The definitive guide for evaluating enterprise WLAN networks

  • Published on

  • View

  • Download

Embed Size (px)


It is crucial to thoroughly understand the systems management capabilities of any WLAN being considered, since this will be the largest ongoing expense of the overall deployment. The vendor should list and clearly describe every element of the central management system required. Learn how to evaluate properly by reading Aerohive's 2014 WLAN Definitive Guide.


<ul><li> 1. Copyright 2014, Aerohive Networks, Inc. 1 2014 WLAN Buyers Guide The definitive guide for evaluating enterprise WLAN networks </li></ul><p> 2. Copyright 2014, Aerohive Networks, Inc. 2 Introduction Only ten years ago, the idea of Wi-Fi as the primary access technology was little more than a vision. The WLANs of that period were designed primarily as convenience networks and were not well-suited for the operation of mission-critical applications and access. Over time, WLANs became increasingly pervasive and architectures evolved to better manage and contain WLAN traffic. For these convenience networks a model of centralized control and distinct points of presence via WLAN controllers eased the task of managing the increasing number of access points without overwhelming IT resources. This model was adequate for 802.11a/b/g deployments that really didnt provide the robust network bandwidth and reliability to be a viable Ethernet replacement. The relatively low throughput of 802.11a/b/g networks also served to keep the centralized controller from being overwhelmed. The resulting centralized control model proved an effective way of sandboxing the wireless traffic and preventing it from disturbing traffic on the main, wired network. With the advent of the 802.11n standard the wireless LAN has became firmly planted as a viable alternative for Ethernet, even in the case of mission-critical applications. 802.11n introduced high throughput, enhanced methods to overcome interference, and the level of reliability needed to make Wi-Fi into a foundation-layer infrastructure technology. WLANs had become required everywhere in organizations. The pervasive nature of 802.11n, however, caused the centralized point-of-presence controller model to break down for several reasons. One issue is the cost of deploying a centralized control over a distributed network. Other problems include the limitations on bandwidth that the controller introduced, as it creates a bottleneck from both a device and WAN backhaul perspective. With todays iEverything Enterprise, dominated by BYOD and the consumerization of IT, the barrier posed by centralized architectures that were intended to manage and secure WLANs of convenience is becoming increasingly intolerable. These trends provide compelling CapEx savings, but pose a challenge to a Wi-Fi network. Interestingly, as the endpoint devices become less sophisticated from a network intelligence standpoint, the onus of performing sophisticated services and security functions shifts to the network infrastructure. In other words, as devices get less intelligent about network services, the infrastructure must become more intelligent and automated to ensure that the simpler devices dont become an administrative nightmare. - 2014 is the year of Gigabit Wi-Fi - The 802.11ac standard has arrived, promising throughput of up to 1Gb per device. No longer can it be assumed that a centralized control model with distinct points-of-presence is suitable for WLANs running at high speed. If every client operates at up to 1Gbps, there is a high risk of significant bottlenecks that can impact any part of the network. The presence of a central control device, be it software or hardware based, in this scenario would be akin to introducing a traffic light into an eight-lane highway all productivity would be dependent on the single devices capacity to process data. When there are dozens of devices per access point running hundreds of megabits per second each across a dozens of access points, that capacity is reached very quickly. 3. Copyright 2014, Aerohive Networks, Inc. 3 Table Of Contents Things To Consider ................................................................................................................. 4 Key Requirements.................................................................................................................. 6 Architectural Conclusions..................................................................................................... 9 10 Things A WLAN Must Do ................................................................................................. 11 Using The RFP Process To Select A WLAN......................................................................... 17 4. Copyright 2014, Aerohive Networks, Inc. 4 Things To Consider The evaluation of a Wi-Fi network requires that enterprises carefully consider the changes happening in the user population. While consumerization of IT and BYOD may be an overused term in networking today, it is unquestionably a driving factor in the Wi-Fi world. These phenomena drive the enterprise to deploy a wireless infrastructure, since many consumer devices dont even have an Ethernet port. Additionally, three converging trends cloud, mobility, and virtualization allow business-critical work to be done just about anywhere on any device. That is a fundamental change that impacts IT first and foremost. - Work has become a thing you do, not a place you go - Architecturally, as the shift to wireless as a foundation-layer technology is made, one must consider future trends and their impact to the network. 802.11ac, capable today of speeds of up to 1.3Gbps, has a potential within a short timeframe to reach 3.5Gbps data rates. We will soon see mass adoption of the new standard within the next 2-3 years and therefore we must recognize and prepare for the changing traffic patterns on a network. As wired Ethernet progressed from 10Mbps to 100Mbps to 1Gbps to 10Gbps, the leaps in traffic were predictable and generally easy to calculate as endpoints were relatively static and the traffic increase was simply a factor of 10. Mobility with high data rates changes this on two vectors. First is the sheer volume of data, which becomes an exponential. By upgrading a single access point to support the higher 802.11ac data rates you must now consider all the upstream links to this traffic. Where the data is forwarded to and from becomes critical. You cannot have point-to-point data forwarded to a central control point; it absolutely must be locally forwarded, and policy must be enforced locally as well. Switching infrastructure can be upgraded to support dozens of potentially multi-gigabit AP links, but the bottleneck imposed by a central controller would be untenable. Therefore the intelligence, policy enforcement, and network services need to be locally enforced, not centrally. Second is the fact that these high-speed clients are, in fact, mobile. This makes load balancing across the infrastructure paramount. If you architect a network to forward data to a central control point, as it is in the controller-based model, there is no way to balance multiple Gbps of data across the controllers. The architectures inherent limitations will leave you with little choice but to re-architect the network and invest large amounts of time and money. The fact is that even though 802.11ac is in the future, it must be architected for today in order to handle both mobility and high bandwidth clients. With BYOD a primary factor in networks deployed today there are many important considerations that should be reviewed. These considerations can generally be categorized and analyzed in two distinct parts: Onboarding of devices: this encompasses how devices are brought on to the network and how policy is applied. This includes authentication, device type identification, enterprise access policy and the application of context, such as device-type, user ID and location of the policy that is applied to that particular device. 5. Copyright 2014, Aerohive Networks, Inc. 5 Providing service to the device once its onboard: this includes how the devices, which are neither owned nor managed by the IT department, access corporate network services like file sharing, printing, video conferencing, etc. BYOD is about more than onboarding mobile devices. It must include a means to make them useful and productive members of the corporate community. Once safely and securely on the network, you must consider how to enable added value. As with any IT investment there is the consideration of WLAN cost predictability. IT must be able to compare apples-to-apples when generating comparisons between wireless vendors, and it is important to understand how much comparisons vary depending on feature set. In many cases, this means that IT should review not only the cost of the hardware, but the cost of any licenses that are needed to make the WLAN perform as specified. Cost considerations should also include soft costs, such as the cost of operating the solution. Most enterprises do not have a Wi-Fi expert on staff; in many branches, there is not even an in-house IT staff. WLAN management should mirror security and access policies in use on the wired network, and should provide for easy, seamless upgrades; all without requiring RF expertise. Another important element of cost is scalability. Few people could have foreseen the iEverything explosion when considering their initial Wi-Fi network. Any Wi-Fi network under consideration today should take into account the fact that the deployment will be required to scale to accommodate more devices, more users, more heavy applications, and, of course, newer, faster WLAN technology. It is clearly untenable to put in a Wi-Fi solution that is maxed out at 802.11ac. 6. Copyright 2014, Aerohive Networks, Inc. 6 Key Requirements There are a number of requirements that must be closely examined when considering a WLAN purchase. As Wi-Fi moves to the primary access method, consumerization of IT and BYOD drive the demand for reliable, high- performance access, and contextual policies become the norm, it is not sufficient to consider a WLAN vendor that is doing business as usual Wireless gear that was included at low or no cost as part of a larger networking equipment buy was understandable when the WLAN was a convenience-only addition to the wired network. No enterprise, however, will find this reasoning acceptable as Wi-Fi becomes the primary means of accessing corporate resources, and the carrier of mission-critical applications. Architectural Considerations The fundamental architecture of wired networks has probably not been considered by most IT professionals since the advent of Fast Ethernet. While there have certainly been advances in how to get the most out of the wired network, the underlying technology is very well understood. This is not the case in wireless networking, where many of todays leading vendors base their implementations upon the usage expectations of legacy convenience networks that were prevalent a decade ago. While Wi-Fi technology has advanced exponentially since 2001, it is important to consider whether WLAN vendors have actually changed their architecture to be more seamlessly integrated into well-known network architectures (core, distribution, access) and their traffic flows, or if they have an expectation that the network architecture will change to accommodate their WLAN solution. Three Planes Any consideration of WLAN technology necessarily begins with a brief discussion of the architectures derived from the traffic components themselves, since it is from them that the Wi-Fi network is built. Wireless traffic is commonly abstracted into three planes, which include: The Control Plane The need to handle control plane traffic was the basis upon which many WLAN vendors built their underlying architecture over the last decade. In general, control plane traffic is anything that is needed to get wireless functioning in a coordinated, multi-AP network; it can be considered the signaling of the network. Control plane packets are destined for, or originated by, the WLAN equipment itself. Vendors introduced the concept of a centralized control devices, or controllers, to handle control plane traffic in 2001. It is important to note that this architecture was not necessarily based on the fact that a centralized model was the optimal method to handle all traffic including control packets; rather, it was the most effective way to enable processing in a wireless network while still keeping it affordable given the technology of the time. Ten years of processor development have led to processors that are far more powerful while at the same time exponentially less expensive, so it is now possible to enable control plane processing in a distributed model. Interestingly, many vendors continue to advocate a central controller architecture in one form or the other. This is primarily a legacy issue, as it would require a complete system redesign for these vendors to move to a distributed control model (see below). Other 7. Copyright 2014, Aerohive Networks, Inc. 7 vendors have designed their systems from the ground up for pervasive, high-speed Wi-Fi and have found ways to use advanced processing capabilities to create a new, completely distributed architecture that closely resembles the control plane common among routing architectures. In this model, control information, including link and user state, is passed from AP to AP, without the need for a central control point in any form. The Data Plane The data plane, sometimes referred to as the data forwarding plane, is basically the traffic that goes through a WLAN device but not to those devices. The data plane is generally distributed, however in a central control architecture many policy decisions are handled by the central control device; therefore the data plane is often required to go through the controller in order to have policy enforced, including application visibility and control (AVC), QoS, deep packet inspection, flow classification, etc. The Management Plane Management plane traffic carries the operations and administration traffic required for network management. It is most effective to centralize management to enable easy, consistent policy application. Management plane traffic has no functional impact on real-time operation of the network. These elements of WLAN traffic have spawned several different architectures, including: Central controller Central controller with distributed forwarding Distributed control and forwarding Figure 1 - Legacy Centralized and Modern Distributed Intelligence WLAN Architectures 8. Copyright 2014, Aerohive Networks, Inc. 8 Central Control Model The concept of a central controller is derived from a lack of sufficient, affordable processing power to handle both control and data functions at the AP. According to industry veteran Bob OHara, one of the originators of this architecture: Centralized controllers were never the right way to handle control traffic. They were created because that was one of the only ways to handle the problem given the balance between cost and processing power in 2001. The industry is coming to understand the inherent limitations of a centralized controller model, including cost, latency, and single point of failure because of moder...</p>