Sideseadmed irt0040 2 5 ap
Download
1 / 36

Sideseadmed (IRT0040) 2.5 AP - PowerPoint PPT Presentation


  • 113 Views
  • Uploaded on

Sideseadmed (IRT0040) 2.5 AP. Avo LOENG 2. Operator A. Joint frequency range. Joint radio access system. Operator B. Operator N. Raadiressursi jaotus. Infrastructure based networks.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Sideseadmed (IRT0040) 2.5 AP' - arav


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Sideseadmed irt0040 2 5 ap

Sideseadmed (IRT0040)2.5 AP

AvoLOENG 2


Raadiressursi jaotus

Operator A

Joint

frequency

range

Joint

radio

access

system

Operator B

Operator N

Raadiressursi jaotus


Infrastructure based networks
Infrastructure based networks

Uses fixed base stations (infrastructure) which are responsible for coordinating communication between the mobile hosts (nodes)


Hidden nodes a qos issue
Hidden Nodes - a QoS Issue

  • If you can’t see a frame you can’t avoid colliding

  • RF characteristics make it hard to see all frames

  • Hidden nodes usurp priority and break service commitments

  • Only the AP can see and be seen by all nodesHidden



Lightweight ap wlan concept
Lightweight AP WLAN Concept APsand a WLAN Controller


Autonomous deployments
Autonomous Deployments APsand a WLAN Controller

  • Each AP had its own view of the network – like standalone cell towers

  • No hierarchical view of the RF – or the network


Centralization not a new idea
Centralization – not a new idea APsand a WLAN Controller

  • Original cellular networks were nodal.

  • Lots of call drops

  • Lots of administration

  • Roaming wasn’t very good

  • Not capable of providing advanced services


Enter the base station controller
Enter the Base Station Controller APsand a WLAN Controller

  • Complete view of the network

  • Improved roaming

  • One point of administration

  • Enabled provisioning of advanced services

Management/Control

Base stations are used to handle call setup, handovers, and other functions across an entire cellular network.


Enter the wireless controller

DHCP APsand a WLAN Controller

DNS

RADIUS

ACS

HPOV

Enter The Wireless Controller

Control and Management

LWAPP


System layers
System Layers APsand a WLAN Controller


Basic lwapp architecture
Basic LWAPP Architecture APsand a WLAN Controller

AC

LWAPP

(C=0)

802.11

AssocReq

LWAPP

(C=0)

802.11

AssocResp

LWAPP

(C=0)

802.11

Data Frame

WTP

802.11

AssocReq

802.11

AssocResp

802.11

Data Frame

STA


Unified wireless network

Unified Advanced Services APsand a WLAN Controller

  • Unified cellular and Wi-Fi VoIP. Advanced threat detection, identity networking, location-based security, asset tracking and guest access.

  • Same level of security, scalability, reliability, ease of deployment, and management for wireless LANs as wired LANs.

  • Integration into all major switching and routing platforms. Secure innovative WLAN controllers.

Mobility Platform

  • Ubiquitous network access in all environments. Enhanced productivity. Proven platform with large install base and 61% market share. Plug and play.

World-Class Network Management

Network Unification

Client Devices

  • 90% of Wi-Fi silicon is Certified. “Out-of-the-Box” wireless security.

Unified Wireless Network


Centralized wireless lan architecture
Centralized Wireless LAN Architecture APsand a WLAN Controller

  • Controller

    • 802.11 MAC Mgmt – (re)association requests & action frames

    • 802.11 data – encapsulate and sent to AP

    • 802.11e Resource Reservation – control protocol carried to AP in 802.11 mgmt frames – signaling done in the controller.

    • 802.11i Authentication & Key exchange

WLAN Controller

LWAPP

  • AP

    • 802.11 – beacons, probe response, auth (if open)

    • 802.11 control – packet ack & retransmission (latency)

    • 802.11e – frame queuing & packet prioritization (real-time access)

    • 802.11i – Layer 2 encryption

Lightweight Access Points


Lwapp
LWAPP APsand a WLAN Controller

  • LWAPP - Light Weight Access Point Protocol is used between APs and WLAN Controller

  • LWAPP carries control and data traffic between the two

    • Control plane is AES-CCM encrypted

    • Data plane is not encrypted

  • It facilitates centralized management and automated configuration

  • Open, standards-based protocol (Submitted to IETF CAPWAP WG)

Business Application

Data Plane

LWAPP

Access Point

Controller

WiFi Client

Control Plane


Protocol for centralization
Protocol for Centralization APsand a WLAN Controller

  • LWAPP = LightWeight Access Point Protocol

  • Standardized Interface between an access point and a centralized controller

  • Defines:

    • Association of APsAuthentication of APsControl of APs

  • Works across L2 / L3 boundaries

  • Design goals:

    • Zero-config deployment

    • Secure deployment

    • Centralization

  • Controllers

  • Security Policies

  • Wireless IDS

  • QoS Policies

  • RF Management

  • Mobility Management

  • IPSec Encryption

  • Access Points

  • Remote RF interface

  • Timing critical functions

  • L2 Encryption


Lwapp modes layer 2
LWAPP Modes APsand a WLAN ControllerLayer 2

  • Layer 2 LWAPP is in an Ethernet frame (Ethertype 0xBBBB)

  • Cisco WLAN Controller and AP must be connected to the same VLAN/subnet

Cisco WLAN Controller

LWAPP-L2

LWAPP-L2 : Data Message

Lightweight Access Points

MAC Header

LWAPP Header (C=0)

Data …

LWAPP-L2 : Control Message

MAC Header

LWAPP Header (C=1)

Control Msg

Control Elts …


Lwapp modes layer 3
LWAPP Modes APsand a WLAN ControllerLayer 3

  • Layer 3 LWAPP is in a UDP / IP frame

    • Data traffic uses source port 1024 and destination 12222

    • Control traffic uses source port 1024 and destination port 12223

  • Cisco Controller and AP can be connected to the same VLAN/subnet or connected to a different VLAN/subnet

  • Requires IP addressing of Cisco Lightweight AP

Cisco WLAN Controller

LWAPP-L3

LWAPP-L3

LWAPP-L3

LWAPP-L3 : Data Message

Lightweight Access Points

MAC Header

IP

UDP=12222

LWAPP Header (C=0)

Data …

LWAPP-L3 : Control Message

MAC Header

IP

UDP=12223

LWAPP Header (C=1)

Control Msg

Control Elts …


The need for client mobility
The need for Client Mobility APsand a WLAN Controller

Controller 1

Controller 2

  • Wireless LAN is not only about wire-less

  • Need for mobility, and not only “hotspot” connectivity

  • Mobility is when a client move from one Access Point to an other

  • Access points can be on a single Controller or on different Controller

  • Client need to keep IP connectivity (same IP address)

  • Client Mobility is mandatory for some applications (Voice, Video, Business Applications, …)

Subnet A

Subnet B

AP D

AP A

AP B

AP C


Client mobility
Client Mobility APsand a WLAN Controller

  • Different Client Mobility levels

    • L2 Mobility

    • L3 Mobility : Conceptually similar to Proxy Mobile IP

      • Foreign and Anchor Controllers

      • Asymmetric traffic flow

  • What about Security ?

    • PKC – Proactive Key CachingWPA2 / 802.11i Fast Roaming


  • Mobility groups
    Mobility Groups APsand a WLAN Controller

    • Mobility Group is a “Cluster of Controllers” that share information between them (e.g. client context and state, controller “load”, etc.)

    • Up to 24 Controllers per Mobility Group

    • Mobility Group facilitates seamless roaming at both L2 & L3

    • Configuring a Mobility Group:

      • IP connectivity between all devices

      • Same Mobility Group Name (IS case sensitive)

      • Same Virtual Interface IP address

      • Each device is configured with the MAC and IP of every other device in the group


    Layer 2 mobility

    Client Database APsand a WLAN Controller

    move

    MAC, WLAN, AP, QoS, IP, Sec,…

    Mobility

    Announcement

    Layer 2 Mobility

    Controller 1

    Controller 2

    • All controllers in same Mobility Group

    • Client connects to AP A on Controller 1

      • Client database entry created

    • Client roams to AP B on Controller 1

      • Proactive Key Caching (PKC) provides fast roam times for WPA2/802.11i clients. No need to re-authenticate to Radius server.

    • Client roams from AP B (Controller 1) to AP C (Controller 2)

      • Controller 2 makes a Mobility Announcement to peers in Mobility Group looking for Controller with client MAC

      • Controller 1 responds, handshakes, ACKs

      • Client database entry moved to Controller 2

        • PMK data included (master key data from Radius server)

      • Proactive Key Caching provides fast roam times for WPA2/802.11i clients . No need to re-authenticate to Radius server.

    AP D

    AP A

    AP B

    AP C

    • Roam is transparent to client

    • Same DHCP address maintained

    • Proactive Key Caching with WPA2/802.11i(Funk or MS client)


    Layer 3 mobility

    Client Database APsand a WLAN Controller

    Client Database

    MAC, WLAN, IP, Sec, ANCHOR…

    MAC, WLAN, IP, Sec, FOREIGN…

    copy

    Mobility

    Announcement

    Layer 3 Mobility

    Ethernet in IP Tunnel

    Controller 1

    Controller 2

    • All controllers in same Mobility Group

    • Ethernet in IP Tunnels automatically created between controllers

    • Client connects to AP B on Controller 1

      • Client database entry created as ANCHOR

    • Client roams to AP C on Controller 2

      • Controller 2 makes a Mobility Announcement to peers in Mobility Group looking for Controller with client MAC

      • Controller 1 responds, handshakes, ACKs

      • Client database entry copied to Controller 2

        • Marked as FOREIGN

        • PMK data included (master key data from Radius server)

      • Proactive Key Caching provides fast roam times for WPA2/802.11i clients. No need to re-authenticate to Radius server.

    • Client roams to AP on 3rd Controller

      • Same as above except FOREIGN client DB entry moved from previous Foreign Controller

    Subnet A

    Subnet B

    AP D

    AP A

    AP B

    AP C

    • Roam is transparent to client

    • Traffic from client to network exits at Foreign Controller

    • Traffic to client tunneled from Anchor to Foreign Controller

    • Same DHCP address maintained

    • Proactive Key Caching with WPA/802.11i (Funk or MS client)


    Specific mobility guest access

    Corp APsand a WLAN Controller

    SSID

    Corp

    SSID

    Specific Mobility : Guest Access

    • The traditional approach to segmenting guest traffic requires ‘pulling’ the guest VLAN through the corporate network

    • Many companies can’t or won’t do this

    Internet

    Corp

    User

    Isolated Guest

    Corp

    Intranet

    Internet

    802.1Q

    WLAN

    Controller

    (Policy)

    LWAPP

    AP

    LWAPP

    AP

    Guest

    SSID

    Guest

    SSID


    Tunnel guest traffic

    Corp APsand a WLAN Controller

    SSID

    Corp

    SSID

    Tunnel Guest Traffic

    • By tunneling all guest traffic to a DMZ controller, traffic originates and terminates in the DMZ

    • Guest clients logically reside in the DMZ network

    • No changes required to existing infrastructure except adding FW rules

    • Add additional DMZ controllers for scalability

    • Each DMZ controller can handle up to 40 tunnels

    Internet

    Guest WLAN

    Controller

    EoIP IP Proto 97

    “Guest Tunnel”

    Corp

    Intranet

    WLAN

    Controller

    WLAN

    Controller

    LWAPP AP

    LWAPP AP

    Guest

    SSID

    Guest

    SSID


    Ad hoc networks
    Ad-hoc networks APsand a WLAN Controller

    • Consists of mobile nodes which communicate with each other through wireless medium without any fixed infrastructure


    Ad hoc
    Ad-hoc APsand a WLAN Controller

    On iseseadistuv võrk, kus seadmed käituvad ruuteritena ning võivad oma asukohta ruumis muuta.


    Manet

    D APsand a WLAN Controller

    G

    C

    F

    B

    E

    H

    A

    MANET

    X

    X

    X


    Mobile ad hoc networks
    Mobile Ad Hoc Networks APsand a WLAN Controller

    • Meaning of the word “Ad hoc” is “for this”, means “for this purpose only”, implies it is a special network for a particular application.

    • A mobile ad-hoc network (MANET) is a self configuring network of mobile routers (and associated hosts) connected by wireless links—the union of which form an arbitrary topology.

    • The routers are free to move randomly and organize themselves arbitrarily; thus, the network's wireless topology may change rapidly and unpredictably.


    Characteristics and tradeoffs
    Characteristics and tradeoffs APsand a WLAN Controller

    • Characteristics

      • Decentralized

      • Self-organized

      • Self-deployed

      • Dynamic network topology

    • Tradeoffs

      • 􀂄 Bandwidth limited

      • 􀂄 Multi-hop router needed

      • 􀂄 Energy consumption problem

      • 􀂄 Security problem


    Adhoc routing protocols
    Adhoc Routing Protocols APsand a WLAN Controller


    Ad hoc routing protocols

    Proactive APsand a WLAN Controller

    (table-driven)

    Reactive

    (on-demand)

    Hybrid

    • DSDV

    • WARP

    • DREAM

    • DSR

    • AODV

    • TORA

    • ZRP

    • HARP

    Ad Hoc Routing Protocols


    Management System APsand a WLAN Controller

    Residential Modem

    BaseStation

    Business

    Modem

    Portable

    Modem

    Network Planning


    Rahakulu ja katteala
    Rahakulu ja katteala APsand a WLAN Controller


    Lingid
    Lingid APsand a WLAN Controller

    http://www.cs.umd.edu/~clancy/docs/lwapp-review.pdf

    http://www.ieee802.org/21/

    http://www.ieee802.org/11/

    http://www.ietf.org/rfc/rfc3990.txt


    Lingid1
    Lingid APsand a WLAN Controller

    http://en.wikipedia.org/wiki/AODV

    http://en.wikipedia.org/wiki/Mobile_ad-hoc_network

    http://moment.cs.ucsb.edu/AODV

    http://core.it.uu.se/core/index.php/Main_Page