sideseadmed irt0040 2 5 ap
Download
Skip this Video
Download Presentation
Sideseadmed (IRT0040) 2.5 AP

Loading in 2 Seconds...

play fullscreen
1 / 36

Sideseadmed (IRT0040) 2.5 AP - PowerPoint PPT Presentation


  • 113 Views
  • Uploaded on

Sideseadmed (IRT0040) 2.5 AP. Avo LOENG 2. Operator A. Joint frequency range. Joint radio access system. Operator B. Operator N. Raadiressursi jaotus. Infrastructure based networks.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Sideseadmed (IRT0040) 2.5 AP' - arav


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
raadiressursi jaotus

Operator A

Joint

frequency

range

Joint

radio

access

system

Operator B

Operator N

Raadiressursi jaotus
infrastructure based networks
Infrastructure based networks

Uses fixed base stations (infrastructure) which are responsible for coordinating communication between the mobile hosts (nodes)

hidden nodes a qos issue
Hidden Nodes - a QoS Issue
  • If you can’t see a frame you can’t avoid colliding
  • RF characteristics make it hard to see all frames
  • Hidden nodes usurp priority and break service commitments
  • Only the AP can see and be seen by all nodesHidden
slide5
The Light Weight Access Point Protocol is used between APsand a WLAN Controller
  • LWAPP carries control and data traffic between the two
  • It facilitates centralized management and automated configuration
  • Open, standards-based protocol
    • –Submitted to IETF CAPWAP WG
autonomous deployments
Autonomous Deployments
  • Each AP had its own view of the network – like standalone cell towers
  • No hierarchical view of the RF – or the network
centralization not a new idea
Centralization – not a new idea
  • Original cellular networks were nodal.
  • Lots of call drops
  • Lots of administration
  • Roaming wasn’t very good
  • Not capable of providing advanced services
enter the base station controller
Enter the Base Station Controller
  • Complete view of the network
  • Improved roaming
  • One point of administration
  • Enabled provisioning of advanced services

Management/Control

Base stations are used to handle call setup, handovers, and other functions across an entire cellular network.

enter the wireless controller

DHCP

DNS

RADIUS

ACS

HPOV

Enter The Wireless Controller

Control and Management

LWAPP

basic lwapp architecture
Basic LWAPP Architecture

AC

LWAPP

(C=0)

802.11

AssocReq

LWAPP

(C=0)

802.11

AssocResp

LWAPP

(C=0)

802.11

Data Frame

WTP

802.11

AssocReq

802.11

AssocResp

802.11

Data Frame

STA

unified wireless network

Unified Advanced Services

  • Unified cellular and Wi-Fi VoIP. Advanced threat detection, identity networking, location-based security, asset tracking and guest access.
  • Same level of security, scalability, reliability, ease of deployment, and management for wireless LANs as wired LANs.
  • Integration into all major switching and routing platforms. Secure innovative WLAN controllers.

Mobility Platform

  • Ubiquitous network access in all environments. Enhanced productivity. Proven platform with large install base and 61% market share. Plug and play.

World-Class Network Management

Network Unification

Client Devices

  • 90% of Wi-Fi silicon is Certified. “Out-of-the-Box” wireless security.
Unified Wireless Network
centralized wireless lan architecture
Centralized Wireless LAN Architecture
  • Controller
    • 802.11 MAC Mgmt – (re)association requests & action frames
    • 802.11 data – encapsulate and sent to AP
    • 802.11e Resource Reservation – control protocol carried to AP in 802.11 mgmt frames – signaling done in the controller.
    • 802.11i Authentication & Key exchange

WLAN Controller

LWAPP

  • AP
    • 802.11 – beacons, probe response, auth (if open)
    • 802.11 control – packet ack & retransmission (latency)
    • 802.11e – frame queuing & packet prioritization (real-time access)
    • 802.11i – Layer 2 encryption

Lightweight Access Points

lwapp
LWAPP
  • LWAPP - Light Weight Access Point Protocol is used between APs and WLAN Controller
  • LWAPP carries control and data traffic between the two
    • Control plane is AES-CCM encrypted
    • Data plane is not encrypted
  • It facilitates centralized management and automated configuration
  • Open, standards-based protocol (Submitted to IETF CAPWAP WG)

Business Application

Data Plane

LWAPP

Access Point

Controller

WiFi Client

Control Plane

protocol for centralization
Protocol for Centralization
  • LWAPP = LightWeight Access Point Protocol
  • Standardized Interface between an access point and a centralized controller
  • Defines:
    • Association of APsAuthentication of APsControl of APs
  • Works across L2 / L3 boundaries
  • Design goals:
    • Zero-config deployment
    • Secure deployment
    • Centralization
  • Controllers
  • Security Policies
  • Wireless IDS
  • QoS Policies
  • RF Management
  • Mobility Management
  • IPSec Encryption
  • Access Points
  • Remote RF interface
  • Timing critical functions
  • L2 Encryption
lwapp modes layer 2
LWAPP ModesLayer 2
  • Layer 2 LWAPP is in an Ethernet frame (Ethertype 0xBBBB)
  • Cisco WLAN Controller and AP must be connected to the same VLAN/subnet

Cisco WLAN Controller

LWAPP-L2

LWAPP-L2 : Data Message

Lightweight Access Points

MAC Header

LWAPP Header (C=0)

Data …

LWAPP-L2 : Control Message

MAC Header

LWAPP Header (C=1)

Control Msg

Control Elts …

lwapp modes layer 3
LWAPP ModesLayer 3
  • Layer 3 LWAPP is in a UDP / IP frame
    • Data traffic uses source port 1024 and destination 12222
    • Control traffic uses source port 1024 and destination port 12223
  • Cisco Controller and AP can be connected to the same VLAN/subnet or connected to a different VLAN/subnet
  • Requires IP addressing of Cisco Lightweight AP

Cisco WLAN Controller

LWAPP-L3

LWAPP-L3

LWAPP-L3

LWAPP-L3 : Data Message

Lightweight Access Points

MAC Header

IP

UDP=12222

LWAPP Header (C=0)

Data …

LWAPP-L3 : Control Message

MAC Header

IP

UDP=12223

LWAPP Header (C=1)

Control Msg

Control Elts …

the need for client mobility
The need for Client Mobility

Controller 1

Controller 2

  • Wireless LAN is not only about wire-less
  • Need for mobility, and not only “hotspot” connectivity
  • Mobility is when a client move from one Access Point to an other
  • Access points can be on a single Controller or on different Controller
  • Client need to keep IP connectivity (same IP address)
  • Client Mobility is mandatory for some applications (Voice, Video, Business Applications, …)

Subnet A

Subnet B

AP D

AP A

AP B

AP C

client mobility
Client Mobility
  • Different Client Mobility levels
    • L2 Mobility
    • L3 Mobility : Conceptually similar to Proxy Mobile IP
        • Foreign and Anchor Controllers
        • Asymmetric traffic flow
  • What about Security ?
    • PKC – Proactive Key CachingWPA2 / 802.11i Fast Roaming
mobility groups
Mobility Groups
  • Mobility Group is a “Cluster of Controllers” that share information between them (e.g. client context and state, controller “load”, etc.)
  • Up to 24 Controllers per Mobility Group
  • Mobility Group facilitates seamless roaming at both L2 & L3
  • Configuring a Mobility Group:
    • IP connectivity between all devices
    • Same Mobility Group Name (IS case sensitive)
    • Same Virtual Interface IP address
    • Each device is configured with the MAC and IP of every other device in the group
layer 2 mobility

Client Database

move

MAC, WLAN, AP, QoS, IP, Sec,…

Mobility

Announcement

Layer 2 Mobility

Controller 1

Controller 2

  • All controllers in same Mobility Group
  • Client connects to AP A on Controller 1
    • Client database entry created
  • Client roams to AP B on Controller 1
    • Proactive Key Caching (PKC) provides fast roam times for WPA2/802.11i clients. No need to re-authenticate to Radius server.
  • Client roams from AP B (Controller 1) to AP C (Controller 2)
    • Controller 2 makes a Mobility Announcement to peers in Mobility Group looking for Controller with client MAC
    • Controller 1 responds, handshakes, ACKs
    • Client database entry moved to Controller 2
      • PMK data included (master key data from Radius server)
    • Proactive Key Caching provides fast roam times for WPA2/802.11i clients . No need to re-authenticate to Radius server.

AP D

AP A

AP B

AP C

  • Roam is transparent to client
  • Same DHCP address maintained
  • Proactive Key Caching with WPA2/802.11i(Funk or MS client)
layer 3 mobility

Client Database

Client Database

MAC, WLAN, IP, Sec, ANCHOR…

MAC, WLAN, IP, Sec, FOREIGN…

copy

Mobility

Announcement

Layer 3 Mobility

Ethernet in IP Tunnel

Controller 1

Controller 2

  • All controllers in same Mobility Group
  • Ethernet in IP Tunnels automatically created between controllers
  • Client connects to AP B on Controller 1
    • Client database entry created as ANCHOR
  • Client roams to AP C on Controller 2
    • Controller 2 makes a Mobility Announcement to peers in Mobility Group looking for Controller with client MAC
    • Controller 1 responds, handshakes, ACKs
    • Client database entry copied to Controller 2
      • Marked as FOREIGN
      • PMK data included (master key data from Radius server)
    • Proactive Key Caching provides fast roam times for WPA2/802.11i clients. No need to re-authenticate to Radius server.
  • Client roams to AP on 3rd Controller
    • Same as above except FOREIGN client DB entry moved from previous Foreign Controller

Subnet A

Subnet B

AP D

AP A

AP B

AP C

  • Roam is transparent to client
  • Traffic from client to network exits at Foreign Controller
  • Traffic to client tunneled from Anchor to Foreign Controller
  • Same DHCP address maintained
  • Proactive Key Caching with WPA/802.11i (Funk or MS client)
specific mobility guest access

Corp

SSID

Corp

SSID

Specific Mobility : Guest Access
  • The traditional approach to segmenting guest traffic requires ‘pulling’ the guest VLAN through the corporate network
  • Many companies can’t or won’t do this

Internet

Corp

User

Isolated Guest

Corp

Intranet

Internet

802.1Q

WLAN

Controller

(Policy)

LWAPP

AP

LWAPP

AP

Guest

SSID

Guest

SSID

tunnel guest traffic

Corp

SSID

Corp

SSID

Tunnel Guest Traffic
  • By tunneling all guest traffic to a DMZ controller, traffic originates and terminates in the DMZ
  • Guest clients logically reside in the DMZ network
  • No changes required to existing infrastructure except adding FW rules
  • Add additional DMZ controllers for scalability
  • Each DMZ controller can handle up to 40 tunnels

Internet

Guest WLAN

Controller

EoIP IP Proto 97

“Guest Tunnel”

Corp

Intranet

WLAN

Controller

WLAN

Controller

LWAPP AP

LWAPP AP

Guest

SSID

Guest

SSID

ad hoc networks
Ad-hoc networks
  • Consists of mobile nodes which communicate with each other through wireless medium without any fixed infrastructure
ad hoc
Ad-hoc

On iseseadistuv võrk, kus seadmed käituvad ruuteritena ning võivad oma asukohta ruumis muuta.

manet

D

G

C

F

B

E

H

A

MANET

X

X

X

mobile ad hoc networks
Mobile Ad Hoc Networks
  • Meaning of the word “Ad hoc” is “for this”, means “for this purpose only”, implies it is a special network for a particular application.
  • A mobile ad-hoc network (MANET) is a self configuring network of mobile routers (and associated hosts) connected by wireless links—the union of which form an arbitrary topology.
  • The routers are free to move randomly and organize themselves arbitrarily; thus, the network\'s wireless topology may change rapidly and unpredictably.
characteristics and tradeoffs
Characteristics and tradeoffs
  • Characteristics
    • Decentralized
    • Self-organized
    • Self-deployed
    • Dynamic network topology
  • Tradeoffs
    • 􀂄 Bandwidth limited
    • 􀂄 Multi-hop router needed
    • 􀂄 Energy consumption problem
    • 􀂄 Security problem
ad hoc routing protocols

Proactive

(table-driven)

Reactive

(on-demand)

Hybrid

  • DSDV
  • WARP
  • DREAM
  • DSR
  • AODV
  • TORA
  • ZRP
  • HARP
Ad Hoc Routing Protocols
slide33

Management System

Residential Modem

BaseStation

Business

Modem

Portable

Modem

Network Planning

lingid
Lingid

http://www.cs.umd.edu/~clancy/docs/lwapp-review.pdf

http://www.ieee802.org/21/

http://www.ieee802.org/11/

http://www.ietf.org/rfc/rfc3990.txt

lingid1
Lingid

http://en.wikipedia.org/wiki/AODV

http://en.wikipedia.org/wiki/Mobile_ad-hoc_network

http://moment.cs.ucsb.edu/AODV

http://core.it.uu.se/core/index.php/Main_Page