architektura a služby moderní bezdrátové sítě · 8 nw2/l2 wireless © 2009 cisco systems,...

© 2009 Cisco Systems, Inc. All rights reserved. 1Cisco PublicNW2/L2 Wireless

Architektura a služby moderní bezdrátové

sítě

NW2/L2

Pavel Křižanovský, CCIE #11457

Sponsor

Logo

Sponsor

Logo

Sponsor

Logo

2

© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicNW2/L2 Wireless

Mobility As a Trend

Modern Wireless Architecture

Mobility Services

New Technology Trends

Interesting Products And Innovations In Cisco Unified Wireless Solution

Agenda

3


Mobility As a Trend


Mobility Services



Agenda

4


The world is changing fundamentally

Nomadic/Mobile Devices

CollaborationWireline/Wireless

5


The Incoming Mobility Wave

Continued Proliferation of Number of Devices, OS, Applications, Wireless Technologies Creates

a Tremendous IT Challenge

How to Manage/Operate a Unique Secure Mobility Experience and Create Business Value

0

100

200

300

400

500

2000 2005 2010

Internet Users Mobile Users

6


Growth in Mobile Devices

Mobile Device Growth Create Greater IT Risks

7


Business Mobility Requirements Differ from Consumer Mobility

Not Exactly—Rather Right Application, Right User, Right Policies

Enable Applications to Securely Access Information Across Multiple Networks

Ensure Overall Quality of the Mobile Connection: Reliability, Predictability and Speed.

Secure, Manage and Audit Device Usage/Policies/Access

Unify Multiple Networks from Personal to Private to Public

Anytime, Anywhere Over Any Network

8


The ROI of Mobility: Cisco on Cisco

� Cisco embarked on a program to deliver pervasive wireless connectivity

� 45% of Cisco’s employees use the wireless network for primary access

� First quarter the network optimization resulted in over 30% OpEx saving

� Service-impacting incidents were reduced by 90% with automated self-healing

� Additional cost decreases with improved employee productivity

95% of 7,000 Employees Surveyed Gained at Least 1 Hour per Week of Productive Time

by Using the WLAN

Cisco Employee Productivity

Avg. Cost of Work Hour

95% of Employees Surveyed

Hours/Year Gained

$75

6,650

50

Annual ProductivityImprovement $24,937,500

9


Mobility As a Trend


Mobility Services



Agenda

10


Evolving Wireless Technology Architecture

Unified Wired+Wireless

Integrated and Unified Security (AAA, NAC, SDN, IDS/IPS, etc.)

Exploding Number of Wi-Fi Clients (Laptops, Dual-Mode PCS Phones, Video PDAs)

Higher-Capacity, Higher-Density WLANs (Pico Cells)

Unified Wired+Wireless Support for Applications (Voice/Video, Location Services, AAA)

Extending Networking Outdoors (Mesh, Outdoor AP, Etc.)

Enterprise Scale and Reliability

Centralized Management and Control

Layer 2/3 Mobility

Wireless IDS/IPS

Hierarchical Approach for Scalability

Voice Support

Centralized

WLAN Systems

Best in Class Range/ Throughput

Enterprise-Class Security

Capital Efficiency

Wireless Connectivity

2000—Present 2003—Present 2006—Future

11


Lack of Resources to Manage the RF

The Radio Frequency Is Unpredictable

Wireless Doesn’t Scale or Deliver the Uptime We Need

Managing wireless devices is costly

Challenges for Wireless DeploymentBuilding a Business Class Network – Wired and Wireless

ManagementControllersAccess Points

SSC

Devices

12


Cisco Unified Wireless NetworkArchitecture Overview

Management System

VoiceLocation & RFID

Guest

Security

Mobility Services

Wireless LAN Controller

Client Devices

Lightweight Access Point

Switched/RoutedNetwork

• Seamless Mobility for WLAN Services

• Dynamic RF Management

• Centralized Management

• Planning and troubleshooting tools

• Easy to use GUI

• Security Management (IDS/IPS, ..)

• Scalability, Predictability, Reliability

Switched/RoutedNetwork

13


Mobility As a Trend


Mobility Services



Agenda

14


What are the mobility services ?

� Security

� Context Aware Services (Location)

� Voice

� Mobile Intelligent Roaming

� Guest Access

� Spectrum Intelligence

Mobility Services

Spectrum Intelligence

Context-Aware

Security

Voice

Guest Access

MobileIntelligentRoaming

15


Secure Wireless Solution Architecture

WCS

CS-MARS

ASA 5500 w/ IPS Module

Internet

Enterprise

Guest Anchor Controller

NAC Appliance

NAC Manager

GuestSSC

WPA2802.1X MFP

CSA Server

Cisco Security Agent

Tru

ste

dU

ntr

uste

d

Wirele

ss

Wired

Public • Host intrusion prevention

• Endpoint malware mitigation

Endpoint Protection

• Device posture assessment

• Dynamic, role-based network access and managed connectivity

• WLAN threat mitigation with IPS/IDS

Traffic and Access Control

• Strong user authentication

• Strong transport encryption

• RF Monitoring

• Secure Guest Access

WLAN Security Fundamentals

Cisco Secure ServiesClient

Cisco VPN Client

NGS

Secure Wireless Design Guide: www.cisco.com/go/srnd

16


SiSi

SiSi

Context Aware Services ArchitectureFormerly Location

Indoor EnvironmentIndoor & Outdoor Environments

Context Aware Engine for Clients

Context Aware Engine for Tags

SOAP/XML API

Business Application

MSE

Smart Phone

Voice over 802.11

Mobile User

802.11 Clients 802.11 CCX Tags

RSSI RSSI / TDOA

Context-AwareSoftware

17


Cisco Unified Wireless Network Voice Services Solution

� Seamless mobile voice communications across the enterprise

� Only end-to-end unified wireline and wireless voice solution

� Rich selection of enterprise-class and industry specific voice clients

� Increased call capacity, higher network availabilityand improved performance

End to End Intelligent Integration

SiSi

Wireless Control System Management

Cisco Compatible Clients

7921/5 Wireless IP Phone

Personal Communicator

CiscoUnified Unity Server

Cisco Unified CallManager

Cisco Mobility ManagerMobile Connect

18


internet

Cisco Unified Wireless NetworkIntegrated Guest Access

Several Radio Network over one infrastructure :

� Corporate Network

Strong Security

Access to corporate LAN

� Voice / IP Communication

Strong Security

Access to Voice VLAN

QoS

� Guest Network

No encryption

Path isolation with Corp. Net.

Internet Access

Central Site

VLAN DataVLAN Voice

19


Mobility As a Trend


Mobility Services



Agenda

20


Cisco Drives Wireless Standards

LWAPP

IETFCAPWAP

CCX

802.11j

802.11k

802.11n

802.11r

802.11s

802.11u

802.11v

802.11w

Over the Air

Over the Wire

Radio Measurement

Fast Roaming

External Networks

Client Management

Mngmt Security

Japan Radios

Next-gen Radios

Mesh Networks

21


Formerly LWAPP

Centralized Wireless LAN ArchitectureWhat is CAPWAP ?

� CAPWAP - Control And Provisioning of Wireless Access Points is used between APs and WLAN Controller and based on LWAPP

� CAPWAP is specified in IETF RFC 5415 (March 2009)

� LWAPP-enabled access points can discover and join a CAPWAP controller, and conversion to a CAPWAP controller is seamless

� CAPWAP is not supported on Layer-2 mode deployment (only L3 mode)

Access Point Controller

WiFi Client

Business Application

Control Plane

Data PlaneCAPWAP

22


Difference between LWAPP and CAPWAP

DescriptionDescription LWAPPLWAPP CAPWAPCAPWAP

Fragmentation/Re-assembly Relies on IpV4 CAPWAP itself does both

Path-MTU Discovery Not supported Has a robust P-MTU discovery mechanism,

can also detect dynamic MTU changes

Control Channel Encryption between AP and WLC

Yes (using AES) Yes (Using DTLS)

Data Channel Encryption between AP and WLC

No Yes (using DTLS)

UDP Ports 12222, 12223 5246 (ctrl) 5247 (data)

23


Wireless has Become Business OxygenEvolution to 802.11n

Point Applications� Inventory Management� Barcode Scanning

802.11b11Mbps

802.11ag54Mbps

802.11n300Mbps

802.112Mbps

Mobile Data� Email� Web browsing

Business Ready� Voice, Video, Data

Next Gen Wireless� Ubiquitous mobile

computing

� Business applications have gone mobile

� Wireless is evolving to meet needs for high performance, pervasive connectivity

Wi-Fi Device Proliferation

24


802.11nIt’s About a Whole Lot More Than Speed

Throughput Reliability Predictability

802.11a/g with AP1240

802.11a/g with AP1250

802.11n with AP1250

IDEAL6092130

2x

Predictability of ThroughputStandard Deviation of Packet Retries

22.5

88.5

146.83

0

20

40

60

80

100

120

140

802.11a/g 802.11n, 20

MHz

802.11n, 40

MHz

Mbps Throughput

152

201

306

0 100 200 300

11a/g – AP1240

11a/g – AP1250

11n – AP1250

Average Packet Retries

2x

Enhanced file transfer and download speeds

for large files

Lower latency for mobile unified

communications

More consistent coverage and

throughput for mobile applications

>5x

5x more throughput 2x more reliable 2x more predictable

25


40Mhz Channels

Packet Aggregation

Backward Compatibility

Technical Elements of 802.11n

MIMO 40Mhz ChannelsPacket

AggregationBackward

Compatibility

26


MIMO (Multiple Input, Multiple Output)

40Mhz ChannelsPacket

AggregationBackward

Compatibility

Performance

Multiple Signals Sent; One Signal Chosen

Without MRC

SISO AP

MIMO

Performance

Multiple Signals Sent and Combined at the Receiver Increasing Fidelity

With MRC

MIMO AP

Maximum Ratio Combining

27


Maximum Ratio Combining

� Performed at receiver (either AP or client)

� Combines multiple received signals

� Increases receive sensitivity

� Works with both 11n and non-11n clients

� MRC is like having multiple ears to receive the signal

28


Spatial Multiplexing

MIMO (Multiple Input, Multiple Output)


AggregationBackward

Compatibility

Transmitter and Receiver Participate

Concurrent Transmission on Same Channel

Increases Bandwidth

Requires 11n Client

Performance

stream 1

stream 2

Spatial Multiplexing: Information Is Split and Transmitted on Multiple Streams

MIMO AP

Without Spatial Multiplexing - Single Stream

29


MIMO (Multiple Input, Multiple Output)40Mhz Channels

40-MHz Channels

MIMO 40Mhz ChannelsPacket

AggregationBackward

Compatibility

Moving from 2 to 4 Lanes

40-MHz = 2 aggregated 20-MHz channels—takes advantage of the reserved channel space through bonding to gain more than double the data rate of 2 20-MHz channels

30


40Mhz Channels

Aspects of 802.11n

Packet Aggregation


AggregationMIMO


Carpooling Is More Efficient Than Driving Alone

Without Packet Aggregation

Data Unit

Packet

802.11n Overhead

Data Unit

Packet

802.11n Overhead

Data Unit

Packet

802.11n Overhead

With Packet Aggregation

Data Unit

Packet

802.11n Overhead

PacketPacket

31


Packet AggregationBackward Compatibility

Aspects of 802.11n

Packet Aggregation


MIMO 40Mhz Channels

2.4GHz 5GHz

802.11ABG Clients Interoperate with 11n AND Experience Performance Improvements

11n Operates in Both

Frequencies

32


� Co-existence of ABG/N APs

� Benefits of 11n accrue to ABG clients

MIMO benefits ABG clients on the AP receive side from MRC

Backward Compatibility & Co-Existence

11n11g

11g 11n

300 Mb

54 Mb

48 Mb

36 Mb

28 Mb

WLAN Controller

Backwards CompatibilityCo-Existence at Controller Level

11n11g

11g 11n

300 Mb54 Mb

WLAN Controller

Roam

33


Mobility As a Trend


Mobility Services



Agenda

34


Cisco Unified Wireless Network Unified Network

Mobile Applications

Device AccessControl and

VisibilityService and Performance

Spectrum Intelligence

Guest Access

Mobility Services

Location

Security

Voice

Wireless LAN Controllers and Management� Centralized

management

� Flexible, scalable (1000s of APs)

� Radio resource management

Access Points� Indoor and

Outdoor

� Modular, 802.11a/b/g/n

Client � CCX Program—

90% of laptops Cisco compatible

� Secure Services Client (CSSC)

Compatible

Wired Network Services� Unified Security

and Manage-ment services

� Mobile Unified Communications

Unified Wired and Wireless Network

35


Cisco Secure Services Client

Single Client for Uniform Security and Services

� Key features:

802.1X authentication for wired and wireless devices

Windows XP/2000 support

� EAP:

EAP-FAST, EAP-MD5, PEAP-MSCHAP, PEAP-GTC, EAP-TLS, EAP-TTLS, Cisco LEAP

� Encryption:

WEP, dynamic WEP, TKIP, AES

� Standards:

WPA and WPA2

Features

� Unified wired and wireless client

� Support for industry standards

� Endpoint integrity

� Single sign-on capable

� Enabling of group policies

� Administrative control

Benefits

� Reduces client software

� Simple, secure device connectivity

� Minimizes chances of network compromise from infected devices

� Reduces complexity

� Restricts unauthorized network access

� Centralized provisioningSSC

36


Proven Platform for Mobile Access

Indoor Access Points

1130AG 1140

Indoor Rugged Access Points

1520

1240AG 1250

Outdoor Access Points/Bridges

1400 1300

Access Points

Features

� Industry’s best range and throughput

� Enterprise class security

� Many configuration options

� Simultaneous air monitoring and

traffic delivery

� Wide-area networking for outdoor areas

Benefits

� Zero touch management

� No dedicated air monitors

� Supports all deployment scenarios

(indoor and outdoor)

� From secure coverage to

advanced services

37


Wireless Controller Product Portfolio

# of APs10025

WiSM-300

12 50 3006

Pe

rfo

rma

nc

e &

Sc

ale

1 250 500

WLCME-6, 12, 25

3750G-25, 50

4404-100

4402-12, 25, 50

2106, 12, 25

H-REAP

38


Simple Intuitive ManagementCentralized RF and System Management

Can I see how good my wireless coverage is?

Can I detect interference from cordless phones and microwaves?

Can I ensure my network is voiceready?

Can I locate rogue access points?

Can I determine my wirelessPCI compliance?

Can I assess the security health of my wireless?

Predictive Floor Maps

CleanAir TechnologyVoice Planning ToolsWireless Intrusion PreventionPCI ReportingSecurity

Dashboard

39


11a/g to 11n Access Point Migration

Indoor Environments

Integrated Antennas

Rugged Environments

Antenna Versatility

40


The Aironet 1140 Series Access Point

� Integrated Radios

2.4GHz (b/g/n)

5GHz (a/n)

� 10/100/1000 Ethernet Port

� Console port

� Security lock

� Plastic over metal design

� Runs in Unified-mode (CAPWAP) only

� Powered via 802.3af PoE

41


Open Protocol

Mobility Services ArchitectureOpen Platform Designed for Applications

WLAN Controller

Applications Applications Applications Applications

Wi-Fi

Location WIPS Handoff Service “n”

Controller

WCS

Applications Applications Applications Applications

NMSP

Open API

Location

WIPS Handoff

Service “n”

Mobility Services Engine

EthernetWiMaxCellular

42


Cisco Context Aware Mobility SolutionTracking Tags and Clients

Netw

ork

Ap

plic

atio

n a

nd

M

an

ag

em

en

t

SiSi

Cisco Wireless Control System

(WCS)

Cisco 3350 Mobility Services Engine

Wi-Fi TDoAReceiver

Context AwareEngine

for Clients

Context Aware Software

Context Aware Engine

for Tags

� Cisco Mobility Services Engine

� Context-aware engine for tags (partner engine)

Tracking tags (indoor and outdoor/outdoor-like)

� Context aware engine for clients (Cisco engine)

Tracking clients (indoor)

� Utilizes:

CAPWAP infrastructure for indoor environments

Wi-Fi TDoA receivers for outdoor and outdoor-like environments

Partner HW/SW managed by System Manager (partner) and Cisco WCS

� Wired location (supported on v6.0)

Today: Catalyst 3750, 3750E, 3650, 3650E, 2960

Summer 2009: Catalyst 4500 series, 4500-E series, 4900 series

Future: Catalyst 6500

Tag

an

d

De

vic

es

AeroScout

Chokepoint 125 kHz

43


Cisco Adaptive Wireless IPSSystem Overview

Rogue Detection Rogue Detection and Mitigationand Mitigation

System System FunctionsFunctions

Usage Usage ScenariosScenarios

OverOver--thethe--Air Air Threat DetectionThreat Detection

Security Vulnerability Security Vulnerability AssessmentAssessment

Performance Monitoring Performance Monitoring and Selfand Self--HealingHealing

Proactive Threat Proactive Threat PreventionPrevention

SYSTEM ARCHITECTUREwIPS Integrated in WLAN Infrastructure

SYSTEM ARCHITECTUREwIPS Integrated in WLAN Infrastructure

Security and Security and Compliance ReportingCompliance Reporting

Detect and Mitigate Detect and Mitigate Rogue APs and ClientsRogue APs and Clients

Detect External Detect External Hackers & ThievesHackers & Thieves

Ensure Strong Network Ensure Strong Network Security PostureSecurity Posture

Ensure Consistent Ensure Consistent WLAN PerformanceWLAN Performance

Internal Security Internal Security Reporting/AuditReporting/Audit

External Compliance External Compliance Audit ReportingAudit Reporting

Monitoring, Reporting

Monitoring, Reporting

Over-the-Air DetectionOver-the-Air Detection

Network Detection & Correlation

Network Detection & Correlation

Complex Attack Analysis, Forensics, Events

Complex Attack Analysis, Forensics, Events

AP

WLC

MSE

WCS

44


Adaptive wIPS – One Alarm per Attack

MSEMSE

Adaptive wIPSController IDS

WCS WCS

Controller IDS has no correlation

45


How is this different than controller IDS?

� wIPS can has 45 different signatures, a variety of network-side detection and analytical logic to detect 100-200 different threat conditions and attack tools (depending on how you count)

Controller IDS has 17 signatures that detect 14 different attackscenarios

� wIPS provides forensics (packet capture) abilities

� wIPS provides centralized database for attack aggregation and alarm archival on MSE

� wIPS provides an attack encyclopedia

46


Cisco Mobile Intelligent Roaming

� A software-based Mobility Solution delivered through Cisco 3300 Series Mobility Services Engine

� Dynamically determines network handoff requirements for dual mode devices

� Leverages network intelligence and client software integration with an open ecosystem of partners to initiate seamless handoff and an improved user experience

Seamless intelligent handoff enables a transparent mobile experience

47


CMIR

� Dual-mode device on an active

call is monitored by WLAN

infrastructure

� Device roams to edge of RF

coverage

� At designated threshold Cisco

Mobile Intelligent Roaming (CMIR)

triggers client to initiate handoff

� Client software initiates new call

leg to PBX; PBX bridges new leg

to active call and releases WLAN

connection

� New call path is established

transparently

1

2

3

4

52

4

Mobile Intelligent RoamingMobile Intelligent RoamingWLAN Infrastructure Assisted HandoffWLAN Infrastructure Assisted Handoff

3

CellularNetwork

CarrierDomain

Access Point

WLANController

EnterpriseDomain

VoIP TDM

MSE

Dual-mode with Client Software

1

Client software initiates handoff based on CMIR event triggersClient software initiates handoff based on CMIR event triggersClient software initiates handoff based on CMIR event triggers

PSTN Gateway

5

IP PBX

48


Other Upcoming Innovations

New HW products

� Cisco 1430 Autonomous PTP/PTMP Wireless

5GHz, 40 MHz wide band, SISO - 130 Mbps data rate

� Cisco 5500 Controller

Up to 500 APs, 8 GE ports, flexible licensing

� Cisco ISR 890W

802.11 a/b/g/n MIMO Integrated AP

FE/GE WAN, 8port FE LAN switch

features of AP 1250, autonomous and unified

SW news

� OfficeExtend AP

Plug&Play TeleWorker Solution based on 1130s & 1140s and WLC 5500

� Voice over Indoor Mesh support

Only for Enterprise Mesh, Up To 2 Hops

49


Unified Wireless Network

The World Is Changing Rapidly, Mobility Is the Key

Summary

Evolve to a Mobility Services Architecture

Cisco as a Trusted Partner

50


Architektura a služby moderní bezdrátové sítě

NW2/L2

Pavel Křižanovský

architektura a služby moderní bezdrátové sítě · 8 nw2/l2 wireless © 2009 cisco systems,...

Documents