Embed Size (px)
Citation preview
Session ID 20PT
Mobility Wireless Best Design Deep Dive
MinSe Kim
Technical Marketing Engineer
Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 2
WLAN market credentials:
• 5+ years of growing faster than the market
• 250,000+ enterprise customers
• 10+ Million Access Points shipped
• 93% of Fortune 1000 selected Cisco
WLAN
• 77% of Fortune 1000 installed Cisco
802.11n
•Grew $350+ Million in trailing 12 months
WLAN Industry credentials:
• Gartner listed as Market Leader for 5+
years
•15+ years of WLAN development
experience
• 50+ IEEE 802.11 active members
• 750+ wireless engineers
• 140+ granted patents - 270+ patents
pending
• ICSA, FIPS, Common Criteria, PCI
certified
Cisco Mobility / WLAN Leadership
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 3
Wireless Service Architecture
Centralized
Distributed
Hybrid
Network Usage type
Campus Network
Branch Network
Remote Access Network
Common Requirement
Performance – Promising Maximum performance
Mobility – Freedom of Mobility, regardless of size of network
Secure – 802.1x, Policy-based management, BYOD, wIPS, Data Privacy
Manageability – RF Specialized, Wired-Wireless management, Client
Troubleshoot
Today’s WLAN Service Architecture
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 4
Centralized Architecture
Data path is centralized to the WLC. Communication between AP and WLC is
automatically tunneled and encrypted
Easy control traffic and provide ―specialized‖ mobility network services
Create access network independent Wireless Network
Expecting WLC upgrades as WLAN standard moves to faster 802.11n
Usual suspects on Centralized Architecture…
Can Controller handle increasing traffics from 802.11n devices?
192.168.0.x
10.1.1.x
192.168.0.x
20.1.1.x
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 5
802.11n Myth
What we hear from the ―industry‖
―802.1n will deliver 300Mbps, 450Mbps, 600Mbps … 900 Mbps…‖
So Can WLC get chocked up as WLC will become bottleneck?
Influx of new devices 802.11n
Supports 20Mhz, Long Guard Interval
Single Tx / Rx
Maximum Datarate = 65Mbps
Still stand truth in 2011
20% Datarate
increase from
802.11a/g
Mostly came
from 2.4Ghz
Oversubscription is between downlink-uplink is typical in wired design (100Mbps x 24 : 1Gbps 24 Gbps x 20 : 2-20Gpbs)
Cisco WLC’s subscription ratio is the lowest in the industry.(500AP :
8Gbps)
Required Network performance is application driven, not device driven
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 6
Campus / HQ type deploy model
Campus Network or In-building networks that spans multiple subnet.
(Campus, Multi-story office, High density usage types)
Enterprise WLAN network requires versatile, adaptable network that
embrace legacy network requirements
Mobility/Scalability/HA/Security …
Integration of legacy wired infra (VLAN, IP Subnetting) with full mobility
Complex requirements and sophisticated security & management policy
yet minimize management points Born WLAN Controller based
architecture and design
Usual questions on Campus/Multi-story network
How to design WLAN network on top of current wired infrastructure?
Scalability / Future-proof network roadmap
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 7
Why Centralized Architecture? Performance Perspective
In centralized
architecture,
controllers seats inline
data processing
Controller is
sophisticated system
that responsible for
data processing,
security, encryption,
RF management –
Needs to be High
performance, full-
featured system.
3550
3550
WLAN
Controller
Network
Backbone
AP
L3 Tunnel
3F
2F
1F
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 8
Why Centralized Architecture? Mobility Perspective
Essential architecture in campus & Multi-story building
Best architecture that guarantee mobility and scalability
SSID Independent VLAN/IP subnetting
AP Group – VLAN/IP
Subnetting per
location(per AP)
Dynamic VLAN
(requires .1x auth
per user)
VLANselect
(Automatic)
Building A Building B
Building C-2F above
Building C-1F
User Group A User Group B
User C
User D
Different VLAN per User
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 9
Why Centralized Architecture? Security Perspective
Centralized Network Security Policy design and enforcement
Device Profiling and dynamic policy change (CoA)
and Location tracking, Data privacy, wIPS, Troubleshooting…
VLAN 10
VLAN 20
New BYOD
Employee
Company
Laptop
WLAN
Controller
Intranet
Resource
Internet
Access Only
User Location
Time Attribute X
DHCP
RADIUS SNMP
NETFLOW HTTP
DNS Device
Centralized
Policy Engine
Wired-Wireless
Integrated
NMS
Single SSID
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 10
Branch type usage model
WLAN Design that targeted for Branch
Local Branch WLC is not decided by number of active users in the
branch but required by its application.
Number of AP per branch is variables but architecture shall be capable
of future scalability
Usual questions in branch type deployment…
All Wireless ?
What is optimal trade-off of branch network design while maintain quality
of service
How to leverage/integrate current branch IT facility
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 11
Distributed Architecture
WLC does not participate in user data path. Data is switched to local
branch network at the branch AP level
Mobility is only allowed on single subnet level and user VLAN is defined
at the branch access switch
Typical questions in Distributed architecture
Is that useable on campus or HQ design?
How to provides L3 mobility in distributed architecture
Can we provide enough mobility experience – from performance &
scalability perspective
What is security policy?
Does it provide enough scalability from feature, flexibility and capacity
perspective?
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 12
Hybrid Architecture
WLC can engage on user data traffic plane based on types of user,
types of device yet it maintains control plane only network
AP have different WLAN profiles and AP supports access of both
centralized or distributed network
Used in Branch that needs to have both distributed and centralized
architecture feature
Usual questions in hybrid type approach…
What types of WLAN service is possible from hybrid network
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 13
Hybrid WLAN service using private cloud controller
Wide Area Network
Lower CapEx
Single Configuration, Easy maintentance
Centralize IT support resource
FlexConnect 7500 • Scalable
• Supports Hybrid
Wireless Network Data Center / Private Cloud
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 14
Remote Access type usage model
Telecommuter or satellite office employee use simple yet secure WLAN,
connects to headquarter network
Login/Access/Encryption/Personal SSID settings etc., All of these
processes are assuming operation under untrusted network environment
Better user experience – AutoProvisioning, Zero-touch client, Flexibility
through Home SSID and multiple Ethernet ports
Usual questions in WLAN remote access …
How to compare various VPN options?
Can it be used in different types of remote network?
How easy to use? While system provides similar security of corporate
network
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 15
Provide a Seamless and Secure Corporate Experience….from the Home
Application of
Borderless Network
services and policies
Extends Borderless Network services
from the core to the home
OfficeExtends
600 AP
WiSM2 / 5500
Controller
Home Router
Corporate
Network
Industry Standard CAPWAP Encryption using DTLS No Impact to controllers | Line rate support for broadband connections
Segments and Supports
Home Network Activities
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 16
Wireless Network Goal in 12 months
Ideas of Operational Targets
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 17
Wireless in 12months - Performance
Challenges
Comparing WLAN AP usually involves differences of RF quality, CPU speed and packet forwarding performance But most of anything above, Proper RF design and interference management is the key
Answers
In the WLAN controller’s case, depends on data processing units (NPU,ASIC,Bus) capacity and scalability
WLAN throughput from the user is NOT ideal Bandwidth, but practical Goodputs that depends on RF control
WLAN Performance is depends on proper survey and cell design, and RF environmental monitoring and control
Usual questions on WLAN performance
What is 2x2, 2x3, 3x3? 2 Stream? 3 Stream?
Where is the performance bottleneck?
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 18
Wireless in 12months – Mobility
Challenges
Mobility issue may not the first priority in nomadic uses of laptop but mobile nature of Smart devices raised bar
WLAN industry does not have fully interoperable fast roaming product.
Answers
Looking for what’s available today – CCX, OKC
Mobility is connected to Scalability L2 L3 Roaming, HQ Branch mobility
Usual questions for Mobility performance
How to implement 3G-WLAN Roaming?
What needs to be done to enable VoWLAN on BYOD
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 19
Cisco Compatible Extensions (CCX)
Over seventy-five (75) Partners license CCX in the CDN Program
Over 350 Devices & Tags are CCX Certified (―Cisco Compatible‖)
Over 730 Companies in the CDN Program across Cisco CDO
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 20
Challenges
Unprecedented level of security enforcement is required from Day One of operation
All of access is authentication, policy-based
Pervasive RF Monitoring
E2E Encryption
Security = 50% of Policy, 50% of Adaptation
Answers
Centralized Policy Creation, Automated adaptation
Approach from Wired-Wireless Integration perspective
E2E
WPA2-AES Migration
Usual Questions
Does wIPS solve WLAN security problem?
Wireless in 12months - Security
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 21
Challenges
RF Management is essential to raise WLAN service quality WLAN NMS acts crucial role on campus wide RF Policy & management
Wireless-only NMS does not cover network perspective
Legacy wired LAN NMS that consisted around port-based(static) & syslog based (post issue) needs to be extended to embrace Wireless network and focused on user experiences
Answers
Wireless Management that provides RF + Wired and Client manageability
What is Client Management? – Connection Troubleshooting + RF management is key. Location information for troubleshooting & security
Usual questions on WLAN NMS …
Multi-vender Management?- Best efforts basis
Wireless in 12months - Management
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 22
Next Generation WLAN Architecture
Preparing Exponential growth of ―Wireless‖ client.
Emerge of Wireless Service Quality Management to protect 802.11 capacity and performance
Interference Management, RF management will raise as key element to manage
―Low-latency, Scalable Mobility‖ will be natural things on any wireless network
―Robustness of WLAN‖ become key criteria of successful enterprise network
Wired-Wireless Integration will happen not only access but from E2E perspective
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 23
One more thing
What is this Access Point?
First 4x4 Enterprise AP. First Active Beam Forming solution for 802.11n devices.
Q) What is the key element to protect your Wireless performance ?
RF/Interference Management
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 24
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 25
Source: Placeholder for Notes is 14 points
History of Cisco Wireless Networking
Arial regular—Only font used in presentation
Body copy uses sentence capital letters only, size 24, left aligned
Sub-bullets are size 20 and indented
Hyperlink: www.cisco.com
Use Cisco red, bold, or both when emphasizing words, do not italicize
Heritage of Excellence
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Presentation_ID 26
―Optional quote slide option two has text that is left aligned, set in Arial Regular with a point size of 28 points. The maximum quote length should not be more than six lines of text per quote.‖
