Sideseadmed (IRT0040) 2.5 AP

1
Sideseadmed (IRT0040)2.5 AP

• AvoLOENG 2

2
Raadiressursi jaotus
3
Infrastructure based networks

• Uses fixed base stations (infrastructure) which
  are responsible for coordinating communication
  between the mobile hosts (nodes)

4
Hidden Nodes - a QoS Issue

• If you cant see a frame you cant avoid
  colliding
• RF characteristics make it hard to see all frames
• Hidden nodes usurp priority and break service
  commitments
• Only the AP can see and be seen by all
  nodesHidden

5

• The Light Weight Access Point Protocol is used
  between APsand a WLAN Controller
• LWAPP carries control and data traffic between
  the two
• It facilitates centralized management and
  automated configuration
• Open, standards-based protocol
• Submitted to IETF CAPWAP WG

6
Lightweight AP WLAN Concept
7
Autonomous Deployments

• Each AP had its own view of the network like
  standalone cell towers
• No hierarchical view of the RF or the network

8
Centralization not a new idea

• Original cellular networks were nodal.
• Lots of call drops
• Lots of administration
• Roaming wasnt very good
• Not capable of providing advanced services

9
Enter the Base Station Controller

• Complete view of the network
• Improved roaming
• One point of administration
• Enabled provisioning of advanced services

Management/Control Base stations are used to
handle call setup, handovers, and other
functions across an entire cellular network.
10
Enter The Wireless Controller
Control and Management
LWAPP
11
System Layers
12
Basic LWAPP Architecture
AC
802.11 AssocReq
LWAPP (C0)
802.11 Data Frame
LWAPP (C0)
802.11 AssocResp
LWAPP (C0)
WTP
802.11 AssocReq
802.11 Data Frame
802.11 AssocResp
STA
13
Unified Wireless Network
14
Centralized Wireless LAN Architecture

• Controller
• 802.11 MAC Mgmt (re)association requests
  action frames
• 802.11 data encapsulate and sent to AP
• 802.11e Resource Reservation control protocol
  carried to AP in 802.11 mgmt frames signaling
  done in the controller.
• 802.11i Authentication Key exchange

WLAN Controller
LWAPP

• AP
• 802.11 beacons, probe response, auth (if open)
• 802.11 control packet ack retransmission
  (latency)
• 802.11e frame queuing packet prioritization
  (real-time access)
• 802.11i Layer 2 encryption

Lightweight Access Points
15
LWAPP

• LWAPP - Light Weight Access Point Protocol is
  used between APs and WLAN Controller
• LWAPP carries control and data traffic between
  the two
• Control plane is AES-CCM encrypted
• Data plane is not encrypted
• It facilitates centralized management and
  automated configuration
• Open, standards-based protocol (Submitted to IETF
  CAPWAP WG)

Business Application
Data Plane
LWAPP
Access Point
Controller
WiFi Client
Control Plane
16
Protocol for Centralization

• LWAPP LightWeight Access Point Protocol
• Standardized Interface between an access point
  and a centralized controller
• Defines
• Association of APsAuthentication of APsControl
  of APs
• Works across L2 / L3 boundaries
• Design goals
• Zero-config deployment
• Secure deployment
• Centralization

• Controllers
• Security Policies
• Wireless IDS
• QoS Policies
• RF Management
• Mobility Management
• IPSec Encryption

• Access Points
• Remote RF interface
• Timing critical functions
• L2 Encryption

17
LWAPP Modes Layer 2

• Layer 2 LWAPP is in an Ethernet frame (Ethertype
  0xBBBB)
• Cisco WLAN Controller and AP must be connected to
  the same VLAN/subnet

Cisco WLAN Controller
LWAPP-L2
LWAPP-L2 Data Message
Lightweight Access Points
MAC Header
LWAPP Header (C0)
Data
LWAPP-L2 Control Message
MAC Header
LWAPP Header (C1)
Control Msg
Control Elts
18
LWAPP Modes Layer 3

• Layer 3 LWAPP is in a UDP / IP frame
• Data traffic uses source port 1024 and
  destination 12222
• Control traffic uses source port 1024 and
  destination port 12223
• Cisco Controller and AP can be connected to the
  same VLAN/subnet or connected to a different
  VLAN/subnet
• Requires IP addressing of Cisco Lightweight AP

Cisco WLAN Controller
LWAPP-L3
LWAPP-L3
LWAPP-L3
LWAPP-L3 Data Message
Lightweight Access Points
MAC Header
LWAPP Header (C0)
Data
IP
UDP12222
LWAPP-L3 Control Message
MAC Header
LWAPP Header (C1)
Control Msg
Control Elts
IP
UDP12223
19
The need for Client Mobility

• Wireless LAN is not only about wire-less
• Need for mobility, and not only hotspot
  connectivity
• Mobility is when a client move from one Access
  Point to an other
• Access points can be on a single Controller or on
  different Controller
• Client need to keep IP connectivity (same IP
  address)
• Client Mobility is mandatory for some
  applications (Voice, Video, Business
  Applications, )

Controller 1
Controller 2
Subnet A
Subnet B
AP D
AP A
AP B
AP C
20
Client Mobility

• Different Client Mobility levels
• L2 Mobility
• L3 Mobility Conceptually similar to Proxy
  Mobile IP
• Foreign and Anchor Controllers
• Asymmetric traffic flow
• What about Security ?
• PKC Proactive Key CachingWPA2 / 802.11i Fast
  Roaming

21
Mobility Groups

• Mobility Group is a Cluster of Controllers that
  share information between them (e.g. client
  context and state, controller load, etc.)
• Up to 24 Controllers per Mobility Group
• Mobility Group facilitates seamless roaming at
  both L2 L3
• Configuring a Mobility Group
• IP connectivity between all devices
• Same Mobility Group Name (IS case sensitive)
• Same Virtual Interface IP address
• Each device is configured with the MAC and IP of
  every other device in the group

22
Layer 2 Mobility

• All controllers in same Mobility Group
• Client connects to AP A on Controller 1
• Client database entry created
• Client roams to AP B on Controller 1
• Proactive Key Caching (PKC) provides fast roam
  times for WPA2/802.11i clients. No need to
  re-authenticate to Radius server.
• Client roams from AP B (Controller 1) to AP C
  (Controller 2)
• Controller 2 makes a Mobility Announcement to
  peers in Mobility Group looking for Controller
  with client MAC
• Controller 1 responds, handshakes, ACKs
• Client database entry moved to Controller 2
• PMK data included (master key data from Radius
  server)
• Proactive Key Caching provides fast roam times
  for WPA2/802.11i clients . No need to
  re-authenticate to Radius server.

Controller 1
Controller 2
AP D
AP A
AP B
AP C

• Roam is transparent to client
• Same DHCP address maintained
• Proactive Key Caching with WPA2/802.11i(Funk or
  MS client)

23
Layer 3 Mobility

• All controllers in same Mobility Group
• Ethernet in IP Tunnels automatically created
  between controllers
• Client connects to AP B on Controller 1
• Client database entry created as ANCHOR
• Client roams to AP C on Controller 2
• Controller 2 makes a Mobility Announcement to
  peers in Mobility Group looking for Controller
  with client MAC
• Controller 1 responds, handshakes, ACKs
• Client database entry copied to Controller 2
• Marked as FOREIGN
• PMK data included (master key data from Radius
  server)
• Proactive Key Caching provides fast roam times
  for WPA2/802.11i clients. No need to
  re-authenticate to Radius server.
• Client roams to AP on 3rd Controller
• Same as above except FOREIGN client DB entry
  moved from previous Foreign Controller

Ethernet in IP Tunnel
Controller 1
Controller 2
Subnet A
Subnet B
AP D
AP A
AP B
AP C

• Roam is transparent to client
• Traffic from client to network exits at Foreign
  Controller
• Traffic to client tunneled from Anchor to Foreign
  Controller
• Same DHCP address maintained
• Proactive Key Caching with WPA/802.11i (Funk or
  MS client)

24
Specific Mobility Guest Access

• The traditional approach to segmenting guest
  traffic requires pulling the guest VLAN through
  the corporate network

Internet
Corp User

• Many companies cant or wont do this

Corp Intranet
Isolated Guest
Internet
802.1Q
WLAN Controller (Policy)
LWAPP AP
LWAPP AP
Guest SSID
Guest SSID
25
Tunnel Guest Traffic

• By tunneling all guest traffic to a DMZ
  controller, traffic originates and terminates in
  the DMZ

• Guest clients logically reside in the DMZ network
• No changes required to existing infrastructure
  except adding FW rules
• Add additional DMZ controllers for scalability
• Each DMZ controller can handle up to 40 tunnels

Internet
Guest WLAN Controller
EoIP IP Proto 97 Guest Tunnel
Corp Intranet
WLAN Controller
WLAN Controller
LWAPP AP
LWAPP AP
Guest SSID
Guest SSID
26
Ad-hoc networks

• Consists of mobile nodes which communicate with
  each other through wireless medium without any
  fixed infrastructure

27
Ad-hoc
On iseseadistuv võrk, kus seadmed käituvad
ruuteritena ning võivad oma asukohta ruumis
muuta.
28
MANET
Difficulties for routing
limited connectivity due to transmission range of signal Low bandwidth Higher error rates Vulnerable to interference Power consumption No specific devices to do routing Dynamic nature - high mobility and frequent topological changes
X
X
X
29
Mobile Ad Hoc Networks

• Meaning of the word Ad hoc is for this, means
  for this purpose only, implies it is a special
  network for a particular application.
• A mobile ad-hoc network (MANET) is a self
  configuring network of mobile routers (and
  associated hosts) connected by wireless linksthe
  union of which form an arbitrary topology.
• The routers are free to move randomly and
  organize themselves arbitrarily thus, the
  network's wireless topology may change rapidly
  and unpredictably.

30
Characteristics and tradeoffs

• Characteristics
• Decentralized
• Self-organized
• Self-deployed
• Dynamic network topology
• Tradeoffs
• ?? Bandwidth limited
• ?? Multi-hop router needed
• ?? Energy consumption problem
• ?? Security problem

31
Adhoc Routing Protocols
Uniform routing Proactive routing Wireless Routing Protocol (WRP)
Uniform routing Proactive routing Destination Sequence Distance Vector (DSDV) routing protocol
Uniform routing Proactive routing Fisheye State Routing (FSR)
Uniform routing Proactive routing Distance Routing Effect Algo. for Mobility (DREAM) Location-based routing
Uniform routing Reactive routing Dynamic Source Routing (DSR) protocol
Uniform routing Reactive routing Temporally-Ordered Routing Algorithm (TORA)
Uniform routing Reactive routing Adhoc On-demand Distance Vector Routing (AODV)
Uniform routing Reactive routing Location Aided Routing (LAR) Location-based routing
Uniform routing Reactive routing Associativity Based Routing (ABR) protocol Link-stability based routing protocol
Uniform routing Reactive routing Signal Stability-base adaptive Routing (SSR) Link-stability based routing protocol
Non-uniform routing Zone-based routing Zone Routing Protocol (ZRP) Hybrid routing protocol
Non-uniform routing Zone-based routing Hybrid Adhoc Routing Protocol (HARP) Hybrid routing protocol
Non-uniform routing Zone-based routing Zone-based Hierarchical Link State routing (ZHLS) Hybrid routing protocol
Non-uniform routing Zone-based routing Grid Location Service (GLS) Location service
Non-uniform routing Cluster-based routing Clusterhead Gateway Switch Routing (CGSR)
Non-uniform routing Cluster-based routing Hierarchical State Routing (HSR)
Non-uniform routing Cluster-based routing Cluster Based Routing Protocol (CBRP)
Non-uniform routing Core-node based routing Landmark Adhoc Routing (LANMAR) Proactive routing
Non-uniform routing Core-node based routing Core-Extraction Distributed Adhoc Routing (CEDAR) Proactive routing
Non-uniform routing Core-node based routing Optimised Link State Routing protocol (OLSR) Proactive routing
32
Ad Hoc Routing Protocols
33
Residential Modem
BaseStation
Business Modem
Portable Modem
Network Planning
34
Rahakulu ja katteala
35
Lingid

• http//www.cs.umd.edu/clancy/docs/lwapp-review.pd
  f
• http//www.ieee802.org/21/
• http//www.ieee802.org/11/
• http//www.ietf.org/rfc/rfc3990.txt

36
Lingid

• http//en.wikipedia.org/wiki/AODV
• http//en.wikipedia.org/wiki/Mobile_ad-hoc_network
  
• http//moment.cs.ucsb.edu/AODV
• http//core.it.uu.se/core/index.php/Main_Page