AP
 AP High Availability: new
connections and roaming
irrespectively of the Cloud
 Central and distributed client-
traffic forwarding
22

AP Intelligence
Reduced Controller Dependency
AP HA &
Advanced Services
Virtualization
Data Centralization
 Bridge @ AP
 Filter @ AP per User & Application
 QoS @ AP per User & Application
 Rate limit @ AP per User
 RF Optimization @ AP
 Existing connections operate
independent of cloud (pre-shared
key & 802.1x)
 New connections operate for pre-
shared keys & 802.1X independent
of cloud
 Roaming operates independent of
cloud
 Guest services via cloud
 V2110- first virt. Controller for
VM-Ware & Hyper-V
 Configuration management
 WIPS for centralized monitoring,
response
 L7 Application Monitorung
 One centralized security
application for global deployment
 SDN intergation
Cornerstones

Roles
IT Admin Employee Guest
Services
Corporate
Productivity
Applications
Internet &
VPN Access
Only
Admin.
Applications
Rules
AllowHTTP
AllowHTTPS
AllowIPSec
AllowSAP
RateLimit
AllowPing
AllowTelnet
AllowEmail
AllowTFTP
AllowSNMP
AllowOracle
DenyBcast
Roles
correspond
to specific
user types
on the
network
Services
group Rules
and apply to
Roles
Rules allow,
deny, rate
limit or
contain
specific
traffic type
• A single enforcement architecture from edge
to data center
• Meeting customer needs since 2001 - over
10 million switch ports and access points
• Enforcement at the edge (point of ingress)
• Meeting business needs
• Layer 2-4 Access Control
Enforcement for QoS, rate limiting,
VLAN, Topologie
(Bridge@AP/Controller, per
Application)
• Flexible policy enforcement criteria
• Unique in the industry
• Scaling from the wireless edge to the data
center
Flexibility Policys – foundation for Single SSID Design

 Userbased Policys vs. SSID based
 Per user/ application topology, QoS, rate-limit ACL
 therefore less SSIDs needed - easier configuration of clients
 simpler enforce security policies as SSIDs are less protected
 Better performance in the air - because fewer beacons
Example with 6 SSID per AP – 3 APs- same area:
Beacon Data Rate Channel Bandwidth Utilization
1 Mbps 25.92%
2 Mbps 12.96%
5.5 Mbps 4.71%
11 Mbps 2.36%
6 Mbps (802.11a/g) 4.32%
12 Mbps (802.11a/g) 2.16%
Same Network with 3 SSIDs per AP:
Beacon Data Rate Channel Bandwidth Utilization
1 Mbps 12.96%
2 Mbps 6.48%
5.5 Mbps 2.36%
11 Mbps 1.18%
6 Mbps (802.11a/g) 2.16%
12 Mbps (802.11a/g) 1.08%
WLAN Appliance
LAN
SSID Production
Policy intern
Policy Guest
Policy BYOD
Flexibility - Single SSID Design
Policy BB
Policy Scanner

Access Type(s) Application Provision
AuthenticationVirtual Device
Identity(s)
Device Type(s) Physical Device
Identity(s)
Location
Time of Day
Authorization
Health
User Identity – Joe
Smith
Apple Lion OSX v10.7
Android v4.0.4
Wednesday, April 11, 2012
9:41:00 AM EST
Building-A
Floor-2
Conference Room-7b
Apple MacBook Air
Samsung Galaxy Note
Windows v7.5.3
MAC-Auth: 28:37:37:19:17:e6
PWA: 00:00:f0:45:a2:b3
802.1X: 00:0D:3A:00:a2:f1
Wireless
Associated AP: wifi-243
SSID: Prod-Guest
BSSID: 0-1a-e8-14-de-98
Role: Sponsored Guest
Sponsor: Jane Doe
Internet Access
Shared Engineering Servers
Web (HTTP): 5Mb download
Email (SMTP): 2Mb download
All other Services: DISABLED
Symantec Anti-Virus: Enabled
Signature Update – v10.4.3
OS Patches – Up to date
Peer2Peer Service: DISABLED
43 Services Running
Visibility – Holistic approach for BYOD and Identity & Access Management

Policy
Guest
Contractor
Employee
Employee
Owned
Vstng_Emp
Device
Personal
Device
Corporate
Device
Guest
Device
Wireless
Conferenc
e Rooms
Allow
Single
SSID/VLAN
Weekends
Holidays Rate Limit, QoS
Contain
Web based
MAC
Multiple VLANs
Deny
M–S
8 am–6 pm
TimeLocation
Access
Method
DeviceUser
Outside the
agency
5ft from an
Acess Pt
Anytime
Hall way
Class room
Wired
802.1x
HTTP
Salesforce
Youtube
Twitter
Application*
Facebook
Oracle
Privileged
user
Auth.
Method
VDI
Context based Control – Holistic approach for BYOD and Identity & Access Management
IF $User AND $Device AND $Access Method
AND $Location AND $Time THEN $Permission_Allowed

RADIUS Request
LAN Switch
Extreme Policy and/or RFC 3580
Internet
VPN
AP
WLAN
Appliance
User-Based
Policies
Infrastructure & vendor independent – Holistic approach via OneFabric Control Center

30
Switch
AP1
AP2
AP3
WLAN Appliance
Personal request, no
encryption
Patient info encrypted
for privacy – HIPAA
requirement
Access denied
based on location 3rd party service
is consulted
Internet
Data Center
Containment of
multicast traffic
(e.g. Apple
Bonjour) at AP –
no congestion
* Only company to support this for the same SSID
The Cloud- Architecture in Action
Best Practice – Integration MDM and Bonjour Traffic
NMS & IAM

Building block of a successful mobility solution
 Integrated Architecture & Management for LAN & WLAN
 IAM & BYOD visibility, control, security, simplicity
 Programmability & SDN
 Flexible architecture
Perfectly designed to extend Service Provider Business into
WiFi

PLNOG14 - Wireless Cloud, a new business for operators - Jochen Müdsam

More Related Content

What's hot

Viewers also liked

Similar to PLNOG14 - Wireless Cloud, a new business for operators - Jochen Müdsam

PLNOG14 - Wireless Cloud, a new business for operators - Jochen Müdsam