CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved

ArubaOS 6.4, AirWave og Lync

Anders Lagerqvist Systems Engineer

CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved

ArubaOS 6.4

AppRF 2.0

DPI for ~1,500 apps! B/W contract per app. App groups

AppRF 2.0

UCC dashboard and improved diagnostics

UCC/Lync Visibility

Reduce Client failover times

HA Phase 2

With group-based device sharing, time fencing and AirWave integration

AirGroup for DLNA & UPnP

CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved

AppRF  2.0  Features

• Incorporates  Application  Aware  Deep  Packet  Inspection  technology – Uses  advanced  techniques  for  application  ID – Over  1500  Applications

• Operates  at  user  role  level  to  provide  automated  application  control – Block  application  or  categories  of  apps – QoS  application  at  L2  or  L3 – Bandwidth  contracts  for  applications

• New  Category  Dashboard  element • Shows  apps  by  category  such  as  Peer-­‐to-­‐Peer,  Streaming  video

• Customers  can  add  their  own  HTTP-­‐based  app  definitions

• Graphically  based  application  blocking  work  flow

Lync Mobility Best Practices

Growing Market, Technical Headwinds

>20% Annual Growth Rate

of Enterprise Mobile

Devices Connecting To Wi-Fi

>28% CAGR of Enterprise Network Traffic Thru

2017

≥3 Devices Per User Needing 5Mbps of Shared Network

Access

≈1% CAGR Of On-Premise

UC Deployments (N America)*

$50B Combined UC On-Premise And Cloud

Markets (N America)*

>20% CAGR Of UCsaaS

While Price Compress At >5% Per Annum

(N America)*

80% Enterprise Wi-Fi Networks Not

Designed For The Surge of Mobile Users

48% Enterprise IT

Planners Expect Cloud UC To Be Main

Model In 2017**

Critical Inflection Points for Midmarket Mobility Initiatives, James A. Browning, Gartner, 11 July 2014 * Tech Go-to-Market: Selling Unified Communications in a Highly Disrupted Market, Bern Elliot and Tiffani Bova, Gartner, 3 June 2014 ** Market Trends: Key Trends in Unified Communications Technology, Adoption & Delivery, Megan Marek Fernandez, Daniel O'Connell, Tom Eagle, Gartner, 18 July 2014

• Need to optimize Wi-Fi environment • Need to ensure proper prioritization of UCC traffic • Must have tools to measure and troubleshoot end-to-end

Environment Is Challenging• Wi-Fi bandwidth is a scarce commodity

• IT priorities must be carefully set, rigorously enforced

• Lync and other priority applications must be allocated more network resources • Others apps must be selectively

disadvantaged • BYOD brings a mix of devices and

capabilities • Devices must be correctly enabled and QoS

tagged bi-directionally • Changing RF requires agile Wi-Fi

adaptation

The Five Pillars Of Lync Mobility

• Voice-grade Wi-Fi deployment • Traffic optimization • Lync packet tagging • Mobile BYOD • Lync diagnostics and troubleshooting

RF Design Best Practices For Voice• Capacity  based  Wi-­‐Fi  vs.  coverage  based  across  all  areas  of  Lync  usage  • Pervasive  RF  coverage  with  AP-­‐AP  spacing  ≈15  meters  

• Small  cell  sizes  maximizes  client  data  rates • Minimum  -­‐65  dBm  RF  signal  (RSSI)  ,    minimum  25  dB  signal-­‐to-­‐noise  ratio  (SNR)  

• Higher  number  of  APs  operating  with  lower  TX  power  ensures  resiliency • Minimum  and  maximum  AP  power  difference  no  greater  than  two  steps

Roaming Behavior• Many  devices  have  unique  characteristics    

• Proprietary  roaming  algorithm,  scanning  behavior,  receive  sensitivity

• Bad  driver  design  can  prevent  Wi-­‐Fi  clients  from  roaming  to  the  best  access  point  • Addressed  by  infrastructure  deterministically  mapping  clients  to  the  best  AP  –  no  change  to  client  or  client  software  required

• Steering  based  on  SNR  and  signal  level  information  gathered  from  client's  perspective

• Steering  decision  made  based  on  probe  requests  from  the  client

• Combined  with  periodic  load  balancing  it  ensures  seamless  roaming

RF Design Best Practices For Voice

ENABLE

• Voice/video/load  aware  scanning  to  detect  priority  traffic • Client  and  interference  awareness  to  optimize  operation • Spectrum  load  balancing  to  ensure  adequate  bandwidth • QBSS  Load  Information  Element  to  help  clients  select  the  best  AP   • WMM  traffic  management  to  provide  an  SLA • Application  flow  and  load  awareness  so  voice/video    get  prioritized • Fair  access  to  assign  more  bandwidth  to  corporate  vs.  guest  traffic  • Band  steering  to  give  high-­‐speed  clients  a  fast  lane • Higher  rate  beacons  to  reduce  airtime  consumption • Higher  data  rates  to  prevent  low-­‐speed  chatter

Optimize For Roaming

RO

AM

ING • Minimize  inter-­‐AP  power  differences  to  promote  faster  roaming  

• Avoids  “hotter”  APs  which  attract  more  distant  clients • Enable  Extensible  Authentication  Protocol  over  LAN  (EAPoL)  rate  optimization  in  802.1X  environments • Ensures  APs  send  EAPoL  frames  at  the  lowest  possible  rates,  maximizing  chances  of  receipt  the  first  time  and  avoiding  auth  delays  due  to  retransmitted  packets

• Use  802.11r    for  fast  BSS  transitions • Match  QoS  markings  used  by  the  clients  –  mismatches  impact  voice  quality  

• Define  two  basic  rates  for  convenience  and  avoid  low  basic  rates  

Authentication/Encryption Guidelines• 802.1X  authentication  through  a  RADIUS  server  can  introduce  delays  during  re-­‐association  and  roaming  

• Use  Opportunistic  Key  Caching  with  802.1X  for  faster  roaming  

• EAP-­‐TLS  provides  the  best  security  and  is  preferred  in  enterprises  than  EAP-­‐PEAP  • PSK  has  lower  delays  and  works  well  for  voice  devices  but  is  not  preferred  due  to  weak  security

Traffic Management

Lync DSCP Tagging • Tunnel  Mode:  DSCP  retagging  at  controller  • D-­‐Tunnel  Mode:  DSCP  retagging  at  AP  • WMM  Only  –  Tunnel  Mode:  controller  sets  egress  DSCP  per  Layer2  priority  sent  by  client  

• Heuristics  –  Tunnel  Mode:  controller  finds  Lync  voice/video  traffic  and  retags  packets  per  SSID  profile  mapping    

• SDN  API  –  Tunnel  Mode:  controller  learns  Lync  traffic  type  from  SDN  API  and  retags  packets  per  SSID  profile  mapping    • Desktop-­‐sharing  mapped  to  the  same  priority  as  video

•Routing

•Voice

•Video Conferencing

•Streaming Video

•Mission-Critical Data

•Call Signaling

•Transactional Data

•Network Management

•Bulk Data

•Scavenger

•Best Effort

QOS - Tunnel Mode (WMM Only)

Mobility Controller

AP

Client-A, VO: DSCP 46

Client-B, VO: DSCP 46

DSCP 46 WMM VI

DSCP 34 WMM VI

DSCP 34

DSCP 34

VO: 46 VI: 34

• AP looks at L2 Priority and sets DSCP per DSCM-WMM mapping in controller

• Controller decrypts packet and uses L2 priority to assign DSCP mapping in downstream direction

Controller decrypts the packet and retags as per L2 priority

AP looks at L2 priority and puts DSCP as per DSCP to WMM mapping

QOS - DTunnel Mode (WMM Only)

Mobility Controller

AP

Client-A, VO: DSCP 46

Client-B, VO: DSCP 46

DSCP 46 WMM VI

DSCP 34 WMM VI

DSCP 34

DSCP 34

VO: 46 VI: 34

• AP decrypts packet and looks at L2 Priority to assign DSCP per DSCM-WMM mapping in controller

• Controller passes the same DSCP tag in the downstream direction

Controller passes the same DSCP tag

AP decrypts the packet and retags as per L2 priority

Backbone Network

• ACL is defined on Wi-Fi network to listen on port TCP 5061 • Classify media is enabled and ACL is mapped to a user

role • Lync voice/video calls hit the Lync ACL and Lync clients

are marked as Media-capable • Subsequent UDP data flow with source/destination port

>1023 from/to Media capable clients goes through Deep Packet Inspection (DPI) engine

• DPI identifies an RTP session then the payload type in RTP header is assessed to determine if it’s a voice/video session

• Type of Service (TOS) is set in the session equal to the egress Wi-Fi tunnel DSCP mapping configured in SSID profile

Heuristics-Based Lync Classification

Ideal For Office 365

Lync SDN API Network ArchitectureLync Federated

Partners

Reverse Proxy

Lync Edge Server

Lync FE Server Pool/ Lync SDN API Dialog Listener

Lync SDN Manager

Internet

Wi-Fi Mobility Controller

Exchange Server

QoE Server/ Monitoring

Active Directory

Backbone Network

Call type update

Call transition update

Call QoE update

• Wi-Fi controller, Lync server configured for SDN API • User makes Lync peer-to-peer call through server, Lync

server sends call type to controller • Controller prioritizes Lync traffic types and applies

correct DSCP tag • DSCP tag for video applies to desktop sharing • DSCP Tag for file transfer is best effort

• Lync server sends controller a call transition update from voice to video

• At end of the call, Lync Server sends controller QoE metrics

SDN API-Based Lync Classification

Ideal For On-Premise & Hosted Lync 2013 Server

Capabilities: Heuristics vs. SDN APIFeature Heuristics SDN APITagging and retagging WMM/DSCP values ✓ ✓

Dynamic identification/prioritization of Lync voice/video streams ✓ ✓

Prioritization of Office365 traffic ✓ ✓Scalable beyond 100 controllers ✓Independent of Lync infrastructure ✓Dynamic identification/prioritization of Lync desktop sharing, file transfer ✓Call metrics including MOS for diagnostics and troubleshooting ✓Visibility into dialed numbers and gateway endpoint ✓Real-time call quality analysis using UCC score ✓Correlation between UCC score and Wi-Fi health metrics ✓UCC dashboard for network-wide visibility and troubleshooting ✓Network-wide view across multiple controllers ✓Lync application usage overlay on a floor plan ✓Accurate identification of 100% of all Lync traffic ✓

QOS - Tunnel Mode (Heuristics)

Mobility Controller

AP

Client-A, VO: DSCP 46

Client-B, VO: DSCP 46

DSCP 46 WMM VI

DSCP 46 WMM VO

DSCP 46

DSCP 34

VO: 46 VI: 34

• AP looks at L2 Priority and sets the DSCP per DSCM-WMM mapping in controller

• Lync heuristics determines the access category based on the codec – if voice codec used it gives DSCP value corresponding to voice

Controller decrypts the packet and retags as per as per Traffic type

AP looks at L2 priority and puts DSCP as per DSCP to WMM mapping

QOS - Tunnel Mode (SDN API)

Aruba Mobility Controller

AP

Client-A, VO: DSCP 46

Client-B, VO: DSCP 46

DSCP 46 WMM VI

DSCP 46 WMM VO

DSCP 46

DSCP 34

VO: 46 VI: 34

• AP looks at L2 Priority and sets DSCP per DSCP-WMM mapping in controller

• Lync SDN API informs controller that it’s a voice call • Assigned DSCP value corresponds to the value for voice mapped

under the ssid-profile - if multiple values, the first will be assigned to the DSCP

Controller learns the traffic type from Lync Server SDN API and does DSCP retagging

AP looks at L2 priority and puts DSCP as per DSCP to WMM mapping

BYOD Impacts Access Network Model

• Security  and  QoS  assurance,  traffic  engineering  needs  a  new  context-­‐focused  paradigm  based  on  user,  device,  mode  (personal/enterprise),  application,  location  

L1/L2 Network separation no longer exists; one common services network shared between all users, devices, applications IP-PBX

server

Many network destinations – including classic, public cloud, virtualized, personal

internet

private cloud

Cloud and SaaS

Each user has multiple devices, some Enterprise and some BYOD

Each device supports multiple apps, some Enterprise and some personal

BYOD Traffic Engineering For Lync

• With  lots  of  active  UCC  flows  all  hitting  the  DMZ  and  edge  server  the  network  must  be  designed  to  keep  Lync  traffic  local  instead  of  dragging  it  to  the  DMZ  

•  

Lync Heuristics Configuration·

SDN API: Target Controller

SDN API Configuration Changes• Once  the  API  is  installed,  edit  the  configuration  file  LyncDialogListener.exe.config  to  point  the  API  to  the  controller  and  tell  it  what  information  to  send  

• For  http  based  configuration  use  controller  IP  address,  but  for  https,  you  must  use  controller  FQDN  

• Restart  Lync  Dialog  Listener  service  after  configuration  changes

<?xml version="1.0" encoding="utf-8"?>  <configuration>  <appSettings>  <add key="submituri" value="  http://10.10.110.1:15790;https://aruba-lync.arubanetworks.com:15790  "/>  <add key="hidepii" value="false"/>  <add key="sendallcallqoe" value="true"/>  <add key="sendrawsdp" value="false"/>  <add key="sendcallinvites" value="false"/>

http/https Configuration

• Controller  and  SDN  API  can  be  configured  to  communicate  over  http  and  https  • https  configuration    

• Generate a server certificate and install on the controller • The server certificate must contain the FQDN of the controller • The certificate must be signed by a certificate authority (CA) and the

root certificate must be installed on both the controller and the Lync front-end server

Configure Web Lync Listening Port

#configure terminal (config) #web-server (Web Server Configuration) #web-lync-listen-port http 15790

Enable Lync ALG

#configure terminal (config) #no firewall disable-stateful-sips-processing

Set Lync ACL

netservice svc-sips tcp 5061 alg sips  !  ip access-list session lync-acl  any any svc-sips permit queue high  !  user-role test  access-list session lync-acl  

Disable Classify-Media for Lync SDN API

Enable Lync Traffic Prioritization

#configure (config)#app lync traffic-control (Configure Traffic Control) #prioritize-video (Configure Traffic Control) #prioritize-voice (Configure Traffic Control) #prioritize-desktop-sharing (Configure Traffic Control) #prioritize-file-transfer

SDN API – Controller Message Exchange

Debugging▪ Controller  provides  debug  logging  to  troubleshoot  issues  like  call  drop,  poor  call  quality,  delays

Sample Debug logs:    May 7 14:13:58 :503188:<DBUG> |stm| |voice| VM: vm_lync_handle_xml_msg:1139 LYNC INFO: Received XML message from Lync Server of length = 3772  May 7 14:13:58 :503188:<DBUG> |stm| |voice| VM: vm_lync_check_xml_msg_syntax:2181 LYNC INFO: Stats are start left & right, end left & right = 0 0 1 1  May 7 14:13:58 :503188:<DBUG> |stm| |voice| VM: vm_lync_get_xml_msg_type:3377 LYNC INFO: XML method found startDialog  May 7 14:13:58 :503188:<DBUG> |stm| |voice| VM: vm_lync_parse_xml_msg_n_store:2256 LYNC INFO: lync method is start dialog

Visualization & Troubleshooting

The  fifth  pillar  of  Lync  mobility  is  formed  when  mashed  Lync  and  network  data  are  presented  on  

a  powerful  visualization  tool  

System Status At A Glance

Applications In-Flight

Identify Client Configuration Errors

Quality Of Service Tagging Issues

Usage Trends Troubleshooting

One Click Drill Down

User – “Jenny” – Calls Help Desk

User-Specific Trends

Individual Call Records

Individual Call Records & Trends

Bad Call Details

30 second sample call quality and client health

Dip in quality correlates with dip in health

AirWave – Multivendor Bird’s Eye View Of Trouble Spots

UCC Dashboard• Dashboards Identify call quality issues and correlate with client health • Data via AMON • Lync overlay with historical view of calls • Lync Mobility trail to track historical call sessions

Dashboard to Diagnostic page

• Drilldown from Dashboard: Click on a call (designated by a dot) which will take you to the Client Diagnostic page with UCC view. The call is selected in the list of calls.

Call Details• Selecting a call gives details for the call. In addition to call quality and client health you

get jitter, delay and packet loss. • The graph shows call quality and client health mapped over time. • The red icon shows the point at which the client roamed during the call..

Summary• The foundation of Lync mobility is voice-grade Wi-Fi • Traffic optimization is needed to free bandwidth for latency-sensitive Lync voice/video traffic

• Lync packet and retagging of mismarked packets is essential for QoS

• Mobile BYOD must be factored in to minimize the performance impact of adding new devices

• Lync diagnostics and troubleshooting keeps Run state networks humming

Questions ?