unwiring the enterprise-netday08

All Rights Reserved © Alcatel-Lucent 2008Alcatel-Lucent Enterprise Forum 2008

Supachai KhongkrittayaphanAlcatel-Lucent (Thailand)

UNWIRING THE ENTERPRISE with MESH TECHNOLOGY

2 | Forum 2008 | February 2008 All Rights Reserved © Alcatel-Lucent 2008

• Evolutionary open solutions that protect investments

The Dynamic Communications Framework


Agenda

1.Why? What? 802.11s Mesh Network

2.Mesh Architecture

3.Usage Model

4.Unwiring the Enterprise with ALU WLAN

5.Case study


Why? What? 802.11s Mesh Network


Why? Go Where No Wires Have Gone Before

Prohibitive Cabling CostsEthernet & Fiber Runs Are NOT Practical

Enterprise Mesh technology is wire-freeEnable deployment indoor and outdoor with backhualResilient and extensible access pointNo fiber runs neededEliminates Ethernet cabling costsReduces the need for Ethernet ports


IEEE 802.11 Family

Wireless LAN technology is standardized within the IEEE 802.11 working group (WG)

802.11b – max 11 Mb/s using 2.4GHz band.

802.11g – max 54 Mb/s using 2.4GHz band.

802.11a – max 54 Mb/s using 5GHz band.

802.11n – max 300 Mb/s (draft 2.0) using MIMO Technology for 2.4GHz and 5GHz band.


Classic 802.11 WLAN

Wire Infrastructure

Legacy AP

Legacy AP

Legacy AP

BSS = Basic Service Set

STA

STA

STA

STA

ESS = Extended Service Set or SSIDRadio link


What is IEEE 802.11s?

IEEE 802.1s is

Defines how the wireless devices can interconnect to make an ad-hoc network

Specifies an extension to the IEEE 802.11 MAC by defining an architecture and protocol to support both broadcast/multicast and unicast delivery using radio-aware metrics over self-configuring multi-hop topologies

Extension of 802.11i security and 802.11e QoS protocol to operate in a distributed rather than centralized topology

~32 nodes to make routing algorithms computationally manageable


802.11s Mesh Network

Internet

Mesh 2Mesh 1

Router

Mesh portal

Mesh AP

Mesh Point (MP)

Legacy AP

Layer 2 LAN segment

Layer 2 LAN segment

Mesh Point (MP)

Mesh radio linkESS = Extended Service Set

or SSID

Wire Infrastructure


Elements of WLAN Mesh Network

Mesh Point (MP)

Establishes peer links with MP neighbors

Mesh AP (MAP)

Supports communication with STAs

Mesh Portal (MPP)

Point at which MSDUs exit and enter a

WLAN Mesh

802.11 Station (STA)

Outside of WLAN Mesh, connected via

Mash AP

PortalMP

STA

External Network

MPAP

MPAP

STA

MP

STA STA

Mesh PointMesh Portal

Mesh AP

Station


Mesh Architecture


IEEE 802.11s Mesh Architecture


Topology Formation MPs discover candidate neighbors using beacons and probe response frames

Mesh ID, Mesh Capability Element

Mesh Services are supported by new IEs (in action frames), exchanged between associated MP neighbors

E.g. path selection information etc.

Membership in a mesh network is determined by secure association with neighbors

Simple channel unification mode

follow rules to coalesce into a common, fully connected graph on one channel

Advanced mode (multi-radio, multi-channel)

framework for flexible channel selection algorithms beyond the standard scope


MP Boot Sequence

Active/passive scanning to discover other MP

Channel selection

Begin mesh beaconing.

Neighbor MP link establishment

Local link state measurement

Routing initialization

AP initialization if mesh AP

Association Request (incl. mesh IEs, e.g., Association Request (incl. mesh IEs, e.g., RSNieRSNie) )

Association Response (incl. mesh IEs)Association Response (incl. mesh IEs)

Beacon (incl. mesh IEs, e.g., Hello, Beacon (incl. mesh IEs, e.g., Hello, RSNieRSNie, , ……))

802. 1x EAP Auth

802.1X EAP Request802.1X EAP Request

802.1X EAP Response802.1X EAP Response Access RequestAccess Request

EAP Authentication Protocol ExchangeEAP Authentication Protocol Exchange

Accept (Keys)Accept (Keys)

802.1x Success802.1x Success

Pairwise Keys / Group Keys Establishment

Secure Communications (encrypted)Secure Communications (encrypted)

Data, Mesh management framesData, Mesh management frames

MP1MP2 AS


Security Framework

Provide link security based on 802.11i:

Authenticity requires that a MP is authenticated to be true before it is allowed getting in the mesh.

Confidentiality requires that no non-trusted third parties can access the messages

Integrity requires that the messages can not be altered during the transit without detection.

Support centralized and distributed IEEE 802.1x-based authentication and key management

A mesh point performs Supplicant and Authenticator roles, and may optionally perform the role of an Authentication Server (AS).


Basic Security Model

New Mesh Point

WLAN Mesh Security bubble

Supplicant

Authenticator


802.11i Basics

IEEE 802.1X EAP Authentication Establishing Pairwise and Group Keys via four way handshake


Routing = Path Calculation for Forwarding

Routing optimizes UnicastForwarding of frames

Between Mesh Points

To Associated stations

Nodes Participating in routing calculate best paths

Paths may change as link state changes

Routing may include support for broadcast/multicast

57

12

6

4

3

X

8

Z

Y


On-demand Routing vs. Proactive Routing

On-demand Routing: discovers and maintains routes only when they are needed.

Pros: Low routing overhead

Cons: Extra route discovery delay and data buffering

Proactive Routing: each node maintains routes to all reachable destinations at all times, whether or not there is current need to deliver data to those destinations.

Pros: Little delay

Cons: High routing overhead to keep the routing information current

especially when network topology changes frequently

HWMP combines the advantages of on-demand and proactive routing schemes

On-demand for peer-to-peer communications

Proactive route establish for communications with gateway and other important nodes


Hybrid Wireless Mesh Protocol (HWMP) On-demand: Use route request/route reply to discover the route on-

demand (reduce routing overhead)

Proactive: Gateway proactively announce itself to establish route to reach it (reduce route discovery delay)

Source DestinationSource floods PREQ Source

Destination

Reply PREP

Mesh gateway floods proactive PREQ or root announcement to proactively establish the routes to it

MP may send a PREP or PREQ to the gateway to establish a path from the mesh gateway to the mesh point


Usage Model


Internet

Challenges in Mesh networks

Mobility awareness

Client station

Network nodes

Self organizing

Redundant links

QoS support

Multi hop connection


Ubiquitous Mesh Networks

WPAN, 802.15.5

Body

Single room

WLAN, 802.11s

Apartment

Office

Campus

Street

WMAN, 802.16

City

CamcorderTV

VCR

TV

TV

RadioPC

PhoneBay Networks

SD

Bay

Net

wo

rks

Bay

Stac

kA

cces

s P

oint

650

Wire

less

AP

aufwärts

Wireless VoIP

Bay Network s

SD

Bay

Netw

orks

Bay

Stac

kAc

cess

Poin

t65

0 Wire

less

Bay Networks

SD

Bay

Net

wor

ks

Bay

Sta

ckA

cces

s Po

int

650

Wire

less

B ay Netw orks

SD

Bay

Netw

orks

Ba

ySta

ck

Acc

ess

Poi

nt65

0 W

irel

ess


Military Usage

Battle field communication

Usage scenarios for Mesh WLAN – IEEE 802.11s

Public safety

Emergency and disaster area communication

Residential

Consumer ElectronicsGameConsole

AP

PC

AP(Cable)

AP

AP

TV

Media/DVR Box

2 Meters

GameConsole

AP

PC

AP(Cable)

AP

AP

TV

Media/DVR Box

2 Meters

Public Access

Campus Area, Network provider

Inside APOutside APInside APOutside AP

Office

Enterprise & business networks

AP

AP AP

AP

AP

AP

AP

AP

PC PC

PC PC PCPC

PCPC

40 Meters

AP

AP AP

AP

AP

AP

AP

AP

PC PC

PC PC PCPC

PCPC

40 Meters


Unwiring the Enterprise with ALU WLAN


Primary Enterprise Mesh Applications

Connectivity applications

Inter-building connectivity

Outdoor campus mobility

Wire-free offices

Wireline back-up

Security applications

Video and audio monitoring

Alarms and duress signals

Industrial applications

Sensor networks


Enterprise Mesh – Extending The Mobile Edge


The Easier, More Secure Way To Do Wireless

Integrated architecture for ALL enterprise wireless needs

Centralized and distributed security

Designed from the ground up for business-critical applications

Easy to deploy and operate

Centralized management tools

Mobility Controller withSecure Enterprise Mesh Module

Mobility Controller withSecure Enterprise Mesh Module

Existing Core Network Remains Intact

Existing Core Network Remains Intact


Secure Enterprise Mesh - Multiple Applications

Wireless BackhaulWireless Backhaul

PT-PT LAN BridgingPT-PT LAN Bridging


Secure Enterprise Mesh - Multiple Applications

PT-MP LAN BridgingPT-MP LAN Bridging

HA LAN BridgingHA LAN Bridging


Client-To-Core Security with Centralized Crypto

LAN or WAN

Wireless Controller

Market Approach: Per Hop Encryption-Decryption

ALU’s Secure Wireless Distribution: Client-Core Encryption

Increased Security, Higher Performance and Scalability

AAA

Key Explosion: Security Vulnerability and Scalability Issues

AAA

LAN / WAN


Deterministic Mesh Network Behavior

Auto-redundancy for Physical (RF) & Layer 2 with deterministic behavior

Traffic Shaping (hop count, node cost, path cost, latency, capacity)

Interference containment – no flapping across Mesh network

Built-In Reliability With Mesh Clusters

LAN / WAN

Mesh Cluster “1”

Mesh Cluster “2”


Case Study

Mesh Deployment Details


BNSF Mesh Deployment Plans – Phase 1

Extend the network wirelesslyExtend the network wirelessly

Wireless backhaulWireless backhaul

LAN Bridging LAN Bridging

Leverage existing 802.11 infrastructureLeverage existing 802.11 infrastructure

Support Support RailyardRailyard and Business Applications over wirelessand Business Applications over wireless

CONFIDENTIAL © Copyright 2007. Aruba Networks, Inc. All rights reserved


Applications

WiFi Handhelds

Ingate/outgate operations

Car repair tracking

Laptop connectivity for Mobile Users

Vehicular units

Container & trailer chassis tracking

Locomotive devices

Locomotive health analysis

Uploading event recorder data

WiFi Kiosks

Tracking locomotive repairs and

maintenance


Benefits of Moving to Mesh for BNSF

Streamline network operationsCentral management, diverse control

Reduce infrastructure costsEliminate the need for wired backhaul

Reduce capital expendituresUse existing wireless infrastructure for backhaul and access

Leverage existing network infrastructureSoftware upgrade of existing wireless controllers and APs

Improve network reliabilityUse mesh clusters for backhaul redundancy

Improve RF coverage flexibilityEnable RF coverage to locations without a cable plant


Future Direction: Extending the Enterprise

Continue to extend the BNSF network with Mesh

Mesh extensions in railyards and corporate buildings

Mesh as the primary backhaul connection between office buildings

Improve indoor cabling flexibilityUse mesh to reduce wiring requirements in buildings


•

Enabling the Dynamic Enterprise

unwiring the enterprise-netday08

Documents