WLAN architecture: what to choose?
The corporate network is a critical backbone that connects all elements of the business, helps to attract and serve customers. The most important part of a modern corporate network is a high-quality wireless infrastructure that allows organizations to work with data in real time.
According to Forrester Consulting , in the USA almost 60% of transport companies, 54% of retail organizations and 49% of hotel chains plan to expand or upgrade their WiFi networks. Organizations are planning to add new wireless services, including video conferencing and streaming video, as well as business-specific applications and services.
46% of companies in the retail, hotel, transportation and logistics industries plan to upgrade their wireless infrastructure to improve coverage. More than half of the organizations surveyed by Forrester Consulting recently upgraded their network infrastructure to prepare for working with new devices and solutions. 41% of companies that are planning to upgrade, fix a high load on wireless networks due to the growth of corporate devices.
')
According to Forrester Consulting, in France, 70% of companies are already expanding or updating their wireless local area networks (WLAN). In the US, the share of these companies reaches 58%, and in the UK, Italy and Germany - 50%. Russia does not stay away from trends.
WLAN equipment manufacturers produce solutions for every taste. Customers are faced with the challenge of choosing a WLAN architecture. It requires some understanding of the essence of the network architecture and its features.
Depending on requirements, WiFi networks typically use a centralized or distributed architecture. The choice of topology and equipment for building a wireless network depends on the physical conditions, business requirements, technical recommendations and budget.
In the case of a centralized wireless network, its core will be the WLAN controller. It is he who manages the traffic of wireless access points, is responsible for authenticating users and complying with security policies. In a distributed architecture, access points themselves coordinate and apply policies, ensure user mobility (roaming) - their movement between access points (AP). However, this architecture is characterized by problems of scalability and manageability; therefore, large networks usually use WLAN controllers, which take on key functions.
At the same time, the improvement of microprocessors made it possible to endow access points with a greater “intelligence”, which opened up wider possibilities for using distributed WLAN systems. Modern APs allow you to distribute control and data exchange tasks between access points without using a controller. This architecture is well suited for small WLANs. Let us consider in more detail the advantages and disadvantages of both approaches.
Large campus networks often use a centralized architecture with a controller. Its key features are:
In the case of a centralized WLAN architecture, the controllers are located at the distribution level. Here AP traffic can be terminated, user authentication and policy enforcement can be performed.
This architecture allows you to make configuration changes in a centralized way, without requiring complicated configuration at the level of each AP. Only the controller is responsible for creating and managing user VLANs. DHCP, NAT and RADIUS when serving wireless users are also associated with the controller, regardless of which AP the user connects to. The application of security policies and QoS are also functions of the controller.
Users, applications and mobility - everything is served in one place, which simplifies the wired network architecture, scales well and makes it easier to diagnose. The WLAN controller is not just the AP traffic termination point, but the brain of the wireless network, simplifying the introduction of new services.
A legitimate question arises, is the controller a potential WLAN point of failure, is the network reliability impaired in the case of a centralized architecture? The answer is simple - with the right approach to design, redundancy is necessarily embedded in the corporate network architecture. And the WLAN controller in this sense is no exception. Equipment manufacturers provide redundancy algorithms, support for cluster configurations.
Another question arises: how simple are controllers in deployment, is it easy to work with them? Controllers for key manufacturers of WiFi solutions not only support traditional WLAN functions, but also contain an integrated firewall, VPN concentrator, Layer 2 and Layer 3 switch, network management functions and WAN functions. Due to its versatility, the solution is not simple. However, WLAN hardware vendors are trying to simplify deployment with the help of utilities and a clear step-by-step process.
Distributed architecture has its own advantages:
The main components of a distributed architecture are access points. User authentication and policing occurs on the AP. In contrast to the network with controllers (in fact, overlay), the wired network in this case will have to be changed to the requirements of WLAN. However, this approach has its advantages. First of all, it’s easy to deploy. The “control plane” intelligence is distributed over access points. Their software and distributed functions make it possible to dispense with a central device. At the same time, it is still possible to manage such a network and configure its configuration centrally. This architecture is an attractive option for small compuses and companies with a distributed (branch) structure.
Key functions, such as radio spectrum optimization, role-based access control, QoS, are distributed between APs. This model increases reliability, reduces the likelihood of failure due to the failure of one component. In most cases, you can select the main AP (master) - it will work as a virtual controller with a central console for configuring, monitoring and updating software. And the built-in AP firewall allows you to set network access rules and settings for various applications.
Such a network is easily expanded by connecting additional access points: the AP is automatically configured and starts working. APs can be included in the same subnet or in different subnets, depending on network services.
Such a network is cheaper than a network with controllers. The absence of additional functions and services of the controller means that you do not have to buy the appropriate software licenses.
Now manufacturers are making every effort so that services in a controller-free architecture can be easily deployed and managed without the help of network specialists. In addition, some manufacturers offer built-in migration tools for an architecture with a controller. For this, access points are allocated with the controller recognition feature. For example, Aruba, a Hewlett Packard Enterprise company, has such capabilities.
When building a WLAN, preference is generally given to the architecture that is more reliable and efficient. For large and medium-sized campus networks with thousands of users, the advantages of a centralized architecture with controllers in separate standalone installations are obvious; in remote offices, the use of a controller may be technically or economically unprofitable, although it would be a rational choice if a branch organization has a network with a uniform architecture or At the remote site, additional functions are needed that go beyond just wireless access.
For medium and large networks, configuring each individual device is not a suitable option. It should be centralized. In the case of employees using their own mobile devices (BYOD), the requirements for WLAN are complicated - the rights are granted to users based on many factors, such as device type, location, time. Authorization and authentication are performed on the respective servers.
Thus, with increasing complexity and increasing network scale, centralization of functions turns out to be a logical solution. With a large number of users, planning a WLAN is important. The wireless network architecture must be such that it can dynamically optimize the performance of WiFi, taking into account roaming and changing conditions. In addition, when users move between access points, security policies applicable to them must be maintained. In large campus networks with hundreds of active users, mobility plays a key role.
In addition, given the deployment of cloud environments, VDI (Virtual Desktop Infrastructure), and streaming video, the network infrastructure must support application-level bandwidth management. The same applies to unified communications (UC). The access network must not only identify such communication applications, but also ensure the quality of service - QoS.
If we talk about the future, it is impossible not to recall the 802.11ac standard. Is it possible to transfer the network with controllers to this standard, replacing only access points? Theoretically, yes. Controller equipment is designed for high throughput. The actual data transfer rate is far from the peak, and even the peak rate depends on many factors.
Thus, usually distributed architecture is chosen in networks with a small number of users in one building. Such an architecture is often used by companies with limited IT resources; a “non-controller” network is a good option, for example, for a remote office. However, when the network reaches a certain size, the basic services (reliable and secure wireless access) cease to be enough and the main support for the choice of WLAN architecture becomes the functionality supported by the solution. There is a need for access to cloud services, WAN optimization, support for several uplinks, routing according to specified rules and unified protection. For such services, a centralized architecture with a controller is usually used.
By what criteria should you choose the right solution? To understand the criteria, it is necessary to divide the campus network into categories.
In the first case, networks with controllers are usually deployed. It is easier to manage a large network infrastructure, apply uniform security policies and QoS, organize roaming. This option is often chosen when building networks of medium scale, when you need to ensure the mobility of services and compliance with security policies.
When a single RF domain is missing, then, as a rule, a network is deployed without controllers. If such a need arises, you can add it later. This option is preferred on campuses with several hundred users, in separate buildings. Well, from the point of view of future development, of course, you should look at the options for building networks based on controllers.
When choosing a network configuration, a company with a branch structure also takes into account the following:
To be continued!
According to Forrester Consulting , in the USA almost 60% of transport companies, 54% of retail organizations and 49% of hotel chains plan to expand or upgrade their WiFi networks. Organizations are planning to add new wireless services, including video conferencing and streaming video, as well as business-specific applications and services.
46% of companies in the retail, hotel, transportation and logistics industries plan to upgrade their wireless infrastructure to improve coverage. More than half of the organizations surveyed by Forrester Consulting recently upgraded their network infrastructure to prepare for working with new devices and solutions. 41% of companies that are planning to upgrade, fix a high load on wireless networks due to the growth of corporate devices.
')
According to Forrester Consulting, in France, 70% of companies are already expanding or updating their wireless local area networks (WLAN). In the US, the share of these companies reaches 58%, and in the UK, Italy and Germany - 50%. Russia does not stay away from trends.
WLAN equipment manufacturers produce solutions for every taste. Customers are faced with the challenge of choosing a WLAN architecture. It requires some understanding of the essence of the network architecture and its features.
WLAN Topologies
Depending on requirements, WiFi networks typically use a centralized or distributed architecture. The choice of topology and equipment for building a wireless network depends on the physical conditions, business requirements, technical recommendations and budget.
In the case of a centralized wireless network, its core will be the WLAN controller. It is he who manages the traffic of wireless access points, is responsible for authenticating users and complying with security policies. In a distributed architecture, access points themselves coordinate and apply policies, ensure user mobility (roaming) - their movement between access points (AP). However, this architecture is characterized by problems of scalability and manageability; therefore, large networks usually use WLAN controllers, which take on key functions.
At the same time, the improvement of microprocessors made it possible to endow access points with a greater “intelligence”, which opened up wider possibilities for using distributed WLAN systems. Modern APs allow you to distribute control and data exchange tasks between access points without using a controller. This architecture is well suited for small WLANs. Let us consider in more detail the advantages and disadvantages of both approaches.
Centralized or distributed?
Large campus networks often use a centralized architecture with a controller. Its key features are:
- Centralized VLAN configuration, QoS and security policy settings
- User mobility at Layer 3 level
- Centralized encryption
- Effective Broadcast Management (broadcast and multicast)
- Scaling and orchestration of mobile services
- Future growth opportunities.
In the case of a centralized WLAN architecture, the controllers are located at the distribution level. Here AP traffic can be terminated, user authentication and policy enforcement can be performed.
This architecture allows you to make configuration changes in a centralized way, without requiring complicated configuration at the level of each AP. Only the controller is responsible for creating and managing user VLANs. DHCP, NAT and RADIUS when serving wireless users are also associated with the controller, regardless of which AP the user connects to. The application of security policies and QoS are also functions of the controller.
Users, applications and mobility - everything is served in one place, which simplifies the wired network architecture, scales well and makes it easier to diagnose. The WLAN controller is not just the AP traffic termination point, but the brain of the wireless network, simplifying the introduction of new services.
A legitimate question arises, is the controller a potential WLAN point of failure, is the network reliability impaired in the case of a centralized architecture? The answer is simple - with the right approach to design, redundancy is necessarily embedded in the corporate network architecture. And the WLAN controller in this sense is no exception. Equipment manufacturers provide redundancy algorithms, support for cluster configurations.
Another question arises: how simple are controllers in deployment, is it easy to work with them? Controllers for key manufacturers of WiFi solutions not only support traditional WLAN functions, but also contain an integrated firewall, VPN concentrator, Layer 2 and Layer 3 switch, network management functions and WAN functions. Due to its versatility, the solution is not simple. However, WLAN hardware vendors are trying to simplify deployment with the help of utilities and a clear step-by-step process.
Distributed architecture has its own advantages:
- It is easy to deploy.
- Low cost compared to centralized architecture.
- Requires minimal IT control
- Allows migration to architecture with controller
The main components of a distributed architecture are access points. User authentication and policing occurs on the AP. In contrast to the network with controllers (in fact, overlay), the wired network in this case will have to be changed to the requirements of WLAN. However, this approach has its advantages. First of all, it’s easy to deploy. The “control plane” intelligence is distributed over access points. Their software and distributed functions make it possible to dispense with a central device. At the same time, it is still possible to manage such a network and configure its configuration centrally. This architecture is an attractive option for small compuses and companies with a distributed (branch) structure.
Key functions, such as radio spectrum optimization, role-based access control, QoS, are distributed between APs. This model increases reliability, reduces the likelihood of failure due to the failure of one component. In most cases, you can select the main AP (master) - it will work as a virtual controller with a central console for configuring, monitoring and updating software. And the built-in AP firewall allows you to set network access rules and settings for various applications.
Such a network is easily expanded by connecting additional access points: the AP is automatically configured and starts working. APs can be included in the same subnet or in different subnets, depending on network services.
Such a network is cheaper than a network with controllers. The absence of additional functions and services of the controller means that you do not have to buy the appropriate software licenses.
Now manufacturers are making every effort so that services in a controller-free architecture can be easily deployed and managed without the help of network specialists. In addition, some manufacturers offer built-in migration tools for an architecture with a controller. For this, access points are allocated with the controller recognition feature. For example, Aruba, a Hewlett Packard Enterprise company, has such capabilities.
Choice of architecture
When building a WLAN, preference is generally given to the architecture that is more reliable and efficient. For large and medium-sized campus networks with thousands of users, the advantages of a centralized architecture with controllers in separate standalone installations are obvious; in remote offices, the use of a controller may be technically or economically unprofitable, although it would be a rational choice if a branch organization has a network with a uniform architecture or At the remote site, additional functions are needed that go beyond just wireless access.
For medium and large networks, configuring each individual device is not a suitable option. It should be centralized. In the case of employees using their own mobile devices (BYOD), the requirements for WLAN are complicated - the rights are granted to users based on many factors, such as device type, location, time. Authorization and authentication are performed on the respective servers.
Thus, with increasing complexity and increasing network scale, centralization of functions turns out to be a logical solution. With a large number of users, planning a WLAN is important. The wireless network architecture must be such that it can dynamically optimize the performance of WiFi, taking into account roaming and changing conditions. In addition, when users move between access points, security policies applicable to them must be maintained. In large campus networks with hundreds of active users, mobility plays a key role.
In addition, given the deployment of cloud environments, VDI (Virtual Desktop Infrastructure), and streaming video, the network infrastructure must support application-level bandwidth management. The same applies to unified communications (UC). The access network must not only identify such communication applications, but also ensure the quality of service - QoS.
If we talk about the future, it is impossible not to recall the 802.11ac standard. Is it possible to transfer the network with controllers to this standard, replacing only access points? Theoretically, yes. Controller equipment is designed for high throughput. The actual data transfer rate is far from the peak, and even the peak rate depends on many factors.
Thus, usually distributed architecture is chosen in networks with a small number of users in one building. Such an architecture is often used by companies with limited IT resources; a “non-controller” network is a good option, for example, for a remote office. However, when the network reaches a certain size, the basic services (reliable and secure wireless access) cease to be enough and the main support for the choice of WLAN architecture becomes the functionality supported by the solution. There is a need for access to cloud services, WAN optimization, support for several uplinks, routing according to specified rules and unified protection. For such services, a centralized architecture with a controller is usually used.
By what criteria should you choose the right solution? To understand the criteria, it is necessary to divide the campus network into categories.
- Large networks covering building complexes on one or more sites with hundreds or thousands of APs. Typical examples are universities, high-tech companies, large enterprises, and healthcare institutions.
- Medium-sized networks with several hundred APs on the same site
- One building with several dozens of AP
In the first case, networks with controllers are usually deployed. It is easier to manage a large network infrastructure, apply uniform security policies and QoS, organize roaming. This option is often chosen when building networks of medium scale, when you need to ensure the mobility of services and compliance with security policies.
When a single RF domain is missing, then, as a rule, a network is deployed without controllers. If such a need arises, you can add it later. This option is preferred on campuses with several hundred users, in separate buildings. Well, from the point of view of future development, of course, you should look at the options for building networks based on controllers.
When choosing a network configuration, a company with a branch structure also takes into account the following:
- The scale of the network, the number of users and devices. In large networks, controllers are preferable.
- Branch type - you need to deploy a network from scratch, or the network infrastructure already exists. In the first case, it is more convenient to choose a boxed solution: if there are enough basic services, you can do without controllers.
- Service Requirements. This is one of the key factors. In addition to reliable and secure wireless access, services such as WAN optimization, content filtering and security policy enforcement may be required. Such functions are usually implemented by the controller.
- The choice is influenced by the architecture of the existing campus network. It is better to adhere to architectural uniformity.
- Centralized management will allow the network administrator to manage the branches' networks and diagnose faults from the central office. The architecture with controllers will allow to unify security policies in wired and wireless networks, simplify diagnostics and troubleshooting.
To be continued!
Source: https://habr.com/ru/post/276179/
All Articles